Linux Ch12+13 Users Groups Security

  1. user account
    • has a login account/password
    •    Specific file:    /etc/passwd
    • belongs to at least one group
    •     Specific file:    /etc/group
    • Can (should) use encrypted passwords
    •     Specific file:    /etc/shadow
  2. Groups provide administrator
    • more effective way for network administration
    • Reduces errors
    • Saves time
    • Helps increase security
  3. Selecting a Good Password
    • No common names (family member, pets, friends etc)
    • No books, movies, T.V. shows
    • No telephone numbers, SIN etc
    • No Dictionary words
    • Use combination of upper and lower case, numbers, special characters
    • Reversing order
    • Increase size of passwords (can be harder to remember)
    • Most organizations have minimum and maximum password lengths (6-12)
  4. Creating Accounts Using GUI Tools
    • Task bar: System, Administration, Users and Groups
    • Command: system-config-users
  5. create user account name joe with password password
    • useradd joe
    • passwd password
  6. When the account is created
    • Home directory is created:    /home/userid
    • all files in the /etc/skel folder will be copied to the user’s home directory automatically
    • mail spool file created and email to this user will be stored    /var/mail/userid
  7. Modifying Accounts from the Shell
    usermod cdavis

    • –May have to change users password if forgotten
    • –Change group affiliations if user changes positions
    • –Account expiration
    • –Change username if user marries
    • –Home directory changes
  8. Checking for logged in users
    Commands: who, w, last
  9. Modifying Accounts using GUI Tools
    Four tabs:
    • User Data: Adjust account name
    •   Comments
    •   passwords
    •   Home directory and login shell
    • Account Information: Enable/disable account
    •    Lock/unlock passwords
    • Password Information: Set expiration date
    •   Number of days after change before the user must change the password
    •   Force user to change password on next login
    • Groups: List the groups the user belongs to
    •   Set user’s primary group
  10. Deleting Accounts from the Shell
    • userdel cdavis
    • –No confirmation, the account is deleted–“home” directory is not deleted, use the “-r” option to delete
  11. Managing Groups
    • Commands: groupadd  groupmod  groupdel
    • Similar to “usersadd, usermod, userdel”
    • can edit the “/etc/group file
  12. The “wheel” group
    • Members of this group are granted certain administrative privilege
    • Members can use “sudo”
    • Members can be added, deleted to this group through group maintenance
    • Use either GUI or command-line interfaces
  13. cat /etc/passwd | grep jdoe
    cat /etc/shadow | grep jdoe
    jdoe:x:503:503:J. Doe:/home/jdoe:/bin/bash

  14. jdoe:x:503:503:J. Doe:/home/jdoe:/bin/bash
    username: jdoe

    • UID: 503
    • –User Identification
    • –Used by the system to track accounts, UID of 0 (zero) means root
    • Home Directory:  /home/jdoe
    • Comment: J. Doe
  15. jdoe:x:503:503:J. Doe:/home/jdoe:/bin/bash
    • –User accounts protected by passwords
    • –“x” means the actual password is stored in “/etc/shadow” encrypted
    • GID:  503
    • –Accounts are tied to one or more groups–Groups are used to help administrator give access to resources
    • –Every user belong to a primary group and can belong to others
    • Default shell:  /bin/bash
  16. Format:cdavis: $1$E/moFESlf53iealkskked: 15369:0:-1:7:-1:-1:
    • username
    • password-encrypted,
    •     * or ! no password
    • last password change
    • days until a change allowed
    • days before a change required
    • days of warning before password expire
    • days between expire or deactivate
    • expiration date
    • special flag
  17. Network Account Databases
    • NIS (Network Information System)
    • LDAP (Lightweight Directory Access Protocol)
    • Both are used to store network wide account information
    • Single centralized account management (Like Active Directory)
    • Combine multiple Linux server accounts into centralized database
    • Complex subject
  18. Configuration File : /etc/group
    • cdavis:x:502:user list
    • Group name:  cdavis
    •     Relates to the /etc/passwd
    • Password:  x
    •    Like users, groups can be password protected (not usually)
    • “x” means the password is defined elsewhere
    • GID:  502
    • Linux uses the GID values internally
    • User List:  Specify users who belong to the group
    •    Users are separated by comma’s
  19. Users and be identified as members of a group 2 ways
    • By specifying the group’s GID in users’ individual /etc/passwd entries
    • Only one group can be specified
    • This is the users primary group

    • By specifying usernames in the user list in the /etc/group file
    • Single user can appear multiple times
    • Single group can contain multiple users

    • When a user creates new files
    • Those files are associated to your current group
    • Current group is set to primary group when first logged in
    • Use “newgrp groupname” to change to a new group which you belong to
  20. How to find your identity
  21. to change to new user
    • Command: su userid
    • When finished with this user use the “exit” command to return to previous user
  22. How to find your identity with more information
    • id
    • Shows user id, uid, gid, and group membership
    • Shows both names and numeric values
  23. Learning Who’s Online
    • who
    • w: Similar to the “who” command
    • Provides more resource consumption information–User id, terminal, login date, idle, cpu usage, program being run
  24. –Working as “root”
    • Super user, or administrator
    • UID=0, GID=0
    • Full system access (all files and directories)
    • Install / configure software
    • Change system settings
    • Unforgiving
    • Once command is run it is done
    • Shell prompt includes the character “#”
Card Set
Linux Ch12+13 Users Groups Security
Linux Ch12+13 Users Groups Security