Setting User Defaults

Setting User Defaults

The useradd command and Red Hat User Manager window both determine the default values for new accounts by reading the /etc/login.defs file. You can modify those defaults by either editing that file manually with a standard text editor or by running the useradd command with the -D option. If you choose to edit the file manually, here is what you face:

 # *REQUIRED*
 # Directory where mailboxes reside, _or_ name of file, relative to the
 # home directory. If you _do_ define both, MAIL_DIR takes precedence.
 # QMAIL_DIR is for Qmail
 #
 #QMAIL_DIR Maildir
 MAIL_DIR    /var/spool/mail
 #MAIL_FILE .mail
   
 # Password aging controls:
 #
 # PASS_MAX_DAYS Maximum number of days a password may be used.
 # PASS_MIN_DAYS Minimum number of days allowed between password changes.
 # PASS_MIN_LEN  Minimum acceptable password length.
 # PASS_WARN_AGE Number of days warning given before a password
 # expires.
 #
 PASS_MAX_DAYS     99999
 PASS_MIN_DAYS     0
 PASS_MIN_LEN      5
 PASS_WARN_AGE     7
   
 #
 # Min/max values for automatic uid selection in useradd
 #
 UID_MIN                   500
 UID_MAX                 60000
   
 #
 # Min/max values for automatic gid selection in groupadd
 #
 GID_MIN                   500
 GID_MAX                 60000
   
 #
 # If defined, this command is run when removing a user.
 # It should remove any at/cron/print jobs etc. owned by
 # the user to be removed (passed as the first argument).
 #
 #USERDEL_CMD /usr/sbin/userdel_local
   
 #
 # If useradd should create home directories for users by default.
 # On RH systems, we do. This option is ORed with the -m flag on
 # useradd command line.
 #
 CREATE_HOME yes

Blank lines and comments beginning with a pound sign (#) are ignored. All other lines contain keyword/value pairs. For example, the keyword MAIL_DIR is followed by some white space and the value /var/spool/mail. This tells useradd that the initial user e-mail mailbox is created in that directory. Following that are lines that enable you to customize the valid range of automatically assigned user ID numbers or group ID numbers. A comment section that explains that keyword's purpose precedes each keyword. Altering a default value is as simple as editing the value associated with that keyword and then saving the login.defs file.

If you want to view the defaults, type the useradd command with the -D option as follows:

# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel

You can also use the -D option to change defaults. When run with this flag, useradd refrains from actually creating a new user account; instead, it saves any additionally supplied options as the new default values in /etc/login.defs. Not all useradd options can be used in conjunction with the -D option. You may use only the five options listed in Table 11-2.

Table 11-2: useradd Options for Changing User Defaults

Options

Description

-b default_home

Set the default directory in which user home directories will be created. Replace default_home with the directory name to use. Usually this is /home.

-e default_expire_date

Set the default expiration date on which the user account is disabled. The default_expire_date value should be replaced with a date in the form MM/DD/YYYY — for example, 10/15/2001.

-f default_inactive

Set the number of days after a password has expired before the account is disabled. Replace default_inactive with a number representing the number of days.

-g default_group

Set the default group that new users will be placed in. Normally useradd creates a new group with the same name and ID number as the user. Replace default_group with the group name to use.

-s default_shell

Set the default shell for new users. Normally this is /bin/sh. Replace default_shell with the full path to the shell that you want as the default for new users.

To set any of the defaults, give the -D option first; then add any of the defaults you want to set. For example, to set the default home directory location to /home/everyone and the default shell to /bin/tcsh, type the following:

# useradd -D -b /home/everyone -s /bin/tcsh

Besides setting up user defaults, an administrator can create default files that are copied to each user's home directory for use. These files can include login scripts and shell configuration files (such as .bashrc). The following sections describe some of these files.

Supplying initial login scripts

Many Red Hat Linux applications, including the command shell itself, read a configuration file at startup. It is traditional practice that these configuration files are stored in the users' home directories. In this way, each user can customize the behavior of the command shell and other applications without affecting that behavior for other users. In this way, global defaults can be assigned from /etc/profile, then those settings can be enhanced or overridden by a user's personal files.

The bash command shell, for example, looks for a file called .bashrc in the current user's home directory whenever it starts up. Similarly, the tcsh command shell looks for a file called .tcshrc in the user's home directory. You may see a repeating theme here. Startup scripts and configuration files for various applications usually begin with a dot (.) character and end in the letters rc. You can supply initial default versions of these and other configuration files by placing them in the /etc/skel directory. When you run the useradd command, these scripts and configuration files are copied to the new user's home directory.

Supplying an initial .bashrc file

By supplying your users with an initial .bashrc file, you give them a starting point from which they can further customize their shell environment. Moreover, you can be sure that the file is created with the appropriate access permissions so as not to compromise system security.

