Small note to add value to Dave's excellent response in relation to updating the /etc/sudoers file, use "visudo" to update the /etc/sudoers file. It is clean and simple with error checking.
James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company Supporting the zSeries Platform Team -----Original Message----- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of David Boyes Sent: Wednesday, September 07, 2011 11:18 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Adding users to RedHat 5.4 > First, what command and options should I be using to create the userid w/ a > home directory and whatever else may be needed, along with the superuser > attributes? useradd -m <userid> passwd <userid> add <userid> to /etc/sudoers -m creates the user's home dir. If these ids are going to be temporary, add -e to the useradd command and specify an expiration date so they automatically go locked when the class is over. You're dealing with two things here: real and effective uids. Each user normally must have a single unique numeric uid that should be unique across all systems. This is stored in /etc/passwd, and is known as their real uid (the one that determines permanent file ownership, etc). The _effective_ uid is the one that is used when executing programs, etc at the time of execution. Normally the real and effective uid are the same, producing no special powers. 'su' (and by extension, sudo and a an appropriate filter) temporarily change the effective uid for that user in that process context to 0, temporarily giving them powers beyond the mortal *for the duration of that process context*. In the case of sudo, a new process context is created, the command is parsed, and then checked against the patterns in /etc/sudoers. If the command matches a pattern in /etc/sudoers, sudo temporarily changes the effective uid of the process to 0, does the command, and immediately changes the effective uid back to the real uid when the command is completed and before the user is given control again. If the command is an interactive command like a shell (remember, Unix shells are just programs), the process retains the superuser privilege until the original shell started by sudo exits, and other commands issued from that shell inherit the Powers of Darkness from the 'sudo bash' command. These days, sudo is the way to go if you have multiple administrators who need superuser access. Much safer, and you don't ever have to give anyone the REAL root password (as you do with su) -- they authenticate with their OWN password before anything dangerous happens, effectively making them directly responsible for what they do. > Third, how do I list the userid after it's created? cat /etc/passwd | grep <userid> ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
