The tool shown in Figure 49 manages the users and groups on
your system. In a sense, it is a graphical editor for
/etc/passwd and /etc/group, and for
/etc/shadow if
you have enabled shadow passwords. With this tool you can add and
remove users and groups, set login shells, full names, home
directories, uid, gids, etc.
The same interface is used to add and edit users. To add a user, click on the Add button in the main window. A dialog box will pop up like the one in figure 50 will appear, with some defaults already filled in. To edit an existing user, double-click on the user in the main window, or click on the user and then on the View/Edit button.
First enter the user name. This is not the user's first and last name; it is the id they will use to log on to the system. Do not include any spaces or colons, and do not enter more than 8 characters. Press the enter key when you are finished, and some of the other fields will be filled in with default values. You may change them if you wish, but it is not necessary. You can, at your option, enter the user's full name, office, and phone numbers. The login shell can be changed from the default (normally /bin/bash) either by choosing a selection from the drop-down menu or by simply typing in the shell like the other fields.
You need to do something about the password. There are five options on the Encrypted Password menu: Original, Change, No Password, Lock, and Unlock. No Password is a very bad option --- with no password anyone can login to your system using this id. Choosing Lock will prevent anyone from logging in with this id but keep any password already assigned so that it can be unlocked later; Unlock will unlock a previously locked password. Original is blank (No Password) when you are adding a new user --- the same dialog box is used for editing existing users, when Original is the user's original password. Usually you will choose Change. A small dialog box will appear where you will need to enter a password, and then confirm it by typing it a second time. Click on Done in the password entry window to confirm that you have type the password correctly.
The numbers that the tool provides for UID and GID will work. If you change them, you are on your own; the tool is designed to assume that if you change them, you know what you are doing and want to change them. If you don't know what UID or GID stand for, leave them alone.
If you have configured shadow passwords on your system you will have a Shadow Management button that will allow you to configure password and account expiry. By default (fields shown as blank have the default value), no expiry will be done. If you are unfamiliar with shadow password account management, you will probably wish to accept the default. Click on Done when you are done editing the expiry information.
When you are done editing the user, click on Done in the Edit User Definition dialog box to add the user.
If this user does not already have a home directory (and they won't unless you have already created the home directory), one will be created.
To remove a user, select a user in the main window by clicking on it, and then click on Remove. You will be presented with the dialog box presented in Figure 51. There are three types of action you may take. You may ignore the user's home directory, leaving it alone, you can archive and compress it into a .tar.gz file, or you can delete it completely. You can delete the user's mail spool if you like. These first two actions will take place immediately after you confirm the deletion, before the tool accepts more input. You can search for files owned by the user on parts of the filesystem other than the user's home directory and either give ownership to the user nobody or delete them. If you choose to search for the user's files, you have the option of mailing a report of the errors to root. This is important because the searching will be done in the background as you continue to work; it may take a long time. To find files owned by nobody, execute the following command:
find / \( -group nobody -o -user nobody \) -print
Sometimes you may just want to temporarily remove a user, with the intention of reinstating the user later. The Lock and Unlock functions handle this. When you deactivate a user, the user's password is locked by prepending a `*' to it, preventing the user from logging in. You also have the option of ``collapsing'' the user's home directory with tar and gzip, which can save some space. When you reactivate a user, the password locking is removed, and if the home directory was collapsed, it is expanded back to normal. When you lock a user, you are presented with the same options as when you delete a user, but you are unlikely to want to delete any files.
To create a new group, first switch to group editing mode by selecting the Groups tab at the top of the main window. Clicking on Add brings up a dialog box to specify the group details. First enter a name for the new group. Just like a user name, the group name should have no spaces or colons, and should be no longer than 8 characters. You can set a group password; if you do, users who are not members of the group may assume group membership by using the newgrp program and providing it with the password. To add members to the group, enter their names in the User list field. When you have selected all the group members, click Done
To edit an existing group, double-click on the group in the main window, or click on the group and then on View/Edit. The same interface is used to edit an existing group as to create a new group.