Fedora Linux

Account Info

Allows you to set an expiry date for the account or lock (disable) the account.

Password Info

Configures password expiration (also called password aging ). You can set the number of days before a change is required, to force users to change passwords periodically; the number of days after a change before another change is permitted, to prevent a user from gaming the forced password change by using a temporary password and then immediately switching back to her regular password; how far in advance the user will be warned about an impending password expiry; and the number of days of inactivity permitted before the account is locked as abandoned.

Groups

This tab is one of the least used, but most useful. Here you configure the groups to which the user belongs. In the case of our fictional example of Richard, you would check the it , toronto , acmeproposal , christmas , and soccer groups. By default, the user is automatically assigned to a group with the same name as his username. The significance of groups is that they can be used to manage file access.

The value of password aging is debatable; while it does limit the time that a compromised password can be used, forcing a user to change her password too frequently can make it difficult for her to remember the current password, leading to unsafe practices such as writing passwords on sticky notes or choosing weak passwords.

To delete a user account, click on the username and then click on the Delete icon. You will be warned if the user account is active (i.e., if the user is logged in or has processes running), and you will be asked for confirmation. The confirmation dialog has a checkbox that controls whether the user's files will be deleted along with the user account. If you are planning to keep the user's files, it may be better to lock the account than to delete it, so that the user's name continues to show up as the owner of those files (if the account is deleted, the account number is shown instead of the name).

4.7.1.2. Managing groups graphically

The Group tab of the User Manager window works in exactly the same way as the Users tab. The only fields that appear in the Add Group dialog are for the group name and, if you want to set it manually, the group number. The Properties dialog adds a tab that shows you a list of all of the users on the system, with checkboxes to indicate which ones are in the group.

4.7.1.3. Adding and managing users from the command line

Fedora provides six utilities for managing users and groups from the command line. For users, there are useradd , usermod , and userdel ; for groups, there are groupadd , groupmod , and groupdel .

The express way to add a user is to use useradd and then set the new user's password using passwd :

# useradd jane
# passwd jane
Changing password for user jane.
New UNIX password:
bigSecret
Retype new UNIX password:
bigSecret
passwd: all authentication tokens updated successfully.

useradd accepts a number of options; the most common are shown in Table 4 -12 . Most of these options can also be used with usermod to change an existing user's options.

Table 4-12. useradd options

Option	Description	Notes
-b directory	Base for home directories (a directory with the same name as the username will be created in this directory and used as the home directory)	useradd only; the default is /home.
-c 'fullName'	User comment field; almost always used to hold the user's full name	If the full name contains spaces, quote it.
-d homedir	User's home directory
-e YYYY-MM-DD	Account expiry date
-f days	Days of inactivity before the account is considered abandoned and locked
-g group	User's primary group	Default is the user's own group (same name as the username).