Previous | Next
Objectives|
Introduction|
A UNIX Account|
Special Accounts|
Account Configuration Files|
Creating a New Account|
Deleting an Account|
Automating the Procedure|
Allocating Super User Privilage|
Conclusion|
Review Question
Section 6
USERS AND ACCOUNTS
By the end of this section you should
- be aware of the processes involved in creating and removing user accounts from a UNIX system,
- have learnt about the various files that hold information about the users of a UNIX system, and
- be familiar with how the processes of adding and deleting a user account can be automated.
It doesn't take long for a new Systems Administrator to start thinking of users as the enemy (sentiments like "The computer would run much better without any users" are not uncommon). However, users are the reason the computer system exists in the first place. The fact that users don't understand everything about the computer system and require assistance is the main reason why Systems Administrators are needed. Keeping this in mind sometimes helps with the frustration, anger and depression that some users can inspire in their Systems Administrator.
Users present two major problem areas to Systems Administrators
the technical, and
- Modifying configuration files, changing permissions and setting up the system so that the users can actually log onto the machine.
the non-technical.
- Responding to pleas for help, criticism and demands, and informing users of changes in the system.
Every user that intends to make use of a UNIX machine must first have an account. A UNIX account is a collection of logical characteristics that specify who the user is, what the user is allowed to do and where the user is allowed to do it. Important concepts related to a UNIX account include
- login names (also called a username),
- passwords,
- a user identifier number (referred to as a UID),
- a group identifier number (referred to as a GID),
- home directories,
- mail aliases,
- a mail file, and
- a variety of startup files.
The following section introduces you to each of these concepts.
Login names
The account of every user is assigned a unique login (or user) name. The login name is only used by the users. The operating system uses the user identifier number (UID) to uniquely identify an account. The translation between UID and the username is carried out by the operating system using the /etc/passwd file (/etc/passwd is discussed later in this section).
On a small system the format of login names is generally not a problem since with a small user population it is unlikely that there will be duplicates. However on a large site with hundreds or thousands of users and multiple computers assigning a login name can be a major problem. With a higher number of users it is likely that you may get a number of jonesds.
Some guidelines for the creation of usernames include
- login names should be unique,
This includes across different machines at the same site. A login name should identify the same person and only one person on every machine on the site. This can be very hard to achieve at a site with a large user population.
- they should be no more than eight characters long,
UNIX ignores or disallows login names that are longer.
- login names are usually all lower case letters,
Numbers and upper case letters can be used. Login names that are all upper case should be avoided as UNIX can assume this to mean your terminal doesn't recognise lower case letters and every piece of text subsequently sent to your display is in uppercase.
- login names should be easy to remember,
A random sequence of letters and numbers is hard to remember and so the user will be continually have to ask the Systems Administrator "what's my username?"
- do not use pseudonyms or nicknames, and
One of the purposes of login names is to enable other users to identify who is on the system. Users may not know about nicknames.
- they should follow a fixed system format.
There should be a specified system for creating a username. Some combination of first name, last name and initials is usually the best. Setting a policy allows you to automate the procedure of adding new users. It also makes it easy for other users to work out what the username for a person might be.
Passwords
An account's password is the key that lets someone in to use the account. A password should be a secret collection of characters known only by the owner of the account.
Poor choice of passwords is the single biggest security hole on any multi-user computer system. As a Systems Administrator you should follow a strict set of guidelines for passwords (after all if someone can break the root account's password, your system is going bye, bye). In addition you should promote the use of these guidelines amongst your users. (Section 14 on security discusses passwords and breaking them in more detail).
An example set of password guidelines might include
- use combinations of upper and lower case characters, numbers and punctuation characters,
- don't use random combinations of characters if they break the following two rules,
- be easy to remember,
If a user forgets their password they can't use the system and guess who they come and see. Also the user SHOULD NOT have to write their password down.
- be quick to type,
One of the easiest and most used methods for breaking into a system is simply watching someone type in their password. It is harder to do if the password is typed in quickly.
- a password should be at least 6 characters long,
The shorter a password is the easier it is to break. Some systems will not allow passwords shorter than a specified length.
