92 lines
4.1 KiB
Plaintext
92 lines
4.1 KiB
Plaintext
|
These screens allow you to add groups and users to your system.
|
||
|
|
||
|
You can move through the fields with the TAB, BACK-TAB and RETURN
|
||
|
keys. To edit a field, use DELETE or BACKSPACE. You may also use ^A
|
||
|
(control-A) to go to the beginning of the line, ^E (control-E) to go
|
||
|
to the end, ^F (control-F) to go forward a character, ^B (control-B)
|
||
|
to go backward one character, ^D (control-D) to delete the character
|
||
|
under the cursor and ^K (control-K) to delete to the end of the line.
|
||
|
Basically, the standard EMACS motion sequences.
|
||
|
|
||
|
When you're done with this form, select OK.
|
||
|
|
||
|
|
||
|
User groups
|
||
|
===========
|
||
|
|
||
|
It's certainly almost generally a good idea to first create a new
|
||
|
group for your users. Common names for such a group are "users", or
|
||
|
even simply "other". Group names are used to control file access
|
||
|
permissions for users that belong to the same group. Several group
|
||
|
names are already used for system files.
|
||
|
|
||
|
The numerical user or group IDs are often nothing you want to care for
|
||
|
explicitly. If you don't fill in these fields, the system will chose
|
||
|
reasonable defaults. However, these numbers (rather than the
|
||
|
associated names) are what the operating system actually uses to
|
||
|
distinguish users and groups -- hence they should normally be unique
|
||
|
to each person or group, respectively.
|
||
|
|
||
|
(The initial membership list for a new group is currently
|
||
|
unimplemented, sorry.)
|
||
|
|
||
|
|
||
|
Users
|
||
|
=====
|
||
|
|
||
|
The user's login ID is a short (8 characters) alphanumeric ID the user
|
||
|
must enter when logging into the system. It's often the initial
|
||
|
letters of the user's name, and commonly used in lower case. It's
|
||
|
also the local mail name for this user (though it's possible to also
|
||
|
setup more descriptive mail alias names later).
|
||
|
|
||
|
The user's login group determines which group access rights the user
|
||
|
will initally get when logging in. If an additional list of groups is
|
||
|
provided where the user will become a member of, (s)he will also be
|
||
|
able to access files of those groups later without providing any
|
||
|
additional password etc. Except for the "wheel" case mentioned below,
|
||
|
the additional group membership list should normally not contain the
|
||
|
login group again.
|
||
|
|
||
|
Some of the system's groups have a special meaning. In particular,
|
||
|
members of group "wheel" are the only people who are later allowed to
|
||
|
become superuser using the command su(1). So if you're going to add a
|
||
|
new user who should later perform administrative tasks, don't forget
|
||
|
to add him to this group! (Well, ``he'' will most likely be yourself
|
||
|
in the very first place. :)
|
||
|
|
||
|
Also, members of group "operator" will by default get permissions for
|
||
|
minor administrative operations, like performing system backups, or
|
||
|
shutting down the system -- without first becoming superuser! So,
|
||
|
take care with adding people to this group.
|
||
|
|
||
|
The ``full name'' field serves as a comment only. It is also used by
|
||
|
mail frontends to determine the real name of the user, hence you
|
||
|
should actually fill in the first and last name of this user. By
|
||
|
convention, this field can be divided into comma-separated subfields,
|
||
|
where the office location, the work phone number, and the home phone
|
||
|
number follow the full name of the user.
|
||
|
|
||
|
The home directory is the directory in the filesystem where the user
|
||
|
is being logged into, and where his personalized setup files (``dot
|
||
|
files'', since they usually begin with a `.' and are not displayed by
|
||
|
the ls(1) command by default) will be looked up. It is often created
|
||
|
under /usr/home/ or /home/.
|
||
|
|
||
|
Finally, the shell is the user's initial command interpreter. The
|
||
|
default shell is /bin/sh, some users prefer the more historic
|
||
|
/bin/csh. Other, often more user-friendly and comfortable shells can
|
||
|
be found in the ports and packages collection.
|
||
|
|
||
|
|
||
|
Passwords
|
||
|
=========
|
||
|
|
||
|
Note that new users will be established with no allowable password, so
|
||
|
they cannot login immediately. Instead, someone with superuser
|
||
|
privileges has to run the command ``passwd <user>'' (where <user> is
|
||
|
to be replaced with the actual login name for this user) on behalf of
|
||
|
the new user, so (s)he can enter his/her password. Since the password
|
||
|
won't be echoed on the screen, it must be entered twice. This should
|
||
|
never be done across a network, to prevent password-sniffing.
|