Linux Administration Notes - Add New User
On this page... (hide)
- Decide a user name for the new user. The surname is usually a good option, unless it's too long, or already been used.
- Choose a primary group that the user belongs to; for example, the
psigroup. If there is no specific group, use the generic group
users. Always make sure that you specify a group when using
useradd, otherwise it will fall back into making a per-user group, which is not what we want on this server.
- Choose the UserID Please don't let
useraddjust use any user-ID number; try instead to use IDs between 700 and 999. Look at
/etc/passwdto see the user numbers. If you choose one that is already in use, it will simply refuse to make the user, so there is no risk.
- Choose the password. If the user is there with you, let him type the password. Otherwise, use
apgto generate a long, strong password. Giving a very long initial password is usually a good way to make sure the user will change it soon.
# useradd -g users -u UID -n mario # apg -m16 -M NsCL mecInHibdelNith6 Eg3wricEjVetOgth viatHitamtOupon5 troxNan0griryarg vemyikDoatAvpag2 jujwaiWorHikvic0 # passwd mario # make -C /var/yp/
If the user needs/has the to have access to the server via Windows file sharing (SMB/CIFS), it is necessary to add him to the Samba user database, and assign a password. The Samba password is separate from the Unix password; the same considerations about strong passwords apply.
# smbpasswd -a mario
If the user does not have a local email account, the sysadmin must set up an alias:
# vi /etc/aliases mario: email@example.com # newaliases # postfix reload
otherwise, the user must be added to the
users_imap group; the
fixUsers script will take care of the rest
usermod -a -G users_imap mario
which uses this fixUsers.sh script to adjust permissions, SELinux context and to make accessory directories. Please see the script for details.
If the user needs to have a personal web home (please try to discourage this, suggest instead a private WikiSite), the public_html directory must have the correct SElinux context (
httpd_sys_content), must be readable by apache, and the home directory must be executable by apache (but it does not need to be readable).
The fixUsers script does take care of these settings if it finds a public_html directory in the user's home.
chcon --no-dereference -R -t httpd_user_content_t /home/mario/public_html/ chmod -R o+rX /home/mario/public_html/ chmod o+x /home/mario