ADDUSER(8) ADDUSER(8) NAME adduser - procedure for adding new users DESCRIPTION To add an account for a new user, the system administrator (or super- user): o Create an entry for the new user in the system password files. o Create a home directory for the user, and change ownership so the new user owns that directory. o Optionally set up skeletal dot files for the new user (.cshrc, .login, .profile...). o If the account is on a system running the Network Information Service (NIS), take additional measures. USAGE Making an Entry in the Password File To add an entry for the new login name on a local host, first edit the /etc/passwd file -- inserting a line for the new user. This must be done with the password file locked, for instance, by using vipw(8), and the insertion must be made above the line containing the string: +::0:0::: This line indicates that additional accounts can be found in the NIS service. To add an entry for the new login name into the NIS service, add an identical line to the file /etc/passwd on the NIS master server, and run make(1) in the directory /var/yp (see ypmake(8) for details) to propagate the change. The new user is assigned a group and user ID number (GID and UID respectively). UIDs should be unique for each user and consistent across the NFS domain, since they control access to files. GIDs need not be unique. Typically, users working on similar projects will assigned to the same group. The system staff is group 10 for histori- cal reasons, and the super-user is in this group. An entry for a new user francine would look like this: francine::235:20:&& Featherstonehaugh:/usr/francine:/bin/csh Fields in each password-file entry are delimited by colons, and have the following meanings: o Login name (francine). The login name is limited to eight characters in length. o Encrypted password or the string ##name if encrypted pass- words are stored in the password adjunct file. Typically, if passwords are to be stored in the main password file, this field is left empty, so no password is needed when the user first logs in. If security demands a password, it should be assigned by running passwd(1) immediately after exiting the editor. The number of significant characters in a password is eight. (See passwd(1).) o User ID. The UID is a number which identifies that user uniquely in the system. Files owned by the user have this number stored in their data blocks, and commands such as ls (1V) (see ls(1V)), use it to look up the owner's login name. For this reason, you cannot randomly change this number. See passwd(5) for more information. o Group ID. The GID number identifies the group to which the user belongs by default (although the user may belong to additional groups as well). All files that the user creates have this number stored in their data blocks, and commands such as ls(1V) (see ls(1V), use it to look up the group name. Group names and assignments are listed in the file /etc/group (which is described in group(5)) or in the NIS group map. o This field is called the GCOS field (from earlier implementa- tion of the operating system) and is traditionally used to hold the user's full name. Some installations have other information encoded in this field. From this information we can tell that Francine's real name is `Francine Featherstone- haugh'. The && in the entry is shorthand for the user's login name. o User's home directory. This is the directory in which that user is "positioned" when they log in. o Initial shell which this user will see on login. If this field is empty, sh(1) is used as the initial shell. An entry for a new user francine would look like this: francine:::::lo:ad,+dw Fields in each password adjunct file entry are delimited by colons, and have the following meanings: o Login name (francine). This name must match the login name in the password file. o Encrypted password. Typically, this field is left empty when adding the line using the editor. passwd(1) should be run immediately after exiting the editor. o The next three fields are the minimum label, the maximum label, and the default label. These fields should be left empty, since they are reserved for future use. o The next two fields are for the always-audit flags and the never-audit flags. Always-audit flags specify which events are guaranteed to be audited for that user. Never-audit flags specify which events are guaranteed not to be audited for that user. For a description of audit flags, see audit_data(5). Making a Home Directory As shown in the password file entry above, the name of Francine's home directory is to be /usr/francine. This directory must be created using mkdir(1), and Francine must be given ownership of it using chown(8), in order for her profile files to be read and executed, and to have con- trol over access to it by other users: example# mkdir /usr/francine example# /usr/etc/chown francine /usr/francine If running under NFS, the mkdir(1) and chown(8) commands must be per- formed on the NFS server. Setting Up Skeletal Profile Files New users often need assistance in setting up their profile files to initialize the terminal properly, configure their search path, and per- form other desired functions at startup. Providing them with skeletal profile files saves time and interruptions for both the new user and the system administrator. Such files as .profile (if they use /usr/bin/sh as the shell), or .cshrc and .login (if they use /usr/bin/csh as the shell), can include commands that are performed automatically at each login, or whenever a shell is invoked, such as tset(1). The ownership of these files must be changed to belong to the new user, either by running su(1V) before making copies, or by using chown(8). FILES /etc/passwd password file /etc/security/passwd.adjunct /etc/group group file /etc/yp/src/passwd /.cshrc /.login /.profile SEE ALSO csh(1), ls(1V), make(1), mkdir(1), passwd(1), sh(1), su(1V), tset(1), audit(2), audit_control(5), audit_data(5), passwd.adjunct(5), group(5), passwd(5), passwd.adjunct(5) audit(8), auditd(8), chown(8), vipw(8), ypmake(8), NOTES The Network Information Service (NIS) was formerly known as Sun Yellow Pages (YP). The functionality of the two remains the same; only the name has changed. 7 September 1989 ADDUSER(8)