chapter11.. linux. Managing Users . ppt
no22rah1
14 views
39 slides
Mar 01, 2025
Slide 1 of 39
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
About This Presentation
its a presentation of linux management system
Slide Content
Chapter 11:
Managing Users
The Complete Guide to Linux System
Administration
Managing Users
The Complete Guide to Linux System
Administration
The Complete Guide to Linux System Administration 2
Objectives
•Create and manage user accounts
•Manage complex file permissions
•Review advanced user security issues
Objectives
•Create and manage user accounts
•Manage complex file permissions
•Review advanced user security issues
The Complete Guide to Linux System Administration 3
Creating and Managing User
Accounts
•Process of creating new user accounts
–Add default files to be part of every user’s home
directory to /etc/skel directory
–Create home directory for all users
–Configure default settings for all users
–Create groups
–Create user account for each person
–Create valid password for each user
Creating and Managing User
Accounts
•Process of creating new user accounts
–Add default files to be part of every user’s home
directory to /etc/skel directory
–Create home directory for all users
–Configure default settings for all users
–Create groups
–Create user account for each person
–Create valid password for each user
The Complete Guide to Linux System Administration 4
Managing User Accounts
Graphically
•/etc/passwd file defines user accounts, including:
–User name – Comment field
–Password – User’s home directory
–UID – User’s default shell
–GID
•vipw command edits /etc/passwd file
•passwd command defines password
Managing User Accounts
Graphically
•/etc/passwd file defines user accounts, including:
–User name – Comment field
–Password – User’s home directory
–UID – User’s default shell
–GID
•vipw command edits /etc/passwd file
•passwd command defines password
The Complete Guide to Linux System Administration 5
Managing User Accounts
Graphically (continued)
•Utilities to create new user accounts
–Graphical tools
–Command-line utilities
•system-config-users utility
–Red Hat graphical user account creation tool
–Information from /etc/passwd file shown in window
–Can edit each fields
–Edit password information stored in /etc/shadow
Managing User Accounts
Graphically (continued)
•Utilities to create new user accounts
–Graphical tools
–Command-line utilities
•system-config-users utility
–Red Hat graphical user account creation tool
–Information from /etc/passwd file shown in window
–Can edit each fields
–Edit password information stored in /etc/shadow
The Complete Guide to Linux System Administration 6
Managing User Accounts
Graphically (continued)
Managing User Accounts
Graphically (continued)
The Complete Guide to Linux System Administration 7
Managing User Accounts
Graphically (continued)
•User Properties dialog, User Data tab
–User name
–Full name
–Password and confirm password
–Home directory
–Login shell
•User Properties dialog, Account Info tab
–Enable account expiration
–Lock local password
Managing User Accounts
Graphically (continued)
•User Properties dialog, User Data tab
–User name
–Full name
–Password and confirm password
–Home directory
–Login shell
•User Properties dialog, Account Info tab
–Enable account expiration
–Lock local password
The Complete Guide to Linux System Administration 8
Managing User Accounts
Graphically (continued)
•User Properties dialog, Password Info tab
–View when user last changed password
–Enable password expiration
•Experts recommend changing password every
30 to 60 days
•User Properties dialog, Groups tab
–Lists groups from /etc/group file
–Each user assigned primary group
Managing User Accounts
Graphically (continued)
•User Properties dialog, Password Info tab
–View when user last changed password
–Enable password expiration
•Experts recommend changing password every
30 to 60 days
•User Properties dialog, Groups tab
–Lists groups from /etc/group file
–Each user assigned primary group
The Complete Guide to Linux System Administration 9
Managing User Accounts
Graphically (continued)
•User private group model
–Used by Red Hat Linux and Fedora
–User’s primary group has same name as user
–Contains only user as member
•Create new user
–system-config-users utility
–Add User button
–Enter information on dialog
–Utility creates home directory based on user name
Managing User Accounts
Graphically (continued)
•User private group model
–Used by Red Hat Linux and Fedora
–User’s primary group has same name as user
–Contains only user as member
•Create new user
–system-config-users utility
–Add User button
–Enter information on dialog
–Utility creates home directory based on user name
The Complete Guide to Linux System Administration 10
Managing User Accounts
Graphically (continued)
•/etc/login.defs file
–Stores settings used to create new users
–Comments describe settings
•Create new group
–Click Add Group button
–Enter group name
Managing User Accounts
Graphically (continued)
•/etc/login.defs file
–Stores settings used to create new users
–Comments describe settings
•Create new group
–Click Add Group button
–Enter group name
The Complete Guide to Linux System Administration 11
Managing User Accounts
Graphically (continued)
•Delete user
