Presentation on theme: "Unit 5 – User Administration Randy Marchany VA Tech Computing Center."— Presentation transcript:
Unit 5 – User Administration Randy Marchany VA Tech Computing Center
Understanding the Login Procedure Multiple ways of logging into the system – telnet – cleartext – not recommended – ssh – encrypted – highly recommended Ssh clients available on VTNET CD for PC/MAC User information is parsed from /etc/passwd file at login and the base environment variables are set.
Understanding the Login Procedure Base environment variables – HOME – location of your home directory – LOGNAME – your login name (userid) – PATH – default search path for commands – SHELL – default shell – MAIL – location of your email directory – TZ – time zone specification
/etc/password, /etc/shadow These files are the critical files that contain all of the user information for your system /etc/passwd is world readable, /etc/shadow is readable by root only. Why? – /etc/shadow contains the encrypted password string for each userid. There are password cracking programs that will use this encrypted string to brute force guess the userid password.
/etc/passwd Format 7 fields Userid:Password string:UID:GID:Name field:home directory location:default shell Userid – the login id of the user account Password string – a marker X, in older Unix systems this is where the encrypted password string would have been stored.
/etc/passwd Format UID – unique number that identifies the userid. The OS uses this NOT the username to identify an account. GID – unique number identifying the group the userid belongs to. Name field – name of the account owner Home directory location – where the default home directory for this userid is located. Default shell – the default shell activated upon logging into the system
The UID/GID Pair The UID must be unique between userids. You can have multiple usernames associated with the same UID. Solaris will treat all of them as the same userid. UID 0 is root. There should be only 1 account with this UID. UIDs must be unique across systems.
Adding Users Admintool is the main GUI that handles user management. useradd command adds a new user. Command line: – useradd –d dir –u uid –s shell –g group –c comment username – These are the most common flags but there are others. See the man page.
Modifying Users Admintool is the preferred method. /usr/sbin/usermod is the command line version. Command line: – /usr/sbin/usermod –u uid –g group –s shell userid – There are more flags but these are the most common ones used.
Deleting Users Admintool is the preferred method The userdel command deletes a user from the system and modifies /etc/passwd, /etc/group, /etc/shadow appropriately. Command line: – /usr/sbin/userdel –r userid – The –r option deletes the user’s home directory.
Adding/modifying Groups Admintool GUI is the first choice. groupadd command creates a new group. Command line: – /usr/sbin/groupadd –g gid groupname Modifying the group via command line – /usr/sbin/groupmod –g gid –n name group
Deleting Groups Admintool is the preferred method (duh!) The groupdel command deletes a group from the system. Command line: – /usr/sbin/groupdel group
Setting Up the User Environment System initialization files define environment variables when a user shell is started. 2 types – System – sets environment variable for everyone on the system – User – sets the environment variable for a single user only
Setting Up the User Environment System initialization files are executed first when the user logs in. – Bourne shell: /etc/profile – Korn shell: /etc/profile – C shell: /etc/.login User initialization files are executed next. – Bourne shell: $HOME/.profile – Korn shell: $HOME/.profile – C shell: $HOME/.cshrc, $HOME/.login
Setting Up the User Environment Default /etc/profile and /etc/.login files check quotas, print the MOTD, and check for email (“You have Mail”). If $HOME/.hushlogin exists, the MOTD is not printed. You can add any other system wide commands to these files.
The.profile file Each user can make changes to their.profile or.cshrc or.login files. The user customizes their environment by adding or deleting commands from these files. The most common variable is the PATH command. This defines the search order for your commands.
The /etc/profile file This file sets the default permissions for files (umask command). It prints out the MOTD. The MOTD is stored in /etc/motd with additional information in /etc/issue. It can be used to set the environment for third party software such as Arcinfo or any other GIS software.
The /etc/skel files Templates that are used to create the user initialization files are stored in /etc/skel. Bourne and Korn shells use the template /etc/skel/local.profile. C shell uses the templates /etc/skel/local.cshrc and /etc/skel/local.login. These templates are modified based on the information provided by useradd and the copies are moved to the user home directories. They are renamed to.profile,.login and.cshrc as needed.
The /etc/skel files You can modify these templates to ensure your customizations are placed in all user environments. Sun recommends you create a new directory to contain your site specific files. Make the changes in these files and copy them to the user directories. I must admit that I don’t do this.