You can add a user account to the system with sysadmsh(ADM), which cre-ates a new entry in the Accounts database. The database contains information about the new user (such as login name and initial password) that the system uses to let the user log in and begin work. sysadmsh also creates a home directory for the user, a mailbox for use with the mail command, and an ini-tialization file (for example, .profile for the Bourne and Korn shells or .login for C-shell) containing UNIX system commands that are executed when the user logs in.
NOTE Although sysadmsh is the preferred method for adding and main-taining user accounts, experienced administrators can edit the /etc/passwd
Account management
To create a user account, make the following sysadmsh selection:
Accounts ¢ User ¢ Create The following screen is displayed:
Name of new user (once set, this cannot be changed)
.iE·;
/ Saturday August 3: 1990 1 06
. . . . - - - Make a new user account _ _ _ _ _ _ _ _ ---,
Username [I
COIllIllent
Modify defaults? Yes [No 1
Follow these steps to add a user:
1. Fill in the "Usemame" and, if desired, "Comment" fields.
2. If you wish to alter the defaults, select Yes and define the fields as shown in the next section, ''Modifying account creation defaults." Fill in each field as necessary; press (F3) to choose from point-and-pick lists. When you press (Return), the field is filled in with the value you selected.
3. When you exit the form, a window pops up to confirm your additions. If confirmed, a series of creation messages are displayed that look like this:
Created home directory: pathname Created shell file: filename Greetings mail sent to user: name
This indicates that all the necessary files and directories were created.
(This default information is taken from /usr/lib/mkuser.)
NOTE If you see a message similar to the following:
useshell: Warning
useshell: File Control database inconsistency
useshell: Script path /usr/lib/mkuser/mkuser.init may be compromised - run integrity (ADM)
This means there may be a problem with the permissions of the database file indicated (including any part of the path). This can be remedied by using the fixmog(ADM) utility to correct permissions on the system (use fixmog -i to fix any problems interactively). We recommend that you run the integrity(ADM) utility first to get a report of all incorrect permis-sions on'the system, but note that integrity does not make changes.
4. Finally, sysadmsh prompts you as to whether an initial password should be created. The following menu is displayed:
-a
Assign the new account a password (the user then can log in)
/ Saturday August 31 1990 1 06
, - - - -_ _ _ _ _ _ _ Make a new user account - - - , Username [ sample
, - - - Assign an initial password - - - , Until a password is assigned to user : name
no-one may log in as that account.
Assign first password : . . Later Blank Remove Force change at first login : [ Yes I No
The possible selections for" Assign first password" are as follows:
Now Later
assigns the new account a password
does not assign the new account a password (the user
can-Account management
The HForce change at first login" field governs whether users must change their passwords the first time they log in. Note that setting this to Yes negates the effect of Remove; that is, the user is required to set a password when logging in.
5. If you selected to generate a password for the new user, you see the following prompt:
Setting password for user user Password is forced for user
Choose password
You can choose whether you pick your own password, or have the system create one for you.
1. pick your own password
2. Pronounceable password will be generated for you Enter choice (default is 1):
6. If you select 1 and you are operating under the Improved or High security defaults, you see the following prompts:
Please enter new password (at least 5 characters):
Please choose a password which contains a mixture of lower-and upper-case letters, digits (0 - 9), lower-and non-alphanumeric
character~ (e.g., !, #, @, ;, %, or I.)
Please do NOT choose a password that is an English word, or which is the name of a person, place, or thing, or which contains the string "seQ", "XENIX", or "UNIX" (in either case).
Re-enter password:
Note that the password is not displayed on the screen as you enter it.
You are asked to enter another password if the one you entered is un-acceptable.
7. If you select 1 and you are operating under the Low or Traditional security defaults, you see the following prompts:
Please enter new password (at least 1 character):
New password:
You can also Simply press (Return) to establish a null password, where the user presses (Return) when prompted for the password.
8. If you select 2, the following is displayed:
Generating random pronounceable password for user.
The password, along with the hyphenated version, is shown.
Hit (Return) or <ENTER> until you like the choice.
When you have chosen the password you want, type it in.
Note: Type your interrupt character or 'quit' to abort at any time.
Password:xxxxxxxx Hyphenation:xx-xx-xx Enter password:
The generated password is displayed with a hyphenated version. The hyphenation separates the password into pronounceable syllables and is designed to help you commit the password to memory.
9. Give the new password to the user. If you selected to force a password change, the user is required to change it immediately after logging in for the first time.
The new account is usable and is maintained according to the default security parameters unless you have set specific values for the user.