1 / 20

Chapter 3 & 6

Chapter 3 & 6. Root Status and users. File Ownership. Every file has a owner and group These give read,write, and execute priv’s to the owner, group, and world -rwxrwxrwx Everyone has read, write, execute -rwxr-xr-x Owner read, write, execute, Group and everyone can only read and execute.

esma
Download Presentation

Chapter 3 & 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 3 & 6 Root Status and users

  2. File Ownership • Every file has a owner and group • These give read,write, and execute priv’s to the owner, group, and world • -rwxrwxrwx Everyone has read, write, execute • -rwxr-xr-x Owner read, write, execute, Group and everyone can only read and execute. • Root is allowed to ignore ownership restrictions. • Not true for the Administrator in windows • Varies for NFS connections.

  3. UIDs, GIDs, and PIDs • Each user get a unique number assigned them, which is their UID (User ID) • username: seker, UID= 9017 • Also groups get unique numbers, know as GIDs (Group ID). • student group’s number is 200 • A Process also has an ID number, (PID) • The number is the next number available in the system. A process also has a UID and GID attached to it, which is inherited from the user who launched the process.

  4. UNIX uses their UID and GID to determine the user’s privileges to read,write, and/or execute a file. • Root’s UID is 0 and GID of 0 If a user has a UID of 0, then they also have “root powers”

  5. Super user powers • can create device files • modify,create, remove system configurations • Including network interfaces, usage limits, hostname, • set the system clock • shutdown the system • So can users on console in most default configurations. • change the priority of currently running processes. • kill any running process on the system. • Should be used very carefully.

  6. Create/remove user accounts • change passwords • Basically, root has the priv’s to do anything on the local system that is needed. • Remote or Network File Systems (NFS) can be configured to grant root no “powers” on the file systems from remote servers.

  7. becoming root • su and the password • login as root (not recommended) • use sudo, which allows users to do root commands with logging. • /etc/sudoers is the configuration file for sudo • Can allow normal users to use root without knowing the password. • The default shell for root is the bourne shell

  8. Other accounts with special powers • daemon: UID 1 (usually) • For programs and files that are part of the O/S, but do not need to be owned by root. There is also daemon group • bin • Usually the account that owns other programs. Has been falling out of use. Root owns most programs now. • sys: owns special files like /dev/* • nobody • Has no privileges. Used to insecure processes, such as www, sometimes ftp, and nfs. It’s UID is either –1, -2, 60,001 or 60,002 (sometimes called noaccess) • lp: used by the print daemon. • and several others • named account created to minimize attacks through the DNS system

  9. Adding new users • new users are placed in the /etc/passwd file (unless using nis/yp, then in nis password file) • Need a username, password, UID, GID, GECOS field,home directory and login shell. • GECOS field is the name, or can contain other info, like office number, phone, etc. • This is not a well defined field.

  10. How to add a new user • Edit the /etc/passwd file • Find an unused UID • You will create a line that looks like this: • It is separated by colons. Username:password:UID:GID:GECOS:home_dir:shell • seker:PBENS1cfSIf2jN7A:9017:150:Jim Ward:/home/faculty/seker:/bin/tcsh • After saving the passwd file, you change their password with the following command as root passwd <username> yppasswd <username> for the NIS system

  11. Shadow passwd file • /etc/shadow is root read, write file only • It is to provide better protection for users passwords, since it not readable by normal users • But you can still get users passwords, so not completely secure. • example • seker:AE*JS2a:11508:0:180::12417: • username: password: date of last change: min days between change: max day between change: advance warning to change: after password expired when to disable: account expiration date: Not used

  12. Group file • /etc/group • contains information on the user groups • example: faculty:*:150: • or faculty:*:150: list of users • group name: password: list of users in the group • The users does not have be listed after their primary group, since it is listed in the passwd file. • Chgrp <groupname> also used to change to secondary groups. • There can also be a shadow group file /etc/gshadow

  13. Then create the users home directory • mkdir /home/ugrad/<username> • chown <username> /home/ugrad/<username> • chgrp <GID> /home/ugrad/<username> • Lastly, check to make the account works su - <username> The – causes su to use the users environment variables, just as if you logged in as them.

  14. useradd utility • the useradd utility will add the a user to the passwd file, shadow file, and group file (if needed). • useradd <username> • add the user, with a random id group and creates a default /home/user directory. • There are parameters for all the different parts of the passwd and group files. See book on useradd • There are config files for useradd (and userdel) /etc/login.defs and /etc/default/useradd

  15. Removing accounts • Remove them from the passwd, shadow and group. • Remove the home directory from the filesystem • Remove their mail in /var/spool/mail • Remove any other files they own on the system (or change ownership to someone else) • find / -uid <user uid> • find / -uid <user uid> -exec rm –i {} \; • find / -uid <user uid> -exec chown <someone else> {}\;

  16. Userdel utility • Userdel program removes the user from the system files • With –r it will remove their home directory as well. • But the admin still has to remove mail and other files.

  17. User Manager GUI • A GUI that can be used to add users and groups • Can specify all the information, including whether to create users home directory • And remove users and groups. • Can remove home directory as well. • command: system-config-users • Found under System Settings menu: Users and Groups.

  18. Disabling an Account • To prevent logins from a user • Put an * as the first character in their password field • The user manager, allows you disable accounts as well. • Remove the .rhosts file from their home directory • Remove (or take ownership of ) .ssh directory as well, since ssh allows users to bypass the standard login system. • In linux, you can change their shell to a bogus shell, which prevents logins as well. • But sendmail will also stop delivering to the user as well. This is normally considered a bad side effect.

  19. Other User managers • Most versions of UNIX and linux have a GUI user manager of some type. • Check with the documentation. • If you have a shadow password file, it is highly recommended you use a user manager. • Or useradd/userdel if they exist.

  20. Q A &

More Related