Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX System Administrator's Guide: Configuration Management: HP-UX 11i Version 3 > Chapter 4 Configuring Users and Groups

Configuring Users and Groups with HP SMH
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

To add a user, perform the following tasks:

  • Ensure that the user has a unique UID.

  • Insert a line for the user in the /etc/passwd file.

  • Make a home directory for the user.

  • Create an environment for the user.

Adding a User with Text-Based HP SMH

Use this procedure to add a new user.

If you are adding a number of users with the same basic characteristics, consider using a template. See “Making User Templates with Text-Based HP SMH” and “Using a Template to Add a User with Text-Based HP SMH”.

  1. Start HP SMH, as described in “Starting Text-Based HP SMH”.

  2. Press u to select Accounts for Users and Groups.

  3. Press l to select Local Users or press n to select NIS Users.

  4. Press a to select Add User and fill in the form.

  5. Login Name

    Enter the user’s login name. This must start with a letter. The maximum length can be eight or 255 characters, depending on whether long user names are set. See “Setting Long User and Group Names”.

    (passwd field 1; shadow field 1)

  6. User ID

    Select a numeric user ID.

    If you mark Next Available ID, HP SMH will select the next available user ID after 100 (not the next ID after the current highest ID).

    If you mark Specify ID,

    1. A space is displayed for you to type in the number.

    2. Normally, IDs are expected to be unique (the value for Allow Duplicate User ID is No).

      If you want a duplicate user ID, change the value for Allow Duplicate User ID to Yes.

    (passwd field 3)

  7. Primary Group

    Select the user’s primary group. This defaults to users, which is customary for the normal users on a system. You can choose another defined group by typing its name in the space or by selecting Change Primary Group, which displays a list of the defined groups to choose from.

    To create a group, see “Adding a Group with Text-Based HP SMH”.

    (passwd field 4)

  8. Home Directory

    Select the user’s home directory. Normally, this is /home/loginname, which is selected by the keyword default. To change it, enter the full path name of the chosen directory.

    (passwd field 6)

  9. Create Home Directory

    If you want HP SMH to create the home directory, set Create Home Directory to Yes. If not, set it to No.

  10. Start-Up Program Options

    Choose a login shell.

    If you check Select Start-Up Program, the Start-Up Program field offers a list of shells to choose from. By default, if the file /etc/shells does not exist, HP SMH sets the list of shells to:

    /sbin/sh         POSIX shell   (see sh-posix(1)) /usr/bin/sh      POSIX shell   (see sh-posix(1)) /usr/bin/rsh     restricted POSIX shell   (see sh-posix(1)) /usr/bin/ksh     Korn shell   (see ksh(1)) /usr/bin/rksh    restricted Korn shell   (see ksh(1)) /usr/bin/csh     C shell   (see csh(1)) /usr/bin/keysh   Key shell   (see keysh(1))

    if /etc/shells exists, (see shells(4)), only the actual executable file names from that file, plus /sbin/sh, are listed. (/sbin/sh must be used by root.)

    If you check Specify Start-Up Program, the Start-Up Program field lets you enter the name of an executable program that will be used as the shell.

    (passwd field 7)

  11. Comments

    Enter comma-separated information in the field.

    This information is placed in what has long been known as the gecos[1] or pw_gecos field of the entry in the /etc/passwd file. The four subfield names (Real Name, Location, Phone, Home Phone) are used by the finger and passwd commands. The Real Name subfield is often used for identification by other system programs, such as lp. The subfields can contain any data you think is pertinent. Due to security issues, Home Phone is rarely used as such any more.

    (passwd field 5)

  12. Account Aging Options

    If in Shadow Password mode (see “Setting Shadow Password Mode”), select one of the options. The choices are:

    No Restrictions (Normal Behavior)

    The account has no restrictions.

    (shadow fields 7 and 8)

    Enable Account Aging

    The following fields are displayed:

    Number of Days of Account Inactivity Allowed : -1_________________

    Enter the number of days the account can go without a login. If the time between logins is exceeded, the account is disabled. The value -1 disables this restriction.

    (shadow field 7)

    Account Lifetime (mm/dd/yy) : ___________________

    Enter the expiration date in two-digit month/day/year format. When that date is passed, the account is disabled. If the field is blank, the account will not expire.

    (shadow field 8)

  13. Password Aging Options

    Select one of the options. The choices are:

    No Restrictions (Normal Behavior)

    The user can change the password at will.

    (passwd field 2; shadow fields 4, 5, 6)

    Force Password Change at Next Login

    The user must change the password at the next login and thereafter can change the password at will.

