User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.

Slides:

Advertisements

Similar presentations

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Advertisements

Linux Users and Groups Management

6. Adding New Users Xiang Sha Cmsc 691x. 6.1 The /etc/passwd File The /etc/passwd File is a list of users recognized by the system. Login name Encrypted.

Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.

Adding New users This is a routine chore on most systems

Chapter 2 Accessing Your System and the Common Desktop Environment.

Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw 2.Set an initial password >passwd.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.

Linux+ Guide to Linux Certification, Second Edition

Linux System Administration LINUX SYSTEM ADMINISTRATION.

Workbook 3 Users and Groups

CIS 218 Advanced UNIX 1 User and System Information CIS 218.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Unix System Administration Rootly Powers Chapter 3.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

2/19/2003 Lecture 3 Computer System Administration Lecture 3 Setup (continued)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

IT2204: Systems Administration I 1 6b). Introduction to Linux.

Unix System Administration Chapter 6 Adding New Users.

Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Linux+ Guide to Linux Certification, Third Edition

CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Accounts and Namespaces.

Managing Users Objectives Contents Practicals Summary

ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.

Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 

There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?

Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.

System Administration 1.  system administration  user and group management 2.

Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.

Introduction to System Admin Sirak Kaewjamnong. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups.

Managing Users Objectives –to be able to add, modify and remove Unix user accounts Contents –requirements for a user account –configuration files (passwd,

Linux Based Networks University of Education Instructor: Muhammad Amer Irshad.

User Management. Adding New Users Computer Center, CS, NCTU 3 ID  User ID, Group ID % id liuyh  uid=10047(liuyh) gid=200(dcs) groups=200(dcs),0(wheel),700(ta),800(security),888(wwwadm)

The Saigon CTT Chapter 10 Managing Users. The Saigon CTT  Objectives  Define the requirements for user accounts  Explain group and group accounts 

© 2006 ITT Educational Services Inc. Linux Operating System :: Unit 3 :: Slide 1 Downloading and Installing Software yum pirut Bit Torrent rmp.

ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.

Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.

SCSC 455 Computer Security Chapter 3 User Security.

Lecture – Users and groups

Working with users and Groups. 1. Manage users and group 2. Manage ownership, permissions, and quotas.

Linux Use the Command-Line Interface to Administer the System.

1. Edit the password and group files > vipw(8), pw(8) 2. Set an initial password > passwd lwhsu 3. Set quota > edquota [-u] lwhsu 4. Create user home.

CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.

SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.

Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw, pw 2.Set an initial password.

Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.

Experiment No 4 Prepared by, Mr. Satish Pise. Objectives View the /etc/passwd file and describe its syntax. View the /etc/shadow file and describe its.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses. ©Copyright Network Development Group Module 14 Managing.

UNIX Command RTFM: sudo(8)

User Management.

Chapter 11: Managing Users

User Management.

Chapter 2 User Management

Linux Users and Groups Management

IS3440 Linux Security Unit 3 User Account Management

Adding New Users, Storage, File System

COP 4343 Unix System Administration

LINUX SYSTEM ADMINISTRATION

User Management lctseng.

User Management.

Chapter Introduction 3.2 The UNIX Model of Ownership

System & Network Administration (MCSA & RHCSA)

Module 13 System and User Security

Adding New Users Chapter 6.

Administering Users and Groups

Administering Users and Groups

Adding New Users.

Chapter 6 Adding New Users

Presentation transcript:

User Account Management WeeSan Lee

Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A

Add An Account To create an account for user foo  Create /home/foo  $ cp -a /etc/skel/* /home/foo  $ chown -R foo:users /home/foo  $ chmod 711 /home/foo $ chmod u=rwx,g=x,o=x /home/foo  Add foo into /etc/passwd and /etc/shadow $ vipw  $ passwd foo Alternatively, use useradd  $ useradd foo  $ passwd foo

Delete An Account To remove the account foo  Revert what we did before Or, use userdel  $ userdel foo  $ userdel -r foo Delete /home/foo as well To find files left behind  $ find -nouser -xdev /

