mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-27 13:34:00 +01:00
b86759fd0f
Obtained from: mailing list
253 lines
7.1 KiB
Groff
253 lines
7.1 KiB
Groff
.\"
|
|
.\" (c) Copyright 1995 Wolfram Schneider. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by Wolfram Schneider
|
|
.\" 4. The name of the author may not be used to endorse or promote products
|
|
.\" derived from this software without specific prior written permission
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.\" /usr/sbin/adduser - add new user(s)
|
|
.\"
|
|
.\" $Id: adduser.8,v 1.8 1996/01/30 13:48:14 mpp Exp $
|
|
|
|
.Dd Jan, 9, 1995
|
|
.Dt ADDUSER 8
|
|
.Os FreeBSD 2.1
|
|
.Sh NAME
|
|
.Nm adduser
|
|
.Nd command for adding new users
|
|
|
|
.Sh SYNOPSIS
|
|
.Nm adduser
|
|
[-batch username [group[,group]...] [fullname] [password]]
|
|
[-check_only] [-config_create] [-dotdir dotdir]
|
|
[-group login_group] [-h|-help] [-home home]
|
|
[-message message_file] [-noconfig] [-shell shell]
|
|
[-s|-silent|-q|-quit] [-uid uid_start] [-v|-verbose]
|
|
|
|
|
|
.Sh DESCRIPTION
|
|
.Nm Adduser
|
|
is a simple program for adding new users. Adduser check
|
|
passwd, group and shell database. It create passwd/group entry,
|
|
HOME-directory, dotfiles and send new user a welcome message.
|
|
|
|
.Sh RESTRICTION
|
|
.Bl -tag -width Ds -compact
|
|
.It Sy username
|
|
Login name. Only lowercase characters or digits. Maximum length
|
|
is 8 characters (see
|
|
.Xr setlogin 2
|
|
BUGS section).
|
|
The reasons for this limit is "Historical".
|
|
Given that people have traditionally wanted to break this
|
|
limit for aesthetic reasons, it's never been of great importance to break
|
|
such a basic fundamental parameter in UNIX.
|
|
You can change UT_NAMESIZE in /usr/include/utmp.h and recompile the
|
|
world; people have done this and it works, but you will have problems
|
|
with any precompiled programs, or source that assumes the 8-character
|
|
name limit and NIS. The NIS protocol mandates an 8-character username.
|
|
If you need a longer login name for e-mail addresses,
|
|
you can define an alias in
|
|
.Pa /etc/aliases .
|
|
.It Sy fullname
|
|
Firstname and surname.
|
|
.Ql Pa \:
|
|
not allowed.
|
|
.It Sy shell
|
|
Only valid shells from shell database or sliplogin and pppd
|
|
.It Sy uid
|
|
Automatically generated or your choice. Less than 32000.
|
|
.It Sy gid/login group
|
|
Your choice or automatically generated.
|
|
.It Sy password
|
|
If not empty password is encoded with crypt.
|
|
.El
|
|
|
|
.Sh UNIQ GROUP
|
|
Perhaps your missing what *can* be done with this scheme that falls apart
|
|
with most other schemes. With each user in his/her own group the user can
|
|
safely run with a umask of 002 and have files created in there home directory
|
|
and not worry about others being able to read them.
|
|
|
|
For a shared area you create a separate uid/gid (like cvs or ncvs on freefall),
|
|
you place each person that should be able to access this area into that new
|
|
group.
|
|
|
|
This model of uid/gid administration allows far greater flexibility that lumping
|
|
users into groups and having to muck with the umask when working in a shared
|
|
area.
|
|
|
|
I have been using this model for almost 10 years and found that it works
|
|
for most situations, and has never gotten in the way. (Rod Grimes)
|
|
|
|
.Sh CONFIGURATION
|
|
.Bl -tag -width Ds -compact
|
|
.It Sy 1.
|
|
Read intern variables.
|
|
.It Sy 2.
|
|
Read config file (/etc/adduser.conf)
|
|
.It Sy 3.
|
|
Parse command line options
|
|
.El
|
|
|
|
.Sh OPTIONS
|
|
.Bl -tag -width Ds
|
|
.It Sy -batch username [group[,group]...] [fullname] [password]
|
|
Batch mode.
|
|
|
|
.It Sy -check_only
|
|
Check /etc/passwd, /etc/group, /etc/shells and exit.
