Unit 5 – User Administration Randy Marchany VA Tech Computing Center

Understanding the Login Procedure  Multiple ways of logging into the system – telnet – cleartext – not recommended – ssh – encrypted – highly recommended Ssh clients available on VTNET CD for PC/MAC  User information is parsed from /etc/passwd file at login and the base environment variables are set.

Understanding the Login Procedure  Base environment variables – HOME – location of your home directory – LOGNAME – your login name (userid) – PATH – default search path for commands – SHELL – default shell – MAIL – location of your directory – TZ – time zone specification

/etc/password, /etc/shadow  These files are the critical files that contain all of the user information for your system  /etc/passwd is world readable, /etc/shadow is readable by root only. Why? – /etc/shadow contains the encrypted password string for each userid. There are password cracking programs that will use this encrypted string to brute force guess the userid password.

/etc/passwd Format  7 fields  Userid:Password string:UID:GID:Name field:home directory location:default shell  Userid – the login id of the user account  Password string – a marker X, in older Unix systems this is where the encrypted password string would have been stored.

/etc/passwd Format  UID – unique number that identifies the userid. The OS uses this NOT the username to identify an account.  GID – unique number identifying the group the userid belongs to.  Name field – name of the account owner  Home directory location – where the default home directory for this userid is located.  Default shell – the default shell activated upon logging into the system

The UID/GID Pair  The UID must be unique between userids.  You can have multiple usernames associated with the same UID. Solaris will treat all of them as the same userid.  UID 0 is root. There should be only 1 account with this UID.  UIDs must be unique across systems.

Adding Users  Admintool is the main GUI that handles user management.  useradd command adds a new user.  Command line: – useradd –d dir –u uid –s shell –g group –c comment username – These are the most common flags but there are others. See the man page.

Modifying Users  Admintool is the preferred method.  /usr/sbin/usermod is the command line version.  Command line: – /usr/sbin/usermod –u uid –g group –s shell userid – There are more flags but these are the most common ones used.

Deleting Users  Admintool is the preferred method  The userdel command deletes a user from the system and modifies /etc/passwd, /etc/group, /etc/shadow appropriately.  Command line: – /usr/sbin/userdel –r userid – The –r option deletes the user’s home directory.

Adding/modifying Groups  Admintool GUI is the first choice.  groupadd command creates a new group.  Command line: – /usr/sbin/groupadd –g gid groupname  Modifying the group via command line – /usr/sbin/groupmod –g gid –n name group

Deleting Groups  Admintool is the preferred method (duh!)  The groupdel command deletes a group from the system.  Command line: – /usr/sbin/groupdel group

Setting Up the User Environment  System initialization files define environment variables when a user shell is started.  2 types – System – sets environment variable for everyone on the system – User – sets the environment variable for a single user only

Setting Up the User Environment  System initialization files are executed first when the user logs in. – Bourne shell: /etc/profile – Korn shell: /etc/profile – C shell: /etc/.login  User initialization files are executed next. – Bourne shell: $HOME/.profile – Korn shell: $HOME/.profile – C shell: $HOME/.cshrc, $HOME/.login

Setting Up the User Environment  Default /etc/profile and /etc/.login files check quotas, print the MOTD, and check for (“You have Mail”).  If $HOME/.hushlogin exists, the MOTD is not printed.  You can add any other system wide commands to these files.

The.profile file  Each user can make changes to their.profile or.cshrc or.login files.  The user customizes their environment by adding or deleting commands from these files.  The most common variable is the PATH command. This defines the search order for your commands.

The /etc/profile file  This file sets the default permissions for files (umask command).  It prints out the MOTD. The MOTD is stored in /etc/motd with additional information in /etc/issue.  It can be used to set the environment for third party software such as Arcinfo or any other GIS software.

The /etc/skel files  Templates that are used to create the user initialization files are stored in /etc/skel.  Bourne and Korn shells use the template /etc/skel/local.profile.  C shell uses the templates /etc/skel/local.cshrc and /etc/skel/local.login.  These templates are modified based on the information provided by useradd and the copies are moved to the user home directories. They are renamed to.profile,.login and.cshrc as needed.

The /etc/skel files  You can modify these templates to ensure your customizations are placed in all user environments.  Sun recommends you create a new directory to contain your site specific files.  Make the changes in these files and copy them to the user directories.  I must admit that I don’t do this.