    (passwd field 2; shadow field 3, 4, 5, 6)

    Allow Only Super-User To Change Password

    Only a superuser can change the account’s password. This is not recommended.

    (passwd field 2; shadow fields 4, 5)

    Enable Password Aging

    The following fields are displayed. The values in days are rounded up to the nearest multiple of seven.

    Max Time Allowed Between Password Changes (7-441 Days) : 7__

    Enter a value in the range. If the time expires, the account is disabled.

    (passwd field 2; shadow field 5)

    Min Time Required Between Password Changes (0-434 Days) : 0__

    Enter a value in the range and less than or equal to the Max Time value. The user cannot change the password until this time expires.

    (passwd field 2; shadow field 4)

    Number of Days to Warn Before Password Expires (0-434 Days): 0__

    Displayed only in Shadow Password mode (see “Setting Shadow Password Mode”). Enter a value in the range and less than or equal to the Max Time value. When this warn limit is reached, a message is displayed every time the user logs in; for example:

    Your password will expire in 77 days.

    (shadow field 6)

    Force Password Changes on Next Login:  (X) No
                                    ( ) Yes

    If set to Yes, the user must change the password at the next login and thereafter can change the password according to the Max and Min limits above.

    (passwd field 2; shadow field 3)

  14. (Optional) Select Preview to see the commands that will create the account. Press OK to continue.

  15. Select Add to create the account or Cancel to quit the process.

  16. If the account is enabled, the password dialog is displayed.

    Changing password for loginname New password: password Re-enter new password: password

    Enter a password at the prompts. While the password can be set to null, this is a security breach. It is better to set a password and have the user change it when the user logs in for the first time, for example, by selecting Force Password Change at Next Login.

    (passwd field 2; shadow field 2)

  17. HP SMH does the following:

    • Creates an entry for the user in the /etc/passwd file (and in the /etc/shadow file, if Shadow Passwords are enabled).

    • Creates the home directory for the user (if requested).

    • Copies all the files (and their permissions) from the “skeleton” directory (if it exists) to the new home directory (if it exists). See “Skeleton Directory”.

    • Sets the user and group permissions of the home directory and the copied files to the login name and primary group.

  18. When the process completes, you are returned to the Local User or NIS User listing.

Skeleton Directory

The skeleton directory contains files that are copied to a new home directory by HP SMH and the useradd command. The default skeleton directory is /etc/skel. Files can be added and removed. A different directory can be used; see “Changing the Skeleton Directory”. The default files in /etc/skel are shown in Table 4-1.

Table 4-1 Default Files in the Skeleton Directory

File Name

Purpose

.cshrc

Start-up file for the C shell, csh.

.exrc

Start-up file for the text editors. ex and vi.

.login

Start-up file for the C shell, csh.

.profile

Start-up file for the POSIX shell, sh and rsh.

Start-up file for the Korn shell, ksh and rksh.

 

Some suggested or recommended files are shown in Table 4-2.

Table 4-2 Suggested Files for the Skeleton Directory

File NamePurpose

.kshrc

Conventional start-up file for the POSIX shell, sh and rsh, and the Korn shell, ksh and rksh.

The ENV environment variable, which is usually defined in .profile, specifies the name of this file.

.forward

This file is used by sendmail to redirect messages. If the user does not receive e-mail on the system, the file can be edited to point to the correct location.

.rhosts

This file can be edited to allow users on other systems to rlogin to this user’s account on this system without a password.

 

Changing the Skeleton Directory

You can designate a different directory for the account skeleton with the useradd -D -k newskel command (see useradd(1M)).

This is useful if you modify the skeleton files or add other files to provide the initial user environment. You can also create different skeletons for different user groups.

By not modifying /etc/skel itself, you retain the original installed information.

Using a Template to Add a User with Text-Based HP SMH

Use this procedure to add a new user with the assistance of an HP SMH user template. If you need to define a template, go to the procedure at “Making User Templates with Text-Based HP SMH”, then return here.

  1. Start HP SMH, as described in “Starting Text-Based HP SMH”.

  2. Press u to select Accounts for Users and Groups.

  3. Press t to select Templates. (If there is no template, go to “Making User Templates with Text-Based HP SMH”).

  4. Highlight a template name and press s to select it.

  5. Press Esc to return to the previous menu.

  6. Press l to select Local Users or n to select NIS Users.

  7. Press a to select Add User. The fields that are not predefined by the template are displayed.

  8. Enter the user’s Login Name.

    This must start with a letter and be up to either 8 or 254 characters long, depending on whether long user and group names is set. See “Setting Long User and Group Names”.

