A person cannot use HP-UX resources until you give that person an account within a group.
Prerequisites and Conditions
• Users relate to groups as follows:
D Users fit into groups that have names such as users, root, other, and mktg.
D Each user must belong to at least one group. A user can belong to several groups.
D When you add a new user, you either:
• add the person to an existing group, or
• create a new group and then add the user to that group. If there is no existing group, see the later section named "Creating Groups". Then, return to this section to add the user.
• If you have networking that provides for a remote login (the NS-ARPA Services, for example), a remote user may request an account on your system. You can add this user as usual. Use the login name and user ID that the user has on the remote system.
The procedures begin on the following page.
Managing Groups and Users 5-7
SAM Procedure for Adding a User
Under this menu option, you accommodate for the following items:
• (for example, j tq, j anek)
•
•
•
•
example, users, other) example, /users/ j anek)
example, /bin/ksh)
• example, Jane Kane)
• example, 1UG7)
• example, 555-1234)
• example, 555-4321)
• (a pop-up) (entering , .. forces a user to provide a password)
5-8 Managing Groups and Users
Manual Procedure for Adding a User
To give a user an account (a login), complete the following tasks:
1. Add the user to a group (for example, users). in fete/group as follows:
a. See the earlier module named "Managing a Group".
b. Add the user, creating the group if necessary.
c. Come back to this module to finish adding the user.
2. Add an entry to / ete/passwd for the new user. In this entry, the password field determines how a user obtains a password:
a. Use , .. in the password field to force a user to provide a personal password. Editing the passwd entry so the password field contains, .. is the recommended way to add a user.
b. You can leave the password field blank. Then, after you add a user, you can log in as root, execute passwd user_name, and provide a password as prompted by the system. HP does not recommend this scheme because it represents a potential security problem.
3. Create the user's home directory. Typically, you place users in a file system such as /users or / others. You may use a scheme in which you place users in a directory under /users (for example, /users/prod where prod might be people in a production department).
4. Create the user's login files or help the user create the files. This refers to the "dot" files that go in the user's home directory (for example, . profile,
.mailre, and .xllstart). The earlier chapter named "Constructing an HP-UX System" has information about these files. You can also get information about them in the HP- UX System Administration Concepts manual and in A Beginner's Guide to Using Shells.
The next several sections have information about how to complete these tasks.
Managing Groups ·and Users 5-9
(1) Add the User to a Group
1. Examine the /etc/group file to see the list of existing groups.
2. If you have a group to which you add users, use an editor to include the new user. For example, existing groups for users named users and mgmt might look like this:
users: :20:jake,sue.kmh.jtb,archive mgmt: :30:samk.janicew.kjl.budget
To add a user whose login name is maryt to the group named users, edit the entry, including a comma and the login name after archive.
3. If no group for users already exists, you must create the group and then add the user according to the above steps. An earlier module named "Managing a Group" explained how to create a group.
(2) Add the User to the /etc/passwd File
The / etc/passwd file must have an entry for each user. If you have a secure system, the HP- UX System Security manual has information about modifying / . secure/ etc/passwd as well as / etc/passwd. The passwd (4) entry in the HP- UX Reference has information about / etc/passwd.
1. Log in as root. The items on the following page explain the fields.
4. Using / etc/pwck when you finish editing checks for inconsistent entries. For example, entering Ish instead of ksh for the shell would display:
louis: ... :110:300:Louis Smith.x4321:/users/louis:/bin/lsh Optional shell file not found
5-10 Managing Groups and Users
louis The login name (1-8 characters). The first must be alphabetic.
Forces the user to provide a password. The system encrypts the password supplied by the user so it looks like RZ5MagE5Lhn31.
110 The user-ID (UID) number. The superuser has UID O. If a remote user already has a UID, assigning the same number ensures that the user can function on the remote and local systems. Use 0 for root; the system reserves 1-100 and 200 and 201; use values between 100 and 60001; UIDs greater than 60001 map onto 6000l.
300 The group-ID (GID) number assigns the user to the group having that number.
Louis Moore,x4321
/users/louis /bin/ksh
A comment field for user information (full name, phone extension, and so on up to four subfields, separated by commas).
The pathname to the user's home directory
The shell that executes when the user logs in (default is /bin/ sh for the Bourne shell).
Managing Groups and Users 5-11
(3) Create a Home Directory for the User
Use /bin/mkdir to create a home (login) directory for the user. The following example creates a home directory for a user named louis with appropriate permissions and ownership:
1. Go to the directory you specified for the user in / etc/passwd. For example:
cd /users
2. Create a home directory for the user:
mkdir louis
3. Set the ownership of the directory:
chown louis louis 4. Set the group ownership:
chgrp users louis
5. Set the permissions to allow only louis to write to the directory:
chmod 755 louis
(4) Create a Login File for the User
The final step in manually adding a user is to provide a login file. The straightforward method is to copy a system login file to the user's home directory, renaming the file. The table shows the correspondences according to the user shell provided by the / etc/passwd entry, the chosen system login file, and the name given to the login file in the user's home directory.
5-12 Managing Groups and Users
For This Shell ... Copy This System File ... Rename It as Follows ...
Bourne /etc/d.profile .profile
Korn /etc/d.profile .profile
Some Korn shell users set up a secondary login file named
. kshrc. A Beginner's Guide to Using Shells has information.
C /etc/d.cshrc . cshrc and
/etc/d.login . login
For example, for a Bourne shell user named john, who is in the group named users, you might copy a login file as follows:
cp /etc/d.profile /users/john/.profile
Set the owner, group, and permissions for the login file as shown earlier for the home directory.
If you add users often, you may want to create a set of customized environment files.
• The previous chapter named "Constructing an HP-UX System" describes many environment files.
• The HP- UX System Administration Concepts manual has information about environment files and variables.
• The Beginner's Guide to Using Shells has examples of login and environment files.
Managing Groups and Users 5-13