This is an old revision of the document!
There are 2 ways to add a user: useradd
, and adduser
. With the first, you specify the username and all the settings on the command-line. The second walks you through the process, asking you all the necessary questions.
For useradd
, a command similar to the following should be used:
useradd -m -u 10999 -g useracct -c 'John Doe' johndoe
To keep uids synched between the 2 (and possibly 4) systems, you must manually inspect /etc/passwd on each system to find the next available UID common to all systems. Then use this on the command to add the user on each system. Add users to all systems at the same time since it is easy to forget to do this later. All UID and GID numbers for accounts created must be over 10000 to avoid conflict with any predefined UID/GID numbers on future systems. Don't use group "users" since the GID changes from system to system, use "useracct". Group numbers not related to individual accounts should be in the range 11000 to 11999.
Conflicts and inconsistencies as of July 2006:
TODO: Default groups.
These groups seem to be important in Debian:
Group | Function |
---|---|
wheel | We've got it set up so these folks can sudo without a root password. |
sudo | I believe users in this group get automatic sudo access; we're using wheel instead. |
dialout | Users who can access the modem. |
cdrom | Users who can access a CD-ROM disc. |
floppy | Users who can access the floppy drive. |
audio | Users who can access the audio devices. |
video | Users who can access the video devices. |
plugdev | |
disk | Users who can access the raw disk partitions. (Dangerous!) |
backup | |
operator | |
list | |
www-data | This is the user/group that Apache runs as; anything Apache uses has to be accessible by this user or group. |
In addition, we've defined these groups (mainly grabbed from Michelob's /etc/group file):
Group | Function |
---|---|
wheel | We've got it set up so these folks can sudo without a root password. |
users | Default group that all users should belong to. |
newslett | Not sure if it's used; only member is editor. |
steercom | Ad-hoc list of Steering Committee attendees, who can access steercom directory on Michelob. |
webhead | Users who have write access to our web sites. |
majordom | Used for mailing list management; lists account is included. |
TODO: Create groups for:
As with users, there are 2 ways to add a group: groupadd
, and addgroup
.
TODO: Adding users to groups.
TODO: Adding sudoers. What groups should administrators be in? So far, it looks like wheel
will suffice.
TODO: Add info about how they can change their settings. Especially things like chfn, chsh, .forward, .profile, .bashrc, passwd, etc.
This should go on a a user documentation page, not a "build" page.
How can we migrate accounts from michelob and dark with the least hassle? User UIDs on our AIX systems start at 500. (Although there are a few in the 100 range.) On Debian, they start at 1000.
Accounts and groups will be taken from michelob since it is the primary user system, though the main difference between michelob and dark is some user passwords and minor details. The same user accounts are on both.