480 likes | 643 Vues
CIS 191 - Lesson 8. Users and Groups. CIS 191 - Lesson 8. Users and Groups User and Group Management. Where user and group information resides: /etc/passwd /etc/shadow /etc/group /etc/gshadow. CIS 191 - Lesson 8. id command. [root@benji htdocs]# id cis191
E N D
CIS 191 - Lesson 8 Users and Groups
CIS 191 - Lesson 8 Users and Groups User and Group Management • Where user and group information resides: • /etc/passwd • /etc/shadow • /etc/group • /etc/gshadow
CIS 191 - Lesson 8 id command [root@benji htdocs]# id cis191 uid=500(cis191) gid=500(cis191) groups=500(cis191) context=root:system_r:unconfined_t:SystemLow-SystemHigh [root@benji htdocs]# id root uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t:SystemLow-SystemHigh Note: id command in newer distros shows SELinux contexts for users
CIS 191 - Lesson 8 /etc/passwd • Fields f1:f2:f3:f4:f5:f6 • f1=Login name or username (up to 32 chars) • f2=Password field • x for /etc/shadow • * to lock • f3=User id (UID) • f4=Primary Group ID (GID) • f5=Comment (GECOS) • f6=Home directory • f7=Command/shell Note: a user may belong to more than one group. The primary GID in /etc/passwd is used when creating new files
CIS 191 - Lesson 8 /etc/shadow • Fields f1:f2:f3:f4:f5:f6:f7:f8 • f1=User name • f2=Password • $1$... (MD5 encrypted password) • * (locked) • !! (no password set) • f3=Last time changed (days since 1/1/70) • f4=Min days to elapse between password changes • f5=Max days to elapse without changing password • f6=Number of warning days before expiration • f7=Grace period before it really expires • f8=Date (days since 1/1/70) account will expire
CIS 191 - Lesson 8 /etc/group • Fields f1:f2:f3:f4 • f1=Group name • f2=Password • x = password in /etc/gshadow • f3=Group ID • f4=Group members (users)
CIS 191 - Lesson 8 /etc/gshadow • Fields f1:f2:f3:f4 • f1=Group name • f2=Encrypted password • ! = no user allowed to access group using newgrp command • !! = same as ! but password has never been set • empty = only group members can log into the group • f3=Group administrators • f4=Group members
CIS 191 - Lesson 8 More on Groups [roddyduk@opus ~]$ id roddyduk uid=1156(roddyduk) gid=103(cis90) groups=103(cis90),100(users) context=user_u:system_r:unconfined_t [roddyduk@opus ~]$ groups roddyduk roddyduk : cis90 users Excerpt from /etc/passwd roddyduk:x:1156:103:Duke Roddy:/home/cis90/roddyduk:/bin/bash simmsben:x:1160:103:Benji Simms:/home/cis90/simmsben:/bin/bash guest191:x:1161:191:CIS 191 guest account:/home/cis191/guest191:/bin/bash woolahen:x:1162:103:Henry Woolard:/home/cis90/woolahen:/bin/bash stanlcha:x:1163:103:Charles Stanley:/home/cis90/stanlcha:/bin/bash bolasale:x:1164:103:Alexa Bolas:/home/cis90/bolasale:/bin/bash seatocol:x:1165:103:Collin Seaton:/home/cis90/seatocol:/bin/bash minvirob:x:1166:103:Robert Minvielle:/home/cis90/minvirob:/bin/bash wrigholi:x:1167:103:Oliver Wright:/home/cis90/wrigholi:/bin/bash Excerpt from /etc/group users:x:100:guest90,jimg,mainart,solommat,villeill,cresszer,simmsmar,roddyduk,simmsben,woolahen,stanlcha,bolasale,seatocol,minvirob,wrigholi,dymesdia,simmsric,milesfre,cafielar,sterlchr,barrecol,ruizdav,gantden,deakifre,bellhil,sinopjam,chaffjan,clarkjef,lemiejoh,simmsjon,bobisjoe,rivasjul,smithkay,farramar,talpamar,lemusosc,weavepat,roneyric,kriewron,smithstu,scalenoa,childtim,husmalei,blackwil,doddkev,lyonsrob,ybarrser,valdemar,elliokat,jessuwes,luisjus,perezave,thrascat,meyerjas,bergelyl,hutmabry,gardnnic,mohanchi,whitfbob,wichemic,crivejoh cis90:x:103:jimg,guest,rsimms cis191:x:191:jimg,rsimms Note: roddyduk is a member of cis90 and users roddyduk's primary group is 103 (cis90) roddyduk is listed in users group / roddyduk is not listed for cis90 group because cis90 is his primary group and that is shown in /etc/passwd
