FreeBSD could be the perfect solution for those seeking a dependable and protected operating system to power their servers or critical applications. This open-source operating system is built on the BSD Unix-like system, recognized for its unwavering stability and robust security features. In this article, we’ll delve into its capabilities, potential uses, advantages, disadvantages, and alternative options to provide you with the knowledge necessary to make an informed decision.
What is FreeBSD?
FreeBSD is an open-source Unix-like operating system developed by the FreeBSD Project. It is based on the BSD version of the Unix operating system designed at the University of California, Berkeley, and has been in development since the early 1990s. FreeBSD is a complete operating system used on desktops, servers, and embedded systems. It is free and open-source, meaning it can be used, modified, and distributed without cost.
FreeBSD user accounts – Introduction.
Many bare metal machine or virtual private servers (VPS) deployments, especially development servers, require many users to operate. Where no remote authentication systems are available, like radius or Ldap, they need to be added manually.
This guide discusses adding new users in FreeBSD and deleting, changing, and displaying their settings. It also discusses how to enforce password quality control of users’ passwords using the pam_passwdqc – password quality control PAM module in FreeBSD.
FreeBSD uses an interactive method of adding new users adduser and a one-command method using pw to create, delete, show, and manipulate system users (NIS, LDAP, and Radius users are unaffected).
Before we begin, we must ensure root or sudo access to the system; otherwise, FreeBSD does not allow new user creation.
FreeBSD adds a new user – adduser interactive method.
The first method of adding users in FreeBSD is the adduser interactive command:
$ adduser
Username: vpsie1
Full name: Vpsie test user 1
Uid (Leave empty for default): ^C
[root@Osiris ~]$ adduser
Username: vpsie1
Full name: FreeBSD VPSie user 1
Uid (Leave empty for default):
Login group [vpsie1]:
Login group is vpsie1. Invite vpsie1 into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash git-shell nologin) [sh]: bash
Home directory [/home/vpsie1]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : vpsie1
Password : *****
Full Name : FreeBSD VPSie user 1
Uid : 1004
Class :
Groups : vpsie1
Home : /home/vpsie1
Home Mode :
Shell : /usr/local/bin/bash
Locked : no
OK? (yes/no): y
adduser: INFO: Successfully added (vpsie1) to the user database.
Add another user? (yes/no): n
Goodbye!Let’s look at the options we have when we add a new FreeBSD user with the adduser command:
Full name of the new user.
User ID. If left blank, it will be assigned its uid starting in the range 1000+.
User login group. At this step, the new user can be added to an existing login group or, if left blank, a new group having the same name as the user. We also can add new users to other groups.
Login class. FreeBSD login classes are restrictive security groups that limit users’ utilized resources, password format, and more. For more details, look at /etc/login—conf file or man login. Conf.
The following options are self-explanatory, but they still need to be read carefully.
FreeBSD adds a new user – one command.
The second method is the pw command. Here are all suitable options from man pw:
pw [-V etcdir] useradd [name|uid] [-C config] [-q] [-n name] [-u uid]
[-c comment] [-d dir] [-e date] [-p date] [-g group] [-G grouplist]
[-m] [-M mode] [-k dir] [-w method] [-s shell] [-o] [-L class]
[-h fd | -H fd] [-N] [-P] [-Y]
The following options apply to the useradd and usermod commands:
-n name Specify the user/account name.
-u uid Specify the user/account numeric id.
-c comment This field sets the contents of the passwd GECOS field,
which normally contains up to four comma-separated fields
containing the user's full name, office or location, and
work and home phone numbers.
-d dir This option sets the account's home directory. Normally,
you will only use this if the home directory is to be dif-
ferent from the default determined from /etc/pw.conf - nor-
mally /home with the account name as a subdirectory.
-e date Set the account's expiration date.
-g group Set the account's primary group to the given group. group
may be defined by either its name or group number.
-G grouplist Set additional group memberships for an account. grouplist
is a comma, space or tab-separated list of group names or
group numbers.
-L class This option sets the login class for the user being cre-
ated. See login.conf(5) and passwd(5) for more information
on user login classes.
-m This option instructs pw to attempt to create the user's
home directory.
-s shell Set or changes the user's login shell to shell.
