[Previous Section] [Back to Table of Contents] [Next Section]

Personal System Administration Guide


Chapter 5
Managing User Accounts and Groups


Overview of the User Manager

The User Manager lets a Privileged User create and manage user login accounts. The User Manager window shows the following information about each login account.

Click the topic about which you want more information.

The User Manager lets only the Administrator create and add users to a group; it does not let the Administrator delete users from groups or delete groups. See "Managing User Groups" for this information.


Understanding User Accounts, Groups, and the Network

This section contains these topics:

For information about different user types and access privileges, see "About User Privileges and the Primary User."

About User Login Accounts and Groups

Each person who uses this system regularly must have a personal login account. A login account gives a person a unique work area on the system (a home directory) where the person can store files and customize the desktop environment. The system automatically labels the work area and all files that the person creates with the person's login name (a short version of the person's real name or initials); the person can then mark the files public or private. Each time the person begins a session on the system, he types his login name and, if necessary, an associated password. For more information on logging in, see "Logging In to the System."

The login account can also include contact information about the person (such as phone number and office location), and a picture of the person. The picture represents the person's account as an icon in the desktop and, when you want information about a person, you double-click the person's photo (or other image) to see his electronic business card. All the information on the business card comes from the person's login account information. For information on creating a user login account, see "Creating a User Login Account."

In a situation where you want to freely share files with only some people who have accounts on a system, you can create a user group. The system lets you grant read and write permissions for a file or directory to three types of users: the file's owner, the members of a specific group of users, and all other users. Once you create a user group, you can set the permissions on all or some of your files so other members of your group can view or change them. For information on creating a user group, see "Managing User Groups."

About User Login Accounts on the Network

In a large, networked environment, the network administrator maintains a list of user login account information, and makes sure that no two people have the same user login name. Before you create login accounts in such an environment, consult with the network administrator.

Whenever you change account information about a person who has a login account on more than one system on the network, the User Manager updates his account information on only that system; the information on other systems remains unchanged.

If your network uses the optional NIS network management software, the network administrator maintains a master database of login account information on a special system called the NIS master. Only the network administrator can change information on the NIS master.

When you create a login account for a person whose account information is in the NIS master database, the User Manager

If a person needs to log in to the system when it's not connected to the network (for example, if a person takes the system home for a period of time), you can change the account from a Network Access account to a Standalone Access account. Once it's a Standalone Access account, the person can log in any time, and you can change all information about the account.


Creating a User Login Account

Any Privileged User can use the User Manager to create a user login account for a person. If your system is connected to a network, contact your network administrator for an approved login name, user ID, and electronic mail address, and see "About User Login Accounts on the Network."

If the User Manager is not already running, start it by choosing "User Manager" from the System toolchest, or by clicking the words User Manager now.

To create a new user login account, follow these steps:

    Click the Add button in the User Manager window.

    Fill in the information requested by the Add a User Account window.


    Create the account using the information that is shown in the User Account Information window, or customize account information.

An icon or picture labeled with the user login name and other account information appears in the User Manager window and, when you log out, the icon appears on the login screen. The person can now log in to the account to use the system.

If you do not want this account to appear on the login screen, see "Customizing the Login Window."


Customizing a User Login Account

Any Privileged User can use the User Account Information window in the User Manager to customize a new or existing user login account. Click a topic for more information.

If you are running the User Manager as a User, but you know the login name and password of a Privileged User or the Administrator, you can change your privilege level from within the tool. When the User Account Information window is open, click the Change to Edit Mode button to enter a login name and/or password.

Understanding Login Account Information

Every user login account has two types of information:

A Privileged User can change all account information, and the person who owns the account can change all business card information except for login name. This changes the account information only on this system; accounts on other systems on the network do not show these changes.

Only the network administrator can change business card information for a Network Access account so that the information is the same for every Network Access account owned by the person.

Note: A Privileged User can use this tool to change a Standalone Access account into a Network Access account, and vice-versa. See "Converting a Standalone Access Account to a Network Access Account" and "Converting a Network Access Account to a Standalone Access Account."

Customizing Business Card Information

The User Manager automatically creates a personal business card for each person who has a user login account. The business card appears whenever someone double-clicks a person's icon in the desktop or in the System Manager window; it also appears when you click the Preview Business Card button in the User Account Information window.

If the User Manager is not already running, start it by choosing "User Manager" from the System toolchest, or by clicking the words User Manager now.

A Privileged User or the User who owns the account can customize all business card information in the User Account Information window, but only the Administrator can add a picture to a login account; see "Adding a Picture to a Login Account." The User who owns the account can also create, change, or delete the account password; see "Creating, Changing, and Deleting Passwords."

