ACC SHELL
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Managing Users with YaST</title><link rel="stylesheet" href="susebooks.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Documentation"><link rel="up" href="part.reference.administration.html" title="Part III. Administration"><link rel="prev" href="part.reference.administration.html" title="Part III. Administration"><link rel="next" href="cha.y2.lang.html" title="Chapter 9. Changing Language and Country Settings with YaST"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> > </span><a href="book.opensuse.reference.html">Reference</a><span class="breadcrumbs-sep"> > </span><a href="part.reference.administration.html">Administration</a><span class="breadcrumbs-sep"> > </span><strong><a accesskey="p" title="Part III. Administration" href="part.reference.administration.html"><span>◀</span></a> <a accesskey="n" title="Chapter 9. Changing Language and Country Settings with YaST" href="cha.y2.lang.html"><span>▶</span></a></strong></p></div></td></tr></table></div><div class="chapter" title="Chapter 8. Managing Users with YaST"><div class="titlepage"><div><div><h2 class="title"><a name="cha.y2.userman"></a>Chapter 8. Managing Users with YaST<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.y2.userman">¶</a></span></h2></div></div></div><div class="toc"><p><b>Contents</b></p><dl><dt><span class="sect1"><a href="cha.y2.userman.html#sec.y2.userman.main">8.1. User and Group Administration Dialog</a></span></dt><dt><span class="sect1"><a href="cha.y2.userman.html#sec.y2.userman.users">8.2. Managing User Accounts</a></span></dt><dt><span class="sect1"><a href="cha.y2.userman.html#sec.y2.userman.adv">8.3. Additional Options for User Accounts</a></span></dt><dt><span class="sect1"><a href="cha.y2.userman.html#sec.y2.userman.defaults">8.4. Changing Default Settings for Local Users</a></span></dt><dt><span class="sect1"><a href="cha.y2.userman.html#sec.y2.userman.assign">8.5. Assigning Users to Groups</a></span></dt><dt><span class="sect1"><a href="cha.y2.userman.html#sec.y2.userman.groups">8.6. Managing Groups</a></span></dt><dt><span class="sect1"><a href="cha.y2.userman.html#cha.y2.userman.authent">8.7. Changing the User Authentication Method</a></span></dt></dl></div><a class="indexterm" name="id446238"></a><a class="indexterm" name="id446246"></a><a class="indexterm" name="id446253"></a><p>
<a class="indexterm" name="id446264"></a>During installation, you chose a method for user
authentication. This method is either local (via
<code class="filename">/etc/passwd</code>) or, if a network connection is
established, via NIS, LDAP, Kerberos or Samba (see
<span> Section “Create New User” (Chapter 1, <i>Installation with YaST</i>, ↑Start-Up)
</span>. You can
create or modify user accounts and change the authentication method with
YaST at any time.
</p><p>
<a class="indexterm" name="id446292"></a> Every user is assigned a system-wide user ID (UID). Apart
from the users which can log in to your machine, there are also a number
of <span class="emphasis"><em>system users</em></span> for internal use only. Each user is
assigned to one or more groups. Similar to <span class="emphasis"><em>system
users</em></span>, there are also <span class="emphasis"><em>system groups</em></span> for
internal use.
<span>For information about the Linux user and group concept,
refer to Section “User Concept” (Chapter 6, <i>Basic Concepts</i>, ↑Start-Up).</span>
</p><div class="sect1" title="8.1. User and Group Administration Dialog"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.y2.userman.main"></a>8.1. User and Group Administration Dialog<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.y2.userman.main">¶</a></span></h2></div></div></div><p>
To administer users or groups, start YaST and click <span class="guimenu">Security and Users</span>+<span class="guimenu">User and Group
Management</span>. Alternatively, start the
<span class="guimenu">User and Group Administration</span> dialog directly by
running <span class="command"><strong>yast2 users</strong></span> from a command line.
</p><div class="figure"><a name="fig.y2.userman.main"></a><p class="title"><b>Figure 8.1. YaST User and Group Administration</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.y2.userman.main">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="70%"><tr><td><img src="images/yast2_users_main_gtk.png" width="100%" alt="YaST User and Group Administration"></td></tr></table></div></div></div><br class="figure-break"><p>
Depending on the set of users you choose to view and modify with, the
dialog (local users, network users, system users), the main window shows
several tabs. These allow you to execute the following tasks:
</p><div class="variablelist"><dl><dt><span class="term">Managing User Accounts</span></dt><dd><p>
From the <span class="guimenu">Users</span> tab create, modify, delete or
temporarily disable user accounts as described in
<a class="xref" href="cha.y2.userman.html#sec.y2.userman.users" title="8.2. Managing User Accounts">Section 8.2, “Managing User Accounts”</a>. Learn about advanced options
like enforcing password policies, using encrypted home directories,
using fingerprint authentication, or managing disk quotas in
<a class="xref" href="cha.y2.userman.html#sec.y2.userman.adv" title="8.3. Additional Options for User Accounts">Section 8.3, “Additional Options for User Accounts”</a>.
