| adduser.8 (107312) | adduser.8 (107543) |
|---|---|
| 1.\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. 2.\" All rights reserved. | 1.\" Copyright (c) 1995-1996 Wolfram Schneider <wosch@FreeBSD.org>. Berlin. 2.\" All rights reserved. |
| 3.\" Copyright (c) 2002 Michael Telahun Makonnen <makonnen@pacbell.net> 4.\" All rights reserved. |
|
| 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the --- 6 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" | 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the --- 6 unchanged lines hidden (view full) --- 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" |
| 25.\" $FreeBSD: head/usr.sbin/adduser/adduser.8 107312 2002-11-27 15:31:08Z ru $ | 27.\" $FreeBSD: head/usr.sbin/adduser/adduser.8 107543 2002-12-03 05:41:09Z scottl $ |
| 26.\" | 28.\" |
| 27.Dd January 9, 1995 | 29.Dd August 14, 2002 |
| 28.Dt ADDUSER 8 29.Os 30.Sh NAME 31.Nm adduser 32.Nd command for adding new users 33.Sh SYNOPSIS 34.Nm 35.Bk -words | 30.Dt ADDUSER 8 31.Os 32.Sh NAME 33.Nm adduser 34.Nd command for adding new users 35.Sh SYNOPSIS 36.Nm 37.Bk -words |
| 36.Op Fl check_only 37.Op Fl class Ar login_class 38.Op Fl config_create 39.Op Fl dotdir Ar dotdir 40.Op Fl group Ar login_group 41.Op Fl h | help 42.Op Fl home Ar home 43.Op Fl message Ar message_file 44.Op Fl noconfig 45.Op Fl shell Ar shell 46.Op Fl s | silent | q | quiet 47.Op Fl uid Ar uid_start 48.Op Fl v | verbose | 38.Op Fl CENhq 39.Op Fl G Ar groups 40.Op Fl L Ar login_class 41.Op Fl d Ar partition 42.Op Fl f Ar file 43.Op Fl k Ar dotdir 44.Op Fl m Ar message_file 45.Op Fl s Ar shell 46.Op Fl u Ar uid_start 47.Op Fl w Ar type |
| 49.Ek 50.Sh DESCRIPTION 51The | 48.Ek 49.Sh DESCRIPTION 50The |
| 52.Nm 53utility is a simple program for adding new users. 54It checks the passwd, group and shell databases. 55It creates passwd/group entries, 56.Ev HOME 57directory, dotfiles and sends the new user a welcome message. | 51.Nm adduser 52program is a shell script, implemented around the 53.Xr pw 8 54command, for adding new users. 55It creates passwd/group entries, a home directory, 56copies dotfiles and sends the new user a welcome message. 57It supports two modes of operation. It may be used interactively 58at the command line to add one user at a time or it may be directed 59to get the list of new users from a file and operate in batch mode 60without requiring any user interaction. |
| 58.Sh RESTRICTIONS 59.Bl -tag -width Ds -compact 60.It Sy username 61Login name. | 61.Sh RESTRICTIONS 62.Bl -tag -width Ds -compact 63.It Sy username 64Login name. |
| 62May contain only lowercase characters or digits. | 65The user name is restricted to whatever 66.Xr pw 8 67will accept. Generally this means it 68may contain only lowercase characters or digits. |
| 63Maximum length | 69Maximum length |
| 64is 16 characters (see 65.Xr setlogin 2 66BUGS section). | 70is 16 characters. |
| 67The reasons for this limit are "Historical". 68Given that people have traditionally wanted to break this 69limit for aesthetic reasons, it's never been of great importance to break 70such a basic fundamental parameter in UNIX. 71You can change 72.Dv UT_NAMESIZE 73in 74.Pa /usr/include/utmp.h 75and recompile the 76world; people have done this and it works, but you will have problems 77with any precompiled programs, or source that assumes the 8-character 78name limit and NIS. 79The NIS protocol mandates an 8-character username. 80If you need a longer login name for e-mail addresses, 81you can define an alias in 82.Pa /etc/mail/aliases . | 71The reasons for this limit are "Historical". 72Given that people have traditionally wanted to break this 73limit for aesthetic reasons, it's never been of great importance to break 74such a basic fundamental parameter in UNIX. 75You can change 76.Dv UT_NAMESIZE 77in 78.Pa /usr/include/utmp.h 79and recompile the 80world; people have done this and it works, but you will have problems 81with any precompiled programs, or source that assumes the 8-character 82name limit and NIS. 83The NIS protocol mandates an 8-character username. 84If you need a longer login name for e-mail addresses, 85you can define an alias in 86.Pa /etc/mail/aliases . |
| 83.It Sy fullname 84Firstname and surname. | 87.It Sy full name 88This is typically known as the gecos field and usually contains 89the user's full name. Additionally, it may contain a comma separated 90list of values such as office number and work and home phones. If the 91name contains an amperstand it will be replaced by the capitalized 92login name when displayed by other programs. |
