Scribd Logo
Hochladen

Willkommen bei Scribd!

  • 09 Accounts PDF

    Hochgeladen von

    smt1961
    15 Ansichten16 Seiten
    /etc / passwd file lists all recognized users, and contains: login name encrypted password (unless / etc / shadow used) UID number default GID number full name, office, extension, home phone (optional) home directory login shell Examples Spring 2004 use lower case (even though case sensitive) choose easy to remember avoid "handles" and cutesy nicknames.

    Originalbeschreibung:

    Originaltitel

    09-Accounts.pdf

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    /etc / passwd file lists all recognized users, and contains: login name encrypted password (unless / etc / shadow used) UID number default GID number full name, office, extension, home phone (optional) home directory login shell Examples Spring 2004 use lower case (even though case sensitive) choose easy to remember avoid "handles" and cutesy nicknames.

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    15 Ansichten16 Seiten

    09 Accounts PDF

    Hochgeladen von

    smt1961
    /etc / passwd file lists all recognized users, and contains: login name encrypted password (unless / etc / shadow used) UID number default GID number full name, office, extension, home phone (optional) home directory login shell Examples Spring 2004 use lower case (even though case sensitive) choose easy to remember avoid "handles" and cutesy nicknames.

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 16

    CSE398:SystemAdministration

    Useraccounts

    Spring2004

    The/etc/passwdfile

    The/etc/shadowfile

    The/etc/groupfile

    Addingusers

    Removingusers

    Disablinglogins

    Accountmanagementutilities
    CSE398:SystemAdministration

    2004BrianD.Davison

    The/etc/passwdfile

    /etc/passwdlistsallrecognizedusers,andcontains:

    loginname

    encryptedpassword(unless/etc/shadowused)

    UIDnumber

    defaultGIDnumber

    fullname,office,extension,homephone(optional)

    homedirectory

    loginshell

    Examples

    Spring2004

    root:lga4FjuGpZ2so:0:0:TheSystem,,x6096,:/:/bin/csh

    jl:x:100:0:JimLane,ECT83,,:/staff/fl:/bin/sh
    CSE398:SystemAdministration

    2004BrianD.Davison

    Loginname

    Syntax

    usernamesmustbeunique

    <=32chars(oldsystemlimit8chars)

    anycharactersexceptnewlinesandcolons

    Recommendations

    Spring2004

    uselowercase(eventhoughcasesensitive)

    chooseeasytoremember

    avoidhandlesandcutesynicknames
    CSE398:SystemAdministration

    2004BrianD.Davison

    Encryptedpasswords

    Mostpasswordsarein/etc/shadow,not/etc/passwd

    Passwordsarestoredencrypted

    Cannotbechangedbyhand

    Canbecopiedfromanotheraccount

    Aresetusingpasswd(oryppasswdforNIS)

    Passwordsshouldneverbeleftblank

    Putastar(*)inplace(xforshadowusage)

    Otherwisenopwneeded!

    MD5passwords(standardonRH)canbeanylength

    Spring2004

    Othersystemsonlyusethefirsteightcharacters
    CSE398:SystemAdministration

    2004BrianD.Davison

    UIDnumber

    InLinux,UIDsareunsigned32bitintegers(4B!)

    Oldersystemsonlyallowedupto32,767

    RootisUID0

    Fake/systemloginstypicallyhavelowUIDs

    AvoidrecyclingUIDs

    Placerealusers>=100
    Oldfiles,backupsareidentifiedbyUID

    PreserveuniqueUIDsacrossorg

    Spring2004

    helpfulforNFS
    CSE398:SystemAdministration

    2004BrianD.Davison

    Otherfields

    defaultGIDnumber

    likeUIDs,32bitunsignedintegers

    GIDisforthegrouproot

    GECOSfields(optional)[chfn]

    GeneralElectricComprehensiveOS

    fullname,office,extension,homephone

    homedirectory

    Wheretheuserstartswhenthelogin

    loginshell[chsh]

