Adding Users

Mechanically, the process of adding a new user consists of three steps required by the system, two steps that establish a useful environment for the new user and several extra steps for your own convenience as a sysadmin.

Required:

Edit the passwd and shadow files to define the user’s account Set an initial password Create the user’s home directory

For the user:

Copy default startup files to the user’s home directory Set the user’s mail home and establish mail aliases

For the sysadmin:

Add the user to the /etc/group file Configure disk quotas if you have them Verify that the account is set up correctly

Solaris provides tools that can do some of these steps for you. The next section contains the steps that you will need to do by hand. You must perform each step as root or use a program such as sudo that allows you to run commands as root.

Editing the passwd and shadow Files

To safely edit the passwd file, use vipw to invoke a text editor on a copy of /etc/passwd. The default editor is vi, but you can specify a different one by setting the value of the EDITOR environment variable. The existence of the temporary edit file serves as a lock. vipw allows only one person to edit the passwd file at a time. When the editor terminates, vipw replaces the original passwd file with your edited copy of it. On Solaris systems vipw will ask if you want to edit the shadow file after you have edited the passwd file. You should say yes.

Setting an Initial Password

Root can change any user’s password with the passwd command

# passwd user passwd prompts you to enter a new password and asks you to repeat it. If you choose a short, all- lowercase password, passwd will complain and ask you to use something longer. This is not the case on Solaris systems. Never leave a new account or any account that has shell access without a password. Creating the User’s Home Directory

Any directory you create is initially owned by root. Hence, you must change its owner and group with the chown and chgrp commands. The following sequence of commands would create a home directory appropriate for myself.

# mkdir /account/grossman # chown grossman /account/grossman # chgrp faculty /account/grossman # chmod 755 /account/grossman

Verifying the New Account

To verify that a new account has been properly configured, first log out, then log in as the new user and execute the following commands:

% pwd To verify the home directory % ls –al Check owner/group of startup files

You will need to notify new users of their login names and initial passwords. This is also a good time to point users towards additional documentation on local customs if you have any.

If the system is running sshd, then log in as the new user

ssh newuser@localhost and execute the following commands

% pwd To verify the home directory % ls –al Check owner/group of startup files

Note: Be sure to remind new users to change their passwords immediately.

How would you force the user to change their password on first login?