</p></dd><dt><span class="term">Changing Default Settings</span></dt><dd><p>
Local users accounts are created according to the settings defined on
the <span class="guimenu">Defaults for New Users</span> tab. Learn how to change
the default group assignment, or the default path and access
permissions for home directories in
<a class="xref" href="cha.y2.userman.html#sec.y2.userman.defaults" title="8.4. Changing Default Settings for Local Users">Section 8.4, “Changing Default Settings for Local Users”</a>.
</p></dd><dt><span class="term">Assigning Users to Groups</span></dt><dd><p>
Learn how to change the group assignment for individual users in
<a class="xref" href="cha.y2.userman.html#sec.y2.userman.assign" title="8.5. Assigning Users to Groups">Section 8.5, “Assigning Users to Groups”</a>.
</p></dd><dt><span class="term">Managing Groups</span></dt><dd><p>
From the <span class="guimenu">Groups</span> tab, you can add, modify or delete
existing groups. Refer to <a class="xref" href="cha.y2.userman.html#sec.y2.userman.groups" title="8.6. Managing Groups">Section 8.6, “Managing Groups”</a> for
information on how to do this.
</p></dd><dt><span class="term">Changing the User Authentication Method</span></dt><dd><p>
When your machine is connected to a network that provides user
authentication methods like NIS or LDAP, you can choose between
several authentication methods on the <span class="guimenu">Authentication
Settings</span> tab. For more information, refer to
<a class="xref" href="cha.y2.userman.html#cha.y2.userman.authent" title="8.7. Changing the User Authentication Method">Section 8.7, “Changing the User Authentication Method”</a>.
</p></dd></dl></div><p>
For user and group management, the dialog provides similar functionality.
You can easily switch between the user and group administration view by
choosing the appropriate tab at the top of the dialog.
</p><p>
Filter options allow you to define the set of users or groups you want to
modify: On the <span class="guimenu">Users</span> or <span class="guimenu">Group</span> tab,
click <span class="guimenu">Set Filter</span> to view and edit users or groups
according to certain categories, such as <span class="guimenu">Local Users</span>
or <span class="guimenu">LDAP Users</span>, for instance (if you are part of a
network which uses LDAP). With <span class="guimenu">Set Filter</span>+<span class="guimenu">Customize Filter</span> you can also set up and
use a custom filter.
</p><p>
Depending on the filter you choose, not all of the following options and
functions will be available from the dialog.
</p></div><div class="sect1" title="8.2. Managing User Accounts"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.y2.userman.users"></a>8.2. Managing User Accounts<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.y2.userman.users">¶</a></span></h2></div></div></div><p>
<a class="indexterm" name="id446556"></a> <a class="indexterm" name="id446566"></a> YaST offers to create, modify, delete or temporarily
disable user accounts. Do not modify user accounts unless you are an
experienced user or administrator.
</p><div class="note"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Note: Changing User IDs of Existing Users"><tr class="head"><td width="32"><img alt="[Note]" src="admon/note.png"></td><th align="left">Changing User IDs of Existing Users</th></tr><tr><td colspan="2" align="left" valign="top"><p>
File ownership is bound to the user ID, not to the user name. After a
user ID change, the files in the user's home directory are automatically
adjusted to reflect this change. However, after an ID change, the user
no longer owns the files he created elsewhere in the file system unless
the file ownership for those files are manually modified.
</p></td></tr></table></div><p>
In the following, learn how to set up default user accounts. For some
further options, such as auto login, login without password, setting up
encrypted home directories or managing quotas for users and groups, refer
to <a class="xref" href="cha.y2.userman.html#sec.y2.userman.adv" title="8.3. Additional Options for User Accounts">Section 8.3, “Additional Options for User Accounts”</a>.
</p><div class="procedure" title="Procedure 8.1. Adding or Modifying User Accounts"><a name="id446600"></a><p class="title"><b>Procedure 8.1. Adding or Modifying User Accounts</b></p><ol class="procedure" type="1"><li><p>
Open the YaST <span class="guimenu">User and Group Administration</span> dialog
and click the <span class="guimenu">Users</span> tab.
</p></li><li><p>
With <span class="guimenu">Set Filter</span> define the set of users you want to
manage. The dialog shows a list of users in the system and the groups
the users belong to.