/etc/passwd A file that contains a list of users recognized by the system World readable  Why? Each line represents one user, eg.  foo:x:500:500:Foo Bar:/home/foo:/bin/bash 7 fields separated by colons  Login name or username  Encrypted passwd  UID  Default GID  “GECOS” information: fullname, office, extension, phone #  Home directory  Login shell

/etc/passwd (cont) Login name  32 chars long  8 for NIS (Network Information Service)  Case sensitive, usually lower case  Usually used as address Encrypted passwd  See /etc/shadow UID  32-bit unsigned integers  Start from 500. See /etc/logins.defs foo:x:500:500:Foo Bar:/home/foo:/bin/bash

/etc/passwd (cont) Login name  32 chars long  8 for NIS (Network Information Service)  Case sensitive, usually lower case  Usually used as address Encrypted passwd  See /etc/shadow UID  32-bit unsigned integers  Start from 500. See /etc/logins.defs foo:x:500:500:Foo Bar:/home/foo:/bin/bash

/etc/passwd (cont) Login name  32 chars long  8 for NIS (Network Information Service)  Case sensitive, usually lower case  Usually used as address Encrypted passwd  See /etc/shadow UID  32-bit unsigned integers  Start from 500. See /etc/logins.defs foo:x:500:500:Foo Bar:/home/foo:/bin/bash

/etc/passwd (cont) Default GID  Defined in /etc/group GECOS field  For personal information  $ finger foo Home directory  Cd to home directory after login Login shell  Valid shells defined in /etc/shells foo:x:500:500:Foo Bar:/home/foo:/bin/bash

/etc/passwd (cont) Default GID  Defined in /etc/group GECOS field  For personal information  $ finger foo Home directory  Cd to home directory after login Login shell  Valid shells defined in /etc/shells foo:x:500:500:Foo Bar:/home/foo:/bin/bash

/etc/passwd (cont) Default GID  Defined in /etc/group GECOS field  For personal information  $ finger foo Home directory  Cd to home directory after login Login shell  Valid shells defined in /etc/shells foo:x:500:500:Foo Bar:/home/foo:/bin/bash

/etc/passwd (cont) Default GID  Defined in /etc/group GECOS field  For personal information  $ finger foo Home directory  Cd to home directory after login Login shell  Valid shells defined in /etc/shells foo:x:500:500:Foo Bar:/home/foo:/bin/bash

/etc/shadow A file contains the encrypted passwd for the users Only readable by root or processes with root privilege Each line represents user, eg.  foo:$1$naYPGQnr$2Xyp.Q1KrWSf//VFR.yBL0:13690:0:99999:7::: 9 fields separated by colons  Login name or username  Encrypted passwd  Date of last passwd change  Min. # of days between password changes  Max # of days between password changes  # of days in advance to warn users about passwd expiration  # of days after passwd expiration that account is disabled  Account expiration date  A reserved field Usually login name and passwd are enough

/etc/shadow (cont) usermod  $ usermod -e

/etc/group A file contains the names of UNIX groups and a list of group’s members, eg.  foo:x:500:  installer:x:200:foo,bar Each line represents one group 4 fields separated by colons  Group name (8 chars)  Encrypted passwd or x for /etc/gshadow  GID (starts from 500. see /etc/login.defs)  List of members, separated by commas (no space)

How To Disable An Account? Append username with a ‘*’ in /etc/passwd $ usermod -L foo  Put a ‘!’ in front of the encrypted passwd  To undo: $ usermod -U foo usermod -e yyyy-mm-dd Replace login shell with  /etc/false  /sbin/nologin

Root Account Special and powerful account UID 0 Guard your root passwd “with your life!!!”  At least 8 chars. long  Don’t write it down  Mix letters, numbers and punctuations Eg. Bambo0! Don’t login root as a normal user  Use su when needed Don’t share your root passwd with others

Root Account (cont) Use sudo instead  $ sudo /bin/bash  /etc/sudoers  All commands are logged To edit /etc/sudoers  $ visudo  foo ALL=(root) ALL User foo can run ALL commands on ALL machines as root  Host_Alias CS=eon,orpheus  Cmnd_Alias SNOOP=/usr/sbin/tcpdump,/usr/sbin/ethereal  bar CS=SNOOP

References LAH  Ch 3: Rootly Powers  Ch 6: Adding New Users