Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Environments Objectives –to provide appropriate environments for different types of users Contents –different login programs –user profiles –restricted.

Published byBlaise Jenkins Modified over 9 years ago

Similar presentations

Presentation on theme: "User Environments Objectives –to provide appropriate environments for different types of users Contents –different login programs –user profiles –restricted."— Presentation transcript:

1 User Environments Objectives –to provide appropriate environments for different types of users Contents –different login programs –user profiles –restricted shells –security issues Practicals –to provide special user accounts Summary

2 Login Shell The password file defines the user's login shell –full program pathname must be specified –no parameters allowed Standard programs are interactive shells –Bash, Bourne Again Shell (bash) –Bourne shell (sh) –C shell (csh) Specialist programs can be provided –pppd Any executable program can be provided –database front end query programs –simple menu selection programs

3 Restricted Shells A restricted shell stops the user from: –changing directories with cd –changing the value of the PATH variable –specifying command names containing / –using output redirection > and >> Restrictions only apply to interactive session –profiles can still perform all functions Restricted shells apply to some standard applications –Sendmail uses /usr/sbin/smrsh Create a special bin directory for restricted users –often in /usr/rbin with links to required programs in /usr/bin

4 Restricted root Access # cat >/home/admin/bin/shutdown #!/usr/bin/sh # shutdown script trap "" 2 3 echo "Type number of seconds to shutdown or" echo -n "Ctrl-D to abandon shutdown [180]? " if read N; then [ -z "$N" ] && N=180 echo "Shutting down in $N seconds" /sbin/shutdown -i0 -g$N -y fi # useradd -o -u 0 -d / -s /home/admin/bin/shutdown shutdown # passwd shutdown # cat >/home/admin/bin/shutdown #!/usr/bin/sh # shutdown script trap "" 2 3 echo "Type number of seconds to shutdown or" echo -n "Ctrl-D to abandon shutdown [180]? " if read N; then [ -z "$N" ] && N=180 echo "Shutting down in $N seconds" /sbin/shutdown -i0 -g$N -y fi # useradd -o -u 0 -d / -s /home/admin/bin/shutdown shutdown # passwd shutdown Administrator provided shell scripts are useful for providing restricted root access to the system –user written shell scripts –shutdown or backup programs

5 Environment Files Two environment files are executed at login time when a Bourne or Korn shell is executed /etc/profile –contains system commands –common environment (set of variable definitions) for all users –may define variable ENV, describing the location of Shell specific environment file, usually set to $HOME/.bashrc $HOME/.bash_profile –contains user commands and definitions –run once at login Finally, if the variable ENV is defined then the shell executes the file given by its value –use to set up shell environment: aliases, functions, prompts, etc. Many definitions are predefined in the /etc/profile file

6 Environmental Definitions Most users will need to modify some of the environmental definitions to suit their requirements Good system administrator will make sure that user has a basic set of definitions available when account is created These may include: PATH=$PATH:/usr/X/bin:. # include required search directories EDITOR=vi # define line editting editor (for history mechanism) TERM=vt100 # must reflect terminal used, otherwise all non- character-based applications, including vi, will fail MAIL=/var/mail/$LOGNAME # location for your mail box SHELL=/bin/bash # shell used for 'escape' from program. eg. when you type :!cmd within vi, the cmd is executed by the shell defined here ENV=$HOME/.bashrc # location of bash shell run command file All variable must be exported after they have been set

7 The umask Command Used to define default permissions on newly created files The user mask (umask) is part of the process environment –used when creating files to remove permissions –the creating process defines the file permissions –then the umask value is subtracted Each bit set in the octal umask clears the corresponding bit in the permissions umaskplain text files (vi)directories (mkdir) rw-rw-rw-rwxrwxrwx 000rw-rw-rw-rwxrwxrwx 022rw-r--r--rwxr-xr-x 033rw-r--r--rwxr--r-- 027rw-r-----rwxr-x--- 077rw-------rwx------ umaskplain text files (vi)directories (mkdir) rw-rw-rw-rwxrwxrwx 000rw-rw-rw-rwxrwxrwx 022rw-r--r--rwxr-xr-x 033rw-r--r--rwxr--r-- 027rw-r-----rwxr-x--- 077rw-------rwx------

8 Message of the day Profiles often display a message of the day –traditionally stored in /etc/motd Keep message short and up to date –otherwise users will stop reading it Include a restricted access notice # more /etc/motd Welcome to Acme's Development System. Access to this system is restricted to authorised users only. Unauthorised access is prohibited and offenders are liable to prosecution. System will be down all day on Sun 23 April for preventative maintenance. # more /etc/motd Welcome to Acme's Development System. Access to this system is restricted to authorised users only. Unauthorised access is prohibited and offenders are liable to prosecution. System will be down all day on Sun 23 April for preventative maintenance.

9 Exercise - Example Environment A typical system profile (/etc/profile) : trap "" 2 3 ENV=$HOME/.kshrc export ENV ulimit -c 0 umask 022 cat /etc/motd trap 2 3 A typical system profile (/etc/profile) : trap "" 2 3 ENV=$HOME/.kshrc export ENV ulimit -c 0 umask 022 cat /etc/motd trap 2 3 Which file is maintained by the administrator? What do the two trap commands imply for /etc/profile? A typical user profile (.bash_profile): PATH=$PATH:$HOME/bin TERM=vt100 A typical user profile (.bash_profile): PATH=$PATH:$HOME/bin TERM=vt100 A typical user bashrc file (.bashrc): alias dir=ls lf='ls -FC' export PS1='$PWD[!] ' set -o vi A typical user bashrc file (.bashrc): alias dir=ls lf='ls -FC' export PS1='$PWD[!] ' set -o vi what do you think this line should contain?

