Creating and Configuring User Accounts
This section talks about changes to the basics of user accounts.
These are very important on multi-user systems. The University's
policy on computer use requires each user of a UNIX system connected to
the network to have her own account. Having individual user accounts
is very wise for many reasons.
Startup files
When a user logs in, the shell reads several files to get the proper configuration
before beginning. Let's assume all users use C shell or T C shell(/bin/csh
and /bin/tcsh), as most people do use one of these shells. The system
reads /etc/cshrc, .cshrc in the user's home directory, and finally .login
in the user's home directory. ( To read more on shell configuration, see
"man csh".) The file /etc/cshrc is read by all accounts on login
and .cshrc and are copied from /etc/stdcshrc and /etc/stdlogin respectively
when the account is created. The .login file is read only when the
shell is the first started with a login. Note: any of these files
can override settings made before it was read.
John Yates suggests to add these to /etc/cshrc before
adding any users. N.B: the umask here will cause problems when
creating new user accounts with the System Manager in IRIX 6.5. For this
reason, either use the complete procedure for creating a new account below,
or enter "chmod 644 /etc/passwd /etc/shadow" after using the System Manager.
File to edit: /etc/cshrc
# Set the umask so that newly created files and directories will not
be
# accessible to others by default:
umask 077
# core dumps can occupy large amounts of disk space, turn it off by default:
limit coredumpsize 0
Files to edit: /etc/stdcshrc /etc/stdlogin
Modify /etc/stdlogin and /etc/stdcshrc as needed
for your site. See "man csh" for things you can do.
File to edit: /etc/default/login
The file /etc/default/login has some very useful
attributes you can set. You can allow only root logins from the console,
for example, and you can set the default umask. Make the umask 077
unless you have good reasons otherwise. This will not let anyone else read,
change or execute any user's files by default. Comments in the file
tell you how to change the settings. A reboot will let them take effect.
User Account Creation:
You can manage user accounts under "System Manager
-> Security and Access Control -> User Manager". If you can't, use
a graphical interface, or need to create accounts in batches, here are
the technical details for creating and deleting accounts. This is
recommended reading to understand user accounts better.
-
Become root user. "su -"
-
Get the user's full name. I'll use "Test User".
-
Pick a username: usernames should be between 3 and 8 characters.
I'll use "user1".
-
Decide on a group and determine it's number. The file
/etc/group has lines for each group with this information. Here is
a sample line from /etc/group"users:*:200:", the group number is 200.
-
Determine the user id number. It must be unique for each user account.
To keep things organized, I usually relate the user id to the group number.
For the sample above, I would pick 201 for the user id.
-
Make the user's home directory, "mkdir -p /usr/people/user1"
-
Add this entry to /etc/passwd: "user1:x:201:200:Test User:/usr/people/user1:/bin/tcsh"
-
Enter "passwd user1" to set a password for it. Pick a string of letters
between 6 and 8 characters long. Make it something easy to remember,
but hard to guess, e.g. "rain4snow".
-
Enter "pwconv" to add it to /etc/shadow
-
Enter "cp /etc/stdcshrc /usr/people/user1/.cshrc; cp /etc/stdlogin /usr/people/user1/.login"
to add these files.
-
Enter "chown -R user1.users /usr/people/user1" to change the ownership
of the account.
-
Optional: append the username to the entry for the user's group in /etc/group:
"users:*:200:user1".
-
Optional: if you use or plan on using quotas: "edquota user1".
-
Try out the account: "su - user1".
This is the end of the section, "Setting up a new
SGI".