</p></li><li><p>
To modify options for an existing user, select an entry and click
<span class="guimenu">Edit</span>.
</p><p>
To create a new user account, click <span class="guimenu">Add</span>.
</p></li><li><p>
Enter the appropriate user data on the first tab, such as
<span class="guimenu">Username </span> (which is used for login) and
<span class="guimenu">Password</span>. This data is sufficient to create a new
user. If you click <span class="guimenu">OK</span> now, the system will
automatically assign a user ID and set all other values according to
the default.
</p></li><li><p>
Activate <span class="guimenu">Receive System Mail</span> if you want any kind of
system notifications to be delivered to this user's mailbox. This
creates a mail alias for <code class="systemitem">root</code> and the user can read the system
mail without having to first log in as <code class="systemitem">root</code>.
</p></li><li><p>
If you want to adjust further details such as the user ID or the path
to the user's home directory, do so on the <span class="guimenu">Details</span>
tab.
</p><p>
If you need to relocate the home directory of an existing user, enter
the path to the new home directory there and move the contents of the
current home directory with <span class="guimenu">Move to New Location</span>.
Otherwise, a new home directory is created without any of the existing
data.
</p></li><li><p>
To force users to regularly change their password or set other password
options, switch to <span class="guimenu">Password Settings</span> and adjust the
options. For more details, refer to
<a class="xref" href="cha.y2.userman.html#sec.y2.userman.adv.passw" title="8.3.2. Enforcing Password Policies">Section 8.3.2, “Enforcing Password Policies”</a>.
</p></li><li><p>
If all options are set according to your wishes, click
<span class="guimenu">OK</span>.
</p></li><li><p>
Click <span class="guimenu">Expert Options</span>+<span class="guimenu">Write
Changes Now</span> to save all changes without exiting
the <span class="guimenu">User and Group Administration</span> dialog. Click
<span class="guimenu">OK</span> to close the administration dialog and to save
the changes. A newly added user can now log in to the system using the
login name and password you created.
</p></li></ol></div><div class="tip"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Tip: Matching User IDs"><tr class="head"><td width="32"><img alt="[Tip]" src="admon/tip.png"></td><th align="left">Matching User IDs</th></tr><tr><td colspan="2" align="left" valign="top"><p>
For a new (local) user on a laptop which also needs to integrate into a
network environment where this user already has a user ID, it is useful
to match the (local) user ID to the ID in the network. This ensures that
the file ownership of the files the user creates <span class="quote">“<span class="quote">offline</span>”</span>
is the same as if he had created them directly on the network.
</p></td></tr></table></div><div class="procedure" title="Procedure 8.2. Disabling or Deleting User Accounts"><a name="id446813"></a><p class="title"><b>Procedure 8.2. Disabling or Deleting User Accounts</b></p><a class="indexterm" name="id446818"></a><a class="indexterm" name="id446826"></a><ol class="procedure" type="1"><li><p>
Open the YaST <span class="guimenu">User and Group Administration</span> dialog
and click the <span class="guimenu">Users</span> tab.
</p></li><li><p>
To temporarily disable a user account without deleting it, select the
user from the list and click <span class="guimenu">Edit</span>. Activate
<span class="guimenu">Disable User Login</span>. The user cannot log into your
machine until you enable the account again.
</p></li><li><p>
To delete a user account, select the user from the list and click
<span class="guimenu">Delete</span>. Choose if you also want to delete the user's
home directory or if you want to retain the data.
</p></li></ol></div></div><div class="sect1" title="8.3. Additional Options for User Accounts"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.y2.userman.adv"></a>8.3. Additional Options for User Accounts<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.y2.userman.adv">¶</a></span></h2></div></div></div><p>
In addition to the settings for a default user account, openSUSE®
offers further options, such as options to enforce password policies, use
encrypted home directories or define disk quotas for users and groups.
</p><div class="sect2" title="8.3.1. Automatic Login and Passwordless Login"><div class="titlepage"><div><div><h3 class="title"><a name="cha.y2.userman.adv.login"></a>8.3.1. Automatic Login and Passwordless Login<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.y2.userman.adv.login">¶</a></span></h3></div></div></div><p>
If you use the KDE or GNOME desktop environment you can configure
<span class="emphasis"><em>Auto Login</em></span> for a certain user as well as
<span class="emphasis"><em>Passwordless Login</em></span> for all users. Auto login causes
a user to become automatically logged in to the desktop environment on
boot. This functionality can only be activated for one user at a time.
Login without password allows all users to log in to the system after
they have entered their username in the login manager.
