pavement

User Account Admin

From FreeBSDwiki
Jump to: navigation, search

Contents

User Account Admin

FBSD has built in commands for the administration of user accounts. FBSD only allows users that have a predefined account on the system to have access to its facilities. The account name/ID and password is what you are prompted for during the login process, whether locally from the FBSD console screen or remotely using some client application software. Email, Telnet, and FTP are some of the most popular facilities who's access is controlled by the user account. The FBSD Handbook at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/users-modifying.html gives a very good explanation of FBSD custom account admin scripts. These scripts are implemented around the pw(8) command. The ‘man pw’ is also good.



Configure the pw Command

When FBSD is first installed the pw command does not have its pw.conf option file. The pw command stills works but you have no idea what the defaults are and the command line gets full using the pw command option flags.

The first thing you should do if you want to use the pw command to add users is to create the pw.conf file, do this by entering:

pw adduser -D   # this will create the /etc/pw.conf file.

The comments in the file are self explanatory. You have to edit /etc/pw.conf to change the defaults. I changed the default group "guest" and the additional groups to "mail". Everybody has to belong to the "mail" group to use the sendmail server.

My /etc/pw.conf looks like this

#
# /etc/pw.conf - user/group configuration defaults


# Password for new users? no=nologin yes=loginid none=blank random=random
defaultpasswd = "yes"

# Reuse gaps in uid sequence? (yes or no)
reuseuids = "yes"

# Reuse gaps in gid sequence? (yes or no)
reusegids = "yes"

# Path to the NIS passwd file (blank or 'no' for none)
nispasswd =

# Obtain default dotfiles from this directory
skeleton = "/usr/share/skel/"

# Mail this file to new user (/etc/newuser.msg or no)
newmail = "no"

# Log add/change/remove information in this file
logfile = "/var/log/userlog" 

# Root directory in which $HOME directory is created
home = "/home"

# Colon separated list of directories containing valid shells
shellpath = "/bin"

# Comma separated list of available shells (without paths)
shells = "sh","csh","tcsh"

# Default shell (without path)
defaultshell = "csh"

# Default group (leave blank for new group per user)
defaultgroup = "guest"

# Extra groups for new users
extragroups = "mail"

# Default login class for new users
defaultclass = ""

# Range of valid default user ids
minuid = 1000
maxuid = 32000

# Range of valid default group ids
mingid = 1000
maxgid = 32000

# Days after which account expires (0=disabled)
expire_days = 0

# Days after which password expires (0=disabled)
password_days = 0



Examples of pw command usage pw adduser -D = create /etc/pw.conf file>

pw adduser tom -m -c ‘tom brown’    # tom = userid, 
                                    # -m = create home directory 
                                    # -c = full name field
                                    # use quotes to enclose large name 

The password will be the same as the userid.
The user needs to use the passwd command to set their secret password.

pw deluser tom -r         # -r = remove his home directory

pw showuser tom           # display users entry in password file

pw showuser tom -P        # display password info in human readable form. 

pw showuser -a            # display all entries in password file

pw addgroup networking    # Add this new group

pw showgroup wheel        # List all users in this group

pw modgroup wheel -M tom  # Add user tom to group wheel 


The pw subcommands can be written in reverse order:

adduser & useradd mean same thing.


pw command embedded in a script

#! /bin/sh
pw adduser tom -m -c testing -h 0 <<EOD
water
EOD
# water is the password to be assigned to tom 



passwd command

The passwd command is the usual way to change your own password as a user or another user's password as the superuser root. Follow the prompts issued by the command.

passwd tom

This is the what is presented to the screen.

Changing local password for tom New password: Retype new password: passwd: updating the database passwd: done



chpass command

The chpass command is used to change user database info such as password, shells, and personal info (such as full name, phone number, etc.) as a user or another user's info as the superuser root.

chpass tom

Personal tools