Presentation is loading. Please wait.

Presentation is loading. Please wait.

6. Adding New Users Xiang Sha Cmsc 691x. 6.1 The /etc/passwd File The /etc/passwd File is a list of users recognized by the system. Login name Encrypted.

Published byCyrus Ballam Modified over 9 years ago

Similar presentations

Presentation on theme: "6. Adding New Users Xiang Sha Cmsc 691x. 6.1 The /etc/passwd File The /etc/passwd File is a list of users recognized by the system. Login name Encrypted."— Presentation transcript:

1 6. Adding New Users Xiang Sha Cmsc 691x

2 6.1 The /etc/passwd File The /etc/passwd File is a list of users recognized by the system. Login name Encrypted password UID number Default GID number “GECOS” information: full name, extention, home phone Home directory Login shell

3 A example root: jsg8Y.1p6uWMo: 0 : 0: The system,,x6096, : / : /bin/csh Login name Encrypted password UIDGID “GECOS” information Home directory Login shell * Each line in the file represents one user and contains seven fields separated by colons * Root : x : 0 : 0 : root : /root : /bin/bash shadow

4 Login name Must be unique. Usually no more than 8 characters long depending on the OS. NIS or NIS+, login names are limited to 8 characters regardless of the OS.

5 Login name cont. Thumb up rules: Stick to alphanumerics and to limit login names to 8 characters. Case sensitive. Since most mail systems expect login names to be lower case, we suggest avoiding uppercase characters in login names unless the user is not expect to receive any mail. Easy to remember. F_names, l_names, initials, or some combination of these all make reasonable naming schemes.

6 More than one machine?! Login names should be unique: 1. A user should have the same login name on every machine. 2. A particular login name should always refer to the same person. * Duplicate names can lead to email confusion. Users will often send mail to the wrong address.

7 Edit /etc/passwd Q: How to edit /etc/passwd to create a new account ? ‘*’ in the encrypted passwd field prevents unauthorized use of the account until you have set a real password.

8 Edit /etc/passwd cont. Big no no Never leave passwd field empty – that introduces a jumbo-sized security hole because no passwd is required to access the account.

9 Encryption algorithm Standard DES passwords: Unencrypted passwords is limited to 8 characters. Only first 8 chars are significant for long password. Hint: HP-UX : trusted mode- allow and use passwords of and length. Red Hat linux & Free BSD : - support MD5-based Passwd - password can be of any length - first 3 chars are always “$1$” - Example: cat /etc/shadow xsha1:$1$idu0aciu$4lpNuUhs..:11842:0:99999:7:::

10 Password Security Don’t leave encrypted password in plain view. Shadow Password mechanism Placing them in a separated file that is not world readable Hint: on Solaris, shadow passwd is required! Must modify the shadow passwd file when adding or removing user to keep it consistent with /etc/passwd (p82)

11 UID number 32 bit integers from 0 – 2,147,483,647 Suggest: 0 – 32,767 Root has UID 0 Assign UIDs to real users starting at 100

12 UID number cont. Big no: never create multiple accounts with UID 0 if people need to have alternate way to login as root, using a program likes sudo(p41). Avoid recycling UID - prevent confusion if files are later restored from backups in which user are identified by UID rather than a login name. - keep unique across your entire organization a UID -> same login name -> same person

13 UID number cont. Multiple administrators/ organizations Central DB contains record for each user and enforces uniqueness(uniquid). Assign each group with an organization a range of UIDs and let each group mange its own set Side effect: Keep the UID space separate, but does not address the paralle issues of unique login names.

14 Default GID number 16 or 32 bit integer Signed or unsigned GID 0 is reserved for “root” or “wheel” GID 1 is usually for “daemon” Allow a user to be in up to 16 groups at a time, so GID is never used to determine access.

15 GECOS field No well-defined syntax Commonly used to record personal information about each user. Command: - who - finger a_user - chfn a_user (full name, office, office phone, home phone)

16 Home directory Users are placed in their home directories when they log in. Some sys allow the login to proceed and put the user in the root directory. Others do not. If home directory are mounted over NFS, they may be unavailable in the event of server or network problems.

17 Login Shell A command interpreter Bourne shell(/bin/sh), C shell(/bin/csh) ksh, bash, tcsh Sh is the default on most systems and is used if /etc/passwd doesn’t specify a login shell. Select/add a shell : /etc/shells

18 6.2 The FreeBSD /etc/master.passed File The “real” password file Master.passwd file function as a shadow password file in that it is readable only by root. 3 additional fields - login class - passwd change time - expiration time

19 6.3 the FreeBSD /etc/login.conf File Sets account – related parameters for user and groups of users. When user logs in, the login class field of /etc/master.passwd determines which entry in /etc/login.conf to apply. If no login class has been specified by the user’s master.passwd entry, the default class is used.

20 6.4 The Solaris and Red Hat /etc/shadow File 1. readable only by the superuser and serves to keep encrypted passwords safe from prying eyes. 2. Provides account information that is not available from /etc/passwd. 3. The shadow file is not a superset of the passwd file, and the passwd file is not generated from it. Must maintain both files by hand.

21 /etc/shadow millert:inNO.VAsc1Wn.:11031::180:14::18627 1. Login name 2. Encrypted password 3. Date of last password change 4. Min. number of days between password changes (better unset) 5. Max.number of days between password changes 6. Number of days in advance to warn users about password expiration 7. Number of inactive days before account expiration(solaris) 8. Account expiration date 9. flags

22 6.5 The /etc/group Contains the names of UNIX groups and a list of each group’s members. example: Student : * : 200 : dotty,mike,scott Encrypted password GID number List of members Group name

23 6.6 Add users Required: 1. Edit the passwd and shadow files to define the user’s account. 2. Set an initial password. 3. Create the user’s home directory

24 Add users cont. For the user: 1. Copy default startup files to the user’s home directory. 2. Set the user’s mail home and establish mail aliases.