| 85The 86.Ql Pa \&: 87character is not allowed. 88.It Sy shell | 93The 94.Ql Pa \&: 95character is not allowed. 96.It Sy shell |
| 89Only valid shells from the shell database or sliplogin and pppd | 97Only valid shells from the shell database (/etc/shells) are allowed. In 98addition, only the base name of the shell is necessary, not the full path. |
| 90.It Sy uid | 99.It Sy uid |
| 91Automatically generated or your choice, must be less than 32000. | 100Automatically generated or your choice. It must be less than 32000. |
| 92.It Sy gid/login group | 101.It Sy gid/login group |
| 93Your choice or automatically generated. | 102Automatically generated or your choice. It must be less than 32000. |
| 94.It Sy password | 103.It Sy password |
| 95If not empty, password is encoded with 96.Xr crypt 3 . | 104You may choose an empty password, disable the password, use a 105randomly generated password or specify your own plaintext password, 106which will be encrypted before being stored in the user database. |
| 97.El 98.Sh UNIQUE GROUPS 99Perhaps you're missing what 100.Em can 101be done with this scheme that falls apart 102with most other schemes. 103With each user in his/her own group the user can 104safely run with a umask of 002 instead of the usual 022 --- 4 unchanged lines hidden (view full) --- 109you place each person that should be able to access this area into that new 110group. 111.Pp 112This model of uid/gid administration allows far greater flexibility than lumping 113users into groups and having to muck with the umask when working in a shared 114area. 115.Pp 116I have been using this model for almost 10 years and found that it works | 107.El 108.Sh UNIQUE GROUPS 109Perhaps you're missing what 110.Em can 111be done with this scheme that falls apart 112with most other schemes. 113With each user in his/her own group the user can 114safely run with a umask of 002 instead of the usual 022 --- 4 unchanged lines hidden (view full) --- 119you place each person that should be able to access this area into that new 120group. 121.Pp 122This model of uid/gid administration allows far greater flexibility than lumping 123users into groups and having to muck with the umask when working in a shared 124area. 125.Pp 126I have been using this model for almost 10 years and found that it works |
| 117for most situations, and has never gotten in the way. 118(Rod Grimes) | 127for most situations, and has never gotten in the way. (Rod Grimes) |
| 119.Sh CONFIGURATION | 128.Sh CONFIGURATION |
| 120.Bl -enum 121.It 122Read internal variables. 123.It 124Read configuration file (/etc/adduser.conf). 125.It 126Parse command line options. 127.El | 129The 130.Nm 131utility reads its configuration information from 132.Ar /etc/adduser.conf . 133If this file does not exist it will use predefined defaults. While 134this file may be edited by hand the safer option is to use the 135.Op Fl C 136command line argument. With this argument 137.Nm 138will start interactive input, save the answers to its prompts in 139.Ar /etc/adduser.conf , 140and promptly exit without modifying the user 141database. Options specified on the command line will take precedence over 142any values saved in this file. |
| 128.Sh OPTIONS 129.Bl -tag -width Ds | 143.Sh OPTIONS 144.Bl -tag -width Ds |
| 130.It Fl check_only 131Check /etc/passwd, /etc/group, /etc/shells and exit. 132.It Fl class Ar login_class 133Set default login class. 134.It Fl config_create 135Create new configuration and message file and exit. 136.It Fl dotdir Ar directory | 145.It Fl C 146Create new configuration file and exit. This option is mutually exclusive 147with the 148.Op Fl f 149option. 150.It Fl d Ar partition 151Home partition. Default partition, under which all user directories 152will be located. 153.It Fl E 154Disable the account. This option will lock the account by prepending 155the string *LOCKED* to the password field. The account may be unlocked 156by the super-user with the 157.Xr pw 8 158command: 159.Pp 160.Dl "pw unlock [name|uid]" 161.It Fl f Ar file 162Get the list of accounts to create from 163.Ar file . 164If 165.Ar file 166is '`-'', then get the list from standard input. If this option 167is specified 168.Nm 169will operate in batch mode and will not seek any user input. If an 170error is encountered while processing an account it will write a 171message to standard error and move to the next account. The format 172of the input file is described below. 173.It Fl G Ar groups 174Additional group(s). By default the user name is used as the login group. 175This option allows the user to specify additional groups to add users to. 176.It Fl h 177Print a summary of options and exit. 178.It Fl k Ar directory |