</p><div class="warning"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Warning: Security Risk"><tr class="head"><td width="32"><img alt="[Warning]" src="admon/warning.png"></td><th align="left">Security Risk</th></tr><tr><td colspan="2" align="left" valign="top"><p>
Enabling <span class="emphasis"><em>Auto Login</em></span> or <span class="emphasis"><em>Passwordless
Login</em></span> on a machine that can be accessed by more than one
person is a security risk. Without the need to authenticate, any user
can gain access to your system and your data. If your system contains
confidential data, do not use this functionality.
</p></td></tr></table></div><p>
If you want to activate auto login or login without password, access
these functions in the YaST <span class="guimenu">User and Group
Administration</span> with <span class="guimenu">Expert
Options</span>+<span class="guimenu">Login Settings</span>.
</p></div><div class="sect2" title="8.3.2. Enforcing Password Policies"><div class="titlepage"><div><div><h3 class="title"><a name="sec.y2.userman.adv.passw"></a>8.3.2. Enforcing Password Policies<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.y2.userman.adv.passw">¶</a></span></h3></div></div></div><p>
On any system with multiple users, it is a good idea to enforce at least
basic password security policies. Users should change their passwords
regularly and use strong passwords that cannot easily be exploited. For
local users, proceed as follows:
</p><div class="procedure" title="Procedure 8.3. Configuring Password Settings"><a name="id446989"></a><p class="title"><b>Procedure 8.3. Configuring Password Settings</b></p><a class="indexterm" name="id446994"></a><ol class="procedure" type="1"><li><p>
Open the YaST <span class="guimenu">User and Group Administration</span>
dialog and select the <span class="guimenu">Users</span> tab.
</p></li><li><p>
Select the user for which to change the password options and click
<span class="guimenu">Edit</span>.
</p></li><li><p>
Switch to the <span class="guimenu">Password Settings</span> tab. The user's
last password change is displayed on the tab.
</p></li><li><p>
To make the user change his password at next login, activate
<span class="guimenu">Force Password Change</span>.
</p></li><li><p>
To enforce password rotation, set a <span class="guimenu">Maximum Number of Days
for the Same Password</span> and a <span class="guimenu">Minimum Number of Days
for the Same Password</span>.
</p></li><li><p>
To remind the user to change his password before it expires, set a
number of <span class="guimenu">Days before Password Expiration to Issue
Warning</span>.
</p></li><li><p>
To restrict the period of time the user can log in after his password
has expired, change the value in <span class="guimenu">Days after Password Expires
with Usable Login</span>.
</p></li><li><p>
You can also specify a certain expiration date for a password. Enter
the <span class="guimenu">Expiration Date</span> in
<em class="replaceable"><code>YYYY-MM-DD</code></em> format.
</p></li><li><p>
For more information about the options and about the default values,
click <span class="guimenu">Help</span>.
</p></li><li><p>
Apply your changes with <span class="guimenu">OK</span>.
</p></li></ol></div></div><div class="sect2" title="8.3.3. Managing Encrypted Home Directories"><div class="titlepage"><div><div><h3 class="title"><a name="sec.y2.userman.adv.crypto"></a>8.3.3. Managing Encrypted Home Directories<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.y2.userman.adv.crypto">¶</a></span></h3></div></div></div><a class="indexterm" name="id447167"></a><a class="indexterm" name="id447176"></a><p>
To protect data in home directories against theft and hard disk removal,
you can create encrypted home directories for users. These are encrypted
with LUKS (Linux Unified Key Setup), which results in an image and an
image key being generated for the user. The image key is protected with
the user's login password. When the user logs into the system, the
encrypted home directory is mounted and the contents are made available
to the user.
</p><div class="note"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Note: Fingerprint Reader Devices and Encrypted Home Directories"><tr class="head"><td width="32"><img alt="[Note]" src="admon/note.png"></td><th align="left">Fingerprint Reader Devices and Encrypted Home Directories</th></tr><tr><td colspan="2" align="left" valign="top"><p>
If you want to use a fingerprint reader device, you must not use
encrypted home directories. Otherwise logging in will fail, because
decrypting during login is not possible in combination with an active
fingerprint reader device.
</p></td></tr></table></div><p>
With YaST, you can create encrypted home directories for new or
existing users. To encrypt or modify encrypted home directories of
already existing users, you need to know the user's current login
password. By default, all existing user data is copied to the new
encrypted home directory, but it is not deleted from the unencrypted
directory.