- a password should not be any longer than 8 to 10 characters,
Most systems will look as if they are accepting longer passwords but they simply ignore the extra characters. The actual size is system specific but between eight and ten characters is generally the limit.
- do not use words from ANY language,
Passwords that are words can be cracked (see Section 14).
- do not use combinations of just words and numbers,
Passwords like hello1 are just as easy to crack.
- use combinations of words separated by punctuation characters or acronyms of uncommon phrases/song lines,
They should be easy to remember but hard to crack. e.g. a.big1p
- change passwords regularly, and
Not too often that you forget which password is currently set.
- never reuse passwords.
On a UNIX system a user changes the password for an account using the passwd command. A normal passwd command performs the following steps
- asks for the old password,
To make sure you are the user who owns the account.
- asks for the new password, and
- asks for the new password again.
Just to check that you didn't make a typing mistake.
Many systems today come with a pro-active passwd program. A pro-active passwd program has a set of rules built into it. If a new password breaks any of those rules it will refuse to change the password (more on proactive password programs in Section 14).
The User Id Number (UID)
Every account on a UNIX system has a unique user or login name that is used by users to identify that account. The operating system does not use this name to identify the account. Instead each account must be assigned a unique user identifier number (UID) when it is created. The UID is used by the operating system to identify the account.
In choosing a UID for a new user there are a number of considerations to take into account including
- choose a UID number between 100 and 32767 (or 60000),
Numbers between 0 and 99 are usually reserved by some systems for use by system accounts. Different systems will have different possible maximum values for UID numbers.
- UIDs for a user should be the same across machines,
Some network systems (e.g. NFS) require that users have the same UID across all machines in the network. Otherwise they will not work properly.
- you may not want to reuse a number.
Not a hard and fast rule. Every file is owned by a particular user id. Problems arise where a user has left and a new user has been assigned the UID of the old user. What happens when you restore from backups some files that were created by the old user? The file thinks it is owned by the user with a particular UID. The new user will now own those files even though the username has changed.
The Mail File
When someone sends mail to a specific user that mail message has to be stored somewhere so that the recipient can read the message later on. Under UNIX each user is assigned a mail file that is located in a specific directory. When they receive a mail message it is appended onto the end of that mail file.
The mail files for all the users on a machine are kept in the same directory. The location of this directory can change depending on the operating system being used. Common locations are /usr/spool/mail /var/spool/mail /usr/mail /var/mail.
Aliases
If you send an e-mail message that cannot be delivered (e.g. wrong address) typically the postmaster for your machine will receive the message. There is usually no account called postmaster. Postmaster is a mail alias.
When the mail delivery program gets mail for postmaster it will not be able to find a matching username. It will then look up a specific file, usually /etc/aliases or /etc/mail/names. This file will typically have an entry
postmaster: root
This tells the delivery program that anything addressed postmaster should actually be delivered to the user root.
Some companies will have a set policy for e-mail aliases for all staff. This means that when you add a new user you also have to update the aliases file.
For example:
-
The Central Queensland University has aliases set up for all staff. An e-mail sent to Initial.Surname@cqu.edu.au will be delivered to that staff member's real mail address.
In my case the alias is d.jones@cqu.edu.au. The main on-campus mail host has an aliases file that translates this alias into my actual e-mail address jonesd@jasper.cqu.edu.au.
Exercise 6-1. Create an alias for yourself that uses your full name separated by a full stop. In my case the alias would be david.jones.
Test your alias. (You will need to send some mail. Typical mail programs include elm, pine and mail.
Home Directories
Every user must be assigned a home directory. When the user logs in it is this home directory that becomes the current directory. Typically all user home directories are stored under the one directory (e.g. /home or /usr/users) and are given names that match the username for the account.
For example:
A user jonesd might have a home directory /home/jonesd
In some instances it might be decided to further divide users by placing users from different categories into different sub-directories.
For example:
All staff accounts may go under /home/staff while students are placed under /home/students. These separate directories may even be on separate partitions.
