Fill in each of the fields:
User Name
The account name (username) you wish to use (such as jane ). This is what the user will enter when she logs in to the system. It should be an opaque string (no spaces) and consist of letters, digits, dashes, underscores, and periods. Although you can use uppercase characters, traditional user names are all-lowercase for ease of typing.
Full Name
The actual name of the user, in upper- and lowercase ( Jane Smith ). This information is optional and is used for reference only.
Password and Confirm Password
Type the new user's password twice.
Login shell
For most users, this field should be left as is; it can always be changed (using chsh ) later. If you are creating a user account that will never be used for logging in (such as an account used exclusively for email access or file sharing), select /sbin/nologin for the shell.
Create home directory
This should almost always be left checked.
Create a private group for the user
This enables the Fedora User Private Group scheme (which is a great idea), so it should almost always be left checked.
Specify a user ID manually
This controls whether the numeric user ID will be automatically or manually assigned. The only time you would want to specify it manually is when you are configuring the same user ID on two systems. In that case, check the box and enter the user ID in the UID field; otherwise, leave it unchecked.
Once you have filled in all of these fields, click OK. You will be returned to the main User and Group configuration window ( Figure 4-8 ).
To edit a user, double-click on the user's name, or highlight the name and click the Properties icon. An edit window will appear with four tabs, enabling you to edit values that cannot be set during the creation of the account; Figure 4-10 shows each of these tabs.
Figure 4-10. The four tabs of the User Properties window
The four tabs are:
User Data
Contains fields similar to those in the Create New User dialog ( Figure 4-9 ).
Account Info
Allows you to set an expiry date for the account or lock (disable) the account.
Password Info
Configures password expiration (also called password aging ). You can set the number of days before a change is required, to force users to change passwords periodically; the number of days after a change before another change is permitted, to prevent a user from gaming the forced password change by using a temporary password and then immediately switching back to her regular password; how far in advance the user will be warned about an impending password expiry; and the number of days of inactivity permitted before the account is locked as abandoned.
Groups
This tab is one of the least used, but most useful. Here you configure the groups to which the user belongs. In the case of our fictional example of Richard, you would check the it , toronto , acmeproposal , christmas , and soccer groups. By default, the user is automatically assigned to a group with the same name as his username. The significance of groups is that they can be used to manage file access.
The value of password aging is debatable; while it does limit the time that a compromised password can be used, forcing a user to change her password too frequently can make it difficult for her to remember the current password, leading to unsafe practices such as writing passwords on sticky notes or choosing weak passwords.
To delete a user account, click on the username and then click on the Delete icon. You will be warned if the user account is active (i.e., if the user is logged in or has processes running), and you will be asked for confirmation. The confirmation dialog has a checkbox that controls whether the user's files will be deleted along with the user account. If you are planning to keep the user's files, it may be better to lock the account than to delete it, so that the user's name continues to show up as the owner of those files (if the account is deleted, the account number is shown instead of the name).
4.7.1.2. Managing groups graphically
The Group tab of the User Manager window works in exactly the same way as the Users tab. The only fields that appear in the Add Group dialog are for the group name and, if you want to set it manually, the group number. The Properties dialog adds a tab that shows you a list of all of the users on the system, with checkboxes to indicate which ones are in the group.
4.7.1.3. Adding and managing users from the command line
Fedora provides six utilities for managing users and groups from the command line. For users, there are useradd , usermod , and userdel ; for groups, there are groupadd , groupmod , and groupdel .
The express way to add a user is to use useradd and then set the new user's password using passwd :
# useradd jane
# passwd jane
Changing password for user jane.
New UNIX password:
bigSecret
Retype new UNIX password:
bigSecret
passwd: all authentication tokens updated successfully.
useradd accepts a number of options; the most common are shown in Table 4-12 . Most of these options can also be used with usermod to change an existing user's options.
Table 4-12. useradd options
| Option | Description | Notes |
|---|---|---|
| -b directory | Base for home directories (a directory with the same name as the username will be created in this directory and used as the home directory) | useradd only; the default is /home. |
| -c "fullName" | User comment field; almost always used to hold the user's full name | If the full name contains spaces, quote it. |
| -d homedir | User's home directory | |
| -e YYYY-MM-DD | Account expiry date | |
| -f days | Days of inactivity before the account is considered abandoned and locked | |
| -g group | User's primary group | Default is the user's own group (same name as the username). |
| -G grp1,grp2,... | Supplementary group membership | |
| -M | Don't create a home directory | useradd only. |
| -m | Create a home directory if it doesn't exist | This is the default action. |
| -p cryptpass | Set encrypted password to cryptpass | Useful when copying accounts from an old system configuration. |
| -s shell | Sets the user's shell to shell | |
| -u uid | Set the numeric user ID to uid | Useful when copying accounts from an old system configuration or synchronizing with old NFS servers. |
| -L | Lock account against login | usermod only. |
| -U | Unlock account and permit login | usermod only. |