freebsd-dev/usr.sbin/sysinstall/help/usermgmt.hlp

97 lines
4.3 KiB
Plaintext
Raw Normal View History

These screens allow you to add groups and users to your system.
You can move through the fields with the TAB, BACK-TAB and RETURN
keys. To edit a field, use DELETE or BACKSPACE. You may also use ^A
(control-A) to go to the beginning of the line, ^E (control-E) to go
to the end, ^F (control-F) to go forward a character, ^B (control-B)
to go backward one character, ^D (control-D) to delete the character
under the cursor and ^K (control-K) to delete to the end of the line.
Basically, the standard EMACS motion sequences.
When you're done with this form, select OK.
Many of the settings get reasonable defaults if you leave them blank.
The first time you have entered the name of the new group or user, the
system will show you what it would chose for most of these fields.
You are free to change them, of course.
User groups
===========
It's certainly almost generally a good idea to first create a new
group for your users. Common names for such a group are "users", or
even simply "other". Group names are used to control file access
permissions for users that belong to the same group. Several group
names are already used for system files.
The numerical user or group IDs are often nothing you want to care for
explicitly. If you don't fill in these fields, the system will chose
reasonable defaults. However, these numbers (rather than the
associated names) are what the operating system actually uses to
distinguish users and groups -- hence they should normally be unique
to each person or group, respectively.
(The initial membership list for a new group is currently
unimplemented, sorry.)
Users
=====
The user's login ID is a short (8 characters) alphanumeric ID the user
must enter when logging into the system. It's often the initial
letters of the user's name, and commonly used in lower case. It's
also the local mail name for this user (though it's possible to also
setup more descriptive mail alias names later).
The user's login group determines which group access rights the user
will initally get when logging in. If an additional list of groups is
provided where the user will become a member of, (s)he will also be
able to access files of those groups later without providing any
additional password etc. Except for the "wheel" case mentioned below,
the additional group membership list should normally not contain the
login group again.
Some of the system's groups have a special meaning. In particular,
members of group "wheel" are the only people who are later allowed to
become superuser using the command su(1). So if you're going to add a
new user who should later perform administrative tasks, don't forget
to add him to this group! (Well, ``he'' will most likely be yourself
in the very first place. :)
Also, members of group "operator" will by default get permissions for
minor administrative operations, like performing system backups, or
shutting down the system -- without first becoming superuser! So,
take care with adding people to this group.
The ``full name'' field serves as a comment only. It is also used by
mail frontends to determine the real name of the user, hence you
should actually fill in the first and last name of this user. By
convention, this field can be divided into comma-separated subfields,
where the office location, the work phone number, and the home phone
number follow the full name of the user.
The home directory is the directory in the filesystem where the user
is being logged into, and where his personalized setup files (``dot
files'', since they usually begin with a `.' and are not displayed by
the ls(1) command by default) will be looked up. It is often created
under /usr/home/ or /home/.
Finally, the shell is the user's initial command interpreter. The
default shell is /bin/sh, some users prefer the more historic
/bin/csh. Other, often more user-friendly and comfortable shells can
be found in the ports and packages collection.
Passwords
=========
Note that new users will be established with no allowable password, so
they cannot login immediately. Instead, someone with superuser
privileges has to run the command ``passwd <user>'' (where <user> is
to be replaced with the actual login name for this user) on behalf of
the new user, so (s)he can enter his/her password. Since the password
won't be echoed on the screen, it must be entered twice. This should
never be done across a network, to prevent password-sniffing.