User & Group Administration

Similar documents
User accounts and authorization

10 userdel: deleting a user account 9. 1 Context Tune the user environment and system environment variables [3]

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

Lab 2A> ADDING USERS in Linux

User Accounts. The Passwd, Group, and Shadow Files

MANAGING THE NONUNIFORM BEHAVIOUR OF TERMINALS AND KEYBOARDS. : WHEN THINGS GO WRONG

Chapter 5: User Management. Chapter 5 User Management

Adding users actions/mechanics

NETW 110 Lab 5 Creating and Assigning Users and Groups Page 1

Commands are in black

The kernel is the low-level software that manages hardware, multitasks programs, etc.

Lab Authentication, Authorization, and Accounting

Everything about Linux User- and Filemanagement

Users and Groups. his chapter is devoted to the Users and Groups module, which allows you to create and manage UNIX user accounts and UNIX groups.

CSE 265: System and Network Administration

Operating Systems Lab 1 (Users, Groups, and Security)

User Management. René Serral-Gracià Xavier Martorell-Bofill 1. May 26, Universitat Politècnica de Catalunya (UPC)

Redhat Basic. Need. Your. What. Operation G U I D E. Technical Hand Note template version

Please choose the best answer. More than one answer might be true, but choose the one that is best.

CENG 334 Computer Networks. Laboratory I Linux Tutorial

CS/CIS 249 SP18 - Intro to Information Security

Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers

02. At the command prompt, type usermod -l bozo bozo2 and press Enter to change the login name for the user bozo2 back to bozo. => steps 03.

OPERATING SYSTEMS LINUX

Outline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components

Linux Kung Fu. Ross Ventresca UBNetDef, Fall 2017

UNIT 10 Ubuntu Security

CTEC1863/2018F Bonus Lab Page 1 of 5

Chapter 8: Security under Linux

Overview LEARN. History of Linux Linux Architecture Linux File System Linux Access Linux Commands File Permission Editors Conclusion and Questions

Linux Nuts and Bolts

Exercise Sheet 2. (Classifications of Operating Systems)

Introduction to the UNIX command line

SANJAY GHODAWAT POLYTECHNIC

Linux Operating System Environment Computadors Grau en Ciència i Enginyeria de Dades Q2

UNIX / LINUX - GETTING STARTED

The UNIX operating system is a set of programs that act as a link between the computer and the user.

ISDS Security Enhancements Instructions

22-Sep CSCI 2132 Software Development Lecture 8: Shells, Processes, and Job Control. Faculty of Computer Science, Dalhousie University

CSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions

Perl and R Scripting for Biologists

Access Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.

DELL EMC UNITY: DR ACCESS AND TESTING. Dell EMC Unity OE 4.3

TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control

CST Lab 2 Review #1

Operating Systems. Copyleft 2005, Binnur Kurt

System Administration

Operating Systems 3. Operating Systems. Content. What is an Operating System? What is an Operating System? Resource Abstraction and Sharing

CSE 390a Lecture 4. Persistent shell settings; users/groups; permissions

Linux Essentials Objectives Topics:

The landscape. File hierarchy overview. A tree structure of directories The directory tree is standardized. But varies slightly among distributions

CSE 390a Lecture 4. Persistent shell settings; users/groups; permissions

Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)

Basic Linux Security. Roman Bohuk University of Virginia

CSE 303 Lecture 2. Introduction to bash shell. read Linux Pocket Guide pp , 58-59, 60, 65-70, 71-72, 77-80

DELL EMC UNITY: DR ACCESS AND TESTING. Dell EMC Unity OE 4.5

Introduction to Unix May 24, 2008

Computer Center, CS, NCTU

Privileges: who can control what

O/S & Access Control. Aggelos Kiayias - Justin Neumann

Chapter 6 Adding New Users

INTRODUCTION TO LINUX

Linux Kung Fu. Stephen James UBNetDef, Spring 2017

Contents. Note: pay attention to where you are. Note: Plaintext version. Note: pay attention to where you are... 1 Note: Plaintext version...

RH-202. RedHat. Redhat Certified Technician on Redhat Enterprise Linux 4 (Labs)

UNIX Essentials Featuring Solaris 10 Op System

Working with Basic Linux. Daniel Balagué

Q) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system...

Introduction to Linux

8 User Administration

CompTIA Exam LX0-102 Linux Part 2 Version: 10.0 [ Total Questions: 177 ]

Processes are subjects.