CIS 191 - Lesson 8 Groups Every user is a member of a primary group (shown in /etc/passwd) and multiple secondary groups (shown in /etc/group) [roddyduk@opus ~]$ groups roddyduk roddyduk : cis90 users [roddyduk@opus ~]$ id uid=1156(roddyduk) gid=103(cis90) groups=100(users),103(cis90) context=user_u:system_r:unconfined_t [roddyduk@opus ~]$ touch mydogs [roddyduk@opus ~]$ ls -l mydogs -rw-rw-r-- 1 roddyduk cis90 0 Oct 20 14:25 mydogs secondary primary / New files are created using primary group
CIS 191 - Lesson 8 newgrp command Changes your default group used when creating new files [cis191@benji ~]$ newgrp users Sorry. cis191@benji ~]$ id uid=500(cis191) gid=500(cis191) groups=500(cis191) context=user_u:system_r:unconfined_t cis191@benji ~]$ id cis191 uid=500(cis191) gid=500(cis191) groups=500(cis191),100(users) context=user_u:system_r:unconfined_t [cis191@benji ~]$ newgrp users [cis191@benji ~]$ grep cis191 /etc/passwd cis191:x:500:500:cis 191:/home/cis191:/bin/bash [cis191@benji ~]$ touch newfile [cis191@benji ~]$ ls -l newfile -rw-r--r-- 1 cis191 users 0 Oct 27 05:12 newfile [cis191@benji ~]$ rm newfile [cis191@benji ~]$ newgrp cis191 [cis191@benji ~]$ touch newfile [cis191@benji ~]$ ls -l newfile -rw-rw-r-- 1 cis191 cis191 0 Oct 27 05:13 newfile fails because user cis191 is not a member of group users [root@benji ~]# usermod -G users cis191 [root@benji ~]# grep cis191 /etc/group users:x:100:cis191 cis191:x:500: root adds user cis191 to users group Note: newgrp does not change /etc/passwd / new files created using default group
CIS 191 - Lesson 8 Adding and modifying users edit /etc/passwd (vipw), GUI and commands Three ways to manage groups: Directly edit /etc/passwd and /etc/shadow with vipw command. Use useradd, usermod and userdel commands. Use User Manager GUI utility.
CIS 191 - Lesson 8 Adding and modifying users GUI User Manager Tool • Use Add User button to add new groups • Select group and use Properties button to add users to groups • Select user and use delete button to delete Select Users tab to see users
CIS 191 - Lesson 8 Adding and modifying users vipw command • Remember to add entry to /etc/shadow. • Remember to create users home directory • Remember to set permissions correctly in users home directory • remember to copy /etc/skel files to users home directory • remember to set the passwd with passwd command • Remember to add the user to the appropriate groups by editing /etc/group with vigr Note: after writing and quitting you get prompted to edit the /etc/shadow file
CIS 191 - Lesson 8 Adding users useradd - Creates a new user account useradd [-c comment] [-d home_dir] [-g initial_group] [-G group[,...]] [-m [-k skeleton_dir]] [-s shell] [-u uid [ -o]] login -c comment The new user's password file comment field. -d home_dir The new user will be created using home_dir as the value for the user's login directory. -g initial_group The group name or number of the user's initial login group. -G group,[,...] A list of supplementary groups which the user is also a member of. -m The user's home directory will be created if it does not exist. -s shell The name of the user's login shell. -u uid The numerical value of the user's ID. See man page for full details
CIS 191 - Lesson 8 Adding users useradd defaults [root@benji ~]# useradd frodo [root@benji ~]# grep frodo /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/passwd:frodo:x:501:501::/home/frodo:/bin/bash /etc/shadow:frodo:!!:14179:0:99999:7::: /etc/group:frodo:x:501: /etc/gshadow:frodo:!:: [root@benji ~]# [root@benji ~]# ls -a /home/frodo/ . .. .bash_logout .bash_profile .bashrc [root@benji ~]# [root@benji ~]# id frodo uid=501(frodo) gid=501(frodo) groups=501(frodo) context=root:system_r:unconfined_t:SystemLow-SystemHigh [root@benji ~]# userdel -r frodo [root@benji ~]# grep frodo /etc/passwd /etc/shadow /etc/group /etc/gshadow [root@benji ~]# ls -a /home/frodo/ ls: /home/frodo/: No such file or directory [root@benji ~]# [root@benji ~]# id frodo id: frodo: No such user
