Next | Prev | Up | Top | Contents | Index

Adding User Accounts Using Shell Commands

Occasionally, you may have to add a user account manually; in other words, without using the automated tools such as the System Manager. This method is the default for server administrators, but all administrators should understand the process in case a problem develops with some part of the automated tools or if you wish to design your own scripts and programs for administering user accounts at your site. Be sure to check your work with the pwck(1M) command.

Follow these steps to add a user manually:

  1. Log in as root.

  2. Edit the file /etc/passwd with your preferred text editor.

    The file /etc/passwd has one line for each account on the system. Each line contains seven fields, and each field is separated by a colon. The lines look similar to this:

    ralph:+:103:101:Ralph Cramden:/usr/people/ralph:/bin/csh

  3. Copy one of the lines (for example, the last line in the file) and add it to the end of the file.

  4. Change the first field (ralph in this example) to the name of the new account; for example, alice.

  5. Remove any characters between the first colon after the account name and the second colon. Deleting these characters removes the password from an account. Either you or the new user can add a password later.

  6. The next field (in this case ''103'') is the user ID of the new account. Change it to a number 1 greater than the current highest user ID on your system. You should not use user ID numbers between 0 and 100, as these are reserved for system use.

  7. The next field (in this case ''101'') is the group ID number of the new account. Check the file /etc/group and pick a suitable group ID for the new user account. The /etc/group file lists all the groups on the system by group ID, followed by a list of the current users who belong to that group.

  8. Change the next field (in this case Ralph Cramden) to the name of the new user, in this case Alice Cramden. If you wish, you can add an ''office'' and ''phone number'' to this field. After the user's name, add a comma, then the office location, another comma, and the phone number. For example:

    :Alice Cramden, Brooklyn, (212) 555-1212:

    Actually, you can put any information you wish in these fields. The fields are interpreted by the finger(1) program as ''user name, office, phone number.''

  9. The next field (in this case /usr/people/ralph) is the location of the user's home directory. Change this field to reflect the name of the new user's account. In this example, you would change /usr/people/ralph to /usr/people/alice.

  10. The last field (in this example /bin/csh) is the user's login shell. For most users, the C shell (/bin/csh), Korn Shell (/bin/ksh), or Bourne shell (/bin/sh) is appropriate. You should leave this field unchanged, unless you wish to use a different or special shell. Special shells are discussed in "Configuring Special Login Shells". Once you have selected a shell, you are finished editing /etc/passwd.

  11. Write the changes you made and exit the file.

    The next step, which is optional, is to add the new user to the file /etc/group. A user can be a member of a group without being listed in the /etc/group file.

  12. If you want to maintain a list of the groups to which users belong, edit the file /etc/group. You should see some lines similar to this:

    sys::0:root,bin,sys,adm

    root::0:root

    daemon::1:root,daemon

    bin::2:root,bin,daemon

    adm::3:root,adm,daemon

    mail::4:root

    uucp::5:uucp

    rje::8:rje,shqer

    lp:*:9:

    nuucp::10:nuucp

    bowling:*:101:ralph

    other:*:102:

    Place the name of the new account (in this example alice) after any of the groups. Separate the account name from any other account names with a comma, but not with blank spaces. For example:

    bowling:*:101:ralph,alice

    Adding account names to the /etc/group file is optional, but it is a good way to keep track of who belongs to the various system groups.

    Also, you can assign an account to more than one group by placing the account name after the names of the various groups in /etc/group. The user can change group affiliations with the newgrp(1) and multgrps(1) commands.

  13. When you finish editing /etc/group, write your changes and exit the file.

    The next step is to create the new user's home directory and copy shell startup files over to that directory.

  14. Use the mkdir(1) command to create the user's home directory. For example, to create a home directory for the user ''alice'':

    mkdir /usr/people/alice

    Make the directory owned by user alice, who is in group bowling:

    chown alice /usr/people/alice

    chgrp bowling /usr/people/alice

    Make sure the new home directory has the appropriate access permissions for your site. For a site with relaxed security:

    chmod 755 /usr/people/alice

    For more information on the chown(1), chgrp(1), and chmod(1) commands, see the respective reference pages.

  15. Copy the shell startup files to the new user's home directory.

    If the new account uses the C shell:

    cp /etc/stdcshrc /usr/people/alice/.cshrc

    cp /etc/stdlogin /usr/people/alice/.login

    If the new account uses the Korn or Bourne shell:

    cp /etc/stdprofile /usr/people/alice/.profile

  16. You can make these shell startup files owned by the user, or leave them owned by root. Neither approach affects how the user logs in to the system, although if the files are owned by root, the user is less likely to alter them accidentally and be unable to log in.

    To give a user complete access to his or her shell startup files, use the chmod command. For C shell:

    chmod 755 /usr/people/alice/.cshrc /usr/people/alice/.login

    For Korn or Bourne shell:

    chmod 755 /usr/people/alice/.profile

    Remember to check for any other user files that may be owned by root in the user's directory, and change those, too.

  17. Issue the pwck(1M) command to check your work. This command performs a simple check of the /etc/passwd file and makes sure that no user ID numbers have been reused and that all fields have reasonable entries. If your work has been done correctly, you should see output similar to the following:

    sysadm:*:0:0:System V Administration:/usr/admin:/bin/sh

    Login directory not found

    auditor::11:0:Audit Activity Owner:/auditor:/bin/sh

    Login directory not found

    dbadmin::12:0:Security Database Owner:/dbadmin:/bin/sh

    Login directory not found

    tour::995:997:IRIS Space Tour:/usr/people/tour:/bin/csh

    Login directory not found

    4Dgifts::999:998:4Dgifts Acct:/usr/people/4Dgifts:/bin/csh

    First char in logname not lower case alpha

    1 Bad character(s) in logname

    Login directory not found

    nobody:*:-2:-2::/dev/null:/dev/null

    Invalid UID

    Invalid GID

    These messages are normal and expected from pwck. All errors generated by pwck are described in detail in the pwck(1M) reference page.

Next | Prev | Up | Top | Contents | Index