Beruflich Dokumente
Kultur Dokumente
Useraccounts
Spring2004
The/etc/passwdfile
The/etc/shadowfile
The/etc/groupfile
Addingusers
Removingusers
Disablinglogins
Accountmanagementutilities
CSE398:SystemAdministration
2004BrianD.Davison
The/etc/passwdfile
/etc/passwdlistsallrecognizedusers,andcontains:
loginname
encryptedpassword(unless/etc/shadowused)
UIDnumber
defaultGIDnumber
fullname,office,extension,homephone(optional)
homedirectory
loginshell
Examples
Spring2004
root:lga4FjuGpZ2so:0:0:TheSystem,,x6096,:/:/bin/csh
jl:x:100:0:JimLane,ECT83,,:/staff/fl:/bin/sh
CSE398:SystemAdministration
2004BrianD.Davison
Loginname
Syntax
usernamesmustbeunique
<=32chars(oldsystemlimit8chars)
anycharactersexceptnewlinesandcolons
Recommendations
Spring2004
uselowercase(eventhoughcasesensitive)
chooseeasytoremember
avoidhandlesandcutesynicknames
CSE398:SystemAdministration
2004BrianD.Davison
Encryptedpasswords
Mostpasswordsarein/etc/shadow,not/etc/passwd
Passwordsarestoredencrypted
Cannotbechangedbyhand
Canbecopiedfromanotheraccount
Aresetusingpasswd(oryppasswdforNIS)
Passwordsshouldneverbeleftblank
Putastar(*)inplace(xforshadowusage)
Otherwisenopwneeded!
MD5passwords(standardonRH)canbeanylength
Spring2004
Othersystemsonlyusethefirsteightcharacters
CSE398:SystemAdministration
2004BrianD.Davison
UIDnumber
InLinux,UIDsareunsigned32bitintegers(4B!)
Oldersystemsonlyallowedupto32,767
RootisUID0
Fake/systemloginstypicallyhavelowUIDs
AvoidrecyclingUIDs
Placerealusers>=100
Oldfiles,backupsareidentifiedbyUID
PreserveuniqueUIDsacrossorg
Spring2004
helpfulforNFS
CSE398:SystemAdministration
2004BrianD.Davison
Otherfields
defaultGIDnumber
likeUIDs,32bitunsignedintegers
GIDisforthegrouproot
GECOSfields(optional)[chfn]
GeneralElectricComprehensiveOS
fullname,office,extension,homephone
homedirectory
Wheretheuserstartswhenthelogin
loginshell[chsh]
Spring2004
suchassh/bash,csh/tcsh,ksh,etc.
CSE398:SystemAdministration
2004BrianD.Davison
The/etc/shadowfile
Readableonlyby
superuser
Enhancedaccount
information
Useishighly
recommended
Useusermodtomodify
contents
Spring2004
Contains:
Loginname
Encryptedpassword
Dateofpwchange
Minnumberofdaysbetween
passwordchanges
Maxnumdaysbetweenpw
changes
Numdaysinadvancetowarn
Numdaysafterexpirationto
disableaccount
Accountexpirationdate
Reservedfield
CSE398:SystemAdministration
2004BrianD.Davison
The/etc/groupfile
Containsnamesofgroupsandlistseach
member
Example:
wheel:*:10:root,evi,garth,trent,brian
Groupname:encryptedpassword:GID:Listof
members,separatedbycommas(nospaces)
Settingperusergroupsisrecommended
Spring2004
Betterdefaultsecurity
CSE398:SystemAdministration
2004BrianD.Davison
Addingusers
Forsmallinstallations,addingusersissimple
Spring2004
Haveusersignanddateuseragreement
Createuseraccountwithuseradd
Setpasswordwithpasswd
Changedefaultswithusermod
CSE398:SystemAdministration
2004BrianD.Davison
Stepstoaddauser(1)
Editthe/etc/passwdand/etc/shadowfilestodefine
account
Setaninitialpassword
UsevipwtolockandeditwithEDITOR
passwduser
Create,chown,andchmodtheuser'
shomedirectory
Spring2004
mkdir /home/staff/tyler
CSE398:SystemAdministration
2004BrianD.Davison
Stepstoaddauser(2)
Copydefaultstartupfilestotheuser'
shomedirectory
bash
csh/tcsh
Xwindows
.bashrc, .bash_profile
Needtocreateandstoredefaultfiles!
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
Stepstoaddauser(3)
Copyfilestonewdirectory
cp /etc/skel/.[a-zA-Z]* ~tyler
Setmailhome
Spring2004
mightedit/etc/mail/aliases
CSE398:SystemAdministration
2004BrianD.Davison
Stepstoaddauser(4)
Edit/etc/groupfile
Addtorelevantgroups
Setdiskquotaswithedquota
Verifynewlogin
loginasnewuser
executepwdand ls -la
Notifynewuserofaccountandinitialpassword
Recorduser'
sstatusandcontactinformation
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
Removingusers
Generallywithuserdel
Setdiskquotatozero
Removeuserfromlocaldatabasesorphonelists
Removefromaliasesfile(oraddforwarding)
Removecrontabandanypendingatjobs
Killanyrunningprocesses
Removetemporaryfilesin/var/tmpor/tmp
Removefrompasswd,shadow,andgroupfiles
Removehomedirectory(backupfirst)andmailspool
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison
Disablinglogins
Sometimesneedtotemporarilydisablea
login
Can'
tjustputastarinfrontofencryptedpw
Mightstillbeabletologinvianetworkw/outpw
Currentpractice
Spring2004
Replaceshellwithprogramexplainingstatusand
instructionsonhowtofix
CSE398:SystemAdministration
2004BrianD.Davison
Accountmanagementutilities
Basicutilities
useraddaddstopasswdandshadowfiles
usermodchangesexistingpasswdentry
userdelremoveuser,opt.deletehomedir
groupadd,groupmod,groupdeloperateon
/etc/group
Commontowritecustomadduserandrmuser
scripts
Spring2004
CSE398:SystemAdministration
2004BrianD.Davison