Adding New Users Chapter 6.

Slides:



Advertisements
Similar presentations
Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Advertisements

6. Adding New Users Xiang Sha Cmsc 691x. 6.1 The /etc/passwd File The /etc/passwd File is a list of users recognized by the system. Login name Encrypted.
Adding New users This is a routine chore on most systems
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw 2.Set an initial password >passwd.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
Linux+ Guide to Linux Certification, Second Edition
Linux System Administration LINUX SYSTEM ADMINISTRATION.
Workbook 3 Users and Groups
Introduction to Linux Installing Linux User accounts and management Linux’s file system.
CIS 218 Advanced UNIX 1 User and System Information CIS 218.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
2/19/2003 Lecture 3 Computer System Administration Lecture 3 Setup (continued)
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.
Unix System Administration Chapter 6 Adding New Users.
Day 11 SAMBA NFS Logs Managing Users. SAMBA Implements the ability for a Linux machine to communicate with and act like a Windows file server. –Implements.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
Linux+ Guide to Linux Certification, Third Edition
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Accounts and Namespaces.
Managing Users Objectives Contents Practicals Summary
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Introduction to System Admin Sirak Kaewjamnong. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups.
Managing Users Objectives –to be able to add, modify and remove Unix user accounts Contents –requirements for a user account –configuration files (passwd,
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
Linux Based Networks University of Education Instructor: Muhammad Amer Irshad.
User Management. Adding New Users Computer Center, CS, NCTU 3 ID  User ID, Group ID % id liuyh  uid=10047(liuyh) gid=200(dcs) groups=200(dcs),0(wheel),700(ta),800(security),888(wwwadm)
Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.
The Saigon CTT Chapter 10 Managing Users. The Saigon CTT  Objectives  Define the requirements for user accounts  Explain group and group accounts 
Manually Creating a New User Account Presented by Carl South.
© 2006 ITT Educational Services Inc. Linux Operating System :: Unit 3 :: Slide 1 Downloading and Installing Software yum pirut Bit Torrent rmp.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Lecture – Users and groups
Working with users and Groups. 1. Manage users and group 2. Manage ownership, permissions, and quotas.
Linux Use the Command-Line Interface to Administer the System.
1. Edit the password and group files > vipw(8), pw(8) 2. Set an initial password > passwd lwhsu 3. Set quota > edquota [-u] lwhsu 4. Create user home.
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.
Lecture 02 File and File system. Topics Describe the layout of a Linux file system Display and set paths Describe the most important files, including.
Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw, pw 2.Set an initial password.
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
Experiment No 4 Prepared by, Mr. Satish Pise. Objectives View the /etc/passwd file and describe its syntax. View the /etc/shadow file and describe its.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses. ©Copyright Network Development Group Module 14 Managing.
LINUX SYSTEM ADMINISTRATION
User Management.
System Programming and administration CS 308
Chapter 11: Managing Users
User Management.
Chapter 2 User Management
Linux Users and Groups Management
Adding New Users, Storage, File System
Unix Access Control Basic CE 2
COP 4343 Unix System Administration
Chapter 7 File and file System structure
LINUX SYSTEM ADMINISTRATION
User Management lctseng.
User Management.
Periodic Processes Chapter 9.
Module 13 System and User Security
Administering Users and Groups
Administering Users and Groups
Rootly Powers Chapter 3.
Adding New Users.
Chapter 6 Adding New Users
Presentation transcript:

Adding New Users Chapter 6

Chapter 6 - Adding new users Introduction Adding and removing users is a routine chore. These tasks are simple, but they are also boring. Most administrators build tools to automate the process and then delegate the actual work to an assistant or operator. Account hygiene is a key determinant of system security Infrequently used accounts are prime targets for hackers, as are accounts with easily guessed passwords Chapter 6 - Adding new users

Chapter 6 - Adding new users 1. The /etc/passwd file The /etc/passwd file is a list of users recognized by the system. Each line in the file represents one user and contains several fields separated by colons: Login name Encrypted password (unless there is a shadow password) UID number Default GID number GECOS information (full name, office, extension, phone) Home directory Login shell The contents are often shared among systems via NIS or NIS+ Chapter 6 - Adding new users

Chapter 6 - Adding new users 1. The /etc/passwd file Login name Must be unique On some OS’s (and with NIS/NIS+) they are limited to 8 characters Case sensitive (but most mail systems expect lower case) Chapter 6 - Adding new users