The .bashrc script is run each time the user starts a new bash shell. So, security is a concern. It is also a good place to supply useful command aliases and additions to the command search path. Here's an example:

# .bashrc
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
   
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
   
PATH=$PATH:/usr/bin:/usr/local/bin
export PATH

This sample .bashrc file creates aliases for the rm, cp, and mv commands that result in a -i option always being used (unless overridden with the -f option). This protects against the accidental deletion of files. Next, the file executes the /etc/bashrc (if it exists) to read any further global bash values. This file also sets the search path.

Supplying an initial .tcshrc file

This following example .tcshrc file does basically the same thing as the preceding .bashrc example. However, this file (which is for the root user) has the additional task of setting the appearance of the command prompt:

# .tcshrc
   
# User specific aliases and functions
   
alias rm 'rm -i'
alias cp 'cp -i'
alias mv 'mv -i'
   
setenv PATH "$PATH:/usr/bin:/usr/local/bin"
   
set prompt='[%n@%m %c]# '

Instead of using the export command to set environment variables, the tcsh shell uses the setenv command. In the example, setenv is used to set the PATH variable. The shell prompt is set to include your user name (%n), your computer name (%m), and the name of the current directory (%c). So, if you were to use the tcsh shell as the root user on a computer named maple with /tmp as your current directory, your prompt would appear as follows:

[root@maple /tmp]#

The .tcshrc file can also be named .cshrc. The tcsh shell is really an extended version of the csh shell (in fact, you can invoke it by the csh name). When a tcsh shell is started, it first looks for a .tcshrc file in the current user's home directory. If it can't find a file by that name, it looks for the other name, .cshrc. Thus, either name is appropriate.

Configuring system-wide shell options

Allowing individually customizable shell startup files for each user is a very flexible and useful practice. But sometimes you need more centralized control than that. You may have an environment variable or other shell setting that you want set for every user, without exception. If you add that setting to each individual shell, the user has the ability to edit that file and remove it. Furthermore, if that setting must be changed in the future, you must change it in every single user's shell startup file.

Fortunately, there is a better way. There are default startup files that apply to all users of the computer that each command shell reads before reading the user-specific files. In the case of the bash command shell, it reads the /etc/bashrc file before doing anything else.

Similarly, the tcsh shell reads the /etc/csh.cshrc file before processing the .cshrc or .tcshrc file found in the user's home directory. The following /etc/csh.cshrc file ships with Red Hat Linux:

# /etc/cshrc
#
# csh configuration for all shell invocations.

# by default, we want this to get set.
# Even for non-interactive, non-login shells.
 [ `id -gn` = `id -un` -a `id -u` -gt 99 ]
if $status then
     umask 022
else
     umask 002
endif
   
if ($?prompt) then
  if ($?tcsh) then
    set prompt='[%n@%m %c]$ '
  else
    set prompt=\[`id -nu`@`hostname -s`\]\$\
  endif
endif

The /etc/cshrc and /etc/bashrc files set a variety of shell environment options. If you wish to modify or add to the shell environment supplied to every single user on the system, the /etc/bashrc or /etc/cshrc files are the place to do it.

Setting system profiles

Some of the most basic information assigned to each user is added from the /etc/profile file. So, if you want to change any of the following information, you can start from /etc/profile. Here are some values contained in /etc/profile:

  • PATH ( Assigns the default PATH for the root user and for all other users. You might change this value to add paths to local directories containing applications all users need.

  • ulimit ( Sets the maximum allowable file size the user can create from the shell to be unlimited. You can use ulimit to restrict maximum file size if you find that users are creating enormous files. As defined in the /etc/profile file, ulimit sets no limit to the size of files a user can create. However, it does prevent core files (normally created when a process crashes) from being created.

  • Environment variables ( Shell environment variables that are needed for standard operation are assigned in this file. These include USER (set by the id un command), LOGNAME (same as USER), MAIL (set to /var/spool/mail/$USER), HOSTNAME (set to /bin/hostname), and HISTSIZE (which sets shell command history to 1000 items).

  • INPUTRC ( Sets keyboard mappings for particular situations, based on the contents of the /etc/inputrc file. In particular, the inputrc file makes sure that the Linux console and various Terminal windows (xterm and rxvt) all behave sanely.

The last thing that the /etc/profile file does is look at the contents of the /etc/profile.d directory and source in the files that it finds. Each file contains settings that define environment variables or aliases that affect how users can use the shell. For example, the lang.sh and lang.csh files identify the locations of foreign language files. The vim files create aliases that cause vim to be used when vi is typed. The which-2.sh file defines a set of options used by the which command. You can modify the profile.d files or add your own to have environment variables and aliases set for all of your users.




Part IV: Red Hat Linux Network and Server Setup