-h fd This option provides a special interface by which interac-
tive scripts can set an account password using pw. Because
the command line and environment are fundamentally insecure
mechanisms by which programs can accept information, pw
will only allow setting of account and group passwords via
a file descriptor (usually a pipe between an interactive
script and the program). sh, bash, ksh and perl all pos-
sess mechanisms by which this can be done. Alternatively,
pw will prompt for the user's password if -h 0 is given,
nominating stdin as the file descriptor on which to read
the password. Note that this password will be read only
once and is intended for use by a script rather than for
interactive use. If you wish to have new password confir-
mation along the lines of passwd(1), this must be imple-
mented as part of an interactive script that calls pw.
Let’s construct the one-line command for adding the new user:
$ sudo pw useradd -n newuser -e 01-09-2018 -m -s /usr/local/bin/bash -h 0 -L default -c "New user on FreeBSD"
password for user newuser:You will be prompted to provide the new user’s password.
Enforce user password policy in FreeBSD.
To enforce the password strength policy in FreeBSD, we must enable and configure PAM pam_passwdqc.so (password quality control) module in file cat /etc/pam.d/passwd by uncommenting it. Before defining a password policy, the man pam_passwdqc should be consulted for more information on building a password policy in FreeBSD. Example below:
$ sudo cat /etc/pam.d/passwd
password requisite pam_passwdqc.so min=disabled,disabled,disabled,12,10 similar=deny ask_oldauthtok enforce=users
password required pam_unix.so no_warn try_first_pass nullokThe above enforces the following:
– forces old passwords to be entered AND
– 12 characters if they are from 3 character classes OR
– 10 characters if they are from 4 character classes AND
– denies new password if it is similar to old one AND
– enforce the above restrictions for non-root users.
FreeBSD: Display user information
$ sudo pw usershow newuser
newuser:*:1005:1005:default:0:1535756400:New user on FreeBSD:/home/newuser:/usr/local/bin/bashLocking and unlocking users in FreeBSD
The fastest way to keep a user from logging into the system is changing their password, but the safest approach is to lock the user account without removing it, and it’s a directory:
$ sudo pw lock newuser
$ sudo su - newuser
su: Sorry
FreeBSD passwords are kept in /etc/master. passwd file. By sealing a user, the system will add a *LOCKED* string in front of the password hash:
newuser:*LOCKED*$6$hjlGF5E0hvRSimilarly, to unlock the user:
$ sudo pw unlock newuserHow to remove a system user in FreeBSD
There are at least four ways to delete system users in FreeBSD, but I will show here an example based on the pw command and the user del option. If you know the name of the user intended for removal, use the below command:
$ sudo pw userdel -n newuserThis should provide a basic understanding of user management under FreeBSD. Please post your comments if you disagree or wish to request a tutorial.
You can create this setup on our platform in a few minutes utilizing our PCS (Private Cloud Solution), which allows you to have VPSie(s) on a private network – NAT – Port forward – traffic control for inbound and outbound – multiple gateway IPs which you could use for the load-balancing and failover.
FreeBSD Compared to Other Systems:
FreeBSD is often compared to other operating systems like Linux and Windows. While there are similarities, there are also differences between these systems. One key difference between FreeBSD and Linux is that FreeBSD is a complete operating system that includes its kernel, while Linux is just a kernel that needs to be paired with other software to form an operating system.FreeBSD is highly regarded for its advanced security features and reliability, making it a common choice for servers and critical applications. The focus on clean code and attention to detail in its development process has resulted in a stable and dependable system.
FreeBSD Use Cases:
FreeBSD is a versatile operating system that can be used for various applications. Some of the widespread use cases for FreeBSD include:
- Servers: FreeBSD is a popular server choice because of its advanced security features, reliability, and performance.
- Desktops: FreeBSD can also be used as a desktop operating system, providing a stable and secure platform for users prioritizing security and stability over flashy features.
- Embedded Systems: FreeBSD is also used in embedded systems, such as network routers, where its small size, low resource usage, and stability make it an ideal choice.
Features of FreeBSD:
FreeBSD is known for its powerful and flexible features, which include:
- Advanced Security Features: FreeBSD is known for its advanced security features, including its use of the OpenSSH protocol, cryptographic file systems, and mandatory access control.