| 137Copy files from 138.Ar directory | 179Copy files from 180.Ar directory |
| 139into the 140.Ev HOME | 181into the home |
| 141directory of new users, 142.Ql Pa dot.foo 143will be renamed to 144.Ql Pa .foo . | 182directory of new users, 183.Ql Pa dot.foo 184will be renamed to 185.Ql Pa .foo . |
| 145Don't copy files if 146.Ar directory 147specified is equal to 148.Ar no . 149For security make all files writable and readable for owner, 150don't allow group or world to write files and allow only owner 151to read/execute/write 152.Pa .rhost , 153.Pa .Xauthority , 154.Pa .kermrc , 155.Pa .netrc , 156.Pa Mail , 157.Pa prv , 158.Pa iscreen , 159.Pa term . 160.It Fl group Ar login_group 161Login group. 162.Ar USER 163means that the username is to be used as login group. 164.It Fl help , h , \&? 165Print a summary of options and exit. 166.It Fl home Ar partition 167Default home partition where all users located. 168.It Fl message Ar file | 186.It Fl L Ar login_class 187Set default login class. 188.It Fl m Ar file |
| 169Send new users a welcome message from 170.Ar file . 171Specifying a value of 172.Ar no 173for 174.Ar file | 189Send new users a welcome message from 190.Ar file . 191Specifying a value of 192.Ar no 193for 194.Ar file |
| 175causes no message to be sent to new users. 176.It Fl noconfig | 195causes no message to be sent to new users. Please note that the message 196file can reference the internal variables of the 197.Nm 198script. 199.It Fl N |
| 177Do not read the default configuration file. | 200Do not read the default configuration file. |
| 178.It Fl shell Ar shell 179Default shell for new users. 180.It Fl silent , s , quiet , q 181Few warnings, questions, bug reports. 182.It Fl uid Ar uid | 201.It Fl q 202Minimal user feedback. In particular, the random password will not be echoed to 203standard output. 204.It Fl s Ar shell 205Default shell for new users. The 206.Ar shell 207argument must be the base name of the shell , NOT the full path. 208It must exist in 209.Ar /etc/shells 210to be considered a valid shell. 211.It Fl u Ar uid |
| 183Use uid's from 184.Ar uid 185on up. | 212Use uid's from 213.Ar uid 214on up. |
| 186.It Fl verbose , v 187Many warnings, questions. 188Recommended for novice users. | 215.It Fl w Ar type 216Password type. The 217.Nm 218utility allows the user to specify what type of password to create. 219The 220.Ar type 221argument may have one of the following values: 222.Bl -tag -width ".Dv random" 223.It Dv no 224Disable the password. Instead of an encrypted string the passowrd field 225will contain a single '`*'' character. 226The user may not login until the super-user 227manually enables the password. 228.It Dv none 229Use an empty string as the password. 230.It Dv yes 231Use a user supplied string as the password. In interactive mode 232the user will be prompted for the password. In batch mode, the 233last (10th) field in the line is assumed to be the password. 234.It Dv random 235Generate a random string and use it as a password. The password will 236be echoed to standard output. In addition it will be available for 237inclusion in the message file in the 238.Ar randompass 239environment variable. |
| 189.El | 240.El |
| 190.Sh FORMATS | 241.Sh FORMAT |
| 191.Bl -tag -width Ds -compact | 242.Bl -tag -width Ds -compact |
| 243When the 244.Op Fl f 245option is used the account information must be stored in a specific 246format. All empty lines or lines beginning with a |
|
| 192.Ql Pa # | 247.Ql Pa # |
| 193is a comment. 194.It Sy configuration file 195The 196.Nm 197utility reads and writes this file. 198See 199.Pa /etc/adduser.conf 200for more details. 201.It Sy message file 202Eval variables in this file. 203See 204.Pa /etc/adduser.message 205for more 206details. | 248will be ignored. All other lines must contain ten colon (:) separated 249fields as described below. Command line options do not take precedence 250over values in the fields. Only the password field may contain a 251.Ql Pa : 252character as part of the string. 253.Pp 254.Dl "name:uid:gid:class:change:expire:gecos:home_dir:shell:password" 255.Bl -tag -width ".Dv password" 256.It Dv name 257Login name. This field may not be empty. 258.It Dv uid 259Numeric login user id. If this field is left empty it will be automatically 260generated. 