Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 11: Managing Users

Published byWinifred Day Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 11: Managing Users"— Presentation transcript:

1 Chapter 11: Managing Users
The Complete Guide to Linux System Administration

2 Objectives Create and manage user accounts
Manage complex file permissions Review advanced user security issues The Complete Guide to Linux System Administration

3 Creating and Managing User Accounts
Process of creating new user accounts Add default files to be part of every user’s home directory to /etc/skel directory Create home directory for all users Configure default settings for all users Create groups Create user account for each person Create valid password for each user The Complete Guide to Linux System Administration

4 Managing User Accounts Graphically
/etc/passwd file defines user accounts, including: User name – Comment field Password – User’s home directory UID – User’s default shell GID vipw command edits /etc/passwd file passwd command defines password The Complete Guide to Linux System Administration

5 Managing User Accounts Graphically (continued)
Utilities to create new user accounts Graphical tools Command-line utilities system-config-users utility Red Hat graphical user account creation tool Information from /etc/passwd file shown in window Can edit each fields Edit password information stored in /etc/shadow The Complete Guide to Linux System Administration

6 Managing User Accounts Graphically (continued)
The Complete Guide to Linux System Administration

7 Managing User Accounts Graphically (continued)
User Properties dialog, User Data tab User name Full name Password and confirm password Home directory Login shell User Properties dialog, Account Info tab Enable account expiration Lock local password The Complete Guide to Linux System Administration

8 Managing User Accounts Graphically (continued)
User Properties dialog, Password Info tab View when user last changed password Enable password expiration Experts recommend changing password every 30 to 60 days User Properties dialog, Groups tab Lists groups from /etc/group file Each user assigned primary group The Complete Guide to Linux System Administration

9 Managing User Accounts Graphically (continued)
User private group model Used by Red Hat Linux and Fedora User’s primary group has same name as user Contains only user as member Create new user system-config-users utility Add User button Enter information on dialog Utility creates home directory based on user name The Complete Guide to Linux System Administration

10 Managing User Accounts Graphically (continued)
/etc/login.defs file Stores settings used to create new users Comments describe settings Create new group Click Add Group button Enter group name The Complete Guide to Linux System Administration

11 Managing User Accounts Graphically (continued)
Delete user Select user name on Users tab Click delete button Some administrators prefer to permanently disable, not delete The Complete Guide to Linux System Administration

12 Creating New Users at the Command Line
useradd utility Create new users Must be logged in as root Example: useradd -g sales -c “Raley Solomon" rsolomon -D option displays the default settings Edit /etc/default/useradd to change defaults The Complete Guide to Linux System Administration

13 Creating New Users at the Command Line (continued)
passwd command Change user’s password Lock user account: passwd -l thomas Unlock account: passwd -u thomas The Complete Guide to Linux System Administration

14 Creating New Groups groupadd command
Preferred method for adding new group Example: groupadd managers The Complete Guide to Linux System Administration

15 Modifying User and Group Accounts at the Command Line
usermod command Modify user account Uses same options as useradd command groupmod command Modify group -g option: change GID -n option: change name The Complete Guide to Linux System Administration

16 Modifying User and Group Accounts at the Command Line (continued)
grpck command Check integrity of /etc/group and /etc/gshadow files Uses no parameters chage command Alter password aging information View password expiration Change aging for user Interactive mode The Complete Guide to Linux System Administration

17 Modifying User and Group Accounts at the Command Line (continued)
pwconv utility converts older /etc/passwd password storage to /etc/shadow password storage pwunconv utility converts existing /etc/shadow passwords to older /etc/passwd system for compatibility pwck command shows formatting errors that make accounts unusable The Complete Guide to Linux System Administration

18 Automating Home Directory Creation
Files in /etc/skel automatically copied into each user’s home directory At time account created Includes hidden configuration files Files not added to existing user home directories The Complete Guide to Linux System Administration

19 Disabling User Accounts
Temporarily disable user’s account Change password passwd command passwd -l [username] to lock account Edit /etc/shadow file in text editor Place asterisk before encrypted password Place # at beginning of line for user account in /etc/passwd Make line into comment The Complete Guide to Linux System Administration

20 Disabling User Accounts (continued)
userdel command Delete user account permanently Does not remove user’s home directory or contents groupdel command Remove group Be careful deleting groups The Complete Guide to Linux System Administration

21 Complex File Permissions
Sticky bit Directory can only be renamed or unlinked by User that owns it root Often used on directories all users should be able to create files such as /tmp To set: chmod a+t /tmp The Complete Guide to Linux System Administration

