HardenedBSD/usr.sbin/adduser/adduser.8
Wolfram Schneider b86759fd0f documented login name limit
Obtained from: mailing list
1996-06-09 20:45:35 +00:00

253 lines
7.1 KiB
Groff

.\"
.\" (c) Copyright 1995 Wolfram Schneider. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by Wolfram Schneider
.\" 4. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" /usr/sbin/adduser - add new user(s)
.\"
.\" $Id: adduser.8,v 1.8 1996/01/30 13:48:14 mpp Exp $
.Dd Jan, 9, 1995
.Dt ADDUSER 8
.Os FreeBSD 2.1
.Sh NAME
.Nm adduser
.Nd command for adding new users
.Sh SYNOPSIS
.Nm adduser
[-batch username [group[,group]...] [fullname] [password]]
[-check_only] [-config_create] [-dotdir dotdir]
[-group login_group] [-h|-help] [-home home]
[-message message_file] [-noconfig] [-shell shell]
[-s|-silent|-q|-quit] [-uid uid_start] [-v|-verbose]
.Sh DESCRIPTION
.Nm Adduser
is a simple program for adding new users. Adduser check
passwd, group and shell database. It create passwd/group entry,
HOME-directory, dotfiles and send new user a welcome message.
.Sh RESTRICTION
.Bl -tag -width Ds -compact
.It Sy username
Login name. Only lowercase characters or digits. Maximum length
is 8 characters (see
.Xr setlogin 2
BUGS section).
The reasons for this limit is "Historical".
Given that people have traditionally wanted to break this
limit for aesthetic reasons, it's never been of great importance to break
such a basic fundamental parameter in UNIX.
You can change UT_NAMESIZE in /usr/include/utmp.h and recompile the
world; people have done this and it works, but you will have problems
with any precompiled programs, or source that assumes the 8-character
name limit and NIS. The NIS protocol mandates an 8-character username.
If you need a longer login name for e-mail addresses,
you can define an alias in
.Pa /etc/aliases .
.It Sy fullname
Firstname and surname.
.Ql Pa \:
not allowed.
.It Sy shell
Only valid shells from shell database or sliplogin and pppd
.It Sy uid
Automatically generated or your choice. Less than 32000.
.It Sy gid/login group
Your choice or automatically generated.
.It Sy password
If not empty password is encoded with crypt.
.El
.Sh UNIQ GROUP
Perhaps your missing what *can* be done with this scheme that falls apart
with most other schemes. With each user in his/her own group the user can
safely run with a umask of 002 and have files created in there home directory
and not worry about others being able to read them.
For a shared area you create a separate uid/gid (like cvs or ncvs on freefall),
you place each person that should be able to access this area into that new
group.
This model of uid/gid administration allows far greater flexibility that lumping
users into groups and having to muck with the umask when working in a shared
area.
I have been using this model for almost 10 years and found that it works
for most situations, and has never gotten in the way. (Rod Grimes)
.Sh CONFIGURATION
.Bl -tag -width Ds -compact
.It Sy 1.
Read intern variables.
.It Sy 2.
Read config file (/etc/adduser.conf)
.It Sy 3.
Parse command line options
.El
.Sh OPTIONS
.Bl -tag -width Ds
.It Sy -batch username [group[,group]...] [fullname] [password]
Batch mode.
.It Sy -check_only
Check /etc/passwd, /etc/group, /etc/shells and exit.
.It Sy -create_config
Create new config and message file and exit.
.It Sy -dotdir Ar directory
Copy files from
.Ar directory
into the HOME-directory of new users.
.Ql Pa dot.foo
files renamed to
.Ql Pa .foo
Don't copy files if
.Ar directory
equal with
.Ar no
For security make a all files writable and readable for owner,
don't allow group or world to write files and allow only owner
to read/execute/write .rhost, .Xauthority, .kermrc, .netrc, Mail,
prv, iscreen, term.
.It Sy -group Ar login_group
Login group.
.Ar USER
mean use username as login group.
.It Sy -help,-h,-?
Print options and exit.
.It Sy -home Ar partition
Default home partition where all users located.
.It Sy -message Ar file
Send new users a welcome message.
Don't send message if
.Ar file
equal with
.Ar no
.It Sy -noconfig
Do not read config file.
.It Sy -shell Ar shell
Default shell for new users.
.It Sy -silent,-s,-quit,-q
Few warnings, question, bug reports.
.It Sy -uid Ar uid
Use uid's from
.Ar uid
up.
.It Sy -verbose,-v
Many warning, question. Recommended for novice users.
.Sh FORMATS
.Bl -tag -width Ds -compact
.Ql Pa #
is a comment.
.P
.It Sy config file
.Nm Adduser
read and write this file.
See /etc/adduser.conf for more details.
.It Sy message file
Eval variables in this file. See /etc/adduser.message for more
details.
.El
.Sh EXAMPLES
.Pp
$ adduser
.Pp
Start adduser in interactive mode.
.Pp
$ adduser -batch baerenklau guest,staff,baer 'Teddy II' qwerty7
.Pp
Create user 'baerenklau' and login group 'baerenklau'. Invite user
baerenklau into groups guest, staff and baer. Realname (fullname)
is 'Teddy II'. Password is 'qwerty7' (don't use such password!). Create
HOME directory '/home/baerenklau' and copy all files and directories
from /usr/share/skel to /home/baerenklau. Send user baerenklau
a welcome message.
.Pp
$ adduser -uid 5000 -group guest -message no -batch vehlefanz
.Pp
Create user 'vehlefanz'. Login group is guest. Uid is up to
5000, for instance 5007. No other groups, no realname, no password.
Do not send a welcome message.
.Sh FILES
.Bl -tag -width /etc/master.passwdxx -compact
.It Pa /etc/master.passwd
user database
.It Pa /etc/group
group database
.It Pa /etc/shells
shell database
.It Pa /etc/adduser.conf
config file for adduser
.It Pa /etc/adduser.message
message file for adduser
.It Pa /usr/share/skel
skeletal login directory
.It Pa /var/log/adduser
logfile for adduser
.El
.Sh SEE ALSO
.Xr chpass 1 ,
.Xr finger 1 ,
.Xr passwd 1 ,
.Xr setlogin 2 ,
.Xr yp 4 ,
.Xr aliases 5 ,
.Xr passwd 5 ,
.Xr group 5 ,
.Xr shells 5 ,
.Xr pwd_mkdb 8 ,
.Xr vipw 8
.\" .Sh BUGS
.Sh HISTORY
The
.Nm
command appeared in FreeBSD 2.1