    Spring2004

    suchassh/bash,csh/tcsh,ksh,etc.
    CSE398:SystemAdministration

    2004BrianD.Davison

    The/etc/shadowfile

    Readableonlyby
    superuser

    Enhancedaccount
    information

    Useishighly
    recommended

    Useusermodtomodify
    contents

    Spring2004

    Contains:

    Loginname

    Encryptedpassword

    Dateofpwchange

    Minnumberofdaysbetween
    passwordchanges

    Maxnumdaysbetweenpw
    changes

    Numdaysinadvancetowarn

    Numdaysafterexpirationto
    disableaccount

    Accountexpirationdate

    Reservedfield

    CSE398:SystemAdministration

    2004BrianD.Davison

    The/etc/groupfile

    Containsnamesofgroupsandlistseach
    member
    Example:

    wheel:*:10:root,evi,garth,trent,brian

    Groupname:encryptedpassword:GID:Listof
    members,separatedbycommas(nospaces)

    Settingperusergroupsisrecommended

    Spring2004

    Betterdefaultsecurity
    CSE398:SystemAdministration

    2004BrianD.Davison

    Addingusers

    Forsmallinstallations,addingusersissimple

    Spring2004

    Haveusersignanddateuseragreement

    Createuseraccountwithuseradd

    Setpasswordwithpasswd

    Changedefaultswithusermod

    CSE398:SystemAdministration

    2004BrianD.Davison

    Stepstoaddauser(1)

    Editthe/etc/passwdand/etc/shadowfilestodefine
    account

    Setaninitialpassword

    UsevipwtolockandeditwithEDITOR
    passwduser

    Create,chown,andchmodtheuser'
    shomedirectory

    Spring2004

    mkdir /home/staff/tyler

    chown tyler.staff /home/staff/tyler

    chmod 700 /home/staff/tyler

    CSE398:SystemAdministration

    2004BrianD.Davison

    Stepstoaddauser(2)

    Copydefaultstartupfilestotheuser'
    shomedirectory

    bash

    csh/tcsh

    .login, .cshrc, .logout

    Xwindows

    .bashrc, .bash_profile

    .Xdefaults, .Xclients, .xsession

    Needtocreateandstoredefaultfiles!

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    Stepstoaddauser(3)

    Copyfilestonewdirectory

    cp /etc/skel/.[a-zA-Z]* ~tyler

    chmod 644 ~tyler/.[a-zA-Z]*

    chown tyler ~tyler/.[a-zA-Z]*

    chgrp staff ~tyler/.[a-zA-Z]*

    Cannotusechown tyler ~tyler/.*

    Setmailhome

    Spring2004

    mightedit/etc/mail/aliases

    CSE398:SystemAdministration

    2004BrianD.Davison

    Stepstoaddauser(4)

    Edit/etc/groupfile

    Addtorelevantgroups

    Setdiskquotaswithedquota

    Verifynewlogin

    loginasnewuser

    executepwdand ls -la

    Notifynewuserofaccountandinitialpassword

    Recorduser'
    sstatusandcontactinformation

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    Removingusers

    Generallywithuserdel

    Setdiskquotatozero

    Removeuserfromlocaldatabasesorphonelists

    Removefromaliasesfile(oraddforwarding)

    Removecrontabandanypendingatjobs

    Killanyrunningprocesses

    Removetemporaryfilesin/var/tmpor/tmp

    Removefrompasswd,shadow,andgroupfiles

    Removehomedirectory(backupfirst)andmailspool

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    Disablinglogins

    Sometimesneedtotemporarilydisablea
    login
    Can'
    tjustputastarinfrontofencryptedpw

    Mightstillbeabletologinvianetworkw/outpw

    Currentpractice

    Spring2004

    Replaceshellwithprogramexplainingstatusand
    instructionsonhowtofix

    CSE398:SystemAdministration

    2004BrianD.Davison

    Accountmanagementutilities

    Basicutilities

    useraddaddstopasswdandshadowfiles

    usermodchangesexistingpasswdentry

    userdelremoveuser,opt.deletehomedir

    groupadd,groupmod,groupdeloperateon
    /etc/group

    Commontowritecustomadduserandrmuser
    scripts

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    Das könnte Ihnen auch gefallen