Linux Use the Command-Line Interface to Administer the System.

Slides:



Advertisements
Similar presentations
Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Advertisements

Linux Users and Groups Management
Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Linux+ Guide to Linux Certification, Second Edition
User Accounts and Permissions Chapter IV / Part II.
CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
UNIX Chapter 08 File Security Mr. Mohammad Smirat.
Linux+ Guide to Linux Certification, Second Edition
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
Linux+ Guide to Linux Certification, Third Edition
Managing Users Objectives Contents Practicals Summary
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Chapter 10: Rights, User, and Group Administration.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Managing Users Objectives –to be able to add, modify and remove Unix user accounts Contents –requirements for a user account –configuration files (passwd,
1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
Linux Based Networks University of Education Instructor: Muhammad Amer Irshad.
Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.
The Saigon CTT Chapter 10 Managing Users. The Saigon CTT  Objectives  Define the requirements for user accounts  Explain group and group accounts 
Manually Creating a New User Account Presented by Carl South.
© 2006 ITT Educational Services Inc. Linux Operating System :: Unit 3 :: Slide 1 Downloading and Installing Software yum pirut Bit Torrent rmp.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
CSCI 330 The UNIX System Unit V Permissions. all access to directories and files is controlled UNIX uses discretionary access control (DAC) model each.
Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission.
Lecture – Users and groups
Working with users and Groups. 1. Manage users and group 2. Manage ownership, permissions, and quotas.
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.
Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw, pw 2.Set an initial password.
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
Experiment No 4 Prepared by, Mr. Satish Pise. Objectives View the /etc/passwd file and describe its syntax. View the /etc/shadow file and describe its.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses. ©Copyright Network Development Group Module 14 Managing.
Linux Filesystem Management
LINUX SYSTEM ADMINISTRATION
File permissions Operating systems I800
Chapter 11: Managing Users
Users/Groups/Permissions
Chapter 8 File Security.
Chapter 2 User Management
Linux Users and Groups Management
Systems Administration CSCI Fall 2016
Adding New Users, Storage, File System
COP 4343 Unix System Administration
Security and File Permission
System & Network Administration (MCSA & RHCSA)
Module 13 System and User Security
Adding New Users Chapter 6.
Administering Users and Groups
Administering Users and Groups
Adding New Users.
Presentation transcript:

Linux Use the Command-Line Interface to Administer the System

2 Objectives Understand User and Group Configuration Files Manage User Accounts and Groups from the Command-Line Manage File Permissions and Ownership

3 Understand User and Group Configuration Files Information on users and groups is kept in: –/etc/passwd –/etc/shadow –/etc/group You should not modify these files with an editor –Use YaST or the appropriate command-line tools –Modifying these files with an editor can lead to errors –To ensure consistency, you should be able to: Check /etc/passwd and /etc/shadow Convert Passwords to and from Shadow

4 /etc/passwd

5 /etc/passwd (continued) UID: 0–99 for the system itself 100–499 for special system users (such as services and programs) On SLES 9, normal users start from UID 1000

6 /etc/shadow Only root can modify it Root and members of the group shadow can read it Contains encrypted (hashed) passwords If an invalid character occurs in password field then user cannot log in

7 /etc/shadow (continued)

8

9 /etc/group Each line represents a single group record –Group name, password hash, GID, and the members of the group Shows secondary group memberships only In older versions of SUSE LINUX, group passwords are stored in /etc/gshadow

10 /etc/group (continued)

11 Check /etc/passwd and /etc/shadow Because user configuration is handled by two files (/etc/passwd and /etc/shadow), these files have to match each other However, discrepancies can occur

12 Check /etc/passwd and /etc/shadow (continued) pwck - checks integrity of all entries in /etc/passwd and etc/shadow files

13 Convert Passwords to and from Shadow Convert Password to Shadow –pwconv command converts the passwd file to the shadow file Replaces the password in /etc/passwd with x Password aging information is pulled from login.defs –pwconv can also be used to add missing entries to the shadow file Convert Shadow to Password –pwuconv moves passwords from /etc/shadow to /etc/passwd and password aging information is lost

14 Manage User Accounts and Groups from the Command-Line In addition to the YaST modules users and groups, you can use the following commands to add, change, and delete users and groups: –useradd –passwd –usermod –userdel –groupadd, groupmod, and groupdel To prevent individual users from using system resources excessively, use the following command: –ulimit

15 useradd options –-m. /etc/skel/ used as a template for home directory –-c. “comment” –-g. GID or -g groupname –-G. defines any supplementary groups –-p. “encrypted password” (use mkpasswd first) –-e. YYYY-MM-DD: expiration date /etc/default/useradd GROUP=1001 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel GROUPS=audio,dialout,uucp,video useradd

16 passwd Use without arguments to change own password Other options –-l: to lock a user account (use -u to unlock) –-S: to list the status of a user account

17 passwd (continued)

18 passwd (continued) The quickest way to create a new user from a command-line is to use useradd and passwd

19 usermod Used to modify information such as the UID, the standard shell, the home directory, and the primary group in an existing user account Its options are nearly the same as the options of the command useradd Examples: –Change the home directory: usermod -d /newhome/tux -m tux –Change the UID: usermod -u 1504 tux

20 userdel Used to delete user accounts –userdel tux Without options, it removes the user from: –/etc/passwd –/etc/shadow –/etc/group If /var/spool/cron/tabs/username exists, it is deleted Home directory is not deleted To delete the user’s home directory and the data it contains: –userdel -r tux

21 groupadd, groupmod, and groupdel groupadd group_name (next free GID is used) –-g GID –-p encrypted_password groupmod –-g newGID –-n new_group_name –-A user (to add to group) groupdel group_name –You can delete a group only if no user has this group assigned as a primary group

22 Manage File Permissions and Ownership The first 10 columns represent the following: –1: File type –2-4: File permissions of the user who owns the file –5-7: File permissions of the owning group of the file –8-10: File permissions of others

23 Manage File Permissions and Ownership (continued)

24 Change the File Permissions with chmod

25 Change the File Permissions with chmod (continued) With the option -R and a specified directory, you can change the access permissions of all files and subdirectories under the specified directory If you have a certain set of permissions in mind that the file should have, the octal syntax is usually the most efficient

26 Change the File Permissions with chmod (continued)

27 Change the File Ownership with chown and chgrp User root can use chown and chgrp as follows: –chown new_user.new_group file –chown new_user file –chown.new_group file –chgrp new_group file A normal user can change the group affiliation of a file that he owns to a new group –chown.new_group file –chgrp new_group file –The user can only change the group affiliation of the file that he owns if he is a member of the new group

28 Modify Default Access Permissions By default, files are created with the access mode 666 and directories with 777 To modify these default access mode settings, use umask –umask command allows you to specify the permissions that will be given to all files and folders created after issuing the command –The permissions set in the umask are removed from the default permissions

29 Modify Default Access Permissions (continued)

30 Modify Default Access Permissions (continued)

31 Modify Default Access Permissions (continued) umask 077 restricts access to the owner and root To make umask setting permanent, change its value in /etc/profile To make the setting user-specific, enter the value of umask in the file.bashrc in the home directory of the respective user

32 Configure Special File Permissions

33 Configure Special File Permissions (continued) To set the sticky bit –chmod o+t /tmp –chmod 1777 /tmp –The sticky bit is listed in the permissions for others To set the SUID –chmod u+s /usr/bin/passwd –chmod 4755 /usr/bin/passwd To set the SGID –chmod g+s /usr/bin/wall –chmod 2755 /usr/bin/wall

34 Summary User and password information is stored in the /etc/passwd file on older Linux systems Group information is stored in the /etc/group file on Linux systems You may use the useradd, usermod, and userdel commands to add, modify, and remove user accounts on your system, respectively You can change user account passwords using the passwd command You set system user limits for system resource usage by using ulimit

35 Summary (continued) Permissions can be set on the owner of a file, members of the group of the file, as well as everyone else on the system using chmod New files and directories receive default permissions from the system determined by the umask variable