Chapter 6 - Adding new users 1. The /etc/passwd file Encrypted password This is set by passwd (yppasswd if you use NIS) Encryption Schemes Most use DES encryption input: first 8 characters are used output: 13 characters are produced no matter what Red Hat and FreeBSD include support for MD5 input: can be of any length output: 31 characters (first 3 are $1$) Chapter 6 - Adding new users

Chapter 6 - Adding new users 1. The /etc/passwd file Shadow passwords: (Chapter 21) places encrypted passwords in a separate file (not world readable) Solaris requires shadow passwords Notes: A * in this field prevents someone from logging in. Never leave this field empty. Chapter 6 - Adding new users

Chapter 6 - Adding new users 1. The /etc/passwd file UID number Size: On most modern systems UIDs are a 32 bit integer On older systems the largest UID was 32,767 By definition, root has UID 0 HINTS: avoid recycling UID’s (restoring files can be a problem) Keep unique UID’s across your system Chapter 6 - Adding new users

Chapter 6 - Adding new users 1. The /etc/passwd file Default GID number Group ID numbers Size: 16 or 32 bit integer (signed or unsigned) Defined in /etc/group Reservations GID 0 - reserved for the group “root” or “wheel” GID 1 - reserved for the group “daemon” Modern versions UNIX allow users to be in up to 16 groups. Chapter 6 - Adding new users

Chapter 6 - Adding new users 1. The /etc/passwd file File creation: BSD or Not? Inherit the GID of the parent directory or the user? If from the user, they may want to change which group they are in at the time with the command newgrp Most OS’s do not follow the BSD semantics But they allow it as a mount option (grpid) Chapter 6 - Adding new users

Chapter 6 - Adding new users 1. The /etc/passwd file GECOS field no well defined syntax records personal information finger and sendmail use this info (but most others do not) chfn lets users change their own GECOS information this can be abused Chapter 6 - Adding new users

Chapter 6 - Adding new users 1. The /etc/passwd file Home directory Users are placed in their home directory when they log in If the home directory is missing: All print an error message Some allow the login to proceed (and put the user in /) Some don’t allow the login to continue. Beware: if home directories are mounted over NFS, they may be unavailable in the event of a server or network problem. Chapter 6 - Adding new users

Chapter 6 - Adding new users 1. The /etc/passwd file Login shell Normally a command interpreter such as /bin/sh, /bin/csh, /bin/ksh, /bin/tcsh, /bin/bash sh is the default on most systems and is used if /etc/passwd does not specify a login shell Users can change their shell with chsh /etc/shells contains a list that chsh will allow. Chapter 6 - Adding new users

2. The FreeBSD /etc/master.passwd File On FreeBSD, the “real” password file is /etc/master.passwd. The /etc/passwd file exists for backward compatibility, but it is generated from master.passwd and is never edited directly. This file also contains fields to implement password aging The authors of our text are not very enthusiastic about password aging. See Chapter 21 for a discussion. It also contains information for account expiration. Chapter 6 - Adding new users

3. The FreeBSD /etc/login.conf File The login.conf entry can set Resource limits (max process size, open files,…) Session accounting limits (when logins are allowed, how long) Default environment variables Default paths (PATH, MANPATH, …) Location of the message of the day Host and TTY-based access control Default umask Account controls (min passwd length, password aging,…) Chapter 6 - Adding new users

4. The Solaris and Red Hat /etc/shadow File The use of a shadow password file is mandatory under Solaris. You can also use it under Red Hat Linux if you install the shadow package. /etc/shadow is readable only by the superuser keeps encrypted passwords safe from prying eyes. Has fields for password expiration, and aging. Chapter 6 - Adding new users

Chapter 6 - Adding new users 5. The /etc/group File Contains the names of UNIX groups and a list of each group’s members Each line contains Group name Encrypted password (vestigal and rarely used) allows users to change to the group with the password even if not in the list of members. GID number List of members (comma separated) Chapter 6 - Adding new users

Chapter 6 - Adding new users 6. Adding Users Introduction Before you create an account fo a new user, it’s very important that the user sign and date a copy of your local user agreement and policy statement. See Chapter 27 for more info. The process consists of: Edit the passwd and shadow files to define the user’s account Set an initial password Create the user’s home directory Chapter 6 - Adding new users

Chapter 6 - Adding new users 6. Adding Users For the user Copy default startup files Set the user’s mail home and establish mail aliases For you: Add the user to the /etc/group file Config the disk quotas Verify the account has been set up. Chapter 6 - Adding new users

