Chapter 3 Rootly Powers. Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform.

Slides:



Advertisements
Similar presentations
CIS 193A – Lesson2CIS 193A - Lesson2 Authorization & Authentication Sudo and PAM.
Advertisements

Linux Users and Groups Management
Basic Unix system administration
2000 Copyrights, Danielle S. Lahmani UNIX Tools G , Fall 2000 Danielle S. Lahmani Lecture 12.
Homework 5b: Samba. Computer Center, CS, NCTU 2 Network-based File Sharing (1)  NFS (UNIX-based) mountd is responsible for mount request nfsd and nfsiod.
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.
Chapter 2 Accessing Your System and the Common Desktop Environment.
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw 2.Set an initial password >passwd.
Sudo Access with Beowulf Clusters Chris Feehan CS Senior Capstone 12/18/06.
Unix Systems Administration 1Y. K. Chang root: the super user 4 The UNIX semigod who can perform privileged tasks: controlling processes, adding devices,
Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.
Linux Shell. 2 Linux Command-Line Interface ■ Linux shells: A shell is a command interpreter that allows you to type commands from the keyboard to interact.
Help session: Unix basics Keith 9/9/2011. Login in Unix lab  User name: ug0xx Password: ece321 (initial)  The password will not be displayed on the.
Introduction to Unix Administration Objectives –to identify the basic concepts of Unix administration Contents –history of Unix –unix vendors and standards.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Unix System Administration Rootly Powers Chapter 3.
CIS 191 – Lesson 2 System Administration. CIS 191 – Lesson 2 System Architecture Component Architecture –The OS provides the simple components from which.
1 Advanced Unix Administrative Tools. 2 VMWare Image Setup We all need to check out the VMWare FC6 image that you’ll be using We all need to check out.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
ITN Wake Tech1 ITN270 Advanced Internet Databases Lecture 15. General MySQL Administration Topics: –Securing a New MySQL Installation –MySQL Server.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
Linux Security. See who's logged in 1) w (more information) 2) who (less information)
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Berkeley R Utilities & the new S Utilities The Unix (or Berkeley) r utilities provide an alternative to IP facilities telnet and ftp. Three programs: rlogin.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
A Practical Guide to Fedora and Red Hat Enterprise Linux Unit 9: Basic Linux Administration Chapter 11: System Administration: Core Concepts Chapter 16:
REMOTE LOGIN. TEAM MEMBERS AMULYA GURURAJ 1MS07IS006 AMULYA GURURAJ 1MS07IS006 BHARGAVI C.S 1MS07IS013 BHARGAVI C.S 1MS07IS013 MEGHANA N. 1MS07IS050 MEGHANA.
Introduction to System Admin Sirak Kaewjamnong. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
User Management. Adding New Users Computer Center, CS, NCTU 3 ID  User ID, Group ID % id liuyh  uid=10047(liuyh) gid=200(dcs) groups=200(dcs),0(wheel),700(ta),800(security),888(wwwadm)
Manually Creating a New User Account Presented by Carl South.
SCSC 455 Computer Security Chapter 3 User Security.
Module 1 - Introduction to Linux. Users must log-in Linux is case sensitive File and Directories naming conventions (No spaces!) Files and Directories.
VIRTUAL HOSTING WITH PureFTPd And MYSQL (Quota And Bandwidth Management) BY Odoh Kenneth Emeka Sun Yu Patrick Appiah.
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
Installing Applications in FreeBSD lctseng. Computer Center, CS, NCTU 2 Before we start  Permission issue root: the super user Like administrator in.
Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw, pw 2.Set an initial password.
Unit – 5 FTP Server. FTP Introduction One of the oldest and most commonly used protocols The original specification for the File Transfer Protocol was.
 Last lesson, the Windows Operating System was discussed along with the Windows command shell  Unix is a computer operating system, that similarly manages.
Basic UNIX system administration CS 2204 Class meeting 14 *Notes by Doug Bowman and other members of the CS faculty at Virginia Tech. Copyright
UNIX Command RTFM: sudo(8)
Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service.
System Administration II
User Management Lctseng, arr. by pschiu.
Overview – SOE Sudo SEP 2014.
User Management.
Chapter 9 Router Configuration (Ospf, Rip) Webmin, usermin Team viewer
User Management.
Overview – SOE Sudo September 2016.
Overview – SOE Sudo November 2015.
Chapter 3 Rootly Powers.
Linux Users and Groups Management
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
COP 4343 Unix System Administration
Shells, Help, and Paths.
The Linux Command Line Chapter 9
User Management lctseng.
User Management.
Chapter Introduction 3.2 The UNIX Model of Ownership
The Attack and Defense of Computers
Module 13 System and User Security
Linux Filesystem Management
Rootly Powers Chapter 3.
1.3 Given a scenario, apply appropriate Microsoft command line tools
Tools and Explanations for Mac Beginners
Access Control and Audit
Presentation transcript:

