The Saigon CTT Chapter 10 Managing Users. The Saigon CTT  Objectives  Define the requirements for user accounts  Explain group and group accounts 

Slides:



Advertisements
Similar presentations
Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Advertisements

Linux Users and Groups Management
Unix/Linux basics user management Operating systems lab Gergely Windisch room 4.12
Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.
Adding New users This is a routine chore on most systems
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Linux+ Guide to Linux Certification, Second Edition
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
Linux+ Guide to Linux Certification, Second Edition
Linux System Administration LINUX SYSTEM ADMINISTRATION.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.
Guide to Operating System Security Chapter 4 Account-based Security.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.
Unix System Administration Chapter 6 Adding New Users.
Day 11 SAMBA NFS Logs Managing Users. SAMBA Implements the ability for a Linux machine to communicate with and act like a Windows file server. –Implements.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
Linux+ Guide to Linux Certification, Third Edition
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Accounts and Namespaces.
Managing Users Objectives Contents Practicals Summary
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Chapter 10: Rights, User, and Group Administration.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Introduction to System Admin Sirak Kaewjamnong. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups.
Managing Users Objectives –to be able to add, modify and remove Unix user accounts Contents –requirements for a user account –configuration files (passwd,
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
Linux Based Networks University of Education Instructor: Muhammad Amer Irshad.
Manually Creating a New User Account Presented by Carl South.
© 2006 ITT Educational Services Inc. Linux Operating System :: Unit 3 :: Slide 1 Downloading and Installing Software yum pirut Bit Torrent rmp.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
SCSC 455 Computer Security Chapter 3 User Security.
Lecture – Users and groups
Working with users and Groups. 1. Manage users and group 2. Manage ownership, permissions, and quotas.
Linux Use the Command-Line Interface to Administer the System.
1. Edit the password and group files > vipw(8), pw(8) 2. Set an initial password > passwd lwhsu 3. Set quota > edquota [-u] lwhsu 4. Create user home.
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.
Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw, pw 2.Set an initial password.
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
Experiment No 4 Prepared by, Mr. Satish Pise. Objectives View the /etc/passwd file and describe its syntax. View the /etc/shadow file and describe its.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses. ©Copyright Network Development Group Module 14 Managing.
LINUX SYSTEM ADMINISTRATION
Module X (Unix/Linux Password Security)
Basic Commands ls cp ls –l (in detail format) echo ls –a
Chapter 11: Managing Users
Chapter 2 User Management
Linux Users and Groups Management
IS3440 Linux Security Unit 3 User Account Management
Systems Administration CSCI Fall 2016
Adding New Users, Storage, File System
COP 4343 Unix System Administration
Security and File Permission
OPS235 Lab4: Investigations 5 – 9
LINUX SYSTEM ADMINISTRATION
System & Network Administration (MCSA & RHCSA)
Module 13 System and User Security
Adding New Users Chapter 6.
Administering Users and Groups
Administering Users and Groups
Adding New Users.
Presentation transcript:

The Saigon CTT Chapter 10 Managing Users

The Saigon CTT  Objectives  Define the requirements for user accounts  Explain group and group accounts  Construct configuration files (group, passwd, shadow)  Demonstrate adding users  Describe modifying user details  Explain user passwords  Demonstrate deleting users

The Saigon CTT  New User Requirements  When adding a new user, you need be familiar with files : passwd, shadow, group, gshadow under /etc directory  /etc/passwd contains information of all users : Login name, User ID, Group ID, Descriptive name, Home directory, Login shell  /etc/shadow stores parameters to control account access: user’s password hash and password aging information  /etc/group contains information about user’s groups  /etc/gshadow stores group’s password hash,…(rarely used)

The Saigon CTT  Preparing Groups  Carefully constructed groups are very useful to users who are all working in the same department or project  Groups not only allow for a second level of access control but also allow the members in group to share files in secured environment  Each line in /etc/group file correspond to a group  Commands to modify groups: groupadd, groupmod, groupdel

The Saigon CTT  The /etc/passwd  Each line in this file correspond to a user, has the following form : name:password:UID:GID:comment:home directory:shell # more /etc/passwd root:x:0:0:Super User:/root:/bin/bash henry:x:101:101:Thiery Henry:/home/henry:/bin/ksh...

