Users, Groups & Permissions
From dghartung.com/docs
I'll break this up into two sections per sections one for linux user and group management and the other for smbldap-tools user management with LDAP logons...This is used in PDC Docs
Contents |
Users
Linux users
add real(Human) user. This adds the user witht the default system paratmeters, home directory, shell, etc
useradd user
Create system(non-human) user without home directory or login shell
useradd -M -s /bin/false user
To show user attributes type:
finger user
SMBLDAP-users ( Windows Logon Users )
To add a user for use with smbldap/PDC
smbldap-useradd -amP user
Here is a script I use instead to create the appropriate directories when creating users
#!/bin/bash
#w-useradd script
#Add users intended for windows workstations with the apprpriate directories
#Change the directory paths as appropriate for your system
dir1=/var/data/samba/profdata #Note missing slash /
dir2=/var/data/samba/profiles #Note missing slash /
#
run () { if [ -n "$1" ] && [ -n "$2" ]
then
smbldap-useradd -amP -s /bin/false -c $2 $1 #This provides no login shell!
mkdir -p $dir1/$1
chown -R $1:Domain\ Users $dir1/$1
chmod -R 750 $dir1/$1
mkdir -p $dir2/$1
chown $1:Domain\ Users $dir2/$1
chmod 700 $dir2/$1
else
echo "You need to Pass a username and a \"Real Name\""
echo "i.e. # w-useradd lucas Lucas Allen"
fi
}
run $1
Copy this script and add to you /usr/local/sbin and name it w-useradd ( Windows-useradd )
Deleting Smbldap users
smbldap-userdel user
Here is a script I use to delete the user and the appropriate directories
#!/bin/bash
#w-userdel script
#delete users intended for windows workstations
#Change the directory paths as appropriate for your system
dir1=/var/data/samba/profdata #Note missing slash /
dir2=/var/data/samba/pofiles #Note missing slash /
#
run () { if [ -n "$1" ]
then
smbldap-userdel $1
rm -rf $dir2/$1
rm -rf $dir1/$1
rm -rf /home/$1
else
echo "You need to Pass a Username
i.e. # w-userdel username"
fi
}
run $1
Copy this script and add to your /usr/local/sbin and name it w-userdel ( Windows-userdel )
Groups
Linux Groups
To see which groups that you or another user belong to:
groups user
To add a user to a Linux machinge group;
gpasswd -a user group
To remove a user from a group :
gpasswd -d user
To set a password for the group:
gpasswd group
To switch to a new group and consequently make and view files as that group member:
newgrp group
SMBLDAP-Groups ( Windows Logon Groups )
To add a user to a smbldap group :
smbldap-groupmod -m user group
To delete a user from a group :
smbldap-groupmod -x user group
Permissions
Regular File Permissions
4 = read 2 = write 1 = execute
|-----Owner Permissions
||----Group Permissions
|||---World Permissions
chmod 755
7= read, write, execute 6= read, write 5= read, execute 4= read only 3= write, execute 2= write only 1= execute only
Change permissions through an entire Folder
chmod -R 755 folder/
ACL file permissions
The use of ACL's (Access Control Lists) is useful for PDC environments, similar, although not the same as Windows
To use ACL's your filesystem must support it. In Fedora this can be accomplished by modifying the /etc/fstab file and changing some attributes.
In /etc/fstab your root mount will look something like this
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
You need to change it to this:
/dev/VolGroup00/LogVol00 / ext3 rw,acl 1 1
