• Choose a category
• All
• Classic-Fiction

• Verify that the account is set up correctly.

Each vendor provides tools that can do some of these steps for you, but in the next few sections we’ll go over the steps as you’d do them by hand. You must perform each step as root or use a program such as sudo that allows you to run commands as root.

See page 41 for more information about sudo.

Editing the passwd and shadow files

To safely edit the passwd file, run vipw to invoke a text editor on a copy of it. The default editor is vi, but you can specify a different one by setting the value of the EDITOR environment variable. The existence of the temporary edit file serves as a lock; vipw allows only one person to edit the passwd file at a time. When the editor terminates, vipw replaces the original passwd file with your edited copy.

On Solaris systems, vipw asks if you want to edit the shadow file after you have edited the passwd file. You should say yes.

Under FreeBSD, vipw edits the master.passwd file instead of /etc/passwd. After installing your changes, vipw runs pwd_mkdb to generate the derived passwd file and two hashed versions of master.passwd (one that contains the encrypted passwords and is readable only by root, and another that lacks the passwords and is world-readable).

For example, adding the following line to /etc/passwd would define an account called “tyler”:

tyler:*:103:100:Tyler Stevens, ECEE 3-27, x7919,:/home/staff/tyler:/bin/csh

Note the lack of an encrypted password. If the system were using a shadow file, we’d set the encrypted password field to “x” and add a matching entry to /etc/shadow:

tyler:*::::::18627:

This shadow line for “tyler” has no encrypted password and sets the account to expire on December 31, 2001.

Setting an initial password

Root can change any user’s password with the passwd command:

# passwd user

passwd prompts you to enter a new password and asks you to repeat it. If you choose a short, all-lowercase password, passwd will complain and ask you to use something longer. FreeBSD will grudgingly accept the password if you insist on it about 3 times, but most other versions of UNIX require you to use a password that contains mixed case or more characters. passwd might let you know what the rules are for your particular UNIX if it doesn’t like your initial attempt.

Rules for selecting good passwords are given on page 655.

Your password-picking skills are probably well developed, but users sometimes need help. We suggest replacing your system’s passwd command with an updated version that checks prospective passwords for guessability before accepting them. Several passwd replacements are in common use. We like npasswd, which is available from

http://www.utexas.edu/cc/unix/software/npasswd

The passwd program that comes with Red Hat checks prospective passwords to make sure they are not in the system dictionary. This precaution is not quite as thorough as the checks performed by npasswd, but it helps.

Never leave a new account—or any account that has access to a shell—without a password.

Creating the user’s home directory

Any directory you create is initially owned by root, so you must change its owner and group with the chown and chgrp commands. The following sequence of commands would create a home directory appropriate for our example user:

# mkdir /home/staff/tyler

# chown tyler /home/staff/tyler

# chgrp staff /home/staff/tyler

# chmod 700 /home/staff/tyler

Copying in the default startup files

You can customize some commands and utilities by placing configuration files in a user’s home directory. Startup files traditionally begin with a dot and end with the letters rc, short for “run command,” a relic of the CTSS operating system. The initial dot causes ls to elide these files from directory listings unless the -a option is used; the files are considered “uninteresting.” Table 6.1 on the next page lists some common startup files.

Table 6.1 Common startup files and their uses

If you don’t already have a set of good default startup files,