The Startup Files
When a user logs into a machine they are presented with a specific type of environment. Most of that environment is created by special files (called startup files or dot files) that modify the default environment of the system.
All these files work by modifying the execution of specific commands. Many of them .cshrc, .profile and /etc/profile (for example) work by modifying the behaviour of the login shell. These shell startup files are responsible for
- setting up command aliases,
Some shells allow the specification of aliases for various commands. A common command alias is dir, usually set to mean the same as ls -l.
- setting terminal types, and
- search paths.
Other dot files modify the execution of other programs including editors, mail and news readers and many others. Table 6.1. summarises some of these files.
Filename Command Explanation
$HOME/.cshrc /bin/csh Executed first when logging in for C shell.
Executed every time C shell started. Used
to set things needed for each C shell
$HOME/.login /bin/csh Executed after .cshrc when logging in
for C shell.
/etc/profile /bin/sh Global startup file for Bourne shell.
Used to set machine standard settings
$HOME/.profile /bin/sh Located in users home directory.
Contains user specific settings.
$HOME/.logout /bin/csh executed just prior to the system logging
the user out
$HOME/.forward mail Used to forward mail to another address that
is contained in the file
$HOME/.exrc vi used to set options for vi
$HOME/.mailrc mail used to set mail options, aliases etc.
$HOME is a shell variable that indicates a users home or login directory.
Table 6.1. Sample Startup Files.
It is good policy to provide new users with a standard set of startup files that they can modify if they wish. The easiest way to do this is to create a skeleton directory (usually /etc/skel) that contains all the standard startup files. When a new account is created the standard startup files are copied from the skeleton directory into the new accounts home directory.
Exercise 6-2. Create a .logout and a .login or .profile that maintains a file account.usage in your home directory. The contents of the file account.usage should look something like this
Logged in Thu May 26 11:53:37 EST 1994
Logged out Thu May 26 11:58:37 EST 1994
Logged in Fri May 27 11:00:35 EST 1994
All UNIX systems come with a number of special accounts. These accounts already exist on a system and are there for a specific purpose. Typically these accounts will all have UIDs that are less than 100 and are used to perform a variety of administrative duties. Table 6.2. lists some of the special accounts that may exist on a machine.
Username UID Purpose
root 0 The super user account used by the Systems Administrator.
Can do anything they want, has no restrictions.
daemon 1 The owner of many of the system daemons.
bin 2 The owner of many of the standard executable programs.
Table 6.2. Special User Accounts.
The passwords for these special system accounts must be kept secret or in some cases some system accounts should have invalid passwords (therefore no-one can login as that user).
The UNIX operating system maintains a number of configuration files that store the information discussed above. This section examines each of these files and their format.
Table 6.3. lists the configuration files examined and their purpose. Not all systems will have the /etc/shadow file. In some cases the shadow file will exist but its filename will be different.
File Purpose
/etc/passwd password file, contains a list of users and
most of their information
/etc/shadow shadow password file, contains encrypted password
for users on more secure/modern systems
/etc/group group file, contains a list of the systems groups
and their members
Table 6.3. Account Configuration Files.
The /etc/passwd File
/etc/passwd is the central account configuration file. It is a text file in which each line contains information about one account. Each line is divided into seven fields by colons (sometimes referred to as a colon delimited).
Table 6.4. summarises each of the fields in the /etc/passwd file.
Field Name Purpose
login name user's login name
* encrypted password encrypted version of the user's password
UID number the unique User Identification number used
by UNIX to identify the user
default GID number the Group Identifier number used to group users
comment field no strict purpose, usually contains full name
and phone number of user
home directory the directory into which the user is placed on login
login shell/program the program that is run for the user as they login
(usually a shell)
* on systems with the /etc/shadow file there will be no encrypted password
Table 6.4. Fields of the /etc/passwd file.
The /etc/shadow File
The /etc/passwd file has to be able to be read by every user on the system. This is because many of the programs (ls for example) need to be able to access the /etc/passwd file to perform the translation from UID to username.
The problem with everyone being able to read the /etc/passwd file is that everyone can also read the encrypted passwords contained there. The method used to encrypt the passwords is supposedly a one way encryption algorithm. This means that people trying to break into a system cannot break into the system by running a program that decrypts the passwords.