To customize the information, follow these steps:

    Change the full name or login name.

    To avoid permissions problems, you should change the full name or login name only when you are converting a Standalone Access account to a Network Access account; see "Converting a Standalone Access Account to a Network Access Account."


    Fill in the contact information.


    Preview the business card by clicking the Preview Business Card button.


    Customize the account using the information that is shown in the User Account Information window, or customize additional system account information.

Adding a Picture to a Login Account

The picture appears in the upper left corner of the business card, and appears in the desktop, the User Manager, and the login screen to represent the account.

Only the Administrator can add a picture to an account by following these steps:

    Ask the user to store a photo in a file on the system by either


    Give the file the same name as the user's login name. For example, if the user's login name is mary and she gives you a file named mary.rgb, rename the file mary.

    Drag the file into the /usr/local/lib/faces directory.

    Note: If /usr/local/lib/faces is not a local directory (i.e., if it is an NFS mounted directory), startup time will be noticeably slower for all tools that use the photo.

Customizing System Account Information

A Privileged User can change system account information only for the system on which you are running the User Manager; this system is pictured and labeled in the right hand portion of the User Account Information window.

If the User Manager is not already running, start it by choosing "User Manager" from the System toolchest, or by clicking the words User Manager now.

To change information about a person's account on only this system, follow these steps:

    If you're changing an existing account, double-click the person's icon in the User Manager to see the person's User Account Information window.

    Answer the question Is this person the Primary User on this system? by clicking the Yes or No box; for more information, see "About User Privileges and the Primary User."

    Answer the question Is this person a Privileged User on this system? by clicking the Yes or No box.

    If this is a Network Access account and you want to convert it to a Standalone Access account, click the No box next to Is this a Network Access account? and see "Converting a Network Access Account to a Standalone Access Account."

    If this is a Standalone Access account and you want to convert it to a Network Access account, contact your network administrator, and see "Converting a Standalone Access Account to a Network Access Account."

    Create a password or change your current password. If you do not have a password, you see a button labeled Create One; if you already have a password, you see two buttons labeled Change It and Remove It.

    Note: The system does not change the password until you click the OK button in the User Account Information window.

    See also "Creating, Changing, and Deleting Passwords."

    Specify a home directory for the person by entering a full pathname (starting with /) in the Home directory field.

    It's best to give the home directory the same name as the user login name, for example, joe might have the home directory /usr/people/joe.

    If you have a second disk, you may want to put the home directory there. For example, if your second disk is named (has a mount point of) /disk2, you would specify a home directory of /disk2/joe. See also "Storing Home Directories on a Second Disk."

    The primary group to which the user belongs on this system appears in the Primary group field.


    The unique user ID of this person appears in the User ID field.


    The IRIX shell is a special window into which the person can type IRIX commands. To choose a different shell from the one displayed on the menu button next to IRIX shell, position the cursor over the menu button, press and hold the mouse button, and select a different shell.

    To use a shell not shown in the menu button, choose "Other" from the menu button, then, in the text field that appears, type the full pathname of the shell that you want to use.

    Customize the account using the information that is shown in the User Account Information window, or cancel all changes.

Creating, Changing, and Deleting Passwords

You can create, change, or delete an account's password using the User Account Information window. A User can change the password on his own account, and a Privileged User can change the password on any account except the root account. Only the Administrator can change the password on the root account.

To see an person's User Account Information window, choose "User Manager" from the System toolchest, then double-click the person's icon in the User Manager window. If the account has no password, you see a button labeled Create One; if the account already has a password, you see two buttons labeled Change It and Remove It.

Creating a Password

To create a password, follow these steps:

    Click the Create One button next to This account has no password.

    In the Set Password window, click in the Enter new password field, then type a password that contains at least 6 characters, one of which is a numeral. Then press <Enter> or click the OK button.

    In the Reenter new password field that appears, enter the same password again, then click the OK button.

    A notifier informs you that the new password will not take effect until you click OK in the User Account Information window; click the OK button in this notifier.

    Save the new password, or cancel your changes and leave the account with no password.

Changing a Password

To change an existing password, follow these steps:

    Click the ChangeIt button next to This account has a password.

    In the Set Password window, click in the Enter current password field, then type your current password. Then press <Enter> or click the OK button.

    In the Enter new password field that appears, enter the new password; it must differ from the old one by at least three characters. Then press <Enter> or click the OK button.

    In the Reenter new password field that appears, enter the same new password again, then click the OK button.

