FreeBSD user management to increase user

In order to use a multiuser FreeBSD operating system, it must be a registered user of the system. The user information is stored in the passwd file in the/etc directory, and a FreeBSD user defined in this file should have the following attributes:

User name (Username): Use this username in the system to identify the user, each user name is no more than 8 characters, and is case sensitive. Custom username uses only lowercase letters, usually based on the initials of the user's real name to select the appropriate user name.

UserID (User ID): Because it is easier to process numbers in a computer than to process strings, it is more appropriate to use digital user identification numbers to differentiate between different users. In fact, UNIX systems use unique user identification numbers to differentiate users, and for certain purposes there can be multiple users with different user names, but with the same user ID, which means that the users of these different user names are actually the same user.

Password (password): The system uses it to verify that the user is legitimate. Superuser root can use the System program passwd to change each user's password, and the user can use passwd to change his or her password. In older UNIX systems, passwords are stored directly in passwd files, because the passwd file is readable by every user in the system and is secured only by encryption. However, the development of modern computers has changed the situation, and the high speed computing ability makes it possible to decipher the password by guessing. So now the passwords in UNIX are no longer stored directly in the passwd file, and the password fields in the passwd file are replaced with a "*". FreeBSD uses/etc/master.passwd as the real password file, saving data including personal passwords, but this file cannot be read by ordinary users.

Command Interpreter (Shell): The user starts the program after logging in to receive input from the user and executes the input command, the standard shell has SH and csh, the more complex and easy-to-use Shell has bash and tcsh, but they are not part of the basic system and must be installed extra. The shell program is a standard UNIX program, but the system defines some standard shell names in the/etc/shells file, and many applications check the contents of the file and the user's shell to determine whether the user is a regular user or a user created for a specific purpose.
Personal directory (home directory): Because FreeBSD is a multi-user system, each user must have their own independent use of the environment, the files of different users can not be interleaved with each other, so UNIX for each user to configure their own personal directory, the user's files are placed in their respective directories, So as not to interfere. Accustomed to FreeBSD the user's personal directory is located in the/home directory, using the user name as a subdirectory name, most shells use the wave symbol ~ to represent the user's personal directory.

Group ID: Multiple users with similar attributes can be assigned to a group, each group has its own group name, which is distinguished by its own group identification number (which is given in the/etc/group file for the group identification number and the group's correspondence), and the user's group identification number is saved in the passwd file. In earlier UNIX, each user could belong to only one group, while in modern Unix each user could belong to more than one group, and in addition to the basic group where it belonged in the passwd file, it was possible to explicitly specify a group including a user in the file/etc/group. Allows the user to belong to more than one group.

In addition, users have other attributes, such as the login category, which are recorded in another password file:/etc/master.passwd.

Increase user
Although you can use the Add User option in the system installer/stand/sysinstall to increase users and groups, skilled administrators do not like this full-screen mode of operation. The customary practice under UNIX is to use command-line methods, such as using the AddUser command to add users or PW commands.

The AddUser command uses the profile/etc/adduser.conf to save the default data used by the added user, and if this profile is not available, the default setting is queried for the first execution of the adduser to automatically generate the settings file. This sets the correct default values for many basic consistent user data to reduce the amount of input.

# AddUser

Use option '-silent ' If you don ' t want the all warnings & questions.

Check/etc/shells

check/etc/master.passwd

Check/etc/group

Enter your default Shell:bash csh date no sh [sh]:

Your default shell is:sh->/bin/sh

Enter your default home partition: [/home]:

Copy dotfiles from:/usr/share/skel no [/usr/share/skel]:

Send message from File:/etc/adduser.message No

[/etc/adduser.message]:

Use passwords (y/n) [y]:

Ok, let ' s go.

After you have generated the configuration file in the previous procedure, you can also use the editor to modify its contents to change the AddUser configuration. Although a configuration file is generated, each startup AddUser also asks if these default parameters need to be changed, making the operation less convenient. In order for AddUser to enter the user data entry state directly, you can use "adduser-quiet" to reduce the hint,-quiet's initials are-Q, and the-silent and-s parameters have the same effect. The more permanent way is to modify the adduser.conf file directly, and change the verbose parameter to 0, which means to minimize the hint. The default value of this parameter is 1, which prompts you to set the default value, and setting to 2 provides more configuration parameters.