However what they can do is obtain an on-line dictionary of words and encrypt the whole dictionary. This provides them with a list of encrypted words that can be compared with the encrypted passwords from the /etc/passwd file. If an account has a simple word as the password then the encrypted password will match one of the encrypted words from the dictionary. With a carefully chosen dictionary between 10-20% of passwords can be broken on any machine (discussed in Section 14).
To get around this problem recent versions of the UNIX operating system will not store the encrypted password in the /etc/passwd file. It has been moved to the /etc/shadow file. The shadow file can only be read by the super user.
The shadow file can also go under a number of different names depending on the version of UNIX being used.
The shadow file is a recent addition to UNIX systems and provides a more secure method for storing the user's encrypted password. Typically the shadow file consists of one line per user containing the encrypted password and some additional information. Figure 6.1 lists some of the fields encountered in a typical shadow file.
Most systems that support the shadow password file also support password aging. Password aging allows the Systems Administrator to add a number of additional restrictions to passwords including
- a minimum time period before a password can be changed,
This prevents users from changing passwords every day.
- a maximum number of days a password can be used, and
Forces users to change passwords after a set time period. Prevents them from using the same password forever.
- a number of days before the account will automatically expire.
For example:
An example shadow file taken from a Linux machine (the encrypted passwords have been modified)
ba012:FjmJeOIdfeKcE:8903:0:99999:7:0:0:0
ba015:OsR54f8BVxRTI:8905:0:99999:7:0:0:0
ba014:NPd32s/JvzCRg:8905:0:99999:7:0:0:0
Exercise 6-3. Does your system support shadow passwords? If so in which file are the encrypted passwords stored?
Hint: try looking in the /etc directory, try the man pages for passwd.
Exercise 6-4. Does your system support some form of password aging?
The /etc/group File
A group is a logical collection of users. Users with similar needs or characteristics are usually placed into groups. A group is a collection of user accounts that can be given special permissions. Groups are often used to restrict access to certain files and programs to everyone but those within a certain collection of users.
For example:
-
On the Central Queensland University UNIX machine jasper only certain users are allowed to have full Internet access. All these users belong to the group angels. Any program that provides Internet access has as the group owner the group angels and is owned by the root user. Only the group owner and the owner may execute these files.
The /etc/group file maintains a list of the current groups for the system and the users that belong to each group. /etc/group is like /etc/passwd in that it is colon delimited text file. Figure 6.2 summarises the fields of/etc/group.
For example:
friend::101:davido,david
staff::102:carterb
Adding a user is a fairly mechanical task and can be automated via shell scripts with little difficulty. In fact most machines come with scripts that do it. The steps involved in creating a new account include
- modifying the /etc/passwd file,
- set an initial password,
- modify the /etc/group file,
- create the home directory,
- create the new user's mail file,
- create any startup files required for the user, and
- test that the addition has worked.
Prerequisite Information
Before adding a user to your system you will need to know the following information.
Information My Site
username format
user's personal information
user's group
location of user's home directory
location of mail boxes
user's startup shell
location of skeleton startup files
Table 6.5. Requisite Knowledge for Adding a User.
Modify the /etc/passwd file
For every new user an entry has to be added to the /etc/passwd file. There are a variety of methods by which this is accomplished including
- appending information to the /etc/passwd file,
This is a method that is often used. However it can be unsafe and it is generally not a good idea to use it.
- the command vipw, or
Some systems (usually BSD based) provide this command that invokes an editor so the Sys Admin can edit the passwd file safely. The command performs some additional steps that ensures the editing is performed consistently.
- a dedicated adduser program.
Many systems provide a program (the name will change from system to system) that accepts a number of command-line parameters that specify the values for each of the fields of the passwd file.
Set an initial password
NEVER LEAVE THE PASSWORD FIELD BLANK.
If you are not going to set a password for a user put a * in the password field of /etc/passwd or the /etc/shadow file. On most systems the * character is considered an invalid password and it prevents anyone from using that account.
