system-config-users is giving me a problem. I need to create a user called 'groupware', without a home directory, and belonging only to a non-privileged group. I can create the user, but it sets it to belong to the group 'users'. When I try to set its default to 'nobody' and delete the 'users' entry it tells me that I must enter a home directory.
How can I get around this?
Anne
On Sat, Mar 15, 2008 at 10:11 AM, Anne Wilson cannewilson@googlemail.com wrote:
system-config-users is giving me a problem. I need to create a user called 'groupware', without a home directory, and belonging only to a non-privileged group. I can create the user, but it sets it to belong to the group 'users'. When I try to set its default to 'nobody' and delete the 'users' entry it tells me that I must enter a home directory.
How can I get around this?
Mostly, you don't. Every user has to have a home directory, though nothing says it has to be in /home
Take a look at how the system accounts for things like rpm or rpc or others are handled. I'd also recommend using useradd as it gives you a bit more flexibility when creating users. with useradd you can use -g and -G to see the primary and secondary group memberships as you need. Also, unless this account will be logging in or for some other reason requires a shell, make sure that the shell for the user is set to /sbin/nologin.
On Sat, 2008-03-15 at 10:17 -0400, Jim Perrin wrote:
On Sat, Mar 15, 2008 at 10:11 AM, Anne Wilson cannewilson@googlemail.com wrote:
system-config-users is giving me a problem. I need to create a user called 'groupware', without a home directory, and belonging only to a non-privileged group. I can create the user, but it sets it to belong to the group 'users'. When I try to set its default to 'nobody' and delete the 'users' entry it tells me that I must enter a home directory.
How can I get around this?
Mostly, you don't. Every user has to have a home directory, though nothing says it has to be in /home
Take a look at how the system accounts for things like rpm or rpc or others are handled. I'd also recommend using useradd as it gives you a bit more flexibility when creating users. with useradd you can use -g and -G to see the primary and secondary group memberships as you need. Also, unless this account will be logging in or for some other reason requires a shell, make sure that the shell for the user is set to /sbin/nologin.
---- Machine accounts in samba use /dev/null as home directory so I wouldn't think that too difficult either.
Craig
On Saturday 15 March 2008 14:17, Jim Perrin wrote:
On Sat, Mar 15, 2008 at 10:11 AM, Anne Wilson
cannewilson@googlemail.com wrote:
system-config-users is giving me a problem. I need to create a user called 'groupware', without a home directory, and belonging only to a non-privileged group. I can create the user, but it sets it to belong to the group 'users'. When I try to set its default to 'nobody' and delete the 'users' entry it tells me that I must enter a home directory.
How can I get around this?
Mostly, you don't. Every user has to have a home directory, though nothing says it has to be in /home
Take a look at how the system accounts for things like rpm or rpc or others are handled. I'd also recommend using useradd as it gives you a bit more flexibility when creating users. with useradd you can use -g and -G to see the primary and secondary group memberships as you need. Also, unless this account will be logging in or for some other reason requires a shell, make sure that the shell for the user is set to /sbin/nologin.
That's helpful, thanks. It is for handling imap under kontact, so I've created the group groupware and left it as a member of that group. I think that will be OK, but I'll have to see when I've got the rest of it set up :-)
Anne
Anne Wilson wrote:
On Saturday 15 March 2008 14:17, Jim Perrin wrote:
On Sat, Mar 15, 2008 at 10:11 AM, Anne Wilson
cannewilson@googlemail.com wrote:
system-config-users is giving me a problem. I need to create a user called 'groupware', without a home directory, and belonging only to a non-privileged group. I can create the user, but it sets it to belong to the group 'users'. When I try to set its default to 'nobody' and delete the 'users' entry it tells me that I must enter a home directory.
How can I get around this?
That's helpful, thanks. It is for handling imap under kontact, so I've created the group groupware and left it as a member of that group. I think that will be OK, but I'll have to see when I've got the rest of it set up :-)
Anne _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
As a side note to what craig said. I to use /dev/null to give my other stations a user account so as to add them to the samba user file. Without giving them an home dir. HTH
On Saturday 15 March 2008 14:55, Brian wrote:
Anne Wilson wrote:
On Saturday 15 March 2008 14:17, Jim Perrin wrote:
On Sat, Mar 15, 2008 at 10:11 AM, Anne Wilson
cannewilson@googlemail.com wrote:
system-config-users is giving me a problem. I need to create a user called 'groupware', without a home directory, and belonging only to a non-privileged group. I can create the user, but it sets it to belong to the group 'users'. When I try to set its default to 'nobody' and delete the 'users' entry it tells me that I must enter a home directory.
How can I get around this?
That's helpful, thanks. It is for handling imap under kontact, so I've created the group groupware and left it as a member of that group. I think that will be OK, but I'll have to see when I've got the rest of it set up :-)
As a side note to what craig said. I to use /dev/null to give my other stations a user account so as to add them to the samba user file. Without giving them an home dir. HTH
I set the home directory under /usr/share/, thinking that was a fairly safe place, but it's not working, so I don't know whether this is the cause of the problem or something else. I'm trying to get advice from the kde-pim list. dimap is something new to me - I've used plain imap for some time, but while that works well for mail it doesn't allow me remote diary and addressbook.