–Select user name on Users tab
–Click delete button
–Some administrators prefer to permanently
disable, not delete
Managing User Accounts
Graphically (continued)
•Delete user
–Select user name on Users tab
–Click delete button
–Some administrators prefer to permanently
disable, not delete
The Complete Guide to Linux System Administration 12
Creating New Users at the
Command Line
•useradd utility
–Create new users
–Must be logged in as root
–Example: useradd -g sales -c “Raley Solomon"
rsolomon
–-D option displays the default settings
–Edit /etc/default/useradd to change defaults
Creating New Users at the
Command Line
•useradd utility
–Create new users
–Must be logged in as root
–Example: useradd -g sales -c “Raley Solomon"
rsolomon
–-D option displays the default settings
–Edit /etc/default/useradd to change defaults
The Complete Guide to Linux System Administration 13
Creating New Users at the
Command Line (continued)
•passwd command
–Change user’s password
–Lock user account: passwd -l thomas
–Unlock account: passwd -u thomas
Creating New Users at the
Command Line (continued)
•passwd command
–Change user’s password
–Lock user account: passwd -l thomas
–Unlock account: passwd -u thomas
The Complete Guide to Linux System Administration 14
Creating New Groups
•groupadd command
–Preferred method for adding new group
–Example: groupadd managers
Creating New Groups
•groupadd command
–Preferred method for adding new group
–Example: groupadd managers
The Complete Guide to Linux System Administration 15
Modifying User and Group
Accounts at the Command Line
•usermod command
–Modify user account
–Uses same options as useradd command
•groupmod command
–Modify group
–-g option: change GID
–-n option: change name
Modifying User and Group
Accounts at the Command Line
•usermod command
–Modify user account
–Uses same options as useradd command
•groupmod command
–Modify group
–-g option: change GID
–-n option: change name
The Complete Guide to Linux System Administration 16
Modifying User and Group
Accounts at the Command Line
(continued)
•grpck command
–Check integrity of /etc/group and /etc/gshadow
files
–Uses no parameters
•chage command
–Alter password aging information
–View password expiration
–Change aging for user
–Interactive mode
Modifying User and Group
Accounts at the Command Line
(continued)
•grpck command
–Check integrity of /etc/group and /etc/gshadow
files
–Uses no parameters
•chage command
–Alter password aging information
–View password expiration
–Change aging for user
–Interactive mode
The Complete Guide to Linux System Administration 17
Modifying User and Group
Accounts at the Command Line
(continued)
•pwconv utility converts older /etc/passwd
password storage to /etc/shadow password
storage
•pwunconv utility converts existing /etc/shadow
passwords to older /etc/passwd system for
compatibility
•pwck command shows formatting errors that
make accounts unusable
Modifying User and Group
Accounts at the Command Line
(continued)
•pwconv utility converts older /etc/passwd
password storage to /etc/shadow password
storage
•pwunconv utility converts existing /etc/shadow
passwords to older /etc/passwd system for
compatibility
•pwck command shows formatting errors that
make accounts unusable
The Complete Guide to Linux System Administration 18
Automating Home Directory
Creation
•Files in /etc/skel automatically copied into each
user’s home directory
–At time account created
–Includes hidden configuration files
–Files not added to existing user home directories
Automating Home Directory
Creation
•Files in /etc/skel automatically copied into each
user’s home directory
–At time account created
–Includes hidden configuration files
–Files not added to existing user home directories
The Complete Guide to Linux System Administration 19
Disabling User Accounts
•Temporarily disable user’s account
–Change password
•passwd command
–passwd -l [username] to lock account
–Edit /etc/shadow file in text editor
•Place asterisk before encrypted password
–Place # at beginning of line for user account in
/etc/passwd
•Make line into comment
Disabling User Accounts
•Temporarily disable user’s account
–Change password
•passwd command
–passwd -l [username] to lock account
–Edit /etc/shadow file in text editor
•Place asterisk before encrypted password
–Place # at beginning of line for user account in
/etc/passwd
•Make line into comment
The Complete Guide to Linux System Administration 20
Disabling User Accounts
(continued)
•userdel command
–Delete user account permanently
–Does not remove user’s home directory or
contents
•groupdel command
–Remove group
–Be careful deleting groups
Disabling User Accounts
(continued)
•userdel command
–Delete user account permanently
–Does not remove user’s home directory or
contents
•groupdel command
–Remove group
–Be careful deleting groups
The Complete Guide to Linux System Administration 21
Complex File Permissions
•Sticky bit
–Directory can only be renamed or unlinked by
•User that owns it
•root
–Often used on directories all users should be able
to create files such as /tmp
–To set: chmod a+t /tmp
Complex File Permissions
•Sticky bit
–Directory can only be renamed or unlinked by
•User that owns it
•root
–Often used on directories all users should be able
to create files such as /tmp