Operating system security

Assume that username is cse. The user s home directory will be /home/cse. You may remember what the relative pathname for users home directory is: ~

[ Terminal ] [ Users management ] Alt +F6 = Terminal switcher. useradd [option] JohnG

More Raspian. An editor Configuration files Shell scripts Shell variables System admin

Exam Linux-Praxis - 1 ( From )

CS197U: A Hands on Introduction to Unix

Permissions and Links

CSE 303 Lecture 4. users/groups; permissions; intro to shell scripting. read Linux Pocket Guide pp , 25-27, 61-65, , 176

Race Condition Vulnerability Lab

UNIT V. Dr.T.Logeswari. Unix Shell Programming - Forouzan

LAB #7 Linux Tutorial

Introduction: What is Unix?

Introduction to Computer Security

Some Ubuntu Practice...

ADVANCED LINUX SYSTEM ADMINISTRATION

CS246 Spring14 Programming Paradigm Notes on Linux

h/w m/c Kernel shell Application s/w user

Project #3: Implementing NIS

To find all files on your file system that have the SUID or SGID bit set, execute:

commands exercises Linux System Administration and IP Services AfNOG 2015 Linux Commands # Notes

SECURITY+ LAB SERIES. Lab 3: Protocols and Default Network Ports Connecting to a Remote System

RedHat. Rh202. Redhat Certified Technician on Redhat Enterprise Linux 4 (Labs)

Introduction. What is Linux? What is the difference between a client and a server?

THE DEBIAN PACKAGE MANAGEMENT SYSTEM

CSCM98 Lab Class #5 Getting familiar with the command line

Exploring UNIX: Session 3

Lab Working with Linux Command Line

Transcription:

User & Group Administration David Morgan Users useradd/userdel /home/<user> /etc/passwd is the user database /etc/shadow has passwords (relocated from passwd) /etc/group whoami su / sudo / SUID process UID exception 1

Users system usage demands a user identification supplied at login no login, no usage system keeps a list of user accounts may or may not correspond to human users every process runs as a certain user whose ID is embedded in the process command shell assumes the ID given at login processes you launch then inherit it from your shell user id thus implicit in all session activities helps determine access to resources users can be grouped The files of record /etc/passwd holds list of recognized users /etc/shadow holds their passwords /etc/group holds list of recognized groups, names of member users for each 2

User information official name ( login id or username ) password official number (or UID) group number for a primary group (GID) real name (and other real-world info) home directory program to run when user logs in (login shell) /etc/passwd entries hold user information craig:x:507:507:craig Smith:/home/craig:/bin/bash official name password (placeholder) UID GID real name home directory login shell 3

Group information group name password official number (or GID) member list /etc/group entries hold group information children:x:522:hansel, pinochio,gretel,heidi official name pass word (not used) GID member list 4

/etc/shadow entries hold ancillary user information reserved craig:$1$2yl52jhl$:11992:60:75:3:14:12417:134550548 user name encrypted password last password change (11/1/02) chage -d days therafter before change permitted chage -m days thereafter when change required (password expires) chage -M login warning pre-expiry leadtime days auto-disablement deadline (12/31/03) chage -E post-expiry inactivity interval before account locked chage -I chage -W Editing the files of record safely plain editors invite error introduction and multiuser conflicts /etc/passwd use usermod or vipw /etc/shadow use passwd, chage, usermod /etc/group use groupmod and usermod, or vigr 5

Adding users actions involved record added to /etc/passwd record added to /etc/shadow record added to /etc/group create user home directory /home/<username> copy default startup files to home directory set permissions on new files and directories set password customize user info with, e.g., usermod or chage Ways to add users do everything by hand let account management utilities do most of it useradd passwd 6

Adding users in 2 steps use useradd then set password with passwd Adding users in 2 steps [root@emach1 /root]# useradd charlie [root@emach1 /root]# passwd charlie step 1 step 2 Changing password for user charlie New UNIX password: Retype new UNIX password: Now find out what happened! passwd: all authentication tokens updated successfully [root@emach1 /root]# su charlie become charlie [charlie@emach1 /root]$ cd enter his home directory [charlie@emach1 charlie]$ pwd /home/charlie identify home directory [charlie@emach1 charlie]$ ls -a..xdefaults.bash_profile.kde.screenrc directory is populated...bash_logout.bashrc.kderc Desktop [charlie@emach1 charlie]$ cat /etc/passwd grep charlie charlie:x:531:539::/home/charlie:/bin/bash charlie s in the list alright 7