261.It Dv gid 262Numeric primary group id. If this field is left empty a group with the 263same name as the user name will be created and its gid will be used 264instead. 265.It Dv class 266Login class. This field may be left empty. 267.It Dv change 268Password ageing. 269This field denotes the password change date for the account. The format of this 270field is the same as the format of the 271.Op Fl p 272argument to 273.Xr pw 8 . 274It may be 'dd-mmm-yy[yy]', where 'dd' is for the day, 'mmm' is for the month 275in numeric or alphabetical format: '10 or Oct', and 'yy[yy]' is the four or two digit year. 276To denote a time relative to the current date the format 277is: '+n[mhdwoy]', where 'n' denotes a number, followed by the Minutes, Hours, 278Days, Weeks, Months or Years after which the password must be changed. 279This field may be left empty to turn it off. 280.It Dv expire 281Account expiration. This field denotes the expiry date of the account. The account may 282not be used after the specified date. The format of this field is the same as that 283for password ageing. This field may be left empty to turn it off. 284.It Dv gecos 285Full name and other extra information about the user. 286.It Dv home_dir 287Home directory. If this field is left empty it will be automatically 288created by appending the username to the home partition. 289.It Dv shell 290Login Shell. This field should contain the full path to a valid login shell. 291.It Dv password 292User password. This field should contain a plaintext string, which will 293be encrypted before being placed in the user database. If the password type is 'yes' 294and this field is empty it is assumed the account will have any empty password. If 295the password type is 'random' and this field is NOT empty its contents will be used 296as a password. This field will be ignored if the 297.Op Fl p 298flag is used with a 299.Ar no 300or 301.Ar none 302argument. Be carefull not to terminate this field with a closing ':' because it will 303be treated as part of the password. |
| 207.El 208.Sh FILES 209.Bl -tag -width /etc/master.passwdxx -compact 210.It Pa /etc/master.passwd 211user database 212.It Pa /etc/group 213group database 214.It Pa /etc/shells --- 6 unchanged lines hidden (view full) --- 221message file for adduser 222.It Pa /usr/share/skel 223skeletal login directory 224.It Pa /var/log/adduser 225logfile for adduser 226.El 227.Sh SEE ALSO 228.Xr chpass 1 , | 304.El 305.Sh FILES 306.Bl -tag -width /etc/master.passwdxx -compact 307.It Pa /etc/master.passwd 308user database 309.It Pa /etc/group 310group database 311.It Pa /etc/shells --- 6 unchanged lines hidden (view full) --- 318message file for adduser 319.It Pa /usr/share/skel 320skeletal login directory 321.It Pa /var/log/adduser 322logfile for adduser 323.El 324.Sh SEE ALSO 325.Xr chpass 1 , |
| 229.Xr finger 1 , | |
| 230.Xr passwd 1 , | 326.Xr passwd 1 , |
| 231.Xr setlogin 2 , | |
| 232.Xr aliases 5 , 233.Xr group 5 , 234.Xr login.conf 5 , 235.Xr passwd 5 , 236.Xr shells 5 , 237.Xr pw 8 , 238.Xr pwd_mkdb 8 , 239.Xr rmuser 8 , 240.Xr vipw 8 , 241.Xr yp 8 | 327.Xr aliases 5 , 328.Xr group 5 , 329.Xr login.conf 5 , 330.Xr passwd 5 , 331.Xr shells 5 , 332.Xr pw 8 , 333.Xr pwd_mkdb 8 , 334.Xr rmuser 8 , 335.Xr vipw 8 , 336.Xr yp 8 |
| 242.\" .Sh BUGS | |
| 243.Sh HISTORY 244The 245.Nm | 337.Sh HISTORY 338The 339.Nm |
| 246utility appeared in | 340command appeared in |
| 247.Fx 2.1 . | 341.Fx 2.1 . |
| 342.Sh AUTHORS 343This manual page and the original script, in perl, was written by 344.An Wolfram Schneider <wosch@FreeBSD.org>. The replacement script, written as a Bourne 345shell script with some enhancements, and the man page modification that 346came with it were done by 347.An Mike Makonnen <mtm@identd.net> . 348.Sh BUGS 349In order for 350.Nm 351to correctly expand variables such as $username and $randompass in the message sent 352to new users it must let the shell evaluate each line of the message file. This means 353that shell commands can also be embedded in the message file. The 354.Nm 355utility attemps to mitigate the possibility of an attacker using this feature by 356refusing to evaluate the file if it is not owned and writeable only by the root user. 357In addition, shell special characters and operators will have to be escaped when 358used in the message file. 359.Pp 360Also, password ageing and account expiry times are currently setable only in batch mode. 361The user should be able to set them in interactive mode as well. |
|