</p><div class="warning"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Warning: Security Restrictions"><tr class="head"><td width="32"><img alt="[Warning]" src="admon/warning.png"></td><th align="left">Security Restrictions</th></tr><tr><td colspan="2" align="left" valign="top"><p>
Encrypting a user's home directory does not provide strong security
from other users. If strong security is required, the system should not
be physically shared.
</p></td></tr></table></div><p>
Find background information about encrypted home directories and which
actions to take for stronger security in
Section “Using Encrypted Home Directories” (Chapter 11, <i>Encrypting Partitions and Files</i>, ↑Security Guide).
</p><div class="procedure" title="Procedure 8.4. Creating Encrypted Home Directories"><a name="id447235"></a><p class="title"><b>Procedure 8.4. Creating Encrypted Home Directories</b></p><ol class="procedure" type="1"><li><p>
Open the YaST <span class="guimenu">User and Group Management</span> dialog
and click the <span class="guimenu">Users</span> tab.
</p></li><li><p>
To encrypt the home directory of an existing user, select the user and
click <span class="guimenu">Edit</span>.
</p><p>
Otherwise, click <span class="guimenu">Add</span> to create a new user account
and enter the appropriate user data on the first tab.
</p></li><li><p>
In the <span class="guimenu">Details</span> tab, activate <span class="guimenu">Use Encrypted
Home Directory</span>. With <span class="guimenu">Directory Size in
MB</span>, specify the size of the encrypted image file to be
created for this user.
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="70%"><tr><td><img src="images/yast2_users_crypto_gtk.png" width="100%"></td></tr></table></div></div></li><li><p>
Apply your settings with <span class="guimenu">OK</span>.
</p></li><li><p>
Enter the user's current login password to proceed if YaST prompts
for it.
</p></li><li><p>
Click <span class="guimenu">Expert Options</span>+<span class="guimenu">Write
Changes Now</span> to save all changes without
exiting the administration dialog. Click <span class="guimenu">OK</span> to
close the administration dialog and save the changes.
</p></li></ol></div><div class="procedure" title="Procedure 8.5. Modifying or Disabling Encrypted Home Directories"><a name="id447395"></a><p class="title"><b>Procedure 8.5. Modifying or Disabling Encrypted Home Directories</b></p><p>
Of course, you can also disable the encryption of a home directory or
change the size of the image file at any time.
</p><ol class="procedure" type="1"><li><p>
Open the YaST <span class="guimenu">User and Group Administration</span>
dialog in the <span class="guimenu">Users</span> view.
</p></li><li><p>
Select a user from the list and click <span class="guimenu">Edit</span>.
</p></li><li><p>
If you want to disable the encryption, switch to the
<span class="guimenu">Details</span> tab and disable <span class="guimenu">Use Encrypted Home
Directory</span>.
</p><p>
If you need to enlarge or reduce the size of the encrypted image file
for this user, change the <span class="guimenu">Directory Size in MB</span>.
</p></li><li><p>
Apply your settings with <span class="guimenu">OK</span>.
</p></li><li><p>
Enter the user's current login password to proceed if YaST prompts
for it.
</p></li><li><p>
Click <span class="guimenu">Expert Options</span>+<span class="guimenu">Write
Changes Now</span> to save all changes without
exiting the <span class="guimenu">User and Group Administration</span> dialog.
Click <span class="guimenu">OK</span> to close the administration dialog and to
save the changes.
</p></li></ol></div></div><div class="sect2" title="8.3.4. Using Fingerprint Authentication"><div class="titlepage"><div><div><h3 class="title"><a name="sec.y2.userman.adv.thinkfinger"></a>8.3.4. Using Fingerprint Authentication<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.y2.userman.adv.thinkfinger">¶</a></span></h3></div></div></div><a class="indexterm" name="id447530"></a><a class="indexterm" name="id447539"></a><p>
If your system includes a fingerprint reader you can use biometric
authentication in addition to standard authentication via login and
password. After registering their fingerprint, users can log into the
system either by swiping a finger on the fingerprint reader or by typing
in a password.
</p><p>
Fingerprints can be registered with YaST. Find detailed information
about configuration and use of fingerprint authentication in
Chapter <i>Using the Fingerprint Reader</i> (↑Security Guide). For a list of supported devices,
refer to
<a class="ulink" href="http://reactivated.net/fprint/wiki/Supported_devices" target="_top">http://reactivated.net/fprint/wiki/Supported_devices</a>.