    A notifier informs you that the new password will not take effect until you click OK in the User Account Information window; click the OK button in this notifier.

    Save the new password, or cancel your changes and leave the old password on the account.

Deleting a Password

To delete an existing password, follow these steps:

    Click the RemoveIt button next to This account has a password.

    A notifier informs you that the new password will not be deleted until you click OK in the User Account Information window; click the OK button in this notifier.

    Delete the password, or cancel your changes and leave the account with a password.

Creating a Template for New User Login Accounts

When you create a new user login account, the User Account Information window automatically places default information in these fields:

Also, the system assumes you do not want to give the person administrative privileges, so No is selected next to Is this person a Privileged User on this system?

To change these defaults so that each time you add a new user the User Account Information window provides different default information, follow these steps:

    If the User Manager is not already running, start it by choosing "User Manager" from the System toolchest, or by clicking the words User Manager now.

    Open any account by double-clicking it.

    Change the information to the new defaults; for example, to put all home directories on a second disk with a mount point of /disk2, enter /disk2/ (be sure to include the trailing /) in the Home directory field. (See also "Storing Home Directories on a Second Disk.")

    Most information that appears in text fields can be saved as a template. User ID, Primary User, Privileged User, and Network Access account information cannot be saved as a template.

    Click the Save as Template button. A message tells you it has been saved.

    Click the Cancel button; the window disappears, and no information about the account is changed.

    To make sure the settings are appropriate, add a fictitious account, then delete it. See "Creating a User Login Account."

Converting a Standalone Access Account to a Network Access Account

A Privileged User must work together with the network administrator to convert a Standalone Access account to a Network Access account. The most typical situation in which you need to make this conversion is when you set up a user login account on a system before it is connected to the network or before you have installed and started running the optional NIS software.

Once the Standalone Access account is converted to a Network Access account, the person can log in to the account only when the system is connected to the network and NIS is running. If you ever need to remove the system from the network, you should first convert the account back to a Standalone Access account; see "Converting a Network Access Account to a Standalone Access Account."

A Privileged User can convert the account by following these steps:

    Give the network administrator the person's full name and the login name that is on the Standalone Account so the network administrator can create a Network Access account on the NIS master system.

    Note: If the login name you give to the network administrator is being used by another person, the network administrator will provide you with a different login name for your person.

    When the network administrator tells you that the account is ready, start the User Manager by choosing "User Manager" from the System toolchest, or by clicking the words User Manager now.

    Open the person's account by double-clicking it.

    Change relevant information in the person's User Account Information window.


    Convert the account or cancel your changes.

The person can now log into the account as long as the system is connected to the network and NIS is running.

Converting a Network Access Account to a Standalone Access Account

If you need to disconnect your system from the network and a person with a Network Access account still wants to be able to log in, a Privileged User can convert the person's account to a Standalone Access account with the User Manager.

If the User Manager is not already running, start it by choosing "User Manager" from the System toolchest, or by clicking the words User Manager now.

    Double-click the person's icon in the User Manager window to open the person's User Account Information window.

    In the right hand portion of the form, click the box under No next to Is this a Network Access account? The information in the business card portion of the window becomes editable.

    Convert the account or cancel your changes.

The person can now log into the account, whether or not it is connected to the network.


Deleting a User Login Account

When a Privileged User deletes a login account from your system, the person who owns that account can no longer log in to your system. If the person has accounts on other systems, they can still log in to those systems.

If the User Manager is not already running, start it by choosing "User Manager" from the System toolchest, or by clicking the words User Manager now.

To delete a login account, follow these steps:

    Select the person's icon in the User Manager window.

    Click the Delete button.

    Specify whether you want to delete or retain the user's home directory.


    Delete the account or cancel your request.


Viewing a User's Business Card

You can view a user's business card in three ways:

A Privileged User or the owner of the login account can change business card information using the User Manager; see "Customizing Business Card Information."


Designating the Administrator with the User Manager

The Administrator is the person who uses the most privileged account, the root account, to perform administrative and troubleshooting tasks; there is one Administrator per system. Because the Administrator can change or remove any file on the system, it is very important to create a password for this account. For more information, see "About User Privileges and the Primary User."

To designate an Administrator and create a password for the root account, follow these steps:

    Log out of the system, then log in to the root account.

    Start the User Manager by choosing "User Manager" from the System toolchest.

    Open the root account's User Account Information window by double-clicking it.

    Enter the full name and phone number of the person who will be this system's Administrator, and have this person enter a password.

    Note: The system does not change the password until you click the OK button in the User Account Information window.

    See also "Creating, Changing, and Deleting Passwords."

    Click OK to make the changes take effect.