# adduser-s

Use option '-verbose ' If you want to more warnings & questions

Or try to repair bugs.

Enter username [a-z0-9_-]: User22

Enter full name []:

Enter Shell bash csh date no sh [sh]:

Enter Home Directory (full path) [/home/user22]:

Uid [1007]:

Enter login Class:default []:

Login group User22 [USER22]:

Login Group is ' User22 '. Invite User22 into Othergroups:guest No

[No]:

Enter Password []:

Use a empty password? (y/n) [Y]:

Name:user22

Password: * * *

Fullname:user22

uid:1007

gid:1007 (USER22)

Class:

Groups:user22

Home:/home/user22

Shell:/bin/sh

Ok? (y/n) [Y]:

Added user ' User22 '

Send message to ' user22 ' And:no root second_mail_address

[No]:

Your account ' User22 ' is created.

Have fun!

also Chpass (1), finger (1), passwd (1)

ADD anything to Default message (y/n) [n]:

Send message (y/n) [y]:

Add another user? (y/n) [Y]:n

Therefore, you can use the-s parameter to make AddUser direct access to increase the user's operating procedures, which will ask to increase the user's necessary data, including user name, password and other data. AddUser will use some of the content in adduser.conf as the default prompts, usually with prompt steps to take advantage of the default prompts.

Commands that are more complex than the AddUser command are PW, which administrators can use to complete a variety of complex user management tasks, including adding, removing users, and modifying user parameter settings.

Another way to manage users more directly is to edit the contents of the password file directly. This is a common practice early in Unix, but with the development of UNIX, the current UNIX use shadow method to save encrypted password data, user data not only stored in the passwd file, and the real password and other content is stored in the system in another password file, you must modify both password files, To keep it consistent. Therefore, you cannot edit a/etc/passwd file directly using the VI editor, and you should use the VIPW command provided by the system to modify the password file and write two files at the same time. For security reasons, VIPW will use an internal editor (same as VI) to edit the master.passwd file and synchronize the two password files at save time. In fact, master.passwd file is the real password file, change the/etc/passwd file alone, no impact on user data.

Because the system will repeatedly read the user password, and in the ordinary text form of the passwd file to find the user's speed and the number of users is a linear relationship, when the number of users, the search efficiency dropped dramatically. The form of a database is better suited to these frequently occurring lookup tasks because the database automatically maintains the index of the data that can be used to improve search efficiency. FreeBSD provides a simple standard database file format that can be used by password files to improve performance. Therefore the password file has the corresponding database form:/etc/pwd.db and/etc/spwd.db, the system call that obtains the user information actually first queries these two database files, but by the system automatically maintains these two database files to synchronize with the first two passwd files. System managers can use PWD_MKDB to generate database files from a text-form password file. Typically, passwd files in plain text are only suitable for systems with hundreds of accounts, while DB databases are suitable for systems with more than 10,000 accounts.

In other Unix systems, the name of the second password file differs from the file name used by the BSD system, and most Unix system V systems use the/etc/shadow file. Using different names is just a matter of habit, and file formats are passwd file formats. Therefore, if the requirement is compatible, a symbolic connection called Shadow can be established for/ETC/MASTER.PASSWD.

Groups can help with the allocation of permissions, similar to administrative users, and administrative groups can either be done through sysinstall or directly change/etc/group files. In addition to the groups defined in the passwd file, users can be invited into other groups. AddUser when adding a user asks if you want to join another group, and if you add users to another group after the user is generated, you need to change the/etc/group file directly. For example, there is one line in the group file:

Wheel:*:0:root,admin

Admin:*:100:admin

This means that user admin not only belongs to the group that is specified in passwd, but also belongs to the wheel and admin groups. You can use the Groups command to obtain a user's group list.