HP Certified: HP-UX System Administration

A user login name is a combination of letters and numbers . Every user account has a user ID related to it. The user ID is a number that is used internally by HP-UX to record ownership and permissions. If two or more users have the same user ID, they will have the same permissions in the file system although they log in with different login names . A user password may be six to eight characters long and contain letters, digits, and special characters. You can choose a password longer than eight characters but only the first eight characters are significant.

In the user management process, you have to add and delete users and perform operations on user accounts. Let's see how it is done.

Creating Users

A user can be created using the useradd command. You have to specify the user (login) name at the command line to create a new user. For example, the following command creates a new user boota and creates the home directory for the user as /home/boota . It also copies startup files from the /etc/skel directory to the home directory.

useradd -m boota

The -m option is used to create the home directory and copy startup files into this directory. The contents of the home directory /home/boota at its creation are as follows .

# ll /home/boota total 8 -r--r--r-- 1 boota users 814 Nov 9 19:09 .cshrc -r--r--r-- 1 boota users 347 Nov 9 19:09 .exrc -r--r--r-- 1 boota users 341 Nov 9 19:09 .login -r--r--r-- 1 boota users 446 Nov 9 19:09 .profile #

When you create a new user, an entry in the /etc/passwd file is created for the user, which looks like the following.

boota:*:1225:20::/home/boota:/sbin/sh

The asterisk character ( * ) after the first colon shows that the user password is not enabled. A user is not able to log into the system until you assign him or her a password. A password to the newly created user boota is assigned by the passwd command as follows.

# passwd boota Changing password for boota New password: Re-enter new password: Passwd successfully changed #

When you type a new password for the user, it is not displayed on your terminal screen. After assigning a password, the user entry in the /etc/passwd file changes as shown below and the login is permitted.

boota:OV81GT8LCiRO.:1225:20::/home/boota:/sbin/sh

As you can see, the asterisk character ( * ) is replaced by some other mysterious combination of characters. These characters show the encrypted user password.

You can provide many options with the useradd command to customize the new user creation process. For example, the following command creates a new user gama with a home directory of /home/gama . The user's primary group is accounts and he is member of two other groups, staff and support . The shell assigned to the user is /usr/bin/sh .

useradd -m -s /usr/bin/sh -g accounts -G staff,support gama

If you don't specify an option with the command, it assumes the default options. You can list the default options as shown below with the useradd command.

# useradd -D GROUPID 20 BASEDIR /home SKEL /etc/skel SHELL /sbin/sh INACTIVE -1 EXPIRE #

The command shows that by default the user will be assigned to Group 20 (users). The home directory of the user will be created under the /home directory. Files from /etc/skel will be copied to this home directory, and the user will be assigned shell /sbin/sh . The files in the /etc/skel directory will be discussed in Section 19.5. There will be no inactivity check on the user account to disable it and it will not expire.

You are also able to change a default option. For example, to change the location of the base directory, use the following command.

useradd -D -b /extra/home

After using this command, if you create a new user, the new user's home directory will be created in /extra/home instead of /home .

By default, a user is assigned the next available user ID. The user ID assigned to user boota is 1225, but you can assign a user ID of your own choice with the help of the -u option.

The syntax of the useradd command is as shown here.

useradd [-u uid [-o] ] [-g group] [-G group [, group...]] [-d dir][-s shell] [-c comment] [-m [-k skel_dir]] [-f inactive][-e expire] login

Deleting Users

A user can be deleted by using the userdel command and providing the name of the user as an argument. To delete user boota , use the following command.

userdel -r boota

The -r option also deletes the user's home directory. If you don't use this option, the user entry from the /etc/passwd file will be removed, but the home directory is not deleted. You may want to retain a user's home directory if it contains some files that you want to keep.

Modifying a User

User attributes can be modified with the help of the usermod command. For example, you can modify the user ID, group membership, command shell, and login name. General syntax of the usermod command follows.

usermod [-u uid [-o] ] [-g group] [-G group [, group...]] [-d dir [-m] ] [-s shell] [-c comment] [-f inactive] [-l new_logname] [-e expire] login

To modify the command shell of user boota from /sbin/sh to /usr/bin/sh , use the following command.

usermod -s /usr/bin/sh boota

User Inactivity and Expiration

If a user does not log into the system for some time, this is considered an inactivity period. You can put a limit on this period after which the user account is considered invalid. The inactivity period of a user is defined using the -f option with the useradd and usermod commands. This period is counted in number of days, and normal values are represented by positive integers. If you assign a value of -1 as the inactivity period, this option is turned off and the user remains active regardless of how long the inactivity period is.

Other than the inactivity period, an expiration limit may also be imposed on a user. The expiration of an account occurs on a specific date. After expiration, the user is not able to log into the system. Expiration is used with temporary accounts. To close the account of user boota on the 9th of July 1999, use the following command.

usermod -e 9/7/99 boota

The expiration can be turned off if you use an empty string with the -e option.