Chapter 6 - Adding new users 6. Adding Users Editing the passwd and shadow files To safely edit the passwd file, run vipw to invoke a text editor on a copy of it. vipw allows only one person to edit the passwd file at a time. On Solaris, vipw asks if you want to edit the shadow file after you have edited the passwd file On FreeBSD, vipw edits the master.passwd file (then runs pwd_mkdb to generate the derived passwd file) Chapter 6 - Adding new users

Chapter 6 - Adding new users 6. Adding Users Setting the initial password Root can change any user’s password with the passwd command. passwd user Different implementations of passwd do/require different things NEVER leave a new account - or any account that has access to a shell - without a password. Chapter 6 - Adding new users

Chapter 6 - Adding new users 6. Adding Users Creating the user’s home directory Any directory you create is intially owned by root, so you must change its owner and group with the chown and chgrp commands The following is an example of their usage: mkdir /home/staff/tyler chown tyler /home/staff/tyler chgrp staff /home/staff/tyler chmod 700 /home/staff/tyler Chapter 6 - Adding new users

Chapter 6 - Adding new users 6. Adding Users Copying the default startup files You can customize commands and utilities by placing configuration files in a user’s home directory. Startup files traditionally begin with a dot ls ignores these files unless it is given a “-a” option Some vendors supply a starting point set /etc/skel or /usr/share/skel Depending upon a user’s shell, /etc may contain system-wide startup files that are processed before the user’s own startup files Chapter 6 - Adding new users

Chapter 6 - Adding new users 6. Adding Users Setting the user’s mail home It is convenient for each user to receive email on only one machine. This scheme is often implemented with an entry in the global aliases file /etc/mail/aliases or the sendmail userDB See Chapter 19 for general information about email Chapter 6 - Adding new users

Chapter 6 - Adding new users 6. Adding Users Editing the /etc/group file When you added a new user (in /etc/passwd) you placed them in a group. /etc/group should be updated to reflect this and any other groups you wish to add them to. Chapter 6 - Adding new users

Chapter 6 - Adding new users 6. Adding Users Setting disk quotas If your site uses disk quotas, you should set quota limits for each new account with the edquota command edquota can be done interactively, or with a “-p” to make a user just like someone else. edquota -p someone_else new_user Chapter 6 - Adding new users

Chapter 6 - Adding new users 6. Adding Users Verifying the new login To verify that a new account has been properly configured, first log out, then log in as the new user and execute the following commands: pwd ls -la If your site requires users to sign a written contract, be sure this step has been completed before releasing the account Be sure to remind new users to change their password immediately Chapter 6 - Adding new users

Chapter 6 - Adding new users 7. Removing Users When a user leaves your organization, that user’s login account must be removed from the system. This procedure involves removing all references to the login name that were added by you or your adduser program: Before you remove a user’s home directory, it’s always a good idea to make an extra backup of their directory (and mail spool) before deleting them Chapter 6 - Adding new users

Chapter 6 - Adding new users 7. Removing Users You may want to use the following checklist: Set user’s disk quota to 0 Remove the user from any local user database Remove the user from the aliases file (or add a forwarding address) Remove the user’s crontab file and pending at jobs Kill any of the user’s processes that are still running. Remove any temporary files owned by the user Remove the user from the passwd and group files Remove the user’s home directory Remove the user’s mail spool Chapter 6 - Adding new users

Chapter 6 - Adding new users 7. Removing Users Once you have removed a user, be sure to verify that the user’s old UID owns no more files on the system. A fast way to do this is with the quot command Example: quot /home quot does not require disk quotas to be active quot only works on local disks (not over NFS mounts) If there are, you can find their exact path with find -x /home -nouser -print Chapter 6 - Adding new users

Chapter 6 - Adding new users 8. Disabling Logins On occasion, a user’s login must be temporarily disabled. Some people just put a * in the password file for the encrypted password. However, some setups allow net logins without a password. These days you should replace the user’s shell with a program that explains why the login has been disabled (and how to rectify the situation) Chapter 6 - Adding new users

Chapter 6 - Adding new users 8. Disabling Logins Be careful about this placing this pseudo-shell in the /etc/shells file do you want them to have ftp access? ftpd checks to see if the user’s login shell is in /etc/shells Do you want them to continue to receive email sendmail does also…. Chapter 6 - Adding new users

9. Vendor-Supplied Account Management Utilities Solaris, HP-UX, and Red Hat provide a similar set of utilities to help automate the creation, deletion, and modification of users and groups Users: useradd adds users to the passwd file (and shadow) usermod and userdel modify and delete users Groups: groupadd, groupmod, and groupdel operate on /etc/group Chapter 6 - Adding new users

Chapter 6 - Adding new users