If a password is to be set for the account then the passwd command must be used. The user should be forced to change immediately any password set by the Systems Administrator.
Modify the /etc/group file
Add the user's login name to the correct group entry. If necessary you may have to create a new group entry.
Make the home directory
Not only must the home directory be created but the permissions have to be set correctly so that the user can access the directory.
For example:
mkdir home_directory
chown login_name home_directory
chgrp group_name home_directory
The permissions of a home directory should be set such that
- user owner should be the owner of the account,
- group owner should be the primary group the account belongs to (the one listed in /etc/passwd),
- at the very least the owner of the directory should have rwx, and
- the group and other permissions should be set as restrictive as possible (possibly to none at all).
Creating the Mail File.
One of the responsibilities that must be carried out when creating a new user is to create an empty mail file in the correct location. It is important that the ownership and the permissions on the mail file are set correctly.
The permissions of a mail file should allow
- the user needs to be able to read and write the file so the mail can be read and deleted (the user should own the mail file),
- the group owner should be group mail and it should be able to read and write the file
The programs that deliver mail to the file are owned by the group mail. It needs to be able to write to the file to deliver the mail.
- no-one else should have any access to the file
No-one wants anyone else peeking at their private mail.
For example:-
Creating a mail file for the user david
touch /usr/spool/mail/david
chown david /usr/spool/mail/david
chgrp mail /usr/spool/mail/david
chmod 660 /usr/spool/mail/david
Exercise 6-5. Write a shell function create_mail that accepts the login name of the new user, creates their mail file and sets the appropriate permissions. Remember that not every site is going to have the same location for mail files. Define a shell variable that holds the location of the mail folders for the current system.
Copy any startup files
Place in the user's home directory the appropriate startup files. Once again make sure to use chown so that the user owns the files.
Verify the addition
This is an optional procedure to check that the new account works. Login as the user and examine the current working directory and the various permissions.
The super user does not need the user's password to login as that user, they can use the su command.
For example:
-
su - david
Simulates a full login as the user david. This actually forces all the startup files to be executed. If this command is executed as the root user no password will be prompted for.
Inform the user
Tell the user their account is ready, what their password is and what the various local customs are. It is best to do this in person.
Deleting an account involves reversing the steps carried out when the account was created. It is a destructive process and whenever something destructive is performed care must always be taken.
Change the password field
The account should be automatically disabled so as to prevent someone using the account. One method is to insert into the password field (in /etc/passwd or /etc/shadow) an invalid character. An example would is the * character. * EXPIRED 1/1/93* is one format that can be used.
Another method is to simply remove the entry from the /etc/passwd and /etc/shadow files all together.
Back up the user's home directory and contents
It is possible that this user may have some files that need to be used by other people. So back everything up, just in case.
Remove the user's files
All the files owned by the account should be removed from whereever they are in the file hierarchy. It is unlikely for a user to own files that are located outside of their home directory (except for the mail file). However it is a good idea to search for them. The command find / -user UID -print will display full path names of any file owned by the user with the UID UID.
Depending on the system it may be a good idea to take a backup copy of the user's files before removing them.
Mail for Old Users
In most cases once you've deleted a user's mail box any mail sent to that user will bounce (that is be returned to the sender as undeliverable). In some cases this might be the desirable outcome.
However what happens if the user has moved onto a new machine and would like their mail forwarded? One solution is to create a mail alias for the user that points to their new address.
One of the first processes that many Systems Administrators automate is the creation of new accounts. The following shell script is used on the CQ-PAN system. CQ-PAN is a research project within the Department of Maths & Computing at the Central Queensland University that is supplying Internet access to the general public. It is included here to provide an example of a shell script used to create new accounts.