10 Guest Accounts Many systems define a login called guest –password null or set to guest Disable or remove this account –it is a security risk System hackers logging in as guest can: –get a list of login names (/etc/passwd) –look at encrypted passwords on older unix systems –use find to look for security holes –find out about networked machines (/etc/hosts) –access the network via telnet, rlogin & rsh & rcp If someone wants to use your system you should know about them and provide an account accordingly

11 Shared Group Directories Users working on a common set of files should belong to the same group Files should be stored in a common directory Directory should have: –sticky bit –set group id (so that all files are owned by the directory group) $ ls -al /shared drwxrwsr-t 1 trapper staff 1024 Dec 25 09:30. drwxr-xr-x 1 root sys 512 Dec 25 09:30.. $ id -a uid=318(hawkeye) gid=300(users) groups=100(staff),300(users) $ cp lfile /shared $ ls -l lfile /shared/lfile -rw-r--r--1 hawkeye users 232 Jan 18 09:58 lfile -rw-r--r--1 hawkeye staff 232 Jan 19 11:42 /shared/lfile $ ls -al /shared drwxrwsr-t 1 trapper staff 1024 Dec 25 09:30. drwxr-xr-x 1 root sys 512 Dec 25 09:30.. $ id -a uid=318(hawkeye) gid=300(users) groups=100(staff),300(users) $ cp lfile /shared $ ls -l lfile /shared/lfile -rw-r--r--1 hawkeye users 232 Jan 18 09:58 lfile -rw-r--r--1 hawkeye staff 232 Jan 19 11:42 /shared/lfile

12 Summary Users can be provided any login program not just an interactive shell A standard user environment should be set and maintained by the administrator using /etc/default/login and /etc/profile Users may be restricted in their access to the system and what they can do /usr/lib/rsh & /usr/bin/rksh Users can be setup to share directories by using combination of guid and sticky bits Guest account without a password is bad news

Download ppt "User Environments Objectives –to provide appropriate environments for different types of users Contents –different login programs –user profiles –restricted."

Similar presentations

1 Introduction to UNIX Ke Liu

1 Introduction to UNIX Ke Liu
NETW-240 Shells Last Update 2013.04.09 1.4.0 Copyright 2000-2012 Kenneth M. Chipps Ph.D. www.chipps.com 1.

NETW-240 Shells Last Update Copyright Kenneth M. Chipps Ph.D. 1.
Chapter Seven Unix Shell Environments1 System Programming UNIX Shell Environments.

Chapter Seven Unix Shell Environments1 System Programming UNIX Shell Environments.
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.

1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
CS 497C – Introduction to UNIX Lecture 36: - Customizing the Environment Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 36: - Customizing the Environment Chin-Chih Chang
More Shell Basics CS465 - Unix. Unix shells User’s default shell - specified in /etc/passwd file To show which shell you are currently using: $ echo $SHELL.

More Shell Basics CS465 - Unix. Unix shells User’s default shell - specified in /etc/passwd file To show which shell you are currently using: $ echo $SHELL.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Introduction to Unix (CA263) Introduction to Shell Script Programming By Tariq Ibn Aziz.

Introduction to Unix (CA263) Introduction to Shell Script Programming By Tariq Ibn Aziz.
L INUX C OMMAND L INE I NTERFACE 15-09-2013 G UNAANBAN.G

L INUX C OMMAND L INE I NTERFACE G UNAANBAN.G
COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.

COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.
Unix Primer. Unix Shell The shell is a command programming language that provides an interface to the UNIX operating system. The shell is a “regular”

Unix Primer. Unix Shell The shell is a command programming language that provides an interface to the UNIX operating system. The shell is a “regular”
Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.

Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.
Introduction to Shell Script Programming

Introduction to Shell Script Programming
Week 7 Working with the BASH Shell. Objectives  Redirect the input and output of a command  Identify and manipulate common shell environment variables.

Week 7 Working with the BASH Shell. Objectives  Redirect the input and output of a command  Identify and manipulate common shell environment variables.
Agenda User Profile File (.profile) –Keyword Shell Variables Linux (Unix) filters –Purpose –Commands: grep, sort, awk cut, tr, wc, spell.

Agenda User Profile File (.profile) –Keyword Shell Variables Linux (Unix) filters –Purpose –Commands: grep, sort, awk cut, tr, wc, spell.
2.0.0.3 – Introduction to the Shell 10/1/2015 Introduction to the Shell – Session 2 1 2.0.0.3.2 Introduction to the Shell – Session 2 · Permissions · Users.

– Introduction to the Shell 10/1/2015 Introduction to the Shell – Session Introduction to the Shell – Session 2 · Permissions · Users.
An Introduction to UNIX System --- Cosc513 Presentation n Instructor: Morteza Anvari n Author: Yonghong Pan n ID#: 105107 n Date: Jan.29, 2001.

An Introduction to UNIX System --- Cosc513 Presentation n Instructor: Morteza Anvari n Author: Yonghong Pan n ID#: n Date: Jan.29, 2001.
Introduction to Computer Organization & Systems Topics: Intro to UNIX COMP 21000 John Barr.

Introduction to Computer Organization & Systems Topics: Intro to UNIX COMP John Barr.

Similar presentations

Ads by Google