</p></div><div class="sect2" title="8.3.5. Managing Quotas"><div class="titlepage"><div><div><h3 class="title"><a name="sec.y2.userman.adv.quota"></a>8.3.5. Managing Quotas<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.y2.userman.adv.quota">¶</a></span></h3></div></div></div><a class="indexterm" name="id447579"></a><a class="indexterm" name="id447588"></a><p>
To prevent system capacities from being exhausted without notification,
system administrators can set up quotas for users or groups. Quotas can
be defined for one or more file systems and restrict the amount of disk
space that can be used and the number of inodes (index nodes) that can
be created there. Inodes are data structures on a file system that store
basic information about a regular file, directory, or other file system
object. They store all attributes of a file system object (like user and
group ownership, read, write, or execute permissions), except file name
and contents.
</p><p>
openSUSE allows usage of <code class="literal">soft</code> and
<code class="literal">hard</code> quotas. Soft quotas usually define a warning
level at which users are informed that they are nearing their limit,
whereas hard quotas define the limit at which write requests are denied.
Additionally, grace intervals can be defined that allow users or groups
to temporarily violate their quotas by certain amounts.
</p><div class="procedure" title="Procedure 8.6. Enabling Quota Support for a Partition"><a name="id447623"></a><p class="title"><b>Procedure 8.6. Enabling Quota Support for a Partition</b></p><p>
In order to configure quotas for certain users and groups, you need to
enable quota support for the respective partition in the YaST Expert
Partitioner first.
</p><ol class="procedure" type="1"><li><p>
In YaST, select <span class="guimenu">System</span>+<span class="guimenu">Partitioner</span> and click
<span class="guimenu">Yes</span> to proceed.
</p></li><li><p>
In the <span class="guimenu">Expert Partitioner</span>, select the partition for
which to enable quotas and click <span class="guimenu">Edit</span>.
</p></li><li><p>
Click <span class="guimenu">Fstab Options</span> and activate <span class="guimenu">Enable
Quota Support</span>. If the <code class="systemitem">quota</code> package
is not already installed, it will be installed once you confirm the
respective message with <span class="guimenu">Yes</span>.
</p></li><li><p>
Confirm your changes and leave the <span class="guimenu">Expert
Partitioner</span>.
</p></li></ol></div><div class="procedure" title="Procedure 8.7. Setting Up Quotas for Users or Groups"><a name="id447717"></a><p class="title"><b>Procedure 8.7. Setting Up Quotas for Users or Groups</b></p><p>
Now you can define soft or hard quotas for specific users or groups and
set time periods as grace intervals.
</p><ol class="procedure" type="1"><li><p>
In the YaST <span class="guimenu">User and Group Administration</span>, select
the user or the group you want to set the quotas for and click
<span class="guimenu">Edit</span>.
</p></li><li><p>
On the <span class="guimenu">Plug-Ins</span> tab, select the <span class="guimenu">Manage
User Quota</span> entry and
click <span class="guimenu">Launch</span> to open the <span class="guimenu">Quota
Configuration</span> dialog.
</p></li><li><p>
From <span class="guimenu">File System</span>, select the partition to which the
quota should apply.
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="70%"><tr><td><img src="images/yast2_users_quota_gtk.png" width="100%"></td></tr></table></div></div></li><li><p>
Below <span class="guimenu">Size Limits</span>, restrict the amount of disk
space. Enter the number of 1 KB blocks the user or group may have on
this partition. Specify a <span class="guimenu">Soft Limit</span> and a
<span class="guimenu">Hard Limit</span> value.
</p></li><li><p>
Additionally, you can restrict the number of inodes the user or group
may have on the partition. Below <span class="guimenu">Inodes Limits</span>,
enter a <span class="guimenu">Soft Limit</span> and <span class="guimenu">Hard
Limit</span>.
</p></li><li><p>
You can only define grace intervals if the user or group has already
exceeded the soft limit specified for size or inodes. Otherwise, the
time-related input fields are not activated. Specify the time period
for which the user or group is allowed to exceed the limits set above.
</p></li><li><p>
Confirm your settings with <span class="guimenu">OK</span>.
</p></li><li><p>
Click <span class="guimenu">Expert Options</span>+<span class="guimenu">Write
Changes Now</span> to save all changes without
exiting the <span class="guimenu">User and Group Administration</span> dialog.
Click <span class="guimenu">OK</span> to close the administration dialog and to
save the changes.
</p></li></ol></div><p>
openSUSE also ships command line tools like
<code class="literal">repquota</code> or <code class="literal">warnquota</code> with which
system administrators can control the disk usage or send e-mail
notifications to users exceeding their quota. With
<span class="command"><strong>quota_nld</strong></span>, administrators can also forward kernel
messages about exceeded quotas to D-BUS. For more information, refer to
the <code class="systemitem">repquota</code>, the
<code class="systemitem">warnquota</code> and the <span class="command"><strong>quota_nld</strong></span>
man page.
