management using the su command. There are several ways to create new users in Linux, but this section shows you the easy way, using a trio of commands: adduser, passwd, and chfn.

The first step in creating a new user is to use the adduser command, found under the /usr/sbin directory. You must be the root operator to run this program:

# adduser

Only root may add users to the system.

The adduser program also requires you to specify a user name on the command line, for example:

# adduser cloobie



Looking for first available UID... 502

Looking for first available GID... 502



Adding login: cloobie...done.

Creating home directory: /home/cloobie...done.

Creating mailbox: /var/spool/mail/cloobie...done.



Don't forget to set the password.

The command will create an account, assign a user identification (UID), a group identification (GID), and then create a directory called cloobie under the /home directory. As a reminder, the adduser program tells you to set a password for your new user.

Changing Passwords in /etc/passwd with the passwd Command

After creating your new user, you must assign a password with the passwd command. This command will create an entry in the passwd text database in the /etc directory. To show you how this works, the following example shows you the passwd file, creates a password for your new user, and then shows you the password file so you can see the new entry.

# cat /etc/passwd

root:syvolaPd3M4QE:0:0:root:/root:/bin/bash

bin:*:1:1:bin:/bin:

daemon:*:2:2:daemon:/sbin:

adm:*:3:4:adm:/var/adm:

lp:*:4:7:lp:/var/spool/lpd:

sync:*:5:0:sync:/sbin:/bin/sync

shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown

halt:*:7:0:halt:/sbin:/sbin/halt

mail:*:8:12:mail:/var/spool/mail:

news:*:9:13:news:/var/spool/news:

uucp:*:10:14:uucp:/var/spool/uucp:

operator:*:11:0:operator:/root:

games:*:12:100:games:/usr/games:

gopher:*:13:30:gopher:/usr/lib/gopher-data:

ftp:*:14:50:FTP User:/home/ftp:

nobody:*:99:99:Nobody:/:

bball:ODyJ5x09iRgNQ:500:500:Billy Ball,,,,:/home/bball:/bin/bash

cloobie:*:502:502:RHS Linux User:/home/cloobie:/bin/bash

You can see that although an account has been created, and contains a username, UID, PID, name, directory, and default shell, there's no password. To add a password, type the command, along with the new user's name:

# passwd cloobie

New UNIX password:

Retype new UNIX password:

passwd: all authentication tokens updated successfully

You'll be asked for a password, and then asked to retype it to verify. If all goes well, the password will be recorded in /etc/passwd, for example:

cloobie:9Qa4.uFMhmInA:502:502:RHS Linux User:/home/cloobie:/bin/bash

Later on, users can change their own password by using the passwd command, and you should encourage frequent password changes.

Finally, you'll also want to use the chfn command to enter formal information about users, or have your users enter this information. The chfn command will ask

# chfn cloobie

Changing finger information for cloobie.

Name [RHS Linux User]: Mr. Cloobie Doo

Office []: 400 Pennsylvania Ave.

Office Phone []: 202-555-1212

Home Phone []: 202-555-4000



Finger information changed.

If you now examine the /etc/passwd entry, you'll see

cloobie:9Qa4.uFMhmInA:502:502:Mr. Cloobie Doo,400 Pennsylvania Ave.,

202-555-1212,202-555-4000,:/home/cloobie:/bin/bash

This information is used by the finger command. The formal name may also be used along with the user name in mail messages, for example:

#  finger cloobie

Login: cloobie                          Name: Mr. Cloobie Doo

Directory: /home/cloobie                Shell: /bin/bash

Office: 400 Pennsylvania Ave.           Office Phone: 202-555-1212

Home Phone: 202-555-4000

Never logged in.

No mail.

No Plan.

The finger command will extract the user's information from the /etc/passwd file and print it in a nice format. One of the other things you should note in a user's /etc/passwd entry is the name of a shell at the end. This can be a unique way to not only specify the type of shell used (your Linux system is set up to assign the bash shell by default), but to restrict the user to a particular program.

Restricting Logins

Your users normally can change the shell used after login through the chsh command. You can list the currently available shells by using the chsh command's -l (list shells) option, for example:

# chsh -l

/bin/ash

/bin/bsh

/bin/bash

/bin/sh

/bin/csh

/bin/ksh

/bin/tcsh

The chsh command looks in a file called shells under the /etc directory, and prints a list. This does not mean that these shells are available, just "acceptable." You can edit this file, adding or removing shells that can be specified by your users. You should make sure that the shells listed in this file are available on your system. To change shells, you can type

# chsh -s /bin/ksh

Changing shell for root.

Shell changed.

You can also use the chsh command to specify a program, other than a shell, to use as the program run when the user logs in, for example:

# chsh -s /usr/bin/pico cloobie

Changing shell for cloobie.

Warning: "/usr/bin/pico" is not listed as a valid shell.

Shell changed.

The chsh program will complain if the program is not listed as a shell in the /etc/shells file. Then check to see if the change was made:

# cat /etc/passwd

...

cloobie:9Qa4.uFMhmInA:502:502:Mr. Cloobie Doo,400 Pennsylvania Ave.,

202-555-1212,202-555-4000,:/home/cloobie:/usr/bin/pico

The preceding example specified the text editor pico, which would allow a user to do word processing, printing, or spell-checking of documents, but that's all! As soon as the user logs into Linux, the user is right in the text editor. After quitting the text editor, the user is logged out. This is a handy technique you can use to restrict users, especially children, if you only