There are 2 ways to add a user: useradd, and adduser. With the first, you specify the username and all the settings on the command-line. The second walks you through the process, asking you all the necessary questions.

For useradd, a command similar to the following should be used:

useradd -m -u 10999 -g useracct -c 'John Doe' johndoe

To keep uids synched between the 2 (and possibly 4) systems, you must manually inspect /etc/passwd on each system to find the next available UID common to all systems. Then use this on the command to add the user on each system. Add users to all systems at the same time since it is easy to forget to do this later. All UID and GID numbers for accounts created must be over 10000 to avoid conflict with any predefined UID/GID numbers on future systems. Don't use group "users" since the GID changes from system to system, use "useracct". Group numbers not related to individual accounts should be in the range 11000 to 11999.

Conflicts and inconsistencies as of July 2006:

• Several temporary installation accounts have different UID and GID between bud and budlight.
• The same UID/GID is used for different temporary installation accounts between the systems.
• Account majordomo is only defined on bud.

TODO: Default groups.

These groups seem to be important in Debian:

In addition, we've defined these groups (mainly grabbed from Michelob's /etc/group file):

TODO: Create groups for:

• a group for each paid account level (eg. gold/silver)
• users who have paid up for the current year (paid2006, etc.)
• voting members, as defined by our articles of incorporation / by-laws
• officers
• board members
• "administrative" accounts, which are accounts used for SLUUG business, not individual use

As with users, there are 2 ways to add a group: groupadd, and addgroup.

TODO: Adding users to groups.

TODO: Adding sudoers. What groups should administrators be in? So far, it looks like wheel will suffice.

TODO: Add info about how they can change their settings. Especially things like chfn, chsh, .forward, .profile, .bashrc, passwd, etc.

This should go on a a user documentation page, not a "build" page.

How can we migrate accounts from michelob and dark with the least hassle? User UIDs on our AIX systems start at 500. (Although there are a few in the 100 range.) On Debian, they start at 1000.

• Serious problems:
  • users On SLUUG AIX is 25 - On debian is 100 while GID 25 is "floppy".
• Minor problems:
  • nobody On AIX is GID 4294967294 - On debian it doesn't exist, but has "nogroup" at 65534". Other distros use 99 or 65533 for group "nobody". Some systems have "nogroup" or "nfsnobody" at GID 65534.
  • steercom On SLUUG AIX is 35 - On Debian 35 is unused.
  • webhead On SLUUG AIX is 80 - On Debian 80 is unused.
  • motd On SLUUG AIX is 29 - On debian there is no motd group and GID 29 is used for "audio".
  • newslett On SLUUG AIX is 30 - On debian GID 30 is "dip".

• "lists" on AIX at UID 668 - On debian "list" is UID 38.
• "webhead" on AIX at UID 600, GID 80 - On debian "www-data" is UID and GID 33.
  • The home directory for www-data (/var/www) is not being used for the SLUUG web site, on bud it is being put in /home/web.

• Change group "steercom" from GID 35 to 11035, including files owned by it.
• Change group "users" from GID 25 to 11025, including files owned by it.
  • Includes changing GID of all users in 25 to 11025.
  • Or change all individual users to their own group?
• Create new group "useracct" at GID 11025, after "users" in the file.
• Create new group "users25" at GID 25 for reference, no members.

• Move all passwords to shadow file.
• Renumber 7 existing accounts with a UID in the 100-299 range, including files owned by them.

• Install ksh93, tcsh, and csh using apt-get. Add sym links for path variations and add to /etc/shells.

apt-get install ksh
apt-get install tcsh
apt-get install csh
ln -s /bin/bash /bin/csh /bin/ksh /bin/sh /bin/tcsh /usr/local/bin
ln -s /bin/bash /bin/csh /bin/ksh /bin/sh /bin/tcsh /usr/bin
ln -s /usr/bin/perl  /usr/local/bin
ln -s /usr/bin/perl  /bin

• Also install rsync for cross-system backups. Documented on the misc page.

• Create new group "nobody4g" at GID 4294967294.
  • Or create new group "nobody64k" at GID 65533 and new group "nobody4g" at GID 4294967294.
• Create new group "steercom" at GID 11035.
• Create new group "useracct" at GID 11025, before "users".
• Change GID of existing group "users" to 11025.

groupadd -g 4294967294 nobody4g
groupadd -g      65533 nobody64k
groupadd -g      11035 steercom 
groupadd -g      11025 useracct
groupmod -g      11025 -o users 
Edit /etc/group and /etc/gshadow.  Move "useracct" just before "users".

• Rename 6 installation accounts with the same name as an existing user account. Do not change UID or GID number.

• Extract information from normal and shadow passwd files on michelob.

        work_base="/home/yourself/xfer/user_mig"        # On michelob/dark
        pgm_base="${work_base}"                         # On michelob/dark
        in_data_dir="${work_base}/`hostname`"           # On michelob/dark
        out_data_dir="${in_data_dir}"                   # Kludge
        mkdir "${in_data_dir}" "${in_data_dir}/security" "${out_data_dir}"
        cp -p /etc/passwd          "${in_data_dir}"/passwd
        cp -p /etc/security/passwd "${in_data_dir}"/security/passwd
        chown -R yourself "${in_data_dir}"

• Filter and translate to Debian format.

        "${pgm_base}"/odm-comb.pl \
            < "${in_data_dir}"/security/passwd \
            > "${out_data_dir}"/security-passwd-comb
        "${pgm_base}"/filter_passwd.pl \
            2>&1 | tee "${work_base}"/filter_passwd.log

• Add to normal and shadow passwd files on bud and budlight.

# - Upload to /home/yourselfinst/xlated on each system:
      + The three generated files in the xlated directory.
      + make_home_dir (Put in xlated directory).
# - Make backups of passwd and shadow ....
        stamp=`date '+%y%m%d-%H%M'`
        backup_dir="/home/yourselfinst/user_mig-backup-$stamp"
        mkdir      "${backup_dir}"
        chmod  700 "${backup_dir}"
        cp -p /etc/passwd /etc/shadow /etc/group /etc/gshadow "${backup_dir}"
# - Add to normal and shadow passwd files on bud and budlight.
        export work_base="/home/yourselfinst/xlated"              # On bud/budlight
        cd ${work_base}
        cat passwd-additions >> /etc/passwd
        cat shadow-additions >> /etc/shadow

• Create empty home directories for each account.

        sh home_dir-additions \
        2>&1 | tee "${work_base}"/home_dir-additions.log

• Inform users of status.

• Any account that has been terminated (the name starts with "LCK").
• Any account that doesn't have "users" as the primary group.

• archive - Majordomo List Archive. TBD.
• webhead - WWW Server Master. TBD.
• spamd - SpamAssassin and MailScanner Daemon. TBD.
• majordom - Majordomo daemon. An account called majordomo at UID 1008 was already created.
• postgres - Postgres Daemon. Never put in production, ignore.
• sshd - Secure Shell Daemon. Use default account from Debian installation.
• smmsp - Sendmail Message Submission Program. Not using sendmail, ignore.

Accounts and groups will be taken from michelob since it is the primary user system, though the main difference between michelob and dark is some user passwords and minor details. The same user accounts are on both.