#!/bin/bash
# FILE: /usr/local/adm/bin/makeeuser
# FORMAT: makeeuser [username]
# [username "comment"]
# [username "comment" home_dir]
# username is the new username
# "comment" is the GCOS information for the account
# home_dir is the home directory of the account
# AUTHOR: David Jones (based on a script by Chris Parry)
# PURPOSE: Creates a new user account.
# The script does very little checking as it relies
# on the supplied useradd command to do much of it for us.
# HISTORY: makesuser Created 27/03/94
# makeeuser started 2/6/94
home_dir='/home/os'
email=/tmp/asemail$$
init_group='os'
login_shell='/bin/bash'
admin_address='david@bertha' # addres to send notification
welcome_mail='/usr/local/extern/welcome'
trap "" 1 2 3 15
if [ `whoami` != "root" ]; then
echo "Only root may add users to the system."; exit 1
fi
# Get the login name of the user.
if [ "$#" -lt 1 ]; then
echo -n 'Enter login name: '
read username junk
else
username="$1"
fi
# Convert extern name to lower case.
username=`echo $username | tr "[A-Z]" "[a-z]"`
# Get the account description field.
if [ "$#" -le 1 ]; then
echo -n 'Please input the Users full name==> '
read comment
echo -n 'Please enter the Users student number==> '
read student_num
else
comment="$2"
fi
# Get the location of the home directory of the account.
home_dir=$home_dir/$username
# Create the new extern user account.
# Add a new extern account and the first extern administration account.
/usr/sbin/useradd -c"$comment" -d$home_dir -m -k/etc/skel -g$init_group -s$login_shell $username
# Make sure the home directory of the account exists.
if [ -d "$home_dir" ]; then
# Create a mail file for the account.
touch /usr/spool/mail/$username
chmod 660 /usr/spool/mail/$username
chown $username /usr/spool/mail/$username
chgrp mail /usr/spool/mail/$username
# Set the password life of the account.
passwd -x 365 -n 0 $username
# Record the account creation details into a temporary account to be
# mailed to administration when completed processing.
fi
if [ $# -eq 0 ]
then
passwd $username
fi
There are two problems that the CQ-PAN script does not address
- how do you set a password without having to type it in yourself, and
If you are creating 300 new user accounts you don't want to have to think of new passwords for each user and then enter them yourself. The best solution would be to have a program generate and set them for you. The problem here is that the passwd command requires input from the user and redirecting input from another program won't work. This means you can't automate on the passwd command so you can't do it easily from a shell script.
- how do you let an offsider handle the menial task of adding a user without giving them root access?
Creating new accounts is a fairly mundane job especially when it is automated. A Systems Administrator is typically better occupied doing something more complex. It would be nice to be able to let someone with less responsibility do this task. But how do you let them do this without giving them the root password?
Both these problems have already been solved. Table 6.6. describes to public domain utilities that solve these problems.
Program Name Purpose Location
sudo Allocate specific root ftp.connect.com.au
on a user by user basis /pub/security/sudo.v1.2.tar.Z
expect provide the ability to use ftp.connect.com.au
interactive commands from /pub/misc/expect.tar.Z
a shell script without
user intervention
Table 6.6. Sudo and expect.
expect and sudo are NOT standard UNIX commands. They are programs that have been written by Systems Administrators to solve these problems and then made available to the general public free of charge. The locations specified in Table 6.6. are FTP sites and are only useful to you if you can gain access to the Internet.
Using existing software instead of writing your own is a good example of another Systems Administration maxim, "Never reinvent the wheel". If someone else has already solved a problem it is stupid for you to waste your time trying to solve it again.
Exercise 6-6. Write a shell function get_uid that returns the next free UID number. (Some systems by default have a user with a very high UID. This means you can't just sort the passwd file on UID and get the last entry.)
Exercise 6-7. Write a shell function make_username that accepts a user's firstname and lastname as parameters and then sets a variable username. username is to contain a username for this user using the format, first seven letters of the surname followed by the first initial. For example:
David Jones turns into jonesd
Georgina Pickering turns into pickerig
Hopefully by now you are familiar with the process, commands and configuration files associated with adding and deleting a user from a UNIX system. You should also be aware of mail aliases, password aging, the ownership and location of mail spool files and the various start up files executed when a user logs in.
6.1. Write an adduser script that uses some of the scripts written for this section. Make sure it makes use of any commands that may be specific to your system.
Previous | Next
David Jones (author)
Chris Hanson (html 27/08/96)