You can also change the name of the Administrator through the System Manager. See "Designating the Administrator."


Designating Privileged Users

A Privileged User can give one or more other people administrative privileges, making them Privileged Users as well. All Privileged Users have the same capabilities; see "About User Privileges and the Primary User."

If the User Manager is not already running, start it by choosing "User Manager" from the System toolchest, or by clicking the words User Manager now.

To change a User to a Privileged User, follow these steps:

    Double-click the person's icon in the User Manager window to open the person's User Account Information window.

    In the right hand portion of the window, click the Yes box next to Is this person a Privileged User on this system?

    Click the OK button.


Designating the Primary User With the User Manager

A Privileged User can name one person on the system to be the system's Primary User; this person's picture appears on the System Manager window. See also "About User Privileges and the Primary User."

If the User Manager is not already running, start it by choosing "User Manager" from the System toolchest, or by clicking the words User Manager now.

To make a person the Primary User, follow these steps:

    Open the person's User Account Information window by double-clicking the person's icon in the User Manager window.

    In the right hand portion of the window, click the Yes box next to Is this person the Primary User on this system?

    Click the OK button.


Managing User Groups

Only the Administrator can create, change, and delete user groups. Once the group exists, group members can use the Permissions window to change permissions on their own files and directories to let other members of the group read or edit the files. See "Understanding Permissions" in IRIS Essentials for more information.

A person can belong to several groups, but only one group on this system is the person's primary group. To specify a person's primary group, see "Customizing System Account Information."

Creating a User Group

You can add a new group in two ways:

Note: Do not change information for any of the special system groups that were on your system when it was new (groups with ID numbers between 0 and 100 and over 900). They are critical to system operation; changing them will make the system inoperable.

To edit /etc/group, follow these steps:

    Log in as root through a shell window.


    Edit the file.


    Log out of the root account by typing:

    logout

    Then press <Enter>. The shell window disappears.

You now have a new group that has no members. To assign users to this group, see "Adding Users to a Group."

See "Changing Permissions" in IRIS Essentials for information on changing file permissions so that members of a specific group can read or edit the files.

Adding Users to a Group

Only the Administrator can add users to or delete users from a group. When you delete a user from a group, you do not delete that person's login account. The person no longer belongs to the group, and cannot access files that other group members have marked as accessible by group members.

All new users whose login accounts you create with the User Manager belong to the group user whose group ID number is 20. To find out what groups are available on your system, look in the /etc/group file; to create a new group, see "Creating a User Group."

Note: Do not assign a user to any of the special system groups that were on your system when it was new (groups with ID numbers between 0 and 100 and over 900). They are critical to system operation; assigning a regular user to the groups severely compromises stable operation.

Usually a user can belong to only one group. For information on assigning users to multiple groups, see "Login Administration" in the IRIX Advanced Site and Server Administration Guide.

The Administrator can assign a user to a new group and make it the user's primary group in two ways:

To assign a user to a new group by editing /etc/passwd, follow these steps:

    Log in as root through a shell window.


    Edit the file.

    <login name>:<password>:<user ID #>:<groupID #>:<other info>


    Log out of the root account by typing:

    logout

    Then press <Enter>. The shell window disappears.

    Ask all users whose group ID numbers you changed to log out, then log back in.

    When they log in, new files and directories that they create will be labeled with the new group name; you can see this label when you view the Permissions window of a file or directory.

The users whose group ID numbers you changed now have read and execute permissions on all files created by members of the new group (unless a group member changes permissions on individual files). See "Changing Permissions" to give members of the same group write permissions (the ability to change each other's files), or to remove read or execute permissions.

Deleting a User Group

When the Administrator deletes a group from your system, the group is no longer available for membership. This means people who used to belong to the group still have active user login accounts, but they are no longer members of a common group.

To delete a group, follow these steps:

    Assign to a new group all users who belong to the group that you are deleting. See "Adding Users to a Group."

    Log in as root through a shell window.


    Edit the /etc/group file.


    Log out of the root account by typing:

    logout

    Then press <Enter>. The shell window disappears.

    Ask all users who previously belonged to the group to log out, then log back in.

    When they log in, new files and directories that they create will be labeled with the name of the new group to which you assigned them; you see this label when you view the Permissions window of a file or directory. For more information, see "Understanding Permissions" in IRIS Essentials.

The group no longer exists. To create a new group, see "Creating a User Group."


[Previous Section] [Back to Table of Contents] [Next Section]

Send feedback to Technical Publications.

Copyright 1997, Silicon Graphics, Inc. All Rights Reserved. Trademark Information