Linux with Operating System Concepts

User Accounts
◾
359
and less hassle in the long run when you have numerous, possibly dozens or hundreds, of 
accounts to generate. The command line instruction allows you to use command line edit-
ing for convenient and quick entry. Or, you can use a shell script, calling upon the useradd 
instruction.
Consider that you want to add three new accounts, Mike Keneally, George Duke, and 
Ruth Underwood. You want to use the defaults for all three. You might specify the first 
instruction:
useradd –c “Mike Keneally” –m keneallym 
<
enter 
>
Now, use command line editing to alter this instruction and modify it for the other two 
new users. You could do this as follows:
• 
control
+
p
—recall the instruction
• 
escape
+
b
—move to beginning of username
• 
control
+
k
(or 
escape
+
d
)—delete username
• 
dukeg
—enter new username
• 
control
+
a
, 
escape
+
f
, 
escape
+
f
, 
control
+
f
, 
control
+
f
—move to the “M” 
in Mike Keneally
• 
escape
+
d
, 
escape
+
d
—delete Mike Keneally (if there were more than two names 
in quotes, do additional escape
+
d’s)
• 
George Duke
—type the new name
•
<
enter
>
And repeat for Ruth Underwood. This saves a little mouse usage and has the same 
amount of typing because you would have to enter George Duke (name), dukeg (user-
name), Ruth Underwood, underwoodr in the GUI as well as the command line.
Alternatively, a nice little shell script would also simplify matters. Place the three names 
in a text file and then use the following script. For this script, we will make the assumption 
that each name is fully lowercased so that the username is also fully lowercased.
#!/bin/bash
while read first last; do
name
=
“$first $last”
username
=
“$last${first:0:1}”
useradd –c “$name” –m $username
done
This script should be easy to understand. First, we iterate over each row of the file, read-
ing in two values and storing them in the variables 
first
and 
last
, respectively. We 

360
◾
Linux with Operating System Concepts
form the value for the 
name
to be used in the comment field as 
“$first $last”
. We 
then form the username as last name and first initial, as in underwoodr. Now, we use 
$name
and 
$username
in useradd to create the account. Assuming this script is called 
create_users.sh
and our list of usernames (just first and last names) is stored in 
new_users.txt
, we run the script as 
./create_users.sh 
<
new_users.txt
.
What happens if there is already a user in the system with the same username? If we 
already have a user Tom Fowler with a username of fowlert, then when we try to add Tim 
Fowler, we receive an error because fowlert already exists.
Let us use a slightly different naming scheme. Our usernames will be last name, first 
initial, number, where the number will be one greater than the previous user of the same 
name. This will require that we first inspect the usernames to see how many share the same 
last name and first initial.
#!/bin/bash
while read first last; do
name
=
"$first $last"
username
=
"$last${first:0:1}"
n
=
‘egrep –c $username /etc/passwd‘
n
=
$((n 
+
1))
username
=
$username$n
useradd –c “$name” –m $username
done
Here, we have added two instructions to handle the numbering of each username. First, 
we use egrep to count the number of occurrences of the entries in /etc/passwd that have 
$username where username is last name and first initial. This is stored in the variable n. 
We add 1 to n so that the new user has a value one greater than the last user whose name 
matches.
Notice that if there are no current users of this name, n will store 0 before we add 1, so 
it becomes 1 so that the new user’s number is a 1. Thus, the first time we have a fowlert, his 
username becomes fowlert1. The next time we look for a fowlert, we find one in the /etc/
passwd file so that n becomes 2 and the next user is given the name fowlert2.
Another option to the mass creation of user accounts is to use the program 
newusers
, 
stored in /usr/sbin. This program is similar in nature to the shell script developed above but 
requires a more complex text file of user data.
The format in the text file is a row of information describing each new user. The infor-
mation is separated by colons and consists of the user’s username, an initial user password, 
the user’s UID and private group GID, comment, the user’s home directory location, and 
the user’s shell. If the username supplied already exists, then newusers will modify the 
name before generating the new account, for instance, by adding a number to the end of 
the name. An entry in the data file will look like this:
username:passwd:uid:gid:comment:dir:shell

