-
user account
group
password(encrypted)
- has a login account/password
- Specific file: /etc/passwd
- belongs to at least one group
- Specific file: /etc/group
- Can (should) use encrypted passwords
- Specific file: /etc/shadow
-
Groups provide administrator
- more effective way for network administration
- Reduces errors
- Saves time
- Helps increase security
-
Selecting a Good Password
- No common names (family member, pets, friends etc)
- No books, movies, T.V. shows
- No telephone numbers, SIN etc
- No Dictionary words
- Use combination of upper and lower case, numbers, special characters
- Reversing order
- Increase size of passwords (can be harder to remember)
- Most organizations have minimum and maximum password lengths (6-12)
-
Creating Accounts Using GUI Tools
- Task bar: System, Administration, Users and Groups
- Command: system-config-users
-
create user account name joe with password password
- useradd joe
- passwd password
-
When the account is created
- Home directory is created: /home/userid
- all files in the /etc/skel folder will be copied to the user’s home directory automatically
- mail spool file created and email to this user will be stored /var/mail/userid
-
Modifying Accounts from the Shell
usermod cdavis
- –May have to change users password if forgotten
- –Change group affiliations if user changes positions
- –Account expiration
- –Change username if user marries
- –Home directory changes
-
Checking for logged in users
Commands: who, w, last
-
Modifying Accounts using GUI Tools
Four tabs:
- User Data: Adjust account name
- Comments
- passwords
- Home directory and login shell
- Account Information: Enable/disable account
- Lock/unlock passwords
- Password Information: Set expiration date
- Number of days after change before the user must change the password
- Force user to change password on next login
- Groups: List the groups the user belongs to
- Set user’s primary group
-
Deleting Accounts from the Shell
- userdel cdavis
- –No confirmation, the account is deleted–“home” directory is not deleted, use the “-r” option to delete
-
Managing Groups
- Commands: groupadd groupmod groupdel
- Similar to “usersadd, usermod, userdel”
- can edit the “/etc/group file
-
The “wheel” group
- Members of this group are granted certain administrative privilege
- Members can use “sudo”
- Members can be added, deleted to this group through group maintenance
- Use either GUI or command-line interfaces
-
cat /etc/passwd | grep jdoe
cat /etc/shadow | grep jdoe
jdoe:x:503:503:J. Doe:/home/jdoe:/bin/bash
cdavis:$1$E/moFESlf53iealkskked:15369:0:-1:7:-1:-1:
-
jdoe:x:503:503:J. Doe:/home/jdoe:/bin/bash
username
UID
/home/jdoe
Comment
username: jdoe
- UID: 503
- –User Identification
- –Used by the system to track accounts, UID of 0 (zero) means root
- Home Directory: /home/jdoe
- Comment: J. Doe
-
jdoe:x:503:503:J. Doe:/home/jdoe:/bin/bash
password
GID
/bin/bash
- –User accounts protected by passwords
- –“x” means the actual password is stored in “/etc/shadow” encrypted
- GID: 503
- –Accounts are tied to one or more groups–Groups are used to help administrator give access to resources
- –Every user belong to a primary group and can belong to others
- Default shell: /bin/bash
-
Format:cdavis: $1$E/moFESlf53iealkskked: 15369:0:-1:7:-1:-1:
- username
- password-encrypted,
- * or ! no password
- last password change
- days until a change allowed
- days before a change required
- days of warning before password expire
- days between expire or deactivate
- expiration date
- special flag
-
Network Account Databases
- NIS (Network Information System)
- LDAP (Lightweight Directory Access Protocol)
- Both are used to store network wide account information
- Single centralized account management (Like Active Directory)
- Combine multiple Linux server accounts into centralized database
- Complex subject
-
Configuration File : /etc/group
- cdavis:x:502:user list
- Group name: cdavis
- Relates to the /etc/passwd
- Password: x
- Like users, groups can be password protected (not usually)
- “x” means the password is defined elsewhere
- GID: 502
- Linux uses the GID values internally
- User List: Specify users who belong to the group
- Users are separated by comma’s
-
Users and be identified as members of a group 2 ways
- By specifying the group’s GID in users’ individual /etc/passwd entries
- Only one group can be specified
- This is the users primary group
- By specifying usernames in the user list in the /etc/group file
- Single user can appear multiple times
- Single group can contain multiple users
- When a user creates new files
- Those files are associated to your current group
- Current group is set to primary group when first logged in
- Use “newgrp groupname” to change to a new group which you belong to
-
How to find your identity
whoami
-
to change to new user
- Command: su userid
- When finished with this user use the “exit” command to return to previous user
-
How to find your identity with more information
- id
- Shows user id, uid, gid, and group membership
- Shows both names and numeric values
-
Learning Who’s Online
- who
- w: Similar to the “who” command
- Provides more resource consumption information–User id, terminal, login date, idle, cpu usage, program being run
-
–Working as “root”
- Super user, or administrator
- UID=0, GID=0
- Full system access (all files and directories)
- Install / configure software
- Change system settings
- Unforgiving
- Once command is run it is done
- Shell prompt includes the character “#”
|
|