25 Adding users cont. For you: 1. Add the user to the /etc/group file. 2. Configure disk quotas. 3. Verify that the account is set up correctly.

26 Adding users cont. Edit the passwd and shadow files 1. vipw (allow only one person to edit) 2. vi /etc/passwd Edit /etc/group file 1. Vigr

27 Adding users cont. Setting an initial password # passwd user Suggestion: replacing the system’s passwd command with an updated version that checks prospective passwords for guessability before accepting them(such as npasswd).

28 Adding users cont. Creating the user’s home directory # mkdir /home/staff/tyler # chown tyler /home/staff/tyler # chgrp staff /home/staff/tyler # chmod 700 /home/staff/tyler

29 Adding users cont. Copying the default startup files Begin with ‘.’, causes ls to elide these file from directory listings unless ‘-a’ option is used. End with ‘rc’, short for “run command”.

30 Adding user cont. Command sequence for installing startup files # cp /usr/local/lib/skel/.[a-zA-Z]* ~/tyler # chmod 644 ~tyler /.[a-zA-Z]* # chown tyler ~tyler /.[a-zA-Z]* # chgrp staff ~tyler /.[a-zA-Z]* Edit the /etc/group file example: Wheel:*:0:root,evi,garth,scott,trent,tyler

31 Setting disk quotas Set quota limits for each new account with the edquota command. # edquota –p proto-user new-user

32 Adding users cont. Verify the new login Login as the new user % pwd /*verify the home directory*/ % ls –la /* check owner/group of startup files*/ * Remind new user to change their passwords immediately

33 Removing users Involves removing all references to the login name that were added by you or your adduser program. Set the user’s disk quota to 0, if quota are in use. Remove the user from any local user databases or phone lists. Remove the user from the aliases file or add a forwarding address.

34 Adding users cont. Remove the user’s crontab file and any pending at jobs. Kill any of the user’s processes that are still running. Remove the user from the passwd and group files. Remove the user’s home directory. Remove the user’s mail spool.

35 Adding users cont. Quot: # quot /home Number of disk blocks consumed by each user Which UIDs are not list in /etc/passwd To find exact paths # find –x /home –nouser -print

36 6.8 Disabling logins Before network : put * in front of the encrypted password. Now : replace the user’s shell with a pseudo- shell Problem : sendmail will not deliver mail to a user whose shell does not appear in /etc/shells. Solution: defeat sendmail’s default behavior by adding a fake shell name /SENDMAIL/ANY/SHELL/ to the /etc/shells

37 6.9 vendor-supplied account management utilities Useradd -> add user Usermod -> change the passwd entries of existing users Userdel -> remove a user from the system Groupadd, groupmod, groupdel -> operate on the /etc/group file

38 Account management utilities #useradd cindy Cindy:*:105:20::/home/hilbert:/bin/sh #useradd –c “Cindy King” –d /home/math/cindy –g faculty –G famous –m –s /bin/tcsh cindy Cindy:*:105:30:Cindy King:/home/math/cindy:/bin/tcsh Add group, create directory, entry in /etc/shadow

39 Acount management utilities Determine default #useradd –D Set default /etc/default/useradd Set expiration date #usermod –e “June 6,2002” cindy Delete account (remove in passwd shadow group, except home directory) #userdel cindy

Download ppt "6. Adding New Users Xiang Sha Cmsc 691x. 6.1 The /etc/passwd File The /etc/passwd File is a list of users recognized by the system. Login name Encrypted."

Similar presentations

University of Pisa Computer Science Department System Administration adduser Stefano Bistarelli University of Pisa Computer Science Department

University of Pisa Computer Science Department System Administration adduser Stefano Bistarelli University of Pisa Computer Science Department
Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Linux Users and Groups Management

Linux Users and Groups Management
Unix/Linux basics 0100 - user management Operating systems lab Gergely Windisch room 4.12

Unix/Linux basics user management Operating systems lab Gergely Windisch room 4.12
Basic Unix system administration

Basic Unix system administration
Pre-Assessment Questions

Pre-Assessment Questions
1 Introduction to UNIX Ke Liu

1 Introduction to UNIX Ke Liu
Adding New users This is a routine chore on most systems

Adding New users This is a routine chore on most systems
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.

User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Lesson 22 – Introduction to Linux Systems Administration.

Lesson 22 – Introduction to Linux Systems Administration.
Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw 2.Set an initial password >passwd.

Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw 2.Set an initial password >passwd.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Linux System Administration LINUX SYSTEM ADMINISTRATION.

Linux System Administration LINUX SYSTEM ADMINISTRATION.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.

1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
1 THE UNIX FILE SYSTEM By Chokechai Chuensukanant ID 121779 COSC 513 Operating System.

1 THE UNIX FILE SYSTEM By Chokechai Chuensukanant ID COSC 513 Operating System.
Lesson 7-Creating and Changing Directories. Overview Using directories to create order. Managing files in directories. Using pathnames to manage files.

Lesson 7-Creating and Changing Directories. Overview Using directories to create order. Managing files in directories. Using pathnames to manage files.
1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.

1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
2/19/2003 Lecture 3 Computer System Administration Lecture 3 Setup (continued)

2/19/2003 Lecture 3 Computer System Administration Lecture 3 Setup (continued)

Similar presentations

Ads by Google