CIS 191 - Lesson 8 Adding users useradd - Creates a new user account [root@benji ~]# useradd -d /home/cis191/frodo -g hobbits -u 601 -c "Frodo Baggins" frodo [root@benji ~]# grep frodo /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/passwd:frodo:x:601:600:Frodo Baggins:/home/cis191/frodo:/bin/bash /etc/shadow:frodo:!!:14179:0:99999:7::: [root@benji ~]# ls -a /home/cis191/frodo/ . .. .bash_logout .bash_profile .bashrc [root@benji ~]# id frodo uid=601(frodo) gid=600(hobbits) groups=600(hobbits) context=root:system_r:unconfined_t:SystemLow-SystemHigh [root@benji ~]# This time we are setting custom UID, GID, comment and home directory
CIS 191 - Lesson 8 Locking and unlocking users password and usermod commands • passwd [-l] [-u] [-d] [ login ] • -l Locks password entry for name. • -u Unlocks accounts • -d Removes a password from an account • usermod [-L] [-U] login • -L Locks password entry for name. • -U Unlocks accounts See man page for full details
CIS 191 - Lesson 8 Adding users passwd to set, lock and unlock accounts [root@benji ~]# grepfrodo /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/passwd:frodo:x:601:600:Frodo Baggins:/home/cis191/frodo:/bin/bash /etc/shadow:frodo:!!:14179:0:99999:7::: root@benji ~]# passwdfrodo Changing password for user frodo. New UNIX password: BAD PASSWORD: it is based on a dictionary word Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@benji ~]# grepfrodo /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/passwd:frodo:x:601:600:Frodo Baggins:/home/cis191/frodo:/bin/bash /etc/shadow:frodo:$1$Q4Hv5FL5$2WApPtaHOs.Io28jnq4RN1:14179:0:99999:7::: [root@benji ~]# passwd -l frodo Locking password for user frodo. passwd: Success [root@benji ~]# grepfrodo /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/passwd:frodo:x:601:600:Frodo Baggins:/home/cis191/frodo:/bin/bash /etc/shadow:frodo:!!$1$Q4Hv5FL5$2WApPtaHOs.Io28jnq4RN1:14179:0:99999:7::: [root@benji ~]# passwd -u frodo Unlocking password for user frodo. passwd: Success. [root@benji ~]# grepfrodo /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/passwd:frodo:x:601:600:Frodo Baggins:/home/cis191/frodo:/bin/bash /etc/shadow:frodo:$1$Q4Hv5FL5$2WApPtaHOs.Io28jnq4RN1:14179:0:99999:7::: [root@benji ~]# Initially no password is set. Use passwd to set or change password Use –l option to lock account Use –u option to lock account
CIS 191 - Lesson 8 Users and Groups Password Rules and Aging • chage command • [root@benji ~]# chage -m 0 -M 190 -E 2008-10-31 -W 14 frodo • [root@benji ~]# grep frodo /etc/shadow • frodo:$1$brrqEcEf$Pa7PSOK86a9jgpXDtLu221:14179:0:190:14::14183: • [root@benji ~]# days of warning expiration maximum minimum
CIS 191 - Lesson 8 Users and Groups Forcing a user to change their password root On chage command, set –d option (last day) to 0 to force user to change their password frodo
CIS 191 - Lesson 8 Modifying users usermod - Enables a super user or root to modify a group usermod [-c comment] [-d home_dir [ -m]] [-g initial_group] [-G group[,...]] [-l login_name] [-s shell] [-u uid [ -o]] [-p encrypted-pw ] login -c comment The new value of the user's password file comment field. -d home_dir The user's new login directory. If the -m option is given the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist. -G group[,...] A list of supplementary groups which the user is also a member of. -l login_name The name of the user will be changed from login to login_name. -s shell The name of the user's new login shell. -u uid The numerical value of the user's ID. -p Set new password using encrypted sting See man page for full details
CIS 191 - Lesson 8 Deleting users userdel - Enables a super user or root to remove a user userdel [-r] login -r Files in the user's home directory will be removed along with the home directory itself and the user's mail spool. See man page for full details
CIS 191 - Lesson 8 Adding and modifying groups edit /etc/group (vigr), GUI and commands Three ways to manage groups: Directly edit /etc/groups and /etc/gshadow with vigr command. Use groupadd, groupmod and groupdel commands. Use User Manager GUI utility.
