Friday, April 22, 2016

Linux User Account Creation & Customization

A Systems Administrator must be able to manage user accounts by adding users, removing users, modifying accounts and setting passwords. In this tutorial, I will be giving you instructions on how to properly create user accounts on Linux operating systems. Creating a user account can be simple, but there are a few complexities to note. As opposed to a graphical user interface (GUI), these instructions use the command line to create the user accounts.

The command line provides an ideal method for account management, because it provides faster account creation, especially when you are creating several accounts on one more computers. The graphical user interface or GUI on Linux Systems can vary greatly from system to system, but the one constancy on all Linux operating systems is the command line. The command line (CLI) is a text based user interface used for entering commands for the operating system to decipher. So I will be showing the use of the useradd command which creates the user accounts, and the passswd command which sets or changes the user accounts password.

Typographical conventions.
The typographic convection section is meant to help readers better understand what it is their seeing. Please carefully read the instructions before continuing.

The courier font is used for names of commands, files, directories, user names, and on-screen computer output; for example:
Use the useradd command to add users to the computer.

The courier bold font is used for characters and numbers you type; for example:
whoami

Courier bold italic is used to represent variables that can change; for example:
passwd bob


Instructions
After each line you type into the command line press the enter key. As explained in the above typographical conventions section, anything displayed in courier bold is typed in the command line and if it is displayed in courier it is the output of the line above. To follow this tutorial open the terminal or xterm program to access the command line. Please refer to the Command & Term Reference guide, for information on commands and terms.

Note - If you don't have access to a Linux computer you can still follow along, using the Linux emulator at, "http://www.tutorialspoint.com/execute_bash_online.php" . Type the commands into the green box on the right.


Method One: Create a user, using default settings.
If you are creating a user account on just one computer, the steps below will work, but if you are creating a user account on more than one computer, use method two or three instead. If the Linux computer is not connected to any other Linux computers on the network then the method shown below will work. This the best method to of users who are novices at using the command line.

Follow the steps below to create a user account for Bob.
1) Create user account for bob
useradd bob

2) Create a password for user account bob.
passwd bob
passwd: Changing password for bob
New Password:
Re-enter new Password:
passwd: password successfully changed for bob

The passwd command sets user account passwords. In the example above it sets the password for user account bob.

Note - If you don't set the password, the user will not have a password and will not be able to log in.

3) Test user account by logging into the computer with the new user account.
su – bob

The su command stands for switch user, and it is used to switch from one user account to another. The is an option used with the su command, it allows you to fully switch to the new user account. In order to fully test the newly created user account you must use the su command with the option, as shown.

4) Verify you are logged in as new user.
whoami
bob

The whoami command displays the name of user currently logged in on the command line. The result of the command should be bob as shown above.

Fun Fact: The whoami command also works on Windows computers.

Creating a user account using this method was pretty easy right? This method is perfect for home users who want to add user accounts to their home PC, for their family and friends. This method is not the way to add users on a corporate network.

Method Two: Creating a user with custom setting.
This method is all about control, and is used when creating user accounts on corporate networks. One positive thing about this method is that you know exactly what is being set. The downside to the method is the high probability of making a typo. This method can be too complicated for less knowledgeable users.

1) Create the user account.
Type the entire line out before you press enter.
useradd -u 900 -g users -G video  -c “user account, Jill” -m -d /export/home/jill -s /bin/bash jill

Command Options Explained
-u        Sets user’s UID (Unique Identification Number) to 900
-g        Sets user’s primary group to users
-G        Sets user’s secondary groups to video
-c        Sets a comment for the user. Puts a comment into the /etc/passwd file.
-m        Makes the user’s home directory
-d        Sets the path to the user’s home directory
-s        Sets the user’s shell

One reason to use useradd with all the options listed above is because computers see user accounts as numbers. When we created Jill’s user account we see the account’s name as being jill, but the computer sees the account’s name as 900 or UID (Unique Identification Number) 900. Unless you set the UID by using the –u option the computer will assign the next available UID number which could result in a user having different UID numbers on different computers. This can cause issues with permissions, for example if user Bob has UID 900 on PC number one and Jill has the same UID on PC number two. Jill creates a document and stores it on the network. PC one will see that file is owned by UID 900 and so it will show Bob as the owner. Then Bob can do anything he wants to Jill’s document, including deleting it.

Note: For more information on the useradd command and it options, type man useradd into the command line. To exit the man page


2) Set Jill’s password. 
echo jillspassword | passwd -e jill –stdin

In the above series of commands, the echo command sends the word jillsmypassword to the passwd command, then the passwd command sets the user’s password to jillsmypassword. The –e shown in the above example, expires the user’s password, making the user have to change their password when they attempt to login.

Why set the password in this way, the way shown in Method one was easier? This method is a more advanced way to set a user’s password. For example, let’s say you need create ten user accounts. If you do what we did in Method one, you will need to type the new user’s password in twenty times, two times for each user. On the other hand if you use the method show here, then you only need to change the username ten times. To save on typing, the rest of the command shown above can be pasted into the command line. This method can also be used in a script, since it doesn’t require any additional input from you after you run the command.

3) Repeat steps 3 &4 from Method one to test the account.

Method Three: Configuring system settings for easier user creation.
In Method three, I will be combining the ease of use of the first method and the completeness of the second. In Method one we ran the useradd command with no options set. The Linux system still used many of the options used in Method two, but set them using system defined defaults. To see these defaults for the useradd command with the –D option; for example:
useradd -D
GROUP=2001
HOME=/home
INACTIVE=35
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

To change the default system setting run useradd –D followed by the setting you want to change. In the example below, the default shell is being changed to /bin/ksh from /bin/bash.
useradd –D –s /bin/ksh

To see if the changes took effect, run the useradd –D command again.

Note: The most common things to set is the home directory, and the shell.

1) Create user account for Sam
useradd -u 1010 -G 10 -c “user account, Sam” -m sam

Here we have the best of both words, the less typing of Method 1 and the precise settings from Method two. Setting the system defaults will allow much less of a chance of making mistakes. Now only the setting that are unique to the user will have to be set.

2) Set Sam’s password, choose the approach used in Method one or Method two.

3) Repeat steps 3 & 4 from Method one to test the account.

I showed you three variations, on using the passwd command to create user accounts. For new users on Linux, I suggest they use Method one. Intermediate to advance users should use Method two or three, though Method three is the preferred method. I hope this tutorial was informative and you learned something new.

Command & Term Reference Guide

Commands
useradd – command used to create user accounts.
passwd – command used to set user account passwords.
whoami – informs user who they are logged in as. Can also use the command id to do the same thing.
su – stands for switch user, and is used to switch between users.
man – stands for manual, used to view system manuals. The manuals are referred to as man pages.
echo – displays whatever you type on the next line.
|  - This is called a pipe, it takes the output of the command on the left and sends (pipes) it to the input of the command on the right.

Terms
Terminal and xterm: are programs that display the command line. The terms xterm, terminal and command line can, for the most part, be interchangeable.
Shell: is a customized command line environment. Examples of shells are BASH, SH, KSH and CSH.

Conclusion
Well what did you think? This post is written at a lower level than most of my other posts, because this was originally a paper I wrote for a college class. Method 3 needs a little more info, so I will write a follow on post with a little more detail on how to set the system defaults. Anyway let me know what you think and if you have any questions by posting below.

Related posts on this Blog
Adding a new user to a UNIX based system

References
Man pages: useradd, passwd
My Collage paper
The Ultimate Guide to Create Users in Linux / Unix


No comments:

Post a Comment