–To set: chmod a+t /tmp
The Complete Guide to Linux System Administration 22
Complex File Permissions
(continued)
•Set user ID permission
–SUID
–Can be added to file that has execute permission
set
–Causes user who executes file to take on file
permissions of owner of file
–Very useful for few specialized programs
–To set: chmod u+s file
Complex File Permissions
(continued)
•Set user ID permission
–SUID
–Can be added to file that has execute permission
set
–Causes user who executes file to take on file
permissions of owner of file
–Very useful for few specialized programs
–To set: chmod u+s file
The Complete Guide to Linux System Administration 23
Complex File Permissions
(continued)
•Permissions not always what they seem at first
•Set group ID permission
–SGID
–Person who executes program has permissions of
file’s group while executing program
–To set: chmod g+s file
–Can also be set numerically
Complex File Permissions
(continued)
•Permissions not always what they seem at first
•Set group ID permission
–SGID
–Person who executes program has permissions of
file’s group while executing program
–To set: chmod g+s file
–Can also be set numerically
The Complete Guide to Linux System Administration 24
Complex File Permissions
(continued)
•SGID set on directory
–Any file created within directory assigned to group
of directory
•Permissions examined in order
–Owner first
–Group second
–Others third
–Can deny group permission without users having
other permission
Complex File Permissions
(continued)
•SGID set on directory
–Any file created within directory assigned to group
of directory
•Permissions examined in order
–Owner first
–Group second
–Others third
–Can deny group permission without users having
other permission
The Complete Guide to Linux System Administration 25
User Security Issues
•Other ways of securing Linux
–Additional communications
–User security mechanisms
User Security Issues
•Other ways of securing Linux
–Additional communications
–User security mechanisms
The Complete Guide to Linux System Administration 26
Communicating with Users
•/etc/motd file
–Contents displayed just before shell is started
each time user logs in
–“Message of the day”
–Does not appear unless:
•User opens command line
•Or logs in at text-mode console
Communicating with Users
•/etc/motd file
–Contents displayed just before shell is started
each time user logs in
–“Message of the day”
–Does not appear unless:
•User opens command line
•Or logs in at text-mode console
The Complete Guide to Linux System Administration 27
Communicating with Users
(continued)
•wall command
–Write all
–Communicate immediate message to all users
who are logged in to system
–Displays broadcast message on command line for
all users
•Working in text mode
•Or with open terminal window
Communicating with Users
(continued)
•wall command
–Write all
–Communicate immediate message to all users
who are logged in to system
–Displays broadcast message on command line for
all users
•Working in text mode
•Or with open terminal window
The Complete Guide to Linux System Administration 28
Communicating with Users
(continued)
•fuser command
–Learn about what users are doing
–View users accessing
•File system
•Serial port
•Network connection
–-k option kills processes
Communicating with Users
(continued)
•fuser command
–Learn about what users are doing
–View users accessing
•File system
•Serial port
•Network connection
–-k option kills processes
The Complete Guide to Linux System Administration 29
Granting Limited Root Access
•sudo command
–Assign root privileges to any user account
–User can execute just programs that sudo
configuration specifies
•/etc/sudoers configuration file
–Syntax can be very complex
–Basic format: user host = command_list
Granting Limited Root Access
•sudo command
–Assign root privileges to any user account
–User can execute just programs that sudo
configuration specifies
•/etc/sudoers configuration file
–Syntax can be very complex
–Basic format: user host = command_list
The Complete Guide to Linux System Administration 30
Granting Limited Root Access
(continued)
•/etc/sudoers configuration file
–Can define aliases for:
•Collection of users
•Collection of hosts
•Collection of programs
•Set of sudo options
•visudo program edits /etc/sudoers file
•System administrator must hand out sudo power
carefully
Granting Limited Root Access
(continued)
•/etc/sudoers configuration file
–Can define aliases for:
•Collection of users
•Collection of hosts
•Collection of programs
•Set of sudo options
•visudo program edits /etc/sudoers file
•System administrator must hand out sudo power
carefully
The Complete Guide to Linux System Administration 31
Using Pluggable Authentication
Modules
•Pluggable authentication module (PAM)
–Architecture and set of libraries
–Programmer can create module to perform
specific security-related function
–System administrators can select, configure, and
use one or more modules
•Control operation of program that is aware of PAM
capabilities
–Configured by default for Red Hat Linux
Using Pluggable Authentication
Modules
•Pluggable authentication module (PAM)
–Architecture and set of libraries
–Programmer can create module to perform
specific security-related function
–System administrators can select, configure, and
