This is an old revision of the document!
There are 2 ways to add a user: useradd
, and adduser
. With the first, you specify the username and all the settings on the command-line. The second walks you through the process, asking you all the necessary questions.
For useradd
, a command similar to the following should be used:
useradd -m -u 10999 -g useracct -c 'John Doe' johndoe
To keep uids synched between the 2 (and possibly 4) systems, you must manually inspect /etc/passwd on each system to find the next available UID common to all systems. Then use this on the command to add the user on each system. Add users to all systems at the same time since it is easy to forget to do this later. All UID and GID numbers for accounts created must be over 10000 to avoid conflict with any predefined UID/GID numbers on future systems. Don't use group "users" since the GID changes from system to system, use "useracct". Group numbers not related to individual accounts should be in the range 11000 to 11999.
Conflicts and inconsistencies as of July 2006:
TODO: Default groups.
These groups seem to be important in Debian:
Group | Function |
---|---|
wheel | We've got it set up so these folks can sudo without a root password. |
sudo | I believe users in this group get automatic sudo access; we're using wheel instead. |
dialout | Users who can access the modem. |
cdrom | Users who can access a CD-ROM disc. |
floppy | Users who can access the floppy drive. |
audio | Users who can access the audio devices. |
video | Users who can access the video devices. |
plugdev | |
disk | Users who can access the raw disk partitions. (Dangerous!) |
backup | |
operator | |
list | |
www-data | This is the user/group that Apache runs as; anything Apache uses has to be accessible by this user or group. |
In addition, we've defined these groups (mainly grabbed from Michelob's /etc/group file):
Group | Function |
---|---|
wheel | We've got it set up so these folks can sudo without a root password. |
users | Default group that all users should belong to. |
newslett | Not sure if it's used; only member is editor. |
steercom | Ad-hoc list of Steering Committee attendees, who can access steercom directory on Michelob. |
webhead | Users who have write access to our web sites. |
majordom | Used for mailing list management; lists account is included. |
TODO: Create groups for:
As with users, there are 2 ways to add a group: groupadd
, and addgroup
.
TODO: Adding users to groups.
TODO: Adding sudoers. What groups should administrators be in? So far, it looks like wheel
will suffice.
TODO: Add info about how they can change their settings. Especially things like chfn, chsh, .forward, .profile, .bashrc, passwd, etc.
This should go on a a user documentation page, not a "build" page.
How can we migrate accounts from michelob and dark with the least hassle? User UIDs on our AIX systems start at 500. (Although there are a few in the 100 range.) On Debian, they start at 1000.
apt-get install ksh apt-get install tcsh apt-get install csh ln -s /bin/bash /bin/csh /bin/ksh /bin/sh /bin/tcsh /usr/local/bin ln -s /bin/bash /bin/csh /bin/ksh /bin/sh /bin/tcsh /usr/bin ln -s /usr/bin/perl /usr/local/bin ln -s /usr/bin/perl /bin
groupadd -g 4294967294 nobody4g groupadd -g 65533 nobody64k groupadd -g 11035 steercom groupadd -g 11025 useracct groupmod -g 11025 -o users Edit /etc/group and /etc/gshadow. Move "useracct" just before "users".
- Repeat for each account: acct=____ usermod -l ${acct}inst -d /home/${acct}inst ${acct} groupmod -n ${acct}inst ${acct} mv /home/${acct} /home/${acct}inst + Cron and at jobs ls -lR /var/spool/cron/ | grep ${acct} mv /var/spool/cron/crontabs/${acct} /var/spool/cron/crontabs/${acct}inst + Mail spool (Taken care of by usermod) ls -l /var/mail | grep ${acct} mv /var/mail/${acct} /var/mail/${acct}inst chown ${acct}inst /var/mail/${acct}inst + Misc grep ${acct} /etc/aliases grep ${acct} /etc/group # Taken care of by usermod grep ${acct} /etc/sudoers ps -ef | grep ${acct} | egrep -v 'ps|grep' + Mailing lists = Not installed yet. + Personal web pages = Not installed yet. - Edit /etc/group and: + Make a backup first (or already done above). + For the wheel group, duplicate each account being renamed with the old and new name. + Also add one account to the wheel group on budlight that is listed on bud, but not budlight. + Put them in the same order on both systems for comparison. + For other groups, such as lugs, remove the "inst" from the accounts.
work_base="/home/yourself/xfer/user_mig" # On michelob/dark pgm_base="${work_base}" # On michelob/dark in_data_dir="${work_base}/`hostname`" # On michelob/dark out_data_dir="${in_data_dir}" # Kludge mkdir "${in_data_dir}" "${in_data_dir}/security" "${out_data_dir}" cp -p /etc/passwd "${in_data_dir}"/passwd cp -p /etc/security/passwd "${in_data_dir}"/security/passwd chown -R yourself "${in_data_dir}"
"${pgm_base}"/odm-comb.pl \ < "${in_data_dir}"/security/passwd \ > "${out_data_dir}"/security-passwd-comb "${pgm_base}"/filter_passwd.pl \ 2>&1 | tee "${work_base}"/filter_passwd.log
# - Upload to /home/yourselfinst/xlated on each system: + The three generated files in the xlated directory. + make_home_dir (Put in xlated directory). # - Make backups of passwd and shadow .... stamp=`date '+%y%m%d-%H%M'` backup_dir="/home/yourselfinst/user_mig-backup-$stamp" mkdir "${backup_dir}" chmod 700 "${backup_dir}" cp -p /etc/passwd /etc/shadow /etc/group /etc/gshadow "${backup_dir}" # - Add to normal and shadow passwd files on bud and budlight. export work_base="/home/yourselfinst/xlated" # On bud/budlight cd ${work_base} cat passwd-additions >> /etc/passwd cat shadow-additions >> /etc/shadow
sh home_dir-additions \ 2>&1 | tee "${work_base}"/home_dir-additions.log
Accounts and groups will be taken from michelob since it is the primary user system, though the main difference between michelob and dark is some user passwords and minor details. The same user accounts are on both.