User Account Admin
Latest revision as of 19:19, 13 August 2012
Contents |
[edit] User Account Admin
FBSD has built in commands for the administration of user accounts. FBSD only allows users that have a predefined account on the system to have access to its facilities. The account name/ID and password is what you are prompted for during the login process, whether locally from the FBSD console screen or remotely using some client application software. Email, Telnet, and FTP are some of the most popular facilities who's access is controlled by the user account. The FBSD Handbook at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/users-modifying.html gives a very good explanation of FBSD custom account admin scripts. These scripts are implemented around the pw(8) command. The ‘man pw’ is also good.
[edit] Configure the pw Command
When FBSD is first installed the pw command does not have its pw.conf option file. The pw command stills works but you have no idea what the defaults are and the command line gets full using the pw command option flags.
The first thing you should do if you want to use the pw command to add users is to create the pw.conf file, do this by entering:
pw adduser -D # this will create the /etc/pw.conf file.
The comments in the file are self explanatory. You have to edit /etc/pw.conf to change the defaults. I changed the default group "guest" and the additional groups to "mail". Everybody has to belong to the "mail" group to use the sendmail server.
My /etc/pw.conf looks like this
# # /etc/pw.conf - user/group configuration defaults # Password for new users? no=nologin yes=loginid none=blank random=random defaultpasswd = "yes" # Reuse gaps in uid sequence? (yes or no) reuseuids = "yes" # Reuse gaps in gid sequence? (yes or no) reusegids = "yes" # Path to the NIS passwd file (blank or 'no' for none) nispasswd = # Obtain default dotfiles from this directory skeleton = "/usr/share/skel/" # Mail this file to new user (/etc/newuser.msg or no) newmail = "no" # Log add/change/remove information in this file logfile = "/var/log/userlog" # Root directory in which $HOME directory is created home = "/home" # Colon separated list of directories containing valid shells shellpath = "/bin" # Comma separated list of available shells (without paths) shells = "sh","csh","tcsh" # Default shell (without path) defaultshell = "csh" # Default group (leave blank for new group per user) defaultgroup = "guest" # Extra groups for new users extragroups = "mail" # Default login class for new users defaultclass = "" # Range of valid default user ids minuid = 1000 maxuid = 32000 # Range of valid default group ids mingid = 1000 maxgid = 32000 # Days after which account expires (0=disabled) expire_days = 0 # Days after which password expires (0=disabled) password_days = 0
Examples of pw command usage
pw adduser -D = create /etc/pw.conf file>
pw adduser tom -m -c ‘tom brown’ # tom = userid, # -m = create home directory # -c = full name field # use quotes to enclose large name The password will be the same as the userid. The user needs to use the passwd command to set their secret password. pw deluser tom -r # -r = remove his home directory pw showuser tom # display users entry in password file pw showuser tom -P # display password info in human readable form. pw showuser -a # display all entries in password file pw addgroup networking # Add this new group pw showgroup wheel # List all users in this group pw modgroup wheel -M tom # Add user tom to group wheel
The pw subcommands can be written in reverse order:
adduser & useradd mean same thing.
pw command embedded in a script
#! /bin/sh pw adduser tom -m -c testing -h 0 <<EOD water EOD # water is the password to be assigned to tom
[edit] passwd command
The passwd command is the usual way to change your own password as a user or another user's password as the superuser root. Follow the prompts issued by the command.
passwd tom
This is the what is presented to the screen.
Changing local password for tom New password: Retype new password: passwd: updating the database passwd: done
[edit] chpass command
The chpass command is used to change user database info such as password, shells, and personal info (such as full name, phone number, etc.) as a user or another user's info as the superuser root.
chpass tom