## 8.6 Modifying Accounts There are a variety of different commands available in the UNIX® environment to manipulate user accounts. The most common commands are summarized below, followed by more detailed examples of their usage. [[!table data=""" | Command | Summary [adduser(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#adduser§ion8) | The recommended command-line application for adding new users. [rmuser(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#rmuser§ion8) | The recommended command-line application for removing users. [chpass(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#chpass§ion1) | A flexible tool to change user database information. [passwd(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#passwd§ion1) | The simple command-line tool to change user passwords. [pw(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#pw§ion8) | A powerful and flexible tool to modify all aspects of user accounts. | """]] ### 8.6.1 adduser [adduser(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#adduser§ion8) is a simple program for adding new users. It creates entries in the system `passwd` and `group` files. It will also create a home directory for the new user, copy in the default configuration files (***dotfiles***) from `/usr/share/skel`, and can optionally mail the new user a welcome message. To create the initial configuration file, use `adduser -s -config_create`. [(1)](#FTN.AEN6699) Next, we configure [adduser(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#adduser§ion8) defaults, and create our first user account, since using `root` for normal usage is evil and nasty. **Example 8-1. Configuring `adduser` and adding a user** # adduser -v Use option -silent if you don't want to see all warnings and questions. Check /etc/shells Check /etc/master.passwd Check /etc/group Enter your default shell: csh date no sh tcsh zsh [sh]: zsh Your default shell is: zsh -> /usr/local/bin/zsh Enter your default HOME partition: [/home]: Copy dotfiles from: /usr/share/skel no [/usr/share/skel]: Send message from file: /etc/adduser.message no [/etc/adduser.message]: no Do not send message Use passwords (y/n) [y]: y Write your changes to /etc/adduser.conf? (y/n) [n]: y Ok, let's go. Don't worry about mistakes. I will give you the chance later to correct any input. Enter username [a-z0-9_-]: jru Enter full name []: J. Random User Enter shell csh date no sh tcsh zsh [zsh]: Enter home directory (full path) [/home/jru]: Uid [1001]: Enter login class: default []: Login group jru [jru]: Login group is ***jru***. Invite jru into other groups: guest no [no]: wheel Enter password []: Enter password again []: Name: jru Password: **** Fullname: J. Random User Uid: 1001 Gid: 1001 (jru) Class: Groups: jru wheel HOME: /home/jru Shell: /usr/local/bin/zsh OK? (y/n) [y]: y Added user ***jru*** Copy files from /usr/share/skel to /home/jru Add another user? (y/n) [y]: n Goodbye! # In summary, we changed the default shell to **zsh** (an additional shell found in pkgsrc®), and turned off the sending of a welcome mail to added users. We then saved the configuration, created an account for `jru`, and made sure `jru` is in `wheel` group (so that she may assume the role of `root` with the [su(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#su§ion1) command.) **Note:** The password you type in is not echoed, nor are asterisks displayed. Make sure you do not mistype the password twice. **Note:** Just use [adduser(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#adduser§ion8) without arguments from now on, and you will not have to go through changing the defaults. If the program asks you to change the defaults, exit the program, and try the `-s` option. ### 8.6.2 rmuser You can use [rmuser(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#rmuser§ion8) to completely remove a user from the system. [rmuser(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=rmuser§ion=8) performs the following steps: 1. Removes the user's [crontab(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#crontab§ion1) entry (if any). 1. Removes any [at(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#at§ion1) jobs belonging to the user. 1. Kills all processes owned by the user. 1. Removes the user from the system's local password file. 1. Removes the user's home directory (if it is owned by the user). 1. Removes the incoming mail files belonging to the user from `/var/mail`. 1. Removes all files owned by the user from temporary file storage areas such as `/tmp`. 1. Finally, removes the username from all groups to which it belongs in `/etc/group`. **Note:** If a group becomes empty and the group name is the same as the username, the group is removed; this complements the per-user unique groups created by [adduser(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#adduser§ion8). [rmuser(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#rmuser§ion8) cannot be used to remove superuser accounts, since that is almost always an indication of massive destruction. By default, an interactive mode is used, which attempts to make sure you know what you are doing. **Example 8-2. `rmuser` Interactive Account Removal** # rmuser jru Matching password entry: jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh Is this the entry you wish to remove? y Remove user's home directory (/home/jru)? y Updating password file, updating databases, done. Updating group file: trusted (removing group jru -- personal group is empty) done. Removing user's incoming mail file /var/mail/jru: done. Removing files belonging to jru from /tmp: done. Removing files belonging to jru from /var/tmp: done. Removing files belonging to jru from /var/tmp/vi.recover: done. # ### 8.6.3 chpass [chpass(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#chpass§ion1) changes user database information such as passwords, shells, and personal information. Only system administrators, as the superuser, may change other users' information and passwords with [chpass(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#chpass§ion1). When passed no options, aside from an optional username, [chpass(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#chpass§ion1) displays an editor containing user information. When the user exists from the editor, the user database is updated with the new information. ***'Example 8-3. Interactive `chpass` by Superuser***' #Changing user database information for jru. Login: jru Password: * Uid [#]: 1001 Gid [# or name]: 1001 Change [month day year]: Expire [month day year]: Class: Home directory: /home/jru Shell: /usr/local/bin/zsh Full Name: J. Random User Office Location: Office Phone: Home Phone: Other information: The normal user can change only a small subset of this information, and only for themselves. **Example 8-4. Interactive chpass by Normal User** #Changing user database information for jru. Shell: /usr/local/bin/zsh Full Name: J. Random User Office Location: Office Phone: Home Phone: Other information: **Note:** [chfn(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#chfn§ion1) and [chsh(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=chsh§ion=1) are just links to [chpass(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=chpass§ion=1), as are [ypchpass(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=ypchpass§ion=1), [ypchfn(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=ypchfn§ion=1), and [ypchsh(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=ypchsh§ion=1). NIS support is automatic, so specifying the `yp` before the command is not necessary. If this is confusing to you, do not worry, NIS will be covered in [advanced-networking.html Chapter 19]. ### 8.6.4 passwd [passwd(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#passwd§ion1) is the usual way to change your own password as a user, or another user's password as the superuser. **Note:** To prevent accidental or unauthorized changes, the original password must be entered before a new password can be set. **Example 8-5. Changing Your Password** % passwd Changing local password for jru. Old password: New password: Retype new password: passwd: updating the database... passwd: done ***'Example 8-6. Changing Another User's Password as the Superuser***' # passwd jru Changing local password for jru. New password: Retype new password: passwd: updating the database... passwd: done **Note:** As with [chpass(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#chpass§ion1), [yppasswd(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=yppasswd§ion=1) is just a link to [passwd(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=passwd§ion=1), so NIS works with either command. ### 8.6.5 pw [pw(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#pw§ion8) is a command line utility to create, remove, modify, and display users and groups. It functions as a front end to the system user and group files. [pw(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=pw§ion=8) has a very powerful set of command line options that make it suitable for use in shell scripts, but new users may find it more complicated than the other commands presented here. #### Notes [[!table data=""" | [(1)](users-modifying.html#AEN6699) | The `-s` makes [adduser(8)](http://leaf.dragonflybsd.org/cgi/web-man?commandadduser§ion=8) default to quiet. We use `-v` later when we want to change defaults. | """]] CategoryHandbook CategoryHandbook-usermanagement