mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-30 15:38:06 +01:00
325403f959
which will also need to be brought in before this screen will work. Add some commentary about how the slip startup code is bogus. Steal Joerg's loop for more properly closing all files and graft it into the EHS startup. My loop was functional but more bogus.
92 lines
4.1 KiB
Plaintext
92 lines
4.1 KiB
Plaintext
These screens allow you to add groups and users to your system.
|
|
|
|
You can move through the fields with the TAB, BACK-TAB and RETURN
|
|
keys. To edit a field, use DELETE or BACKSPACE. You may also use ^A
|
|
(control-A) to go to the beginning of the line, ^E (control-E) to go
|
|
to the end, ^F (control-F) to go forward a character, ^B (control-B)
|
|
to go backward one character, ^D (control-D) to delete the character
|
|
under the cursor and ^K (control-K) to delete to the end of the line.
|
|
Basically, the standard EMACS motion sequences.
|
|
|
|
When you're done with this form, select OK.
|
|
|
|
|
|
User groups
|
|
===========
|
|
|
|
It's certainly almost generally a good idea to first create a new
|
|
group for your users. Common names for such a group are "users", or
|
|
even simply "other". Group names are used to control file access
|
|
permissions for users that belong to the same group. Several group
|
|
names are already used for system files.
|
|
|
|
The numerical user or group IDs are often nothing you want to care for
|
|
explicitly. If you don't fill in these fields, the system will chose
|
|
reasonable defaults. However, these numbers (rather than the
|
|
associated names) are what the operating system actually uses to
|
|
distinguish users and groups -- hence they should normally be unique
|
|
to each person or group, respectively.
|
|
|
|
(The initial membership list for a new group is currently
|
|
unimplemented, sorry.)
|
|
|
|
|
|
Users
|
|
=====
|
|
|
|
The user's login ID is a short (8 characters) alphanumeric ID the user
|
|
must enter when logging into the system. It's often the initial
|
|
letters of the user's name, and commonly used in lower case. It's
|
|
also the local mail name for this user (though it's possible to also
|
|
setup more descriptive mail alias names later).
|
|
|
|
The user's login group determines which group access rights the user
|
|
will initally get when logging in. If an additional list of groups is
|
|
provided where the user will become a member of, (s)he will also be
|
|
able to access files of those groups later without providing any
|
|
additional password etc. Except for the "wheel" case mentioned below,
|
|
the additional group membership list should normally not contain the
|
|
login group again.
|
|
|
|
Some of the system's groups have a special meaning. In particular,
|
|
members of group "wheel" are the only people who are later allowed to
|
|
become superuser using the command su(1). So if you're going to add a
|
|
new user who should later perform administrative tasks, don't forget
|
|
to add him to this group! (Well, ``he'' will most likely be yourself
|
|
in the very first place. :)
|
|
|
|
Also, members of group "operator" will by default get permissions for
|
|
minor administrative operations, like performing system backups, or
|
|
shutting down the system -- without first becoming superuser! So,
|
|
take care with adding people to this group.
|
|
|
|
The ``full name'' field serves as a comment only. It is also used by
|
|
mail frontends to determine the real name of the user, hence you
|
|
should actually fill in the first and last name of this user. By
|
|
convention, this field can be divided into comma-separated subfields,
|
|
where the office location, the work phone number, and the home phone
|
|
number follow the full name of the user.
|
|
|
|
The home directory is the directory in the filesystem where the user
|
|
is being logged into, and where his personalized setup files (``dot
|
|
files'', since they usually begin with a `.' and are not displayed by
|
|
the ls(1) command by default) will be looked up. It is often created
|
|
under /usr/home/ or /home/.
|
|
|
|
Finally, the shell is the user's initial command interpreter. The
|
|
default shell is /bin/sh, some users prefer the more historic
|
|
/bin/csh. Other, often more user-friendly and comfortable shells can
|
|
be found in the ports and packages collection.
|
|
|
|
|
|
Passwords
|
|
=========
|
|
|
|
Note that new users will be established with no allowable password, so
|
|
they cannot login immediately. Instead, someone with superuser
|
|
privileges has to run the command ``passwd <user>'' (where <user> is
|
|
to be replaced with the actual login name for this user) on behalf of
|
|
the new user, so (s)he can enter his/her password. Since the password
|
|
won't be echoed on the screen, it must be entered twice. This should
|
|
never be done across a network, to prevent password-sniffing.
|