Before creating users the administrator must define local groups and assign ID numbers. For each GID, user ID range is required, ex. GID=1000 and UID identification ranging from 1000 to 1999.
Suggested UID allocation policy may foresee that consecutive increasing uids are assigned starting from 1000 to permanent local users. While uids starting from 1500 are assigned to the external collaborators. Finally, temporary users are assigned uids in reverse order starting from 1999.
New users are added by /usr/sbin/useradd as follows:
# /usr/sbin/useradd \
-c full_user_name \
-d /home/user_name \ set user home directory
-g user_group -m \ set group and copy template file (-m)
-s /bin/bash \ set user login shell
-u user_uid user_name set uid and login name
Group name and ID must exist, otherwise useradd aborts with an error message. Add group as follows:
# /usr/sbin/groupadd -g gid user_group
The user_group is a alfanumeric name that uniquely identifies the group. When the user has been succesfully added, set user password with /usr/bin/passwd. Up to 256 character passwords are accepted with MD5 support enabled.
For enhanced security passwords are shadowed and stored in files
/etc/shadow and /etc/gshadow
In case you upgrade from an older system without password shadowing use program /usr/sbin/pwconv to shadow passwords.
User accounts are modified by /usr/sbin/usermod. Most common changes refer to user login name, and access lock/unlock/expiration. Usage is shown in the following examples.
# /usr/sbin/usermod -l new_login old_login change login name
# /usr/sbin/usermod -L user_name lock user password
# /usr/sbin/usermod -U user_name unlock user password
# /usr/sbin/usermod -e yyyy-mm-dd account expiration
Passwords may be locked also using passwd:
# /usr/bin/passwd user_name interactively set password for user
# /usr/bin/passwd -l user_name lock account
# /usr/bin/passwd -u user_name unlock account