- High Performance: FreeBSD is designed to deliver high performance, making it a popular choice for servers and other applications that require high performance.
- Stable and Reliable: FreeBSD is known for its stability and reliability, with a reputation for being one of the most stable operating systems.
- Rich Networking Capabilities: FreeBSD provides robust and flexible networking capabilities, making it a popular choice for network routers and other networking applications.
Advantages of FreeBSD:
FreeBSD has several advantages over other operating systems, including:
- Advanced Security: FreeBSD is known for its advanced security features, making it a popular choice for servers and other critical applications.
- High Performance: FreeBSD is designed to deliver high performance, making it a popular choice for servers and other applications that require high performance.
- Stability and Reliability: FreeBSD is known for its strength and reliability, with a reputation for being one of the most stable operating systems.
- Rich Networking Capabilities: FreeBSD provides robust and flexible networking capabilities, making it a popular choice for network routers and other networking applications.
Disadvantages of FreeBSD
Although FreeBSD offers several benefits, there are also some drawbacks that users need to consider.
- Lack of commercial support: While FreeBSD has a dedicated community of users who offer support, it has a different level of commercial support than other operating systems. Users may need to rely on online forums and documentation for assistance.
- Compatibility issues: Because FreeBSD is a unique operating system, some software may not be compatible. This can be particularly challenging for users requiring specialized software or hardware access.
- Limited user base: While FreeBSD has a loyal and dedicated user base, it has a different popularity than other operating systems, such as Linux or Windows. This can make finding developers and vendors specializing in FreeBSD challenging.
Alternative Options to FreeBSD
While FreeBSD is a robust and reliable operating system, there are better choices for some users. Here are some alternative options to consider:
- Linux: Linux is a highly sought-after operating system that is open-source and provides many features and customization options. The platform boasts a thriving community of enthusiastic users and skilled developers who offer unwavering support.
- Windows: Windows is the most widely used operating system in the world, and it’s known for its ease of use and compatibility with a wide range of software and hardware.
- macOS: macOS is a popular operating system designed for Apple computers. It’s known for its stability and ease of use.
Conclusion
In conclusion, FreeBSD is a robust and reliable operating system well-suited for many use cases. It’s known for its speed, stability, and security, making it a popular choice for servers, networking, and other applications.
FreeBSD offers a range of features, including advanced networking capabilities, ZFS filesystem, and support for multiple processor architectures. It also has a dedicated community of users who provide help and documentation.
While FreeBSD has many advantages, it’s essential to consider its limitations and compatibility issues. Users who require commercial support may find FreeBSD lacking in this area, and some software and hardware may need to be compatible with the operating system.
Ultimately, the decision to use FreeBSD will depend on various factors, including the user’s needs and preferences and the availability of support and resources. However, for users who require a robust and reliable operating system that’s designed for performance and security, FreeBSD is an excellent choice.
FAQ
To add a new user in FreeBSD, you can use the add-user command. For example, to add a user named “jdoe,” you would enter adduser jdoe. The command will prompt you to enter information like the user’s full name, password, and group membership.
To change a user’s password in FreeBSD, you can use the passwd command followed by the username. For example, to change the password for the user “jdoe”, you would enter passwd jdoe. You will be prompted to enter and confirm the new password.
To delete a user in FreeBSD, you can use the pw command followed by the delete option and the username. For example, to delete the user “jdoe,” you would enter pw delete jdoe. Note that this will also delete the user’s home directory and any files owned by the user.
To change a user’s group membership in FreeBSD, you can use the pw command followed by the usermod option, the -G option, and a comma-separated list of groups. For example, to add the user “jdoe” to the “wheel” and “staff” groups, you would enter pw usermod jdoe -G wheel, staff.
To list all users in FreeBSD, you can use the pw command followed by the usershow option and the -a option. For example, to list all users, you would enter pw usershow -a. This will display user information, including usernames, UIDs, home directories, and group membership.
To change a user’s shell in FreeBSD, you can use the chsh command followed by the username. For example, to change the shell for the user “jdoe” to the “tcsh” shell, you would enter chsh -s /usr/local/bin/tcsh jdoe. Note that you may need to install the desired shell first if it still needs to be installed.