  9. If the User ID field is displayed, enter a numeric user ID.

    1. A space is displayed for you to type in the number.

    2. Normally, IDs are unique (the value for Allow Duplicate UID is No). If you want a duplicate user ID, select Yes.

    If the field is not displayed, HP SMH selects the next available user ID after 100 (not after the highest current ID).

  10. Enter comma-separated information in the Comments field. See Step 11 in “Adding a User with Text-Based HP SMH” for details.

  11. (Optional) Select Preview to see the commands that will create the account. Press OK to continue.

  12. Select Add to create the account or Cancel to quit the process.

  13. If the template requires a password, enter a password in the password dialog. See Step 16 in “Adding a User with Text-Based HP SMH” for details.

  14. HP SMH creates the user account. See Step 17 in “Adding a User with Text-Based HP SMH” for details.

  15. When the process completes, you are returned to the Local Users or NIS Users listing.

Making User Templates with Text-Based HP SMH

A template is a way to predefine the contents of most of the fields of a user account so many user accounts with the same parameters can be created with the fewest steps.

These templates are available to both web-based and text-based HP SMH. They can be made with either version. The following instructions described the text-based process.

  1. Start HP SMH, as described in “Starting Text-Based HP SMH”.

  2. Press u to select Accounts for Users and Groups.

  3. Press t to select Templates.

  4. Press a to select Add User Template.

  5. At Template Name, enter a name for the template of up to 16 characters. This is displayed on the template menu and when you add a user.

  6. At Template Description, enter a description of the template of up to 50 characters. This is displayed on the template menu and when you add a user.

  7. At UID Generation Method, select the user ID selection method. If you choose First Available, the first available number after 100 is automatically assigned. If you choose Prompt for it, the field for the number and the Allow Duplicates question will be displayed when you add a user.

  8. At Primary Group Name, enter a primary group name. The default is users.

    If you tab to and select the Change Primary Group button, the Select Primary Group screen is displayed with a list of the current group names. Highlight the one you want and press s (Select and Go Back) You return to the Add Template screen with the group value filled in.

    The name you choose, whether typed in or selected must exist as a group name when the template is used to add a user. Otherwise, the add will fail.

  9. At Home Directory, enter a full path name for the parent of the home directory. The user's home directory will be thisvalue/loginname. The default is /home.

  10. At Create Home Directory, select Yes or No to create the home directory.

  11. At Start-Up Program Options, choose one of Select Start-Up Program or Specify Start-Up Program.

    If you choose Select Start-Up Program, choose a login shell from the drop-down list.

    If you choose Specify Start-Up Program, enter the login shell in the space provided.

  12. At Comment Settings, choose a comment setting. If you choose None, the comment field will be empty in the /etc/passwd entry. If you choose Prompt For It, the field will be prompted when you add a user.

  13. At Account Status, choose whether the account will initially be enabled or disabled.

  14. At Account Password, choose whether the account password will initially be null or will be prompted for when you add a user.

  15. At Account Aging Options, make the selections as described in Step 12 of “Adding a User with Text-Based HP SMH”.

    This information is stored in the template but is used only if Shadow Password mode is set when the user is added.

  16. At Password Aging Options, make the selections as described in Step 13 of “Adding a User with Text-Based HP SMH”.

  17. At Security Options, select one of the following:

    Use System-Wide Values for Security Attributes

    The system-wide security attributes will be applied to the new account. See “Configuring System Default Security Attributes”. The attributes are also described in security(4).

    Specify Security Values

    You can provide individual exceptions to the system-wide values for the following attributes. The system-wide default values are displayed. See “Configuring User Security Attributes” for details. The attributes are also described in userdb(4).

    ALLOW_NULL_PASSWORD             (0 or 1)                     :  0__________________ AUDIT_FLAG                      (0 or 1)                     :  0__________________ AUTH_MAXTRIES                   (0-999)                      :  0__________________ DISPLAY_LAST_LOGIN              (0 or 1)                     :  0__________________ LOGIN_TIMES                     (Any)                        :  Any________________ MIN_PASSWORD_LENGTH             (6-8)                        :  6__________________ NUMBER_LOGINS_ALLOWED           (0-999)                      :  0__________________ PASSWORD_HISTORY_DEPTH          (1-24)                       :  1__________________ PASSWORD_MIN_LOWER_CASE_CHARS   (0-7)                        :  0__________________ PASSWORD_MIN_UPPER_CASE_CHARS   (0-7)                        :  0__________________ PASSWORD_MIN_SPECIAL_CHARS      (0-6)                        :  0__________________ PASSWORD_MIN_DIGIT_CHARS        (0-6)                        :  0__________________ UMASK                  (0-511 leading zero denotes octal)    :  0_________________
    NOTE: The upper limit for UMASK is shown here in decimal (decimal 511 = octal 0777). A leading zero is necessary to specify octal here.

