15.2.1. useradd

The useradd is used to add user accounts to the system. Running useradd with a user name as parameter will create the user on the system. For example:

# useradd bob
      

Creates the user account bob. Please be aware that this does not create a home directory for the user. Add the -m parameter to create a home directory. For example:

# useradd -m bob
      

This would add the user bob to the system, and create the /home/bob home directory for this user. Normally the user is made a member of the users group. Suppose that we would like to make crew the primary group for the user bob. This can be done using the -g parameter. For example:

# useradd -g crew -m bob
      

It is also possible to add this user to secondary groups during the creation of the account with the -G. Group names can be separated with a comma. The following command would create the user bob, which is a member of the crew group, and the www-admins and ftp-admins secondary groups:

# useradd -g crew -G www-admins,ftp-admins -m bob
      

By default the useradd only adds users, it does not set a password for the added user. Passwords can be set using the passwd command.

15.2.2. passwd

As you probably guessed the passwd command is used to set a password for a user. Running this command as a user without a parameter will change the password for this user. The password command will ask for the old password,once and twice for the new password:

$ passwd
Changing password for bob
(current) UNIX password: 
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
      

The root user can set passwords for users by specifying the user name as a parameter. The passwd command will only ask for the new password. For example:

# passwd bob
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
      

15.2.3. adduser

The adduser command combines useradd and passwd in an interactive script. It will ask you to fill in information about the account to-be created. After that it will create an account based on the information you provided. The screen listing below shows a sample session.

# adduser

Login name for new user []: john

User ID ('UID') [ defaults to next available ]: <Enter>

Initial group [ users ]: <Enter>

Additional groups (comma separated) []: staff

Home directory [ /home/john ] <Enter>

Shell [ /bin/bash ] <Enter>

Expiry date (YYYY-MM-DD) []: <Enter>

New account will be created as follows:

---------------------------------------
Login name.......:  john
UID..............:  [ Next available ]
Initial group....:  users
Additional groups:  [ None ]
Home directory...:  /home/john
Shell............:  /bin/bash
Expiry date......:  [ Never ]

This is it... if you want to bail out, hit Control-C.  Otherwise, press
ENTER to go ahead and make the account.
<Enter>

Creating new account...


Changing the user information for john
Enter the new value, or press ENTER for the default
        Full Name []: John Doe
        Room Number []: <Enter>
        Work Phone []: <Enter>
        Home Phone []: <Enter>
        Other []: <Enter>
Changing password for john
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password: password
Re-enter new password: password


Account setup complete.
      

You can use the default values, or leave some fields empty, by tapping the <Enter> key.

15.2.4. userdel

Sometimes it is necessary to remove a user account from the system. GNU/Linux offers the userdel tool to do this. Just specify the username as a parameter to remove that user from the system. For example, the following command will remove the user account bob from the system:

# userdel bob
      

This will only remove the user account, not the user's home directory and mail spool. Just add the -r parameter to delete the user's home directory and mail spool too. For example:

# userdel -r bob
      

$ whoami
bob
$ su
Password: 
# whoami
root
# exit
exit
$ whoami
bob
    

$ su -c lilo
    

15.3.1. Restricting su access

You can refine access to su with suauth(5). It is a good security practice to only allow members of a special group to su to root. For instance, you can restrict root su-ing in a BSD fashion to members of the wheel group by adding the following line to /etc/suauth:

root:ALL EXCEPT GROUP wheel:DENY
      

15.4.1. Introduction

Disk quota is a mechanism that allows the system administrator to restrict the number of disk blocks and inodes that a particular user and group can use. Not all filesystems supported by Linux support quota, widely used filesystems that support quota are ext2, ext3 and XFS. Quota are turned on and managed on a per filesystem basis.

15.4.2. Enabling quota

Quota can be enabled per filesystem in /etc/fstab, by using the usrquota and grpquota filesystem options. For example, suppose that we have the following entry for the /home partition in /etc/fstab:

/dev/hda8        /home            xfs         defaults         1   2
      

We can now enable user quota by adding the usrquota filesystem option:

/dev/hda8        /home            xfs         defaults,usrquota 1   2
      

At this point the machine can be rebooted, to let the Slackware Linux initialization scripts enable quota. You can also enable quota without rebooting the machine, by remounting the partition, and running the quotaon command:

# mount -o remount /home
# quotaon -avug
      

15.4.3. Editing quota

User and group quotas can be edited with the "edquota" utility. This program allows you to edit quotas interactively with the vi editor. The most basic syntax of this command is edquota username. For example:

# edquota joe
      

This will launch the vi editor with the quota information for the user joe. It will look like this:

Disk quotas for user joe (uid 1143):
  Filesystem                   blocks       soft       hard     inodes     soft    hard
  /dev/hda5                      2136          0          0         64        0       0
      

In this example quotas are only turned on for one file system, namely the filesystem on /dev/hda5. As you can see there are multiple columns. The blocks column shows how many block the user uses on the file system, and the inodes column the number of inodes a user occupies. Besides that there are soft and hard columns after both blocks and inodes. These columns specify the soft and hard limits on blocks and inodes. A user can exceed the soft limit for a grace period, but the user can never exceed the hard limit. If the value of a limit is 0, there is no limit.

Let's look at a simple example. Suppose that we would like to set the soft limit for the user joe to 250000, and the hard limit to 300000. We could change the quotas listed above to:

Disk quotas for user joe (uid 1143):
  Filesystem                   blocks       soft       hard     inodes     soft    hard
  /dev/hda5                      2136     250000     300000         64        0       0
      

The new quota settings for this user will be active after saving the file, and quitting vi.

15.4.4. Getting information about quota

It is often useful to get statistics about the current quota usage. The repquota command can be used to get information about what quotas are set for every user, and how much of each quota is used. You can see the quota settings for a specific partition by giving the name of the partition as a parameter. The -a parameter will show quota information for all partitions with quota enabled. Suppose that you would like to see quota information for /dev/hda5, you can use the following command:

repquota /dev/hda5
*** Report for user quotas on device /dev/hda5
Block grace time: 7days; Inode grace time: 7days
                        Block limits                File limits
User            used    soft    hard  grace    used  soft  hard  grace
----------------------------------------------------------------------
root      --       0       0       0              3     0     0       
[..]
joe       --    2136  250000  300000             64     0     0       
[..]