Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A."— Presentation transcript:

1 User Account Management WeeSan Lee

2 Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A

3 Add An Account To create an account for user foo  Create /home/foo  $ cp -a /etc/skel/* /home/foo  $ chown -R foo:users /home/foo  $ chmod 711 /home/foo $ chmod u=rwx,g=x,o=x /home/foo  Add foo into /etc/passwd and /etc/shadow $ vipw  $ passwd foo Alternatively, use useradd  $ useradd foo  $ passwd foo

4 Delete An Account To remove the account foo  Revert what we did before Or, use userdel  $ userdel foo  $ userdel -r foo Delete /home/foo as well To find files left behind  $ find -nouser -xdev /

5 /etc/passwd A file that contains a list of users recognized by the system World readable  Why? Each line represents one user, eg.  foo:x:500:500:Foo Bar:/home/foo:/bin/bash 7 fields separated by colons  Login name or username  Encrypted passwd  UID  Default GID  “GECOS” information: fullname, office, extension, phone #  Home directory  Login shell

6 /etc/passwd (cont) Login name  32 chars long  8 for NIS (Network Information Service)  Case sensitive, usually lower case  Usually used as email address Encrypted passwd  See /etc/shadow UID  32-bit unsigned integers  Start from 500. See /etc/logins.defs foo:x:500:500:Foo Bar:/home/foo:/bin/bash

7 /etc/passwd (cont) Login name  32 chars long  8 for NIS (Network Information Service)  Case sensitive, usually lower case  Usually used as email address Encrypted passwd  See /etc/shadow UID  32-bit unsigned integers  Start from 500. See /etc/logins.defs foo:x:500:500:Foo Bar:/home/foo:/bin/bash

8 /etc/passwd (cont) Login name  32 chars long  8 for NIS (Network Information Service)  Case sensitive, usually lower case  Usually used as email address Encrypted passwd  See /etc/shadow UID  32-bit unsigned integers  Start from 500. See /etc/logins.defs foo:x:500:500:Foo Bar:/home/foo:/bin/bash

9 /etc/passwd (cont) Default GID  Defined in /etc/group GECOS field  For personal information  $ finger foo Home directory  Cd to home directory after login Login shell  Valid shells defined in /etc/shells foo:x:500:500:Foo Bar:/home/foo:/bin/bash

10 /etc/passwd (cont) Default GID  Defined in /etc/group GECOS field  For personal information  $ finger foo Home directory  Cd to home directory after login Login shell  Valid shells defined in /etc/shells foo:x:500:500:Foo Bar:/home/foo:/bin/bash

11 /etc/passwd (cont) Default GID  Defined in /etc/group GECOS field  For personal information  $ finger foo Home directory  Cd to home directory after login Login shell  Valid shells defined in /etc/shells foo:x:500:500:Foo Bar:/home/foo:/bin/bash

12 /etc/passwd (cont) Default GID  Defined in /etc/group GECOS field  For personal information  $ finger foo Home directory  Cd to home directory after login Login shell  Valid shells defined in /etc/shells foo:x:500:500:Foo Bar:/home/foo:/bin/bash

13 /etc/shadow A file contains the encrypted passwd for the users Only readable by root or processes with root privilege Each line represents user, eg.  foo:$1$naYPGQnr$2Xyp.Q1KrWSf//VFR.yBL0:13690:0:99999:7::: 9 fields separated by colons  Login name or username  Encrypted passwd  Date of last passwd change  Min. # of days between password changes  Max # of days between password changes  # of days in advance to warn users about passwd expiration  # of days after passwd expiration that account is disabled  Account expiration date  A reserved field Usually login name and passwd are enough

14 /etc/shadow (cont) usermod  $ usermod -e 2007-06-26

15 /etc/group A file contains the names of UNIX groups and a list of group’s members, eg.  foo:x:500:  installer:x:200:foo,bar Each line represents one group 4 fields separated by colons  Group name (8 chars)  Encrypted passwd or x for /etc/gshadow  GID (starts from 500. see /etc/login.defs)  List of members, separated by commas (no space)

16 How To Disable An Account? Append username with a ‘*’ in /etc/passwd $ usermod -L foo  Put a ‘!’ in front of the encrypted passwd  To undo: $ usermod -U foo usermod -e yyyy-mm-dd Replace login shell with  /etc/false  /sbin/nologin

17 Root Account Special and powerful account UID 0 Guard your root passwd “with your life!!!”  At least 8 chars. long  Don’t write it down  Mix letters, numbers and punctuations Eg. Bambo0! Don’t login root as a normal user  Use su when needed Don’t share your root passwd with others

18 Root Account (cont) Use sudo instead  $ sudo /bin/bash  /etc/sudoers  All commands are logged To edit /etc/sudoers  $ visudo  foo ALL=(root) ALL User foo can run ALL commands on ALL machines as root  Host_Alias CS=eon,orpheus  Cmnd_Alias SNOOP=/usr/sbin/tcpdump,/usr/sbin/ethereal  bar CS=SNOOP

19 References LAH  Ch 3: Rootly Powers  Ch 6: Adding New Users

Download ppt "User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A."

Similar presentations

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Linux Users and Groups Management

Linux Users and Groups Management
6. Adding New Users Xiang Sha Cmsc 691x. 6.1 The /etc/passwd File The /etc/passwd File is a list of users recognized by the system. Login name Encrypted.

6. Adding New Users Xiang Sha Cmsc 691x. 6.1 The /etc/passwd File The /etc/passwd File is a list of users recognized by the system. Login name Encrypted.
Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.

Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.
Adding New users This is a routine chore on most systems

Adding New users This is a routine chore on most systems
Chapter 2 Accessing Your System and the Common Desktop Environment.

Chapter 2 Accessing Your System and the Common Desktop Environment.
Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw 2.Set an initial password >passwd.

Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw 2.Set an initial password >passwd.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Linux System Administration LINUX SYSTEM ADMINISTRATION.

Linux System Administration LINUX SYSTEM ADMINISTRATION.
Workbook 3 Users and Groups

Workbook 3 Users and Groups
CIS 218 Advanced UNIX 1 User and System Information CIS 218.

CIS 218 Advanced UNIX 1 User and System Information CIS 218.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Unix System Administration Rootly Powers Chapter 3.

Unix System Administration Rootly Powers Chapter 3.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
2/19/2003 Lecture 3 Computer System Administration Lecture 3 Setup (continued)

2/19/2003 Lecture 3 Computer System Administration Lecture 3 Setup (continued)
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.

IT2204: Systems Administration I 1 6b). Introduction to Linux.
Unix System Administration Chapter 6 Adding New Users.

Unix System Administration Chapter 6 Adding New Users.

Similar presentations

Ads by Google