|
|
|
|
.It Sy -create_config
|
|
Create new config and message file and exit.
|
|
|
|
.It Sy -dotdir Ar directory
|
|
Copy files from
|
|
.Ar directory
|
|
into the HOME-directory of new users.
|
|
.Ql Pa dot.foo
|
|
files renamed to
|
|
.Ql Pa .foo
|
|
Don't copy files if
|
|
.Ar directory
|
|
equal with
|
|
.Ar no
|
|
For security make a all files writable and readable for owner,
|
|
don't allow group or world to write files and allow only owner
|
|
to read/execute/write .rhost, .Xauthority, .kermrc, .netrc, Mail,
|
|
prv, iscreen, term.
|
|
|
|
.It Sy -group Ar login_group
|
|
Login group.
|
|
.Ar USER
|
|
mean use username as login group.
|
|
|
|
.It Sy -help,-h,-?
|
|
Print options and exit.
|
|
|
|
.It Sy -home Ar partition
|
|
Default home partition where all users located.
|
|
|
|
.It Sy -message Ar file
|
|
Send new users a welcome message.
|
|
Don't send message if
|
|
.Ar file
|
|
equal with
|
|
.Ar no
|
|
|
|
.It Sy -noconfig
|
|
Do not read config file.
|
|
|
|
.It Sy -shell Ar shell
|
|
Default shell for new users.
|
|
|
|
.It Sy -silent,-s,-quit,-q
|
|
Few warnings, question, bug reports.
|
|
|
|
.It Sy -uid Ar uid
|
|
Use uid's from
|
|
.Ar uid
|
|
up.
|
|
|
|
.It Sy -verbose,-v
|
|
Many warning, question. Recommended for novice users.
|
|
|
|
|
|
|
|
.Sh FORMATS
|
|
.Bl -tag -width Ds -compact
|
|
.Ql Pa #
|
|
is a comment.
|
|
|
|
.P
|
|
.It Sy config file
|
|
.Nm Adduser
|
|
read and write this file.
|
|
See /etc/adduser.conf for more details.
|
|
.It Sy message file
|
|
Eval variables in this file. See /etc/adduser.message for more
|
|
details.
|
|
.El
|
|
|
|
.Sh EXAMPLES
|
|
.Pp
|
|
$ adduser
|
|
.Pp
|
|
Start adduser in interactive mode.
|
|
|
|
.Pp
|
|
$ adduser -batch baerenklau guest,staff,baer 'Teddy II' qwerty7
|
|
.Pp
|
|
Create user 'baerenklau' and login group 'baerenklau'. Invite user
|
|
baerenklau into groups guest, staff and baer. Realname (fullname)
|
|
is 'Teddy II'. Password is 'qwerty7' (don't use such password!). Create
|
|
HOME directory '/home/baerenklau' and copy all files and directories
|
|
from /usr/share/skel to /home/baerenklau. Send user baerenklau
|
|
a welcome message.
|
|
|
|
.Pp
|
|
$ adduser -uid 5000 -group guest -message no -batch vehlefanz
|
|
.Pp
|
|
Create user 'vehlefanz'. Login group is guest. Uid is up to
|
|
5000, for instance 5007. No other groups, no realname, no password.
|
|
Do not send a welcome message.
|
|
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/master.passwdxx -compact
|
|
.It Pa /etc/master.passwd
|
|
user database
|
|
.It Pa /etc/group
|
|
group database
|
|
.It Pa /etc/shells
|
|
shell database
|
|
.It Pa /etc/adduser.conf
|
|
config file for adduser
|
|
.It Pa /etc/adduser.message
|
|
message file for adduser
|
|
.It Pa /usr/share/skel
|
|
skeletal login directory
|
|
.It Pa /var/log/adduser
|
|
logfile for adduser
|
|
.El
|
|
|
|
.Sh SEE ALSO
|
|
.Xr chpass 1 ,
|
|
.Xr finger 1 ,
|
|
.Xr passwd 1 ,
|
|
.Xr setlogin 2 ,
|
|
.Xr yp 4 ,
|
|
.Xr aliases 5 ,
|
|
.Xr passwd 5 ,
|
|
.Xr group 5 ,
|
|
.Xr shells 5 ,
|
|
.Xr pwd_mkdb 8 ,
|
|
.Xr vipw 8
|
|
|
|
.\" .Sh BUGS
|
|
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
command appeared in FreeBSD 2.1
|