Anne
On Sat, 2008-03-15 at 15:13 +0000, Anne Wilson wrote:
On Saturday 15 March 2008 14:55, Brian wrote:
Anne Wilson wrote:
On Saturday 15 March 2008 14:17, Jim Perrin wrote:
On Sat, Mar 15, 2008 at 10:11 AM, Anne Wilson
cannewilson@googlemail.com wrote:
system-config-users is giving me a problem. I need to create a user called 'groupware', without a home directory, and belonging only to a non-privileged group. I can create the user, but it sets it to belong to the group 'users'. When I try to set its default to 'nobody' and delete the 'users' entry it tells me that I must enter a home directory.
How can I get around this?
That's helpful, thanks. It is for handling imap under kontact, so I've created the group groupware and left it as a member of that group. I think that will be OK, but I'll have to see when I've got the rest of it set up :-)
As a side note to what craig said. I to use /dev/null to give my other stations a user account so as to add them to the samba user file. Without giving them an home dir. HTH
I set the home directory under /usr/share/, thinking that was a fairly safe place, but it's not working, so I don't know whether this is the cause of the problem or something else. I'm trying to get advice from the kde-pim list. dimap is something new to me - I've used plain imap for some time, but while that works well for mail it doesn't allow me remote diary and addressbook.
---- /usr/share is a really bad idea... - selinux - goes against intended purpose http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE26 - just a plain bad idea.
home directories should be in /home with the sole exception of daemon users (uid < 500) which will typically be created in /var or /var/lib
Craig
On Saturday 15 March 2008 16:20, Craig White wrote:
/usr/share is a really bad idea...
- selinux
- goes against intended purpose http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE26
- just a plain bad idea.
home directories should be in /home with the sole exception of daemon users (uid < 500) which will typically be created in /var or /var/lib
Fair enough. I'll delete that user and start again. About UIDs, though. The user 'groupware' is not a user in the normal sense of the word. It is a part of dimap functionality, in my case handled by dovecot. There will never be a login, unless I have to do it as part of the setup, then switch off logins. Is it best to allocate a UID above or below 500?
This may be obvious to you, but its a new ballgame to me :-)
Anne
On Sat, 2008-03-15 at 16:47 +0000, Anne Wilson wrote:
On Saturday 15 March 2008 16:20, Craig White wrote:
/usr/share is a really bad idea...
- selinux
- goes against intended purpose http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE26
- just a plain bad idea.
home directories should be in /home with the sole exception of daemon users (uid < 500) which will typically be created in /var or /var/lib
Fair enough. I'll delete that user and start again. About UIDs, though. The user 'groupware' is not a user in the normal sense of the word. It is a part of dimap functionality, in my case handled by dovecot. There will never be a login, unless I have to do it as part of the setup, then switch off logins. Is it best to allocate a UID above or below 500?
This may be obvious to you, but its a new ballgame to me :-)
---- FWIW...
On most networks I create a user 'administrator', a normal (500+ uid) account with login privileges and an $HOME directory somewhere in /home (I normally put user accounts in /home/users).
I use this user 'administrator' for a lot of purposes including... - Windows Domain Administrator - 'the From' email address (adminstrator@my_domain.tld) for notifications - 'admin' user for Horde (IMP/et. al.) - owner of Windows related files that are somewhat restricted such as 'netlogon' share - owner of most shares (NFS/Samba/Netatalk) - member of 'Dom Users' group (again a Windows thing)
This may or may not be useful to you. I think that the users you create should be uid > 500 UNLESS their only purpose is to run daemons.
Craig
On Saturday 15 March 2008 17:59:00 Craig White wrote:
On Sat, 2008-03-15 at 16:47 +0000, Anne Wilson wrote:
On Saturday 15 March 2008 16:20, Craig White wrote:
/usr/share is a really bad idea...
- selinux
- goes against intended purpose http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE26
- just a plain bad idea.
home directories should be in /home with the sole exception of daemon users (uid < 500) which will typically be created in /var or /var/lib
Fair enough. I'll delete that user and start again. About UIDs, though. The user 'groupware' is not a user in the normal sense of the word. It is a part of dimap functionality, in my case handled by dovecot. There will never be a login, unless I have to do it as part of the setup, then switch off logins. Is it best to allocate a UID above or below 500?
This may be obvious to you, but its a new ballgame to me :-)
FWIW...
On most networks I create a user 'administrator', a normal (500+ uid) account with login privileges and an $HOME directory somewhere in /home (I normally put user accounts in /home/users).
I use this user 'administrator' for a lot of purposes including...
- Windows Domain Administrator
- 'the From' email address (adminstrator@my_domain.tld) for
notifications
- 'admin' user for Horde (IMP/et. al.)
- owner of Windows related files that are somewhat restricted such as
'netlogon' share
- owner of most shares (NFS/Samba/Netatalk)
- member of 'Dom Users' group (again a Windows thing)
This may or may not be useful to you. I think that the users you create should be uid > 500 UNLESS their only purpose is to run daemons.
OK, thanks. I'll leave it for tonight, then get a clean start tomorrow.
Anne
-
Anne Wilson -
Brian -
Craig White -
Jim Perrin