The Saigon CTT  Allocating User IDs  All Linux system come with several administrator users pre-configured, are intended to perform certain administrative work. They are typically assigned UID less than 100: root, bin, daemon, sys, adm, lp, …  System with administration tools allocate UIDs automatically, greater than 100 in general

The Saigon CTT  Adding Users  The useradd utility is recommended for administering users. It creates the required record in /etc/passwd and /etc/shadow  A list of options can be used with useradd to override defaults: -u UID Specify new user ID (default: next available number) -g GID Specify default (primary) group ( default other group ) -c comment Description of user ( default: blank ) -d directory Define home directory ( default /home/username ) -m Make home directory -k skel_dir Skeleton directory ( default /etc/skel ) -s shell Specify login shell ( default /bin/bash )

The Saigon CTT  Changing User Attributes  If you edit files manually, you risk corrupting file, resulting with users not being able to log in at all. Instead, use usermod utility # usermod –g users –c “Henry Blake” henry # usermod –u 321 –s /bin/ksh majorh # usermod –f 10 henry # usermod –e majorh

The Saigon CTT  Changing Group Membership  Each user belongs to a group (primary) that can be changed by usermod –g  User can also belongs to secondary groups, controlled by usermod –G # grep blofeldt /etc/passwd blofeldt:x:416:400::/home/blofeldt:/bin/bash # groups blofeldt blofeldt: : mash # groupadd –g 600 fleming # usermod –G fleming blofeldt # grep blofeldt /etc/group fleming:x:600: blofeldt

The Saigon CTT  Removing Users  When a user leaves, there are two main concerns:  Protect the system from unauthorized access via his/her account  Protect and manage his/her files, directories left on the system  The userdel command takes care of removing a user account. userdel can remove user’s home directory but does not user’s mail, crontab table, atd queues, …

The Saigon CTT  Removing Users - userdel  Command format: userdel [option] -r This option will remove home directory

The Saigon CTT  To safely remove a user from a system: 1.Lock the account password until you are ready to remove it altogether ( use chage command ) # chage –E henry 2.Save all file owned by the user somewhere outside the home directory # find / -user henry –print | cpio ov | gzip >/hold/henry # find / -user henry –type f –exec rm –f {} \; # find / -user henry –type d –depth –exec rmdir {} \;

The Saigon CTT  To safely remove a user from a system: 3.Change access permission on saved files to root only # chown root /hold/henry ; chmod 700 /hold/henry 4.Consider crontab and at jobs setup by the user 5.Setup mail forwarding to send mail to a manager

The Saigon CTT  Security  Use passwd command to change the password : # passwd henry current password : new password: retype new password:  Choosing password: Not use proper words or names Use letters and digits Include symbols: #, $, %, …  Do not allow guest account to login to your system

The Saigon CTT  The /etc/shadow File  If shadow passwords are used, encrypted passwords are stored in this file: name:password:lastchange:min:max:warn:inactive:expire:flag name User login name, mapped to /etc/passwd password Encrypted password. If this field is blank, then there is no password ; “*” : account is locked, … lastchange Number of days since the last password change, from 1/1/70 min Minimum number of days between password changes max Maximum number of days password is valid warn Number of days before expiration that user will be warned inactive Number of inactivity days allowed for this user expire Absolute date, beyond which the account will be disabled

The Saigon CTT  Account Security  Actions you can take to improve security:  Use preset expiration date for temporary employees # usermod –e henry  Use inactivity counts to lock unused accounts # usermod –f 5 henry  Change passwords known by someone who leaves. If they know the root password, change ALL password

The Saigon CTT  Account Security  Password aging with chage command: chage [options]  Options: -m Minimum days -M Maximum days -d Day last changed -I Inactive lock -E Expiration (YYYY-MM-DD or MM/DD/YY) -W Warning days

The Saigon CTT  Summary  Define the requirements for user accounts  Explain group and group accounts  Construct configuration files (group, passwd, shadow)  Demonstrate adding users  Describe modifying user details  Explain user passwords  Demonstrate deleting users