February 2000

Single Account Management Commands

If you maintain a UNIXish system of any sort, you will invariably have to add and/or delete user accounts, even if you have a home system. In extremely large organizations, you may employ tools such as NIS+ for network based user management, however, in smaller scale systems, accounts are most likely controlled at each system. First a general overview of the tools followed by an example of adding, modifying then removing a pretend user. The column will not cover group management. That will be addressed in a later column.

Why Bother?

There are many user management tools available both in GUI and TUI form available, it is my feeling (and preference) that the command line tools provided are much more succinct in comparison.

The Most Common Commands

The most common commands used to modify, create and delete user accounts are:

  • useradd
  • usermod
  • chfn
  • chsh
  • passwd
  • userdel

These are a lot of commands to cover so I will look only at the bare neccesities of each. Please consult your man pages for more information.

useradd

The useradd command is pretty self explanatory, it is used to add a new user to the system. Some of the options are:

  • -c comment
  • -g initial group
  • -md or -mk the -m means make and d is the directory, the -k means to use another directory as a template
  • -s shell (provide the full shell path)
  • -p password
  • -u userid

In addition to those options you can also set an expire date, inactive time, default group and more.

Following is some sample syntax from the example at the end of the column:

useradd -g ap -s /usr/bin/csh -m /home/udoe -mk /home/mdoe -p ax_01 udoe

usermod

Utilizing the usermod command, one can change many of the same aspects set with useradd (actually the options are the same). Some of the options are:

  • -c comment
  • -g initial group
  • -l login name
  • -s shell
  • -p passwd

Following is some sample syntax from the example at the end of the column:

Expire and inactivity parameters may also be set to accounts with usermod.

usermod -s /usr/bin/tcsh udoe

chfn

chfn can change (or set as the case may be) information about the user that is very specific and handy. Following is a list of some options:

  • -f full name
  • -r room number
  • -w work phone
  • -h home phone

Following is some sample syntax from the example at the end of the column:

chfn -f Uni\ Doe -h 5551234 udoe

chsh

What chsh can do is quite simply change a login shell for a specified account. It comes with one option and argument, -s for the new login shell and the username.

Following is some sample syntax from the example at the end of the column:

chsh -s /usr/bin/tcsh udoe

passwd

Aside from the obvious changing of one's password (or if you are root changing a user password) the passwd command can also set a few account options:

  • -f force the user to change their password at the next login
  • -x set a max expire timeframe in days for the password at -x DAYS (see example below)
  • -w set a warning period in days at -w DAYS
  • -i set inactivity

Following is some sample syntax from the example at the end of the column:

passwd -f -x 60 -w 58 udoe

userdel

Another relatively obvious one, userdel removes a user from the system. It comes with the -r option which states to also remove the user's former home directory and all of its contents.

An Example Session

Nothing illustrates a task better than a sample session. First a new user will be added and modified with all of the modifying commands, then removed. Here is all of the information about our user:

Name: Uni Doe
Work Phone: 555-1234
Group: ap

The rest we will simply assume, first, we will add the user with useradd:

useradd -g ap -s /usr/bin/csh -m /home/udoe -mk /home/mdoe -p ax_01 udoe

Uni Doe has been added to the system and given an initial password. The initial group has been set to ap and login shell is csh.

Now it is time to set up the passwd restrictions:

passwd -f -x 60 -w 58 udoe

Now, udoe must change their password the next time they login. The password will expire in 60 days but udoe will be warned in 58 days. [ 1 ]

Next it is time to fill in some extra information that we have available about udoe, that being the full name and home phone number:

chfn -f Uni\ Doe -h 5551234 udoe

Now the home phone and full name of udoe is recorded.

For the sake of argument (and example) udoe has decided their login shell just does not cut the mustard. They prefer tcsh instead. Now we must change the login shell. To perform this we can use one of two methods, first, our usermod command:

usermod -s /usr/bin/tcsh udoe

or secondly, the chsh command:

chsh -s /usr/bin/tcsh udoe

Unfortunately, we discover udoe is a spy for the competition, or whatever and is no longer in the organization. So we decide to userdel the account but leave the files in the home directory for their supervisor and the administrator to mull over:

userdel udoe

A Lot of Commands

There are a variety of ways to modify user accounts from the command line. While there are many user management tools out there, you never know when you will need to modify accounts from the command line such as when you are dialed up from home perhaps on a serial line connection. With a little practice, they all become as second nature as ls.

Footnotes and Comments

  1. On some systems the expire date is rounded and the warn option may not be available unless certain security packages are turned on.

Next: Group Management Commands