Last update: December 8, 2000

Secrets I learned... about the Unix Approach
Know what's going on!
Unix provides you with power: power (amongst other things) to shoot yourself in the foot. It's very important to know what's going on. Even when easy to use tools are available, don't be seduced. Such tools are not meant to relieve you of the responsibility of administrating what's going on. And, in order to do that, you have to know what's going on.

Not to overstate the value of Unix, consider the wheel. (The invention of the wheel was doubtless more significant.) Armed with a wheel, someone built a wagon.

Armed with a wagon, you can build an even bigger tool: a car. Or you can acquire someone else's car. It would certainly be easier to acquire a car than to build one yourself, but is the decision therefore quite so obvious?

You may encounter a lot of frustration trying to maintain the car you acquired from someone else. It may take you a lot of time to understand what somebody else had in mind when they built it. On the other hand, you certainly understand the car that you built yourself. But the building may take you a lot of time too.

There isn't anything you can do with a car that you can't do with a wagon once you understand its principles and have built it up to service your requirements.

There isn't anything you can do with a Linux distribution such as Red Hat or SUSE that you can't do with "generic" Linux once you understand its principles and have built it up to service your requirements.

The reality is that you're going to have to do some building yourself and you're going to have to gain some understanding of what others have built. For a given task, you'll decide on what mixture of the two to use.

At the low end of the scale is "bare metal Linux". Throughout the scale are the various distributions offerring different front-ends to Linux. For the most part, these front-ends do two things. They manipulate the parameter files used by generic Linux programs and execute commands. At the high end of the scale are front-ends that virtually lead you through an entire process; you need never open an editor on a file.

Although the evolution of any operating system necessarily starts at the lower end, it is worthwhile noting that Linux has never discarded its low end tools. They are still there. This is quite distinct from the Microsoft model which takes great pains to disuade you from looking under the hood.

SUSE, a Linux distribution most popular in Europe, seems to reflect the European attitude of functionality. Red Hat, popular in North America, seems to lean towards features. (No doubt, a SuseMobile would be manual transmission.)

A front-end program may manipulate many files and execute many commands. To operate it, you "just" need to learn about that single front-end program and need not learn about all the files and commands that lie beneath. But do not be seduced! If the front-end doesn't accomplish what you need, you're stuck. If it doesn't accomplish what you need in the most efficient manner, you're handicapped.

Administrating your Administrating
A fine demonstration of these front-ends is the administration of user accounts.

Generic Tools - the hard way
At the very low end, it is almost possible to maintain a user account by only editing a number of files and creating a directory. On an ongoing basis, it's unlikely that you'd want to follow the procedure outlined below. However, you ought to understand what's going on!

The file /etc/passwd is the heart of it all. Ironically, /etc/passwd no longer contains the user's password.

Encrypted passwords have been moved to the /etc/shadow file for security purposes. See man 5 shadow for its layout.

/etc/passwd contains 7 fields each delimited by a colon. They are

  1. the user's name
  2. password indicator
  3. id#
  4. group#
  5. user's full name and/or other comment. (finger looks at this)
  6. home directory name
  7. the name of the shell that will be started when this user logs in.

See man 5 passwd for a more detailed description of its layout.

/etc/group is file containing a translation of group-id numbers to group names. Its second field is also a password indicator. A typical entry is users:x:100
See man group for a file layout description.

The password indicator is usually the letter "x" which indicates that the real password, in its encrypted form, can be found in /etc/shadow. Other than this password, you can now edit /etc/passwd (you must be root) and insert a user record.

Create the user's home directory by using the mkdir command and change its user/group ownership to the user/group of this new user using chown

The directory /etc/skel (as in skeleton) contains a number of (usually hidden) files that every user ought to have. Copy them into the user's new home directory, insuring that they end up with user's user and group ownership.

Finally, we need to create a real password for the new user. As root, we can change anybody's password with the interactive passwd command.

Generic Tools - some front-end tools
Now that you've paid your dues, I'll tell you about the useradd command. (There is also a command called adduser which may offer different capabilities but it may be nothing more than a link to useradd.)

Look at its man page. (Notice that I've been saying that a lot.) Not all man pages are created equal, largely because the commands they describe don't always work in quite the same way between one distribution and another.

The useradd program is such an example. On SUSE, useradd will not create the user's directory unless "-m" switch is specified. On Red Hat, the "-m" option acts as a toggle to the default "create or don't create a home directory" as specified in the default definitions file. Red Hat has a "-n" switch. SUSE doesn't.

With a syntax like useradd george you'll do much of the things we've discussed. Note you won't create a proper password. Use passwd or chpasswd for that.

SUSE - more of a front end
SUSE's yast program (which does many other things as well) makes user account administration easier for you.
  • Run yast,
  • select System administration and then
  • select User administration

You'll be presented with a fill in the blanks user authorization screen. Upon execution of the values you insert, everything will be done for you.

Red Hat - even more of a front end
The Red Hat front-end is slicker and more sophisticated. linuxconf is much more graphical and not just for aesthetic reasons. It has non-X11 and X11 graphical versions as well as a completely non-graphical version.

There are more buttons to push because there are many more options made available. Thus the process for setting up a single "ordinary" user account may actually be more time consuming. But user accounts are not just for users.

Programs such as daemons are not "people" but they may still require be represented as "users" to enable them to have special permissions. linuxconf's user account management maintains other characteristics as well. Many are not viewed in terms of traditional user account management at all. But Red Hat has extended that view. One of its privileges, for example, is "Is this user privileged to run linuxconf itself!

Generic re-visited
Having more of a front-end is not necessarily a great idea. The designers at (say Red Hat or SUSE) tried hard to anticipate what you'd want to do. Often they are right. Sometimes there are not.

Perhaps you work for a school and your job involves this sceneario. At the beginning of each term the registrar sends you an email message containing the names and student numbers of hundreds of new students. You have to create an account for each of them.

You could do it all in SUSE's yast or Red Hat's linuxconf. But you could instead edit that email message into a script that looks something like this:

useradd asad
useradd bob
useradd carol
But that doesn't quite do it. We also need a non-interactive way to specify their passwords. The passwd command is usually interactive, so it won't do. However, Red Hat's passwd command provides a --stdin switch which does allow the password to be piped into it. So you might have something like this: 
          useradd asad;  echo "123"  | passwd asad  --stdin
          useradd bob;   echo "456"  | passwd bob   --stdin
          useradd carol; echo "789"  | passwd carol --stdin
SUSE does not have such an option in its passwd command. Instead, use use the chpasswd command which is a non-interactive mechanism. See its man page also. Using chpasswd, your script would then look like this: 
          useradd asad;  echo "asad:123"  | chpasswd
          useradd bob;   echo "bob:456"   | chpasswd
          useradd carol; echo "carol:789" | chpasswd

There are a lot of switches to the useradd command. (You did look at the man page, didn't you?) Typically you won't need to edit your script to include most of them. In the man page, you'll probably find that that the default parameters are stored in /etc/default/useradd

Parting Comment
Red Hat's linuxconf may be a more comprehensive single gathering of system utilities than that offerred by SUSE. But that's really not the point.
  • For the casual user, they are well on the way to bridging the desktop gap between Linux and Microsoft.
  • For the systems administrator, particularly the new systems administrator, they may be too good! It is still very important to know what's going on.