User Accounts
◾
361
The comment field should be the user’s full name. The UID and GID are optional and 
can appear as ::, that is, nothing between two colons. The default for UID and GID are one 
greater than the previously used value. If the UID or GID are names that are already in use, 
then the UID or GID use the existing value, making it nonunique.
The newusers command has some modest error checking, for instance, by allowing 
duplicate UIDs and GIDs. If the path specified in the directory is erroneous, newusers 
does not terminate but continues without generating the directory. Thus, the new user will 
not have a home directory. However, newusers sends an error message to STDERR so that 
the system administrator can resolve the problem and create a home directory by hand. On 
the other hand, no checking is performed on the shell specified. If the shell is erroneously 
listed, then the entry in /etc/passwd will also be erroneous.
As newusers will automatically take the text-based password specified for a user and 
encrypt it, you are able to specify which encryption algorithm to use. This is accomplished 
using the 
–c 
method
option, where method is one of 
DES
, 
MD5
, 
NONE
, 
SHA256
, or 
SHA512
. The latter two are only available if you have the proper library available. An addi-
tional option is -r to create a system account.
Although this program is executable by the world, only root can actually run it because 
only root has write access to the /etc/passwd file. Further, the input file needs to be pro-
tected with proper permissions because it stores unencrypted passwords. As /root is typi-
cally not accessible to anyone other than root, it is best to store the newusers’ input text 
files underneath /root.
9.3 MANAGING USERS AND GROUPS
With users and groups created, we must manage them. Management will include making 
modifications to users’ accounts (e.g., changing shells or home directories) and groups 
(e.g., adding users to a group). A useful program to inspect a user’s information is 
id
. 
The id program returns the given user’s UID, GID of the given user’s private group, other 
groups that the user is a member of, and the user’s SELinux context. For instance, 
id 
foxr
might result in the output
uid
=
503(foxr) gid
=
503(foxr) groups
=
503(foxr),504(cool)
context
=
unconfined_u:unconfined_r:unconfined_t:
s0–s0:c0.c1023
Without the username, id returns the current user’s information. The security context 
will not display for other users unless you issue the command as root.
9.3.1 GUI User Manager Tool
There are two ways to modify a user or a group. First, you can use the GUI User Manager 
tool. For either a user or software account, highlight the specific user from the list in the 
GUI and select Properties. This brings up a window that allows you to make changes to 
that user. Figure 9.4 illustrates the user property window for a user account.

362
◾
Linux with Operating System Concepts
The tabs along the top of the property window are User Data, Account Info, Password 
Info, and Groups. The User Data is the same as the information specified via the GUI Add 
User window: User Name, Full Name (comment field), Home Directory, Login Shell, as 
well as the password. To change the password, you would specify the password and then 
confirm it. The Account Info tab allows you to specify an expiration date. At this date, 
the account will expire, meaning that the user is no longer able to log into it. The account 
still exists. The Account Info tab also lets you lock the password (this disallows the user 
from changing passwords). The Password Info tab allows you to specify password expira-
tion information (covered in Section 9.4). The Groups tab lists all groups in the system 
and allows you to change group membership for this user by checking or unchecking any 
group entry.
The Group Properties window contains only two tabs, Group Data and Group Users. 
Group Data allows you to change the group’s name while Group Users lists all usernames 
and lets you add or remove users from the group.
The GUI also allows you to select a user or group and click on Delete. If you are deleting 
a user, you are asked whether to also delete the user’s home directory, mail file, and tempo-
rary files. You will also be warned if that user has processes running (which usually means 
that the user is still logged in). For group deletion, if you select a user’s private group will 
be told that you are not allowed to delete that group.
9.3.2 Command Line User and Group Management
The command line instructions equivalent to the GUI for user and group management 
are 
usermod
, 
userdel
, 
groupmod
, and 
groupdel
. The usermod operation has 
FIGURE 9.4 
User properties.

User Accounts
◾
363
similar options to useradd. In addition, you can specify 
–l 

Download 5,65 Mb.

Do'stlaringiz bilan baham: