-->
Previous Table of Contents Next


In general, the process for manually adding a new user to your system is as follows:

1.  Add an entry for the user in the /etc/passwd file.
2.  Create the user’s home directory and set the ownership.
3.  Copy the shell startup files and edit their settings and ownerships.

Some distributions of the Linux system have a holdover command from the Berkeley BSD UNIX version. The command vipw invokes the vi editor (or whatever the default system editor has been set to) and edits a temporary copy of the /etc/passwd file. The use of a temporary file and file lock acts as a lock mechanism to prevent two different users from editing the file at the same time. When the file is saved, vipw does a simple consistency check on the changed file, and if all appears proper, the /etc/passwd file is updated.

The automated scripts for Linux tend to have the names useradd or adduser. When run, they prompt you for all the information that is necessary in the /etc/passwd file. Both versions let you exit at any time to avoid changing the /etc/passwd file. The automated scripts also tend to ask for an initial password, which you can set to anything you want or leave blank. One advantage of the automated scripts is that they copy all the configuration files for the supported shells automatically, and in some cases, make environment variable changes for you. This can significantly simplify the process of adding users.


Note:  
A quick note on passwords—they are vitally important to the security of your system. Unless you are on a standalone Linux machine with no dial-in modems, every account should have a secure password. Passwords are assigned and changed with the passwd command. The superuser can change any password on the system, but a user can only change his own password.

Deleting Users

Just like adding new users, deleting users can be done with an automated script or manually. The automated script deluser or userdel asks which user you want to delete, and then removes the entry from the /etc/passwd file. Some scripts also clean out the spool and home directory files, if you want. You must make any deletions to the /etc/passwd file when logged in as root.

If you delete users manually, simply remove their entries from the /etc/passwd file. Then you can clean up their directories to clear disk space. You can completely delete all their files and their home directory with the following command:


rm -r /home/userdir

/home/userdir is the full pathname of the user’s home directory. Make sure there are no files you want to keep in that directory before you blow them all away!

Next, you should remove the user’s mail spool file, which is usually kept in /usr/spool/mail/username. For example, to remove the user walter’s mail file, issue the following command:


rm /usr/spool/mail/walter

The spool file is a single file, so this command cleans up the entries properly. To finish off the mail cleanup, check that the user has no entries in the mail alias files (usually /etc/aliases) or you can force all mail for that user to another login (such as root). To make any changes to the /etc/aliases file effective, you must run the newaliases command.

Finally, clean up the user’s cron and at jobs. You can display the user’s crontab file using the crontab command.

If you need to retain the user for some reason (such as file ownerships, a general access account, or accounting purposes), you can disable the login completely by placing an asterisk in the password field of the /etc/passwd file. That login can never be used once an asterisk is in the password field. If you need to reactivate the account, simply run the passwd command.

The process for manually deleting a user (or using an automated script that doesn’t clean up directories and files) is as follows:

1.  Remove the user’s entry from /etc/passwd and /etc/group.
2.  Remove the user’s mail file and any mail aliases.
3.  Remove any cron or at jobs.
4.  Remove the home directory if you don’t want any files it contains.

Occasionally, you may want to temporarily disable a user’s account, such as when he or she goes on an extended leave or vacation. If you want to temporarily disable the login but be able to recover it at any time in the future, add an asterisk as the first character of the encrypted password. Don’t alter any characters in the existing passwords, but just add the asterisk to the front. When you want to reactivate the account, remove the asterisk, and the password is back to whatever it was set at before you made the changes.


Previous Table of Contents Next