22 Complex File Permissions (continued)
Set user ID permission SUID Can be added to file that has execute permission set Causes user who executes file to take on file permissions of owner of file Very useful for few specialized programs To set: chmod u+s file The Complete Guide to Linux System Administration

23 Complex File Permissions (continued)
Permissions not always what they seem at first Set group ID permission SGID Person who executes program has permissions of file’s group while executing program To set: chmod g+s file Can also be set numerically The Complete Guide to Linux System Administration

24 Complex File Permissions (continued)
SGID set on directory Any file created within directory assigned to group of directory Permissions examined in order Owner first Group second Others third Can deny group permission without users having other permission The Complete Guide to Linux System Administration

25 User Security Issues Other ways of securing Linux
Additional communications User security mechanisms The Complete Guide to Linux System Administration

26 Communicating with Users
/etc/motd file Contents displayed just before shell is started each time user logs in “Message of the day” Does not appear unless: User opens command line Or logs in at text-mode console The Complete Guide to Linux System Administration

27 Communicating with Users (continued)
wall command Write all Communicate immediate message to all users who are logged in to system Displays broadcast message on command line for all users Working in text mode Or with open terminal window The Complete Guide to Linux System Administration

28 Communicating with Users (continued)
fuser command Learn about what users are doing View users accessing File system Serial port Network connection -k option kills processes The Complete Guide to Linux System Administration

29 Granting Limited Root Access
sudo command Assign root privileges to any user account User can execute just programs that sudo configuration specifies /etc/sudoers configuration file Syntax can be very complex Basic format: user host = command_list The Complete Guide to Linux System Administration

30 Granting Limited Root Access (continued)
/etc/sudoers configuration file Can define aliases for: Collection of users Collection of hosts Collection of programs Set of sudo options visudo program edits /etc/sudoers file System administrator must hand out sudo power carefully The Complete Guide to Linux System Administration

31 Using Pluggable Authentication Modules
Pluggable authentication module (PAM) Architecture and set of libraries Programmer can create module to perform specific security-related function System administrators can select, configure, and use one or more modules Control operation of program that is aware of PAM capabilities Configured by default for Red Hat Linux The Complete Guide to Linux System Administration

32 Using Pluggable Authentication Modules (continued)
To use PAM, select PAM modules for program Configured using: Single configuration file /etc/pam.conf Series of configuration files in directory /etc/pam.d Person compiling software selects which configuration style is used The Complete Guide to Linux System Administration

33 Using Pluggable Authentication Modules (continued)
Red Hat Linux and Fedora use directory configuration method /etc/pam.d directory contains file with name matching program being configured When PAM-compatible program executed, checks to see which applicable modules are configured for given task Stacked modules Multiple modules are listed for module type The Complete Guide to Linux System Administration

34 Using Pluggable Authentication Modules (continued)
control_flag element Determines how PAM processes stacked modules Has two forms The Complete Guide to Linux System Administration

35 Using Network Information Service
Network Information Service (NIS) Lets system administrator manage single set of configuration files for multiple Linux servers Sometimes called yellow pages service or yp When user logs in, server contacts NIS server to see if user has valid user account The Complete Guide to Linux System Administration

36 Using Network Information Service (continued)
NIS+ or NISplus More recent version of NIS authconfig program Set up system to use NIS server /etc/nsswitch.conf file Instructs various system programs in Linux on where to look for configuration information Often includes multiple options The Complete Guide to Linux System Administration

37 Summary User accounts can be managed graphically
useradd command creates user accounts on the command line usermod command modifies existing user accounts User accounts can be disabled using various methods The Complete Guide to Linux System Administration

38 Summary (continued) SUID and SGID permissions cause user to assume permissions of owner of executable file when program is executed Sticky bit and other special file permissions allow administrators to control shared files Administrators can broadcast messages to users sudo program lets regular users perform tasks that require root privileges The Complete Guide to Linux System Administration

39 Summary (continued) PAMs provide flexible and powerful way for system administrators to configure exactly how user security is handled NIS or NIS+ server Multiple systems can share user files The Complete Guide to Linux System Administration

Download ppt "Chapter 11: Managing Users"

Similar presentations

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Linux Users and Groups Management

Linux Users and Groups Management
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.

User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Linux Installation and Administration Lesson 2 Tutor: George Papamarkos.

Linux Installation and Administration Lesson 2 Tutor: George Papamarkos.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Guide to Operating System Security Chapter 4 Account-based Security.

Guide to Operating System Security Chapter 4 Account-based Security.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.

IT2204: Systems Administration I 1 6b). Introduction to Linux.

Similar presentations

Ads by Google