11. Invokes setpwnam() to update appropriate database files with the new shell.
12. Exits.
5.13.2 User management
5.13.2.1 useradd
The useradd program allows an authorized user to create new user accounts on the system. Refer to the
useradd man page for more information. useradd generally follows these steps:
1. Sets language.
2. Invokes getpwuid (getuid()) to obtain the application user’s passwd structure.
3. Invokes pam_start() to initialize the PAM library, and to identify the application with a particular
service name.
4. Invokes pam_authenticate() to authenticate the application user. Generates an audit record
to log the authentication attempt and its outcome.
5. Invokes pam_acct_mgmt() to perform module-specific account management.
6. Gets the default parameters for a new user account from /etc/default/useradd.
7. Processes command-line arguments.
8. Ensures that the user account being created doesn’t already exist.
9. Invokes open_files() to lock and open authentication database files.
10. Invokes usr_update() to update authentication database files with new account information.
11. Generates audit records to log actions of the useradd command. Actions such as addition of new
user, addition of user to a group, update of default user parameters, and creation of a user’s home
directory.
12. Invokes close_files() to close authentication database files.
13. Creates a home directory for the new user.
14. Invokes pam_chauthok() to rejuvenate the user’s authentication tokens.
15. Exits.
5.13.2.2 usermod
The usermod allows an administrator to modify an existing user account. Refer to the usermod man page
for more detailed information on the usage of the command. usermod generally follows these steps:
1. Sets language.
2. Invokes getpwuid (getuid()) to obtain application user’s passwd structure.
3. Invokes pam_start() to initialize the PAM library, and to identify the application with a
particular service name.
4. Invokes pam_authenticate() to authenticate the application user. Generates audit record to log
the authentication attempt and its outcome.
5. Invokes pam_acct_mgmt() to perform module-specific account management.
198