380 likes | 590 Views
User, group and file administration. Unit objectives Create, modify, manage, and delete user and group accounts Find broken links and orphan files and use file date and time stamps. Topic A: Administering users and groups. Authentication and user accounts. Authentication
E N D
User, group and file administration Unit objectives • Create, modify, manage, and delete user and group accounts • Find broken links and orphan files and use file date and time stamps
Authentication and user accounts • Authentication • Act of verifying a user’s identity • Compares user name and password to a system database • Database that contains account information typically consists of two files: • /etc/passwd • Contains details of user • /etc/shadow • Contains hash of password and expiration information
Administering users and groups • pwconv • Converts to using /etc/shadow file to store encrypted password • pwunconv • Reverts back to /etc/passwd file only continued
/etc/passwd file • name:passwd:UID:GID:GECOS:homedirectory:shell • A + before entry marks an account as disabled, unable to log in • * in passwd field marks account as disabled • name • Username • passwd • If /etc/shadow exists • X • If no /etc/shadow • Encrypted password • User Identifier (UID) • Specifies the unique user ID assigned to each user • UID 1 to 100 reserved for system daemons continued
/etc/passwd file • name:passwd:UID:GID:GECOS:homedirectory:shell • Group Identifier (GID) • Primary group ID for each user • GECOS • Text description of user-usually blank • homedirectory • Path to home directory • shell • Path to shell continued
/etc/shadow file • name:passwd:lastchange:min:max:warn:disable1:disable2 • passwd • Contains encrypted passwd • If ! Then account is lcoked • lastchange • Last password change date • Measured since 1/1/1970 • min • Number of days you must wait to change • Fedora default-0 • max • Number of days you can use a password • Max 99,999 • warn • Number of days before expiration that you get warning • 7 days
/etc/group file • name:passwd:GID:members • name • Group name • passwd • Group Password • Usually an x since they are rarely used
Creating user accounts • useradd command • Adds a user account to the system • /etc/login.defs default values: • location for e-mail • password expiration • minimum password length • range of UIDs and GIDs • whether to create home directories continued
Creating user accounts, continued • /etc/default/useradd default values: • primary group • location of home directory • disable accounts with expired password • date to disable user accounts • shell • skeleton directory • Skeleton directory • Contains the files copied to all new users’ home directories upon creation
Passwd command • When user is added, password file in /etc/shadow has ! • No password set • Use passwd username command to set • passwd bobg • Sets bobg password • Done as root • Without arguments, user can set own password
usermod • Used to change account proprties • Edits details of /etc/passwd, etc/shadow, etc with less risk of making mistake
Modifying user accounts • chage • Modifies password expiry information • Locking an account • usermod –L username • Makes account temporarily unusable by altering the password information • Puts ! In /etc/shadow file password field • Unlock with usermod –U username • Can also change shell to /bin/false
Modifying user accounts • chsh • chsh –s /bin/flase bobg • Changes a valid shell to an invalid shell
Deleting user accounts • userdel command • Remove a user account from both /etc/passwd and /etc/shadow • To delete files use –r option • When an account is deleted, any files that were previously owned by the user become owned by a number that represents the UID of the deleted user
Managing groups • groupadd • Adds a group • groupmod • Modifies the name of a GID • groupdel • Deletes a group • groups • Prints a list of groups the user is a member of
Managing groups • newgrp • Temporarily change primary group memebership • New files have group membership according to new setting
If the /etc/shadow file does not exist when pwconv is run, which of the following occur? A. The system will give an error message. B. /etc/passwd is renamed to /etc/shadow and a new soft link is created. C. Entries in the /etc/passwd file are added to a new /etc/shadow file. The /etc/passwd file is unchanged. D. Password attributes in /etc/passwd are moved to a corresponding entry in a new /etc/shadow file.
If the /etc/shadow file does not exist when pwconv is run, which of the following occur? A. The system will give an error message. B. /etc/passwd is renamed to /etc/shadow and a new soft link is created. C. Entries in the /etc/passwd file are added to a new /etc/shadow file. The /etc/passwd file is unchanged. D. Password attributes in /etc/passwd are moved to a corresponding entry in a new /etc/shadow file. Answer: D
A system administrator wants to disable shell access for a user. Which of the following is the appropriate shell to set? A. /bin/sh B. /bin/false C. /bin/passwd D. /bin/disable
A system administrator wants to disable shell access for a user. Which of the following is the appropriate shell to set? A. /bin/sh B. /bin/false C. /bin/passwd D. /bin/disable Answer: B
Examine the following /etc/passwd file: root:X:11423:0:99999:7::: dgringold:X:11423:0:99999:7::: jjones:!!:11432:0:99999:7::11688: tgold:!!:11342:11231:11678:7::: Which of the following is the password field? A. The first field B. The second field C. The third field D. The fourth field
Examine the following /etc/passwd file: root:X:11423:0:99999:7::: dgringold:X:11423:0:99999:7::: jjones:!!:11432:0:99999:7::11688: tgold:!!:11342:11231:11678:7::: Which of the following is the password field? A. The first field B. The second field C. The third field D. The fourth field Answer: B
Which of the following can be used to view username, UID (User ID), GID (Group ID), full name, home directory, and default shell information? A. cat /etc/group B. cat /etc/services C. cat /etc/shadow D. cat /etc/passwd
Which of the following can be used to view username, UID (User ID), GID (Group ID), full name, home directory, and default shell information? A. cat /etc/group B. cat /etc/services C. cat /etc/shadow D. cat /etc/passwd Answer: D
Broken links and files with no owners • Find and fix files with no owners or symbolic links that no longer point to a file • find / -nouser • find / -nouser –ok rm “{}” “;” • Symlinks can find “dangling” symbolic links
File date and time stamps • Creation time (ctime) • At creation and when contents, permissions, owner or attributes change • ls –l –time=ctime • Access time (atime) • File is opened • ls –l –time=atime • Modification time (mtime) • When file is written and closed
Unit summary • Created, modified, managed, and deleted user and group accounts using command line utilities and the User Manager • useradd • /etc/defaults/useradd • /etc/login.defs • usermod • chage • Found broken links and orphan files, used file date and time stamps • find / -nouser • symlinks –r / | grep dangling
Which of the following commands will locate files that have been modified in the past two days? A. locate t2 B. find / mtime 2 C. whereis time 2 D. grep / ctime 2
Which of the following commands will locate files that have been modified in the past two days? A. locate t2 B. find / mtime 2 C. whereis time 2 D. grep / ctime 2 Answer: B