</p></div></div><div class="sect1" title="8.4. Changing Default Settings for Local Users"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.y2.userman.defaults"></a>8.4. Changing Default Settings for Local Users<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.y2.userman.defaults">¶</a></span></h2></div></div></div><a class="indexterm" name="id447965"></a><p>
When creating new local users, several default settings are used by
YaST. These include, for example, the primary group and the secondary
groups the user belongs to, or the access permissions of the user's home
directory. You can change these default settings to meet your
requirements:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Open the YaST <span class="guimenu">User and Group Administration</span> dialog
and select the <span class="guimenu">Defaults for New Users</span> tab.
</p></li><li><p>
To change the primary group the new users should automatically belong
to, select another group from <span class="guimenu">Default Group</span>.
</p></li><li><p>
To modify the secondary groups for new users, add or change groups in
<span class="guimenu">Secondary Groups</span>. The group names must be separated
by commas.
</p></li><li><p>
If you do not want to use
<code class="filename">/home/<em class="replaceable"><code>username</code></em></code> as
default path for new users' home directories, modify the <span class="guimenu">Path
Prefix for Home Directory</span>.
</p></li><li><p>
To change the default permission modes for newly created home
directories, adjust the umask value in <span class="guimenu">Umask for Home
Directory</span>. For more information about umask, refer to
Chapter <i>Access Control Lists in Linux</i> (↑Security Guide) and to the <span class="command"><strong>umask</strong></span>
man page.
</p></li><li><p>
For information about the individual options, click
<span class="guimenu">Help</span>.
</p></li><li><p>
Apply your changes with <span class="guimenu">OK</span>.
</p></li></ol></div></div><div class="sect1" title="8.5. Assigning Users to Groups"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.y2.userman.assign"></a>8.5. Assigning Users to Groups<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.y2.userman.assign">¶</a></span></h2></div></div></div><p>
<a class="indexterm" name="id448116"></a> Local users are assigned to several groups according to the
default settings which you can access from the <span class="guimenu">User and Group
Administration</span> dialog on the <span class="guimenu">Defaults for New
Users</span> tab. In the following, learn how to modify an individual
user's group assignment. If you need to change the default group
assignments for new users, refer to
<a class="xref" href="cha.y2.userman.html#sec.y2.userman.defaults" title="8.4. Changing Default Settings for Local Users">Section 8.4, “Changing Default Settings for Local Users”</a>.
</p><div class="procedure" title="Procedure 8.8. Changing a User's Group Assignment"><a name="id448143"></a><p class="title"><b>Procedure 8.8. Changing a User's Group Assignment</b></p><ol class="procedure" type="1"><li><p>
Open the YaST <span class="guimenu">User and Group Administration</span> dialog
and click the <span class="guimenu">Users</span> tab. It shows a list of users
and of the groups the users belong to.
</p></li><li><p>
Click <span class="guimenu">Edit</span> and switch to the
<span class="guimenu">Details</span> tab.
</p></li><li><p>
To change the primary group the user belongs to, click <span class="guimenu">Default
Group</span> and select the group from the list.
</p></li><li><p>
To assign the user additional secondary groups, activate the
corresponding check boxes in the <span class="guimenu">Additional Groups</span>
list.
</p></li><li><p>
Click <span class="guimenu">OK</span> to apply your changes.
</p></li><li><p>
Click <span class="guimenu">Expert Options</span>+<span class="guimenu">Write
Changes Now</span> to save all changes without exiting
the <span class="guimenu">User and Group Administration</span> dialog. Click
<span class="guimenu">OK</span> to close the administration dialog and save the
changes.
</p></li></ol></div></div><div class="sect1" title="8.6. Managing Groups"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.y2.userman.groups"></a>8.6. Managing Groups<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.y2.userman.groups">¶</a></span></h2></div></div></div><a class="indexterm" name="id448266"></a><a class="indexterm" name="id448275"></a><a class="indexterm" name="id448284"></a><p>
With YaST you can also easily add, modify or delete groups.
</p><div class="procedure" title="Procedure 8.9. Creating and Modifying Groups"><a name="id448298"></a><p class="title"><b>Procedure 8.9. Creating and Modifying Groups</b></p><ol class="procedure" type="1"><li><p>
Open the YaST <span class="guimenu">User and Group Management</span> dialog and
click the <span class="guimenu">Groups</span> tab.
</p></li><li><p>
With <span class="guimenu">Set Filter</span> define the set of groups you want to
manage. The dialog shows a list of groups in the system.
</p></li><li><p>
To create a new group, click <span class="guimenu">Add</span>.