use one or more modules
•Control operation of program that is aware of PAM
capabilities
–Configured by default for Red Hat Linux
The Complete Guide to Linux System Administration 32
Using Pluggable Authentication
Modules (continued)
•To use PAM, select PAM modules for program
•Configured using:
–Single configuration file /etc/pam.conf
–Series of configuration files in directory /etc/pam.d
–Person compiling software selects which
configuration style is used
Using Pluggable Authentication
Modules (continued)
•To use PAM, select PAM modules for program
•Configured using:
–Single configuration file /etc/pam.conf
–Series of configuration files in directory /etc/pam.d
–Person compiling software selects which
configuration style is used
The Complete Guide to Linux System Administration 33
Using Pluggable Authentication
Modules (continued)
•Red Hat Linux and Fedora use directory
configuration method
•/etc/pam.d directory contains file with name
matching program being configured
•When PAM-compatible program executed,
checks to see which applicable modules are
configured for given task
•Stacked modules
–Multiple modules are listed for module type
Using Pluggable Authentication
Modules (continued)
•Red Hat Linux and Fedora use directory
configuration method
•/etc/pam.d directory contains file with name
matching program being configured
•When PAM-compatible program executed,
checks to see which applicable modules are
configured for given task
•Stacked modules
–Multiple modules are listed for module type
The Complete Guide to Linux System Administration 34
Using Pluggable Authentication
Modules (continued)
•control_flag element
–Determines how PAM processes stacked modules
–Has two forms
Using Pluggable Authentication
Modules (continued)
•control_flag element
–Determines how PAM processes stacked modules
–Has two forms
The Complete Guide to Linux System Administration 35
Using Network Information
Service
•Network Information Service (NIS)
–Lets system administrator manage single set of
configuration files for multiple Linux servers
–Sometimes called yellow pages service or yp
•When user logs in, server contacts NIS server to
see if user has valid user account
Using Network Information
Service
•Network Information Service (NIS)
–Lets system administrator manage single set of
configuration files for multiple Linux servers
–Sometimes called yellow pages service or yp
•When user logs in, server contacts NIS server to
see if user has valid user account
The Complete Guide to Linux System Administration 36
Using Network Information
Service (continued)
•NIS+ or NISplus
–More recent version of NIS
•authconfig program
–Set up system to use NIS server
•/etc/nsswitch.conf file
–Instructs various system programs in Linux on
where to look for configuration information
–Often includes multiple options
Using Network Information
Service (continued)
•NIS+ or NISplus
–More recent version of NIS
•authconfig program
–Set up system to use NIS server
•/etc/nsswitch.conf file
–Instructs various system programs in Linux on
where to look for configuration information
–Often includes multiple options
The Complete Guide to Linux System Administration 37
Summary
•User accounts can be managed graphically
•useradd command creates user accounts on the
command line
•usermod command modifies existing user
accounts
•User accounts can be disabled using various
methods
Summary
•User accounts can be managed graphically
•useradd command creates user accounts on the
command line
•usermod command modifies existing user
accounts
•User accounts can be disabled using various
methods
The Complete Guide to Linux System Administration 38
Summary (continued)
•SUID and SGID permissions cause user to
assume permissions of owner of executable file
when program is executed
•Sticky bit and other special file permissions allow
administrators to control shared files
•Administrators can broadcast messages to users
•sudo program lets regular users perform tasks
that require root privileges
Summary (continued)
•SUID and SGID permissions cause user to
assume permissions of owner of executable file
when program is executed
•Sticky bit and other special file permissions allow
administrators to control shared files
•Administrators can broadcast messages to users
•sudo program lets regular users perform tasks
that require root privileges
The Complete Guide to Linux System Administration 39
Summary (continued)
•PAMs provide flexible and powerful way for
system administrators to configure exactly how
user security is handled
•NIS or NIS+ server
–Multiple systems can share user files
Summary (continued)
•PAMs provide flexible and powerful way for
system administrators to configure exactly how
user security is handled
•NIS or NIS+ server
–Multiple systems can share user files
Tags
Categories
DesignDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 14
- Slides 39
- Age 275 days
Related Slideshows
1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
26 views
16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
30 views
31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
24 views
36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
27 views
112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
23 views
20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
24 views