Chapter 3 Rootly Powers

Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform any valid operation on any file or process, such as: Changing the root directory of a process with chroot Creating device files (mknod) Setting the system clock Raising anyone’s resource usage limits and process priorities (renice, edquota) Setting the system’s hostname (hostname command) Configuring network interfaces (ifconfig command) Shutting down the system (shutdown command)

Computer Center, CS, NCTU 3 Becoming root (1)  Login as root Console login  Allow root login on console but not cross network.  If you don’t want to permit root login in the console ttyv1 "/usr/libexec/getty Pc" cons25 on secure  ttyv1 "/usr/libexec/getty Pc" cons25 on insecure Remote login (login cross network)  sshd: /etc/ssh/sshd_config #PermitRootLogin yes

Computer Center, CS, NCTU 4 Becoming root (2)  su : substitute user identity su, su -, su username ※ Environment is unmodified with the exception of USER, HOME, SHELL which will be changed to target user. ※ “su -” will simulate as a full login.  sudo : a limited su Subdivide superuser’s power  Who can execute what command on which host. Each command executed through sudo will be logged Install sudo  /usr/ports/security/sudo Edit /usr/local/etc/sudoers using visudo command  visudo can check mutual exclusive access of sudoers file Sep 22 23:24:19 chbsd sudo: chwong : TTY=ttyp4 ; PWD=/usr/ports ; USER=root ; COMMAND=/usr/bin/make update fetchindex

Computer Center, CS, NCTU 5 Becoming root (3) sudoers format  Who can execute what command on which host –The user to whom the line applies –The hosts on which the line should be noted –The commands that the specified users may run –The users as whom they may be executed  Use absolute path Host_AliasBSD=bsd1,bsd2,alumni Host_AliasLINUX=linux1,linux2 Cmnd_AliasDUMP=/usr/sbin/dump, /usr/sbin/restore Cmnd_AliasPRINT=/usr/bin/lpc, /usr/bin/lprm Cmnd_AliasSHELLS=/bin/sh, /bin/tcsh, /bin/csh

Computer Center, CS, NCTU 6 Becoming root (4) Host_AliasBSD=bsd1,bsd2,alumni Host_AliasLINUX=linux1,linux2 Cmnd_AliasDUMP=/usr/sbin/dump, /usr/sbin/restore Cmnd_AliasPRINT=/usr/bin/lpc, /usr/bin/lprm Cmnd_AliasSHELLS=/bin/sh, /bin/tcsh, /bin/csh Cmnd_AliasSU=/usr/bin/su User_AliaswwwTA=jnlin, ystseng User_AliasprintTA=thchen, jnlin chwongALL=ALL chiahungALL=(ALL)ALL,!SHELL,!SU printTAcsduty=PRINT wwwTABSD=(nobody)/usr/bin/more %wheelALL=NOPASSWD:/sbin/shutdown

Computer Center, CS, NCTU 7 Becoming root (5) % sudo –u nobody more /usr/local/etc/apache/httpd.conf % cp –p /bin/csh /tmp/csh; sudo /tmp/csh

Computer Center, CS, NCTU 8 Advantage of sudo  Accountability is much improved because of command logging  Operators can do chores without unlimited root privileges  The real root password can be known to only one or two people  It ’ s faster to use sudo than to run su or login as root  Privileges can be revoked without the need to change the root password  A canonical list of all users with root privileges is maintained  There is less chance of a root shell being left unattended  A single file can be used to control access for an entire network

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.