6.2. Creating User Accounts



This section assumes you are using the Shadow password suite on your Linux system. If you are not, you should consider doing so, as it helps to tighten up security somewhat. The Shadow suite is fairly easy to install and will automatically convert your non-shadow password file format over to the new shadow format.

There are two steps to creating a new user account. The first is to actually create the account itself, the second is to provide an alias to their e-mail address (at my place of employment, we follow the convention of "Firstname.Lastname@our.domain.name".)

To create the account, decide on the username you are going to assign to the user. The username is at most 8 characters long, and wherever possible you should choose their last name, or last name and first initial if a user account already exists (the adduser script will detect and prevent you from adding duplicate account names).

You will then be prompted to enter other information: full name of user, user group (usually the default value), a user id # (automatically assigned), home directory (automatically assigned), a user shell, some password expiration values, and finally the desired password (which won't echo to the screen; you should have the user choose a password between 6 to 8 characters in length for security reasons).

Please note that everything should be entered in lowercase, except for the full name of the user which can be entered in a "pleasing format" (eg. Joe Smith) and the password. Case is sensitive, so inform your user(s) they must use identical case when entering their username and password.

Here is a sample session where we will add a user named Joe Smith:

mail:~# /sbin/adduser
User to add (^C to quit): smith
That name is in use, choose another.
User to add (^C to quit): smithj
Editing information for new user [smithj]
Full Name: Joe Smith
GID [100]:  
Checking for an available UID after 500
First unused uid is 859
UID [859]:  
Home Directory [/home/smithj]:  
Shell [/bin/bash]:  
Min. Password Change Days [0]:  
Max. Password Change Days [30]: 90
Password Warning Days [15]:  
Days after Password Expiry for Account Locking [10]: 0
Password [smithj]:</ FL1539
Retype Password:</ Fl1539
Sorry, they do not match.
Password:</> FL1539
Retype Password:</ FL1539

Information for new user [smithj]:
Name: Joe Smith
Home directory: /home/smithj
Shell: /bin/bash
Password: <hidden>
Uid: 859        Gid: 100
Min pass: 0     maX pass: 99999
Warn pass: 7    Lock account: 0
public home Directory: no
Type 'y' if this is correct, 'q' to cancel and quit the program,
or the letter of the item you wish to change: Y

The next step is to create the alias for the person's e-mail account. This gives people the choice of using their account name for their e-mail address, or their full name (First.Last combination) to make it "easier" for the outside world to guess their e-mail address when trying to contact them for the first time.

To add the e-mail alias, edit the ``/etc/aliases'' file as follows:

mail# pico -w /etc/aliases

Add the new alias at the bottom of the file. The format for an alias is:


You should ask the user what preference they have for this (eg. Joseph.Smith or Joe.Smith). For our new Joe Smith user, the entry would be as follows:


When finished adding the alias, press <Ctrl>-<X> and save the file. Then, type ``newaliases'' to update the aliases database.

At this point the user account has been created and is ready for use. It is a good idea to remind the user that his username and password must be entered in lowercase characters, and what their e-mail address would be (eg. ``Joe.Smith@mail.mydomain.name'').