</p></li><li><p>
To modify an existing group, select the group and click
<span class="guimenu">Edit.</span>
</p></li><li><p>
In the following dialog, enter or change the data. The list on the
right shows an overview of all available users and system users which
can be members of the group.
</p><div class="informalfigure"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="75%"><tr><td><img src="images/yast2_groups_edit_gtk.png" width="100%"></td></tr></table></div></div></li><li><p>
To add existing users to a new group select them from the list of
possible <span class="guimenu">Group Members</span> by checking the corresponding
box. To remove them from the group just uncheck the box.
</p></li><li><p>
Click <span class="guimenu">OK</span> to apply your changes.
</p></li><li><p>
Click <span class="guimenu">Expert Options</span>+<span class="guimenu">Write
Changes Now</span> to save all changes without exiting
the <span class="guimenu">User and Group Administration</span> dialog.
</p></li></ol></div><p>
In order to delete a group, it must not contain any group members. To
delete a group, select it from the list and click
<span class="guimenu">Delete</span>. Click <span class="guimenu">Expert
Options</span>+<span class="guimenu">Write Changes Now</span> to
save all changes without exiting the <span class="guimenu">User and Group
Administration</span> dialog. Click <span class="guimenu">OK</span> to close the
administration dialog and to save the changes.
</p></div><div class="sect1" title="8.7. Changing the User Authentication Method"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="cha.y2.userman.authent"></a>8.7. Changing the User Authentication Method<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.y2.userman.authent">¶</a></span></h2></div></div></div><a class="indexterm" name="id448505"></a><p>
When your machine is connected to a network, you can change the
authentication method you set during installation. The following options
are available:
</p><div class="variablelist"><dl><dt><span class="term">NIS</span></dt><dd><p>
Users are administered centrally on a NIS server for all systems in
the network. For details, see Chapter <i>Using NIS</i> (↑Security Guide).
</p></dd><dt><span class="term">LDAP</span></dt><dd><p>
Users are administered centrally on an LDAP server for all systems in
the network. For details about LDAP, see
Chapter <i>LDAP—A Directory Service</i> (↑Security Guide).
</p><p>
You can manage LDAP users with the YaST user module. All other LDAP
settings, including the default settings for LDAP users, have to be
defined with the YaST LDAP client module as described in
Section “Configuring an LDAP Client with YaST” (Chapter 4, <i>LDAP—A Directory Service</i>, ↑Security Guide) .
</p></dd><dt><span class="term">Kerberos</span></dt><dd><p>
With Kerberos, a user registers once and then is trusted in the entire
network for the rest of the session.
</p></dd><dt><span class="term">Samba</span></dt><dd><p>
SMB authentication is often used in mixed Linux and Windows networks.
For details, see <a class="xref" href="cha.samba.html" title="Chapter 27. Samba">Chapter 27, <i>Samba</i></a><span>
and Chapter <i>Active Directory Support</i> (↑Security Guide)</span>.
</p></dd></dl></div><p>
To change the authentication method, proceed as follows:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Open the <span class="guimenu">User and Group Administration</span> dialog in
YaST.
</p></li><li><p>
Click the <span class="guimenu">Authentication Settings</span> tab to show an
overview of the available authentication methods and the current
settings.
</p></li><li><p>
To change the authentication method, click <span class="guimenu">Configure</span>
and select the authentication method you want to modify. This takes you
directly to the client configuration modules in YaST. For information
about the configuration of the appropriate client, refer to the
following sections:
</p><p title="NIS:"><b>NIS: </b>
Section “Configuring NIS Clients” (Chapter 3, <i>Using NIS</i>, ↑Security Guide)
</p><p title="LDAP:"><b>LDAP: </b>
Section “Configuring an LDAP Client with YaST” (Chapter 4, <i>LDAP—A Directory Service</i>, ↑Security Guide)
</p></li><li><p>
After accepting the configuration, return to the <span class="guimenu">User and
Group Administration</span> overview.
</p></li><li><p>
Click <span class="guimenu">OK</span> to close the administration dialog.
</p></li></ol></div></div></div><div class="navfooter"><table width="100%" summary="Navigation footer" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> > </span><a href="book.opensuse.reference.html">Reference</a><span class="breadcrumbs-sep"> > </span><a href="part.reference.administration.html">Administration</a><span class="breadcrumbs-sep"> > </span><strong><a accesskey="p" title="Part III. Administration" href="part.reference.administration.html"><span>◀</span></a> <a accesskey="n" title="Chapter 9. Changing Language and Country Settings with YaST" href="cha.y2.lang.html"><span>▶</span></a></strong></p></div></td></tr></table></div></body></html>
ACC SHELL 2018