Modifying a User with Text-Based HP SMH

  1. Start HP SMH, as described in “Starting Text-Based HP SMH”.

  2. Press u to select Accounts for Users and Groups.

  3. Press l to select Local Users or n to select NIS Users.

  4. Highlight the login name you want to modify and press m.

  5. You can modify the following data by typing in new values or making different selections. See “Adding a User with Text-Based HP SMH” for details on the fields and selections.

    • Login Name

    • User ID

    • Allow Duplicate User ID

    • Primary Group

    • Home Directory

    • Create Home Directory

    • Login Shell

    • Comments

    • Account Options

    • Password Options

  6. (Optional) Select Preview to see the commands that will modify the account. Press OK to continue.

  7. Select Modify to change the user or Cancel to quit the process.

  8. HP SMH does the following:

    • Makes appropriate changes in the entry for the user in /etc/passwd.

    • Creates the new home directory for the user, if the Home Directory name is altered.

    • Copies the contents of the old home directory to the new home directory, if the Home Directory name is altered and Create Home Directory is set to Yes.

      The old home directory and its files remain unchanged.

    • Sets the user and group ownership of the home directory and the copied files to the login name and primary group, as necessary.

    • Changes the user ID of all the user's files throughout the system, if the User ID is changed.

  9. When the process completes, you are returned to the Local User or NIS User listing.

Deleting a User with Text-Based HP SMH

  1. Start HP SMH, as described in “Starting Text-Based HP SMH”.

  2. Press u to select Accounts for Users and Groups.

  3. Press l to select Local Users or n to select NIS Users.

  4. Highlight the login name you want to delete and press r.

    HP SMH displays a screen that asks what to do with the user’s files and directories. Select one of the following choices:

    Leave Files Undisturbed

    None of the files or directories owned by the user on the system will be modified, except that listings will show the user ID, not the user name.

    Remove from User's Home Directory Only

    All the files owned by the user beneath the user’s home directory will be deleted. The home directory and subdirectories owned by the user will be deleted if they are empty.

    None of the files or directories owned by the user elsewhere on the system will be modified, except that listings will show the user ID, not the user name.

    Remove from All Local File Systems

    All files owned by the user will be deleted.

    All directories owned by the user, including the home directory, will be deleted if they are empty.

    Reassign to a Specified User

    You are prompted to enter a current login user name.

    All the files and directories owned by the user will have their owner set to the named user.

  5. (Optional) Select Preview to see the commands that will remove the account. Press OK to continue.

  6. Select Delete to delete the user or Cancel to quit the process.

  7. HP SMH removes the account entry from /etc/passwd and deletes or changes ownership of files and directories as described above.

  8. When the process completes, you are returned to the Local User or NIS User listing.

Adding a Group with Text-Based HP SMH

  1. Start HP SMH, as described in “Starting Text-Based HP SMH”.

  2. Press u to select Accounts for Users and Groups.

  3. Press g to select View or Configure Groups.

    The current list of groups is displayed with columns for the group name, the group ID, and the user names that have the group as a secondary group.

  4. Press a, Add Group, and fill in the blanks.

  5. Group Name

    Enter the group name. This must start with a letter. The maximum length can be 16 or 255 characters, depending on whether long group names are set. See “Setting Long User and Group Names”.

    (group field 1)

  6. Group ID

    Select a numeric group ID.

    If you mark Next Available ID, HP SMH will select the next available user ID after 100 (not the next ID after the current highest ID).

    If you mark Specify ID,

    1. A space is displayed for you to type in the number.

    2. Normally, IDs are expected to be unique (the value for Allow Duplicate User ID is No).

      If you want a duplicate user ID, change the value for Allow Duplicate User ID to Yes.

    (group field 3)

  7. Users with this Group as Secondary Group

    Scroll through the list of user names and mark those that you want to have this group as a secondary group.

  8. (Optional) Select Preview to see the commands that will add the group. Press OK to continue.

  9. Select Add to add the group or Cancel to quit the process.


[1] gecos stands for General Electric Comprehensive Operating Supervisor, used on early UNIX systems at Bell Laboratories.



Chapter 4 Configuring Users and Groups
  		 


Managing Users and Groups with Commands  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.