Ways to remove users do everything by hand let account management utilities to most of it userdel -r Deleting users [root@emach1 /root]# userdel -r charlie [root@emach1 /root]# su charlie su: user charlie does not exist [root@emach1 /root]# ls -a /home/charlie ls: /home/charlie: No such file or directory [root@emach1 /root]# cat /etc/passwd grep charlie [root@emach1 /root]# doesn t live here anymore home directory who?? gone. really! 8

Disabling login without removing user replace shell substitute a do nothing program instead of /bin/bash /bin/false does nothing, returns immediately usermod -s /bin/false <username> Diabling a user s s login ability [root@emach1 /root]# su charlie [charlie@emach1 /root]$ exit exit [root@emach1 /root]# usermod -s /bin/false charlie [root@emach1 /root]# su charlie [root@emach1 /root]# cat /etc/passwd grep charlie charlie:x:531:539::/home/charlie:/bin/false [root@emach1 /root]# usermod -s /bin/bash charlie [root@emach1 /root]# cat /etc/passwd grep charlie charlie:x:531:539::/home/charlie:/bin/bash [root@emach1 /root]# su charlie [charlie@emach1 /root]$ login as charlie works, gets a prompt /bin/false returns, does nothing login as charlie works, but reverts right back to root s prompt bash shell is back, login as charlie gets a user prompt again 9

Adding users in batch mode Set up a source file listing users in the form username:password e.g., file userinfo able:apple baker:banana charlie:cantelope Assigning passwords in batch mode with chpasswd command man chpasswd: chpasswd reads a file of user name and password pairs from standard input and uses this information to update a group of existing users. [but] The named user must exist. Solution: make the named users exist first, with a script that useradds them by looping through the list, then feed the list to chpasswd 10

Adding users in batch mode #!/bin/bash i=1 while read LINE do user=`echo $LINE cut -f 1 -d :` useradd $user let i=$i+1 done < userinfo cat userinfo chpasswd Security drawback of chpasswd uses a file of cleartext passwords when finished destroy or remove that file 11

Groups purpose let a set of users share identical access to a file by extending common permissions to them mechanism files have a group affiliation users have group memberships access to a file can be extended to members of its group separate from that extended to others There are groups Groups are defined in /etc/group file /etc/group.. administrators:x:542:socrates,roy teachers:x:543:plato students:x:544:aristotle.. Groups 12

Composing a group by assigning group(s) ) to a user use usermod usermod -G employees,salesmen willie usermod does not specify a group s users usermod specifies a user s groups group s users per cumulative usermods usermod -G employees,salesmen willie usermod -G salesmen joe willie and joe become members of salesmen, there are probably others Files have a group affiliation Files group affiliations are shown by the ls l command: [root@emach1 schools]# ls -l Files total 12 -rw-r--r-- 1 root students 121 Dec 8 17:15 assignments -rw-rw---- 1 root teachers 119 Dec 8 17:13 grades -rw-r----- 1 root administ 95 Dec 8 17:10 salaries Their groups 13

Users have group memberships Users memberships appear in the file that defines the groups, (/etc/group) not the one that defines the users (/etc/passwd) file /etc/group The. group. administrators:x:542:socrates,roy teachers:x:543:plato students:x:544:aristotle The members.. Permissions for groups -rwxr-x--- File type (file, directory, device, ) Accesses granted to file s associated User Accesses granted to members of file s Group Accesses granted to all Other users 14

Who can read what? [root@emach1 schools]# ls -l total 12 -rw-r--r-- 1 root students 121 Dec 8 17:15 assignments -rw-rw---- 1 root teachers 119 Dec 8 17:13 grades -rw-r----- 1 root administ 95 Dec 8 17:10 salaries socrates (an administrator) can read: salaries (because he s an administrator) assignments (because anybody can) aristotle (a student) can read: assignments (because he s student) plato (a teacher) can read: grades (because he s a teacher) assignments (because anybody can) Users have group memberships Users group memberships appear in the file that defines the groups, (/etc/group) not the one that defines the users (/etc/passwd) Plus one additional, default membership craig:x:507:507:craig Smith:/home/craig:/bin/bash craig s default group, by group number in /etc/passwd, the so-called default group. User holds membership in this one, plus those found in /etc/group. 15

Windows* has comparable features file-specific permissions per user or group *ntfs filesystem user accounts groups 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback