If you want to limit the amount of disk storage any user can consume. Most sites have a few disk hogs around, who just love to fill the disk with their MP3 collections and downloaded sitcoms, use the Linux Disk Quota package. This contains several components, including quota, edquota, quotacheck, and repquota.
If you would like to delegate some system administration chores to other users, or set up an extra layer of safety for your own root chores—but you want to do it in a way that uses only limited rootly powers, and does not give away root’s password, use sudo. sudo grants limited root powers to specific users for specific tasks, logs activity, and does not give away root’s password.
You need to add a whole bunch of users to a group.
Paste your list of login names directly into /etc/group.
Here’s a quick way to generate a list of users to add to /etc/group. This depends on having a UID numbering scheme already in place, so that you can easily sort out selected groups of users. Let’s add some Trainers to a group:
$ awk -F: ‘($3 >= 1050) && ($3 <=1060) { print $1}' /etc/passwd | tr '\n' ','
bcool,bkind,frnow,kthxbye,oknodo,
Now copy and paste into /etc/group.
What if you do not have a nice, tidy, organized UID scheme? This is where the GECOS fields come in handy. Go back and pick one for entering some kind of label. The “other” field is best, because users are blocked from changing it. Where is this “other” field? It’s inside the “full name,” or GECOS, field which contains five comma-delimited fields. It looks like this:
bcool:x:1300:1300:Bob Cool,,,,trainer:/home/bkind:/bin/bash
bkind:x:1055:1055:Bev Kind,,,,trainer:/home/bkind:/bin/bash
Once you’ve added the labels, grep and awk can easily fetch these users for you:
$ cat /etc/passwd | grep trainer | awk -F: ‘{ print $1}’ | tr ‘\n’ ‘,’
bkind,bcool,
As part of your routine security policy, you would like to periodically be able to easily change batches of passwords. Or your network may have been compromised, so you want to change all the passwords yourself and not leave it up to your users.
Use the mass_passwd script. It lets you select batches of users in three different ways:
# mass_passwd
username1
username2
…
# mass_passwd -g
groupname
groupname
…
# mass_passwd -a
The first method uses a simple space-delimited list of logins.
The second method changes the passwords of users belonging to the named groups.
The third method changes every password in /etc/passwd.
Then mass_passwd generates a separate file for each user, containing their new login names and passwords and whatever instructions or policies you choose to include. This is designed to make it easy to print a separate instruction sheet for each user.
You may do a dry run with the -n flag:
# ./mass_passwd -v -g -n usergroup
generating password for dawns…..teivuphu
generating password for nikitah…..kohfahsh
2 password(s) reset – see /root/mass_passwds/mass_passwd.log
No passwords are changed; this just lets you test-drive your options before committing to any changes.
If you want to be able to add several users at once, rather than having to enter each one individually, use the mass_useradd script. It’s a shell script, so it should run just about anywhere. You’ll also need mass_passwd. Store the two scripts in the same directory. You should also install the pwgen utility, for generating passwords. You’ll need a colon-delimited text list of logins and usernames in this format: