SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.

Slides:



Advertisements
Similar presentations
Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Advertisements

Linux Users and Groups Management
Chapter One The Essence of UNIX.
Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
Chapter 2 Accessing Your System and the Common Desktop Environment.
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Linux+ Guide to Linux Certification, Second Edition
User Accounts and Permissions Chapter IV / Part II.
CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
Lecture 02CS311 – Operating Systems 1 1 CS311 – Lecture 02 Outline UNIX/Linux features – Redirection – pipes – Terminating a command – Running program.
Linux+ Guide to Linux Certification, Second Edition
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
Workbook 3 Users and Groups
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Introduction to Linux Installing Linux User accounts and management Linux’s file system.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Guide to Operating System Security Chapter 4 Account-based Security.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Chapter 9: Networking with Unix and Linux Network+ Guide to Networks Third Edition.
Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.
SUSE Linux Enterprise Desktop Administration Chapter 2 Use the Linux Desktop.
SUSE Linux Enterprise Desktop Administration Chapter 14 Customize the Graphical Interface on SUSE Linux Enterprise Desktop 10.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
Linux+ Guide to Linux Certification, Third Edition
Managing Users Objectives Contents Practicals Summary
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
Guide to Linux Installation and Administration1 Chapter 4 Running a Linux System.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Chapter Two Exploring the UNIX File System and File Security.
Chapter 10: Rights, User, and Group Administration.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Introduction to System Admin Sirak Kaewjamnong. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups.
Managing Users Objectives –to be able to add, modify and remove Unix user accounts Contents –requirements for a user account –configuration files (passwd,
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
The Saigon CTT Chapter 10 Managing Users. The Saigon CTT  Objectives  Define the requirements for user accounts  Explain group and group accounts 
© 2006 ITT Educational Services Inc. Linux Operating System :: Unit 3 :: Slide 1 Downloading and Installing Software yum pirut Bit Torrent rmp.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
SCSC 455 Computer Security Chapter 3 User Security.
Lecture – Users and groups
Working with users and Groups. 1. Manage users and group 2. Manage ownership, permissions, and quotas.
Linux Use the Command-Line Interface to Administer the System.
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
Experiment No 4 Prepared by, Mr. Satish Pise. Objectives View the /etc/passwd file and describe its syntax. View the /etc/shadow file and describe its.
ORAFACT The Linux File System. ORAFACT Filesystem Support Support for dozens of filesystem types including: Minix, ext2, MS-DOS, UMSDOS, VFAT, NTFS, NFS,
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses. ©Copyright Network Development Group Module 14 Managing.
Linux Filesystem Management
File permissions Operating systems I800
Chapter 11: Managing Users
BIF703 File Permissions.
Chapter 2 User Management
Linux Users and Groups Management
IS3440 Linux Security Unit 3 User Account Management
Systems Administration CSCI Fall 2016
Adding New Users, Storage, File System
COP 4343 Unix System Administration
Security and File Permission
Module 13 System and User Security
Administering Users and Groups
Adding New Users.
Figure 6-13: Managing Permissions
Presentation transcript:

SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions

SUSE Linux Enterprise Desktop Administration Objectives Objective 1—Understand the Multiuser Environment Objective 2—Manage User and Group Accounts Objective 3—Manage File Permissions and Ownership Objective 4—Perform Tasks as a Different User Objective 5—Use Encrypted File Systems 2

SUSE Linux Enterprise Desktop Administration Objective 1—Understand the Multiuser Environment Multiuser capability –Allows a number of users to use the system simultaneously Multitasking capability –Allows programs to run simultaneously Implementation of a multiuser and multitasking system –Only appears to be simultaneous in a single processor system –Advantage: waiting times for input or output from processes can be used for other processes 3

SUSE Linux Enterprise Desktop Administration Objective 1—Understand the Multiuser Environment (continued) UNIX implements preemptive multitasking –Each process is allowed a certain amount of time during which it can work –When this time has expired, the operating system temporarily stops the execution of one process And executes another process that is waiting to run –UNIX controls this sharing of processing time, which avoids one process hijacking the processor The OS coordinates access to the resources –Only one process can be granted access –This coordination task is very complex 4

SUSE Linux Enterprise Desktop Administration Objective 1—Understand the Multiuser Environment (continued) 5 Figure 9-1 Two or more processes need the same resources exclusively

SUSE Linux Enterprise Desktop Administration Objective 1—Understand the Multiuser Environment (continued) Multithreading –An extension of multitasking and helps solve this problem –A number of parts independent from one another (threads) can be created within a process –Increases the level of parallel processes with each thread A program exists only once in the system –However, there can be several processes performing the same program 6

SUSE Linux Enterprise Desktop Administration Objective 2—Manage User and Group Accounts You can manage users and groups with YaST or with command-line tools To do this, you need to understand the following: –Basics About Users and Groups –Manage User and Group Accounts with YaST –Manage Group Accounts from the Command Line –User and Group Configuration Files 7

SUSE Linux Enterprise Desktop Administration Basics About Users and Groups UNIX system must be able to uniquely identify all users Every user must log in with a username and a password Users are represented internally as numbers –The number that a user receives is a UID (User ID) A Linux system has three kinds of users: –Regular (normal) user –System user –The root user 8

SUSE Linux Enterprise Desktop Administration Basics About Users and Groups (continued) Users can be grouped together based on shared characteristics or activities As with users, each group is also allocated a number internally called the GID (Group ID) The GID can be one of the following types: –Normal groups—GID 100 and above –System groups—GIDs from 1 to 99, used by system services –Root group—GID = 0 9

SUSE Linux Enterprise Desktop Administration Manage User and Group Accounts with YaST You can access YaST user and group account administration in the following ways: –User administration –Group administration If you selected LDAP for authentication during the installation –You are prompted for the LDAP server administrator password 10

SUSE Linux Enterprise Desktop Administration Manage User and Group Accounts with YaST (continued) User administration –With the Users button selected, the User and Group Administration window lists the existing user accounts See Figure 9-2 –To create a new user account or edit an existing account, select Add or Edit See Figure 9-3 –To set the properties of the user, select the Details tab See Figure

SUSE Linux Enterprise Desktop Administration12 Figure 9-2 User administration

SUSE Linux Enterprise Desktop Administration13 Figure 9-3 Create a new user account

SUSE Linux Enterprise Desktop Administration14 Figure 9-4 Set user properties

SUSE Linux Enterprise Desktop Administration Manage User and Group Accounts with YaST (continued) User administration (continued) –To set various password parameters, select the Password Settings tab See Figure 9-5 Set Defaults for New User Accounts –You can use YaST to select default settings to be applied to new user accounts –See Figure 9-6 –The values are written to the file /etc/default/useradd 15

SUSE Linux Enterprise Desktop Administration16 Figure 9-5 Set user password properties

SUSE Linux Enterprise Desktop Administration17 Figure 9-6 Set defaults for new user accounts

SUSE Linux Enterprise Desktop Administration Manage User and Group Accounts with YaST (continued) Group Administration –To administer groups, start YaST and select Security and Users > Group Management See Figure 9-7 –You can create a new group or edit an existing group by selecting Add or Edit See Figure

SUSE Linux Enterprise Desktop Administration19 Figure 9-7 Group administration

SUSE Linux Enterprise Desktop Administration20 Figure 9-8 Create a new group or edit an existing one

SUSE Linux Enterprise Desktop Administration Manage User and Group Accounts from the Command Line Manage User Accounts from the Command Line –The user root can use the following commands: useradd to create a new user account passwd to change a user’s password userdel to delete an existing user account usermod to modify settings for an existing user account –Standard configuration information is derived from the /etc/default/useradd and /etc/login.defs files 21

Manage User Accounts from the Command Line (continued) – passwd command can also be used for: Lock a user account Status of a user account Change password times SUSE Linux Enterprise Desktop Administration Manage User and Group Accounts from the Command Line (continued) 22 Table 9-1 Options for changing password times

SUSE Linux Enterprise Desktop Administration Manage User and Group Accounts from the Command Line (continued) Manage User Accounts from the Command Line (continued) –The /etc/default/passwd file is checked for the encryption method to be used The encryption method is set in the variable CRYPT –You can use the id command in a terminal window To display information about a user’s UID and which groups the user is assigned to 23

SUSE Linux Enterprise Desktop Administration Manage User and Group Accounts from the Command Line (continued) Manage Groups from the Command Line –You can use the following commands groupadd to create a new group groupdel to delete a group groupmod to modify the settings for an existing group gpasswd to change passwords for group accounts –If you want information on the groups in which you are a member, enter groups –The newgrp command allows you to change the effective group of the executing user 24

SUSE Linux Enterprise Desktop Administration User and Group Configuration Files /etc/passwd –Stores information for each user such as the username, the UID, home directory, and the login shell –In the past, it also contained the encrypted password The encrypted password is now stored in /etc/shadow –Only readable by root and members of the group shadow –Each line in the file represents one user See Figure

SUSE Linux Enterprise Desktop Administration User and Group Configuration Files (continued) 26 Figure 9-9 Information contained in each line of the /etc/passwd file

SUSE Linux Enterprise Desktop Administration User and Group Configuration Files (continued) /etc/shadow –Stores encrypted user passwords and password expiration information –Can only be changed by the user root and read by the user root and members of the group shadow –Each line in the file belongs to one user See Figure

SUSE Linux Enterprise Desktop Administration User and Group Configuration Files (continued) 28 Figure 9-10 Information contained in each line of the /etc/shadow file

SUSE Linux Enterprise Desktop Administration User and Group Configuration Files (continued) /etc/group –Stores group information –Each line in the file represents a single group record And contains the group name, the GID, and the members of the group 29

SUSE Linux Enterprise Desktop Administration Exercise 9-1: Manage User Accounts with YaST and Get User and Group Information from the Command Line In this exercise, first create and remove a user account with the YaST User Management module Perform the following tasks: –Create a new account labeled tux for the user Tux Penguin with the password of novell –Log in as the new user tux –Open the /etc/passwd file and look for the entries for geeko and tux –Log in as geeko and remove tux’s account using YaST 30

SUSE Linux Enterprise Desktop Administration Objective 3—Manage File Permissions and Ownership You can change the current values associated with ownership and permissions by knowing how to do the following: –Understand File Permissions –Change File Permissions with chmod –Change File Ownership with chown and chgrp –Modify Default Access Permissions –Configure Special File Permissions 31

SUSE Linux Enterprise Desktop Administration Understand File Permissions ls –l command –Displays the contents of the current directory Along with the assigned permissions for each file or subdirectory Each file (and directory) can belong to only one user and one group You can also view the permissions, owner, and group from the Nautilus file manager 32

SUSE Linux Enterprise Desktop Administration33 Figure 9-11 File properties in Nautilus file manager

SUSE Linux Enterprise Desktop Administration Change File Permissions with chmod You can use the chmod command to add or remove permissions The following options can be used to change the permissions: –u—Change permissions for the owner (user) –g—Change permissions for the group –o—Change permissions for others –a—Change permissions for all (owner, group, and others) 34

SUSE Linux Enterprise Desktop Administration Change File Permissions with chmod (continued) 35 Table 9-2 Examples of the chmod command

SUSE Linux Enterprise Desktop Administration Change File Permissions with chmod (continued) Using the option -R (recursive) and a specified directory –You can change the access permissions for the directory and all files and subdirectories beneath it Besides using letters (rwx), you can also use the octal way of representing the permission letters with groups of numbers –Read: 4 –Write: 2 –Execute: 1 36

SUSE Linux Enterprise Desktop Administration Change File Permissions with chmod (continued) 37 Table 9-3 Examples of the chmod command using numbers equivalents Table 9-4 Using numbers instead of letters

SUSE Linux Enterprise Desktop Administration Change File Ownership with chown and chgrp The user root can use the chown command to change the user and group affiliation of a file by using the following syntax: –chown new_user.new_group file To change the owner, but not the group –chown new_user file To change the group, but not the user –chown.new_group file 38

SUSE Linux Enterprise Desktop Administration Change File Ownership with chown and chgrp (continued) You can also change the group affiliation of a file with the chgrp command: –chgrp new_group file Normal users can use the chown command to allocate a file that they own to a new group: –chown.new_group file 39

SUSE Linux Enterprise Desktop Administration Exercise 9-2: Manage File Permissions and Ownership In this exercise, you create directories with different permissions 40

SUSE Linux Enterprise Desktop Administration Modify Default Access Permissions By default, files are created with the access mode 666 and directories with 777 To modify (restrict) these default access mode settings, you can use the umask command –With a three-digit numerical value –The permissions set in the umask are removed from the default permissions umask without any parameters shows the current value of the umask with a leading zero 41

SUSE Linux Enterprise Desktop Administration Modify Default Access Permissions (continued) 42 Table 9-5 Examples of the umask command

SUSE Linux Enterprise Desktop Administration Configure Special File Permissions 43 Table 9-6 Special file permissions

SUSE Linux Enterprise Desktop Administration Ensure File System Security In Linux, file system security is especially important –Because every resource available on the system is represented as a file The Basic Rules for User Write Access –Access permissions can be administered separately for file owners, user groups, and the rest of the world –As a general rule, a normal user should only have write access in the following directories: The home directory of the user The /tmp directory (to store temporary files) 44

SUSE Linux Enterprise Desktop Administration Ensure File System Security (continued) The Basic Rules for User Read Access –No normal user account should be able to read the content of files that store passwords, including: /etc/shadow /etc/samba/smbpasswd Files with Apache passwords /etc/openldap/sldap.conf /boot/grub/menu.1st –Some password files can be readable for a nonroot account This is normally the account under whose user ID a service daemon is running 45

SUSE Linux Enterprise Desktop Administration Objective 4—Perform Tasks as a Different User Some tasks can only be done from the root user account –Sometimes root might want to delegate tasks to normal users This objective covers both scenarios: –Perform Administrative Tasks as root –Delegate Administrative Tasks with sudo 46

SUSE Linux Enterprise Desktop Administration Perform Administrative Tasks as root As a system administrator, you are advised to log in as a normal user –And only switch to root to perform tasks that require root permissions Start Programs from GNOME as Another User –You can start any program with a different UID (as long as you know the password) Using the program gnomesu –You can specify a different user than root and also start a program directly with the following syntax: gnomesu--uuser command 47

SUSE Linux Enterprise Desktop Administration Perform Administrative Tasks as root (continued) Switch to Another User with su –You can use the su (switch user) command to assume the UID of root or of other users –su syntax: su[ options]...[-]user[argument]] Switch to Another Group with newgrp –A user can be a member of many different groups However, he or she can have only one effective (current) group at any one time –You can change the effective group GID with the command newgrp or sg 48

SUSE Linux Enterprise Desktop Administration Delegate Administrative Tasks with sudo The default configuration of sudo in SLED 10 requires the knowledge of the root password Advantages of using sudo: –Executed commands are logged to /var/log/messages –You do not need to retype the password for each command /etc/sudoers configuration file –Allows sudo to ask for the user password instead of the root password –Allows visudo to specify which command a user can or cannot enter 49

SUSE Linux Enterprise Desktop Administration Delegate Administrative Tasks with sudo (continued) 50 Figure 9-12 Example illustrating the flexibility of sudo

SUSE Linux Enterprise Desktop Administration Exercise 9-3: Use sudo to Perform Tasks as root In this exercise, you use sudo to view the /var/log/messages log file as a normal user First, use visudo as root to change the sudo configuration to allow geeko to use the tail command to view the last lines of /var/log/messages and any new lines added to it Then, as geeko, view the end of the /var/log/messages log file using sudo 51

SUSE Linux Enterprise Desktop Administration Objective 5—Use Encrypted File Systems With SLED 10, it is possible to encrypt a file system on a partition –Or to create encrypted home directories based on images that contain an encrypted file system Both can be set up with YaST: –Use YaST to Encrypt a Partition –Create an Encrypted Image as Home Directory for a User 52

SUSE Linux Enterprise Desktop Administration Use YaST to Encrypt a Partition You only need to select the appropriate option when creating the partition in YaST –Enter a password to unlock the partition when it is mounted –See Figures 9-13 and 9-14 The minimum password length required is eight characters, but a longer password is advisable 53

SUSE Linux Enterprise Desktop Administration54 Figure 9-13 Create an encrypted partition

SUSE Linux Enterprise Desktop Administration55 Figure 9-14 Enter a password for an encrypted partition

SUSE Linux Enterprise Desktop Administration Use YaST to Encrypt a Partition (continued) To unlock the partition when the system boots, a prompt appears during the boot process –The machine boots up even if no password is entered, but the partition is not accessible To access the partition, log in as root and enter /etc/init.d/boot.crypto start –Then enter the password for the partition 56

SUSE Linux Enterprise Desktop Administration Create an Encrypted Image as Home Directory for a User Another approach is offered in YaST as part of the User Management module –See Figure 9-15 Create a file of that size with an encrypted file system inside –File system can be mounted as a loop device The image file is named username.img and located in /home –The key used to decrypt the image is username.key in /home, and the user’s password is used to unlock it 57

SUSE Linux Enterprise Desktop Administration58 Figure 9-15 Create an encrypted image as a home directory for a user

SUSE Linux Enterprise Desktop Administration Summary Linux is a multiuser, multitasking, and multithreading operating system Users use normal user accounts to log in to the system Each user account is a member of one or more groups Linux systems store user information in /etc/passwd and password information in /etc/shadow For system identification, each user account has a UID, and each group account has a GID 59

SUSE Linux Enterprise Desktop Administration Summary (continued) The id command displays your UID, GIDs, and primary GID The su and gnomesu commands can be used to switch to another user account or run a program as another user account You can use the useradd, usermod, and userdel commands to add, modify, and remove user accounts on your system You can change user account passwords, lock user accounts, and control password expiry settings using the passwd command 60

SUSE Linux Enterprise Desktop Administration Summary (continued) YaST can be used to perform all user and group management functions You can assign read, write, and execute permissions to files and directories Permissions can be set on the owner of a file (owner), members of the group of the file (group), as well as everyone else on the system (others) using the chmod command Encryption can be used as an alternative to file and directory permissions 61

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.