CIS 191 - Lesson 8 Adding and modifying groups edit /etc/group (vigr) Note: prompts you to update /etc/gshadow after writing and quitting
CIS 191 - Lesson 8 Adding and modifying groups GUI User Manager Tool • Use Add Group button to add new groups • Use Properties button to add users to groups • Select group and use delete button to delete Select Groups tab to see groups
CIS 191 - Lesson 8 Adding and modifying groups groupadd - Creates a new group groupadd [-g gid [-o]] group -g gid The numerical value of the group's ID.
CIS 191 - Lesson 8 Adding and modifying groups groupmod - Enables a super user or root to modify a group groupmod [-g gid [-o]] [-n group_name ] group -g gid The numerical value of the group's ID. -n group_name The name of the group will be changed from group to group_name.
CIS 191 - Lesson 8 Deleting groups groupdel - Enables a super user or root to remove a group groupdel group
CIS 191 - Lesson 8 Logging in
CIS 191 - Lesson 8 Users and Groups Setting Account Defaults • User Profiles • System defaults • The role of /etc/profile versus /etc/bashrc • The order of precedence • Creating /etc/skel account Templates
CIS 191 - Lesson 8 Logging in Graphical Login Terminal Login
CIS 191 - Lesson 8 Logging in It starts in /etc/inittab Terminal login with mingetty # Run gettys in standard runlevels 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 # Run xdm in runlevel 5 x:5:respawn:/etc/X11/prefdm -nodaemon [root@benji htdocs]# Graphical login with xdm
CIS 191 - Lesson 8 Graphical Login with xdm [root@benji htdocs]# cat /etc/X11/prefdm #!/bin/sh < snipped > # Run preferred X display manager preferred= if [ -f /etc/sysconfig/desktop ]; then . /etc/sysconfig/desktop if [ "$DISPLAYMANAGER" = GNOME ]; then preferred=/usr/sbin/gdm elif [ "$DISPLAYMANAGER" = KDE ]; then preferred=/usr/bin/kdm elif [ "$DISPLAYMANAGER" = XDM ]; then preferred=/usr/bin/xdm elif [ -n "$DISPLAYMANAGER" ]; then preferred=$DISPLAYMANAGER fi fi shopt -s execfail [ -n "$preferred" ] && exec $preferred "$@" >/dev/null 2>&1 </dev/null < snipped > exit 1 [root@benji htdocs]# /etc/X11/prefdm runs preferred display manager
CIS 191 - Lesson 8 Login and Passwords • init starts up the mingetty process on each terminal which • prompts for login username, gets it, then execs login (no PID change) [cis191@benji ~]$ ps t tty1 PID TTY STAT TIME COMMAND 3557 tty1 Ss+ 0:00 /sbin/mingetty tty1 2) login collects the password and checks it with /etc/passwdand /etc/shadow [cis191@benji ~]$ ps t tty1 PID TTY STAT TIME COMMAND 3557 tty1 Ss+ 0:00 /bin/login – 3) login then starts up the shell specified in the /etc/passwdfile [cis191@benji ~]$ ps t tty1 PID TTY STAT TIME COMMAND 3603 tty1 Ss+ 0:00 –bash
CIS 191 - Lesson 8 Customizing /etc/issue [cis191@benji ~]$ cat /etc/issue CentOS release 5 (Final) Kernel \r on an \m /etc/issue can be modified and the special characters below can be inserted b Insert the baudrate of the current line. d Insert the current date. s Insert the system name, the name of the operating system. l Insert the name of the current tty line. m Insert the architecture identifier of the machine, e.g., i686. n Insert the nodename of the machine, also known as the hostname. o Insert the domainname of the machine. r Insert the release number of the kernel, e.g., 2.6.11.12. t Insert the current time. u Insert the number of current users logged in. U Insert the string "1 user" or "<n> users" where <n> is the number of current users logged in. v Insert the version of the OS, e.g., the build-date etc.
CIS 191 - Lesson 8 Customizing /etc/issue [root@benji ~]# cat /etc/issue ************************* *** Beware of the Dog *** ************************* Running \r on \m with \U [\l] A modified /etc/issue b Insert the baudrate of the current line. d Insert the current date. s Insert the system name, the name of the operating system. l Insert the name of the current tty line. m Insert the architecture identifier of the machine, e.g., i686. n Insert the nodename of the machine, also known as the hostname. o Insert the domainname of the machine. r Insert the release number of the kernel, e.g., 2.6.11.12. t Insert the current time. u Insert the number of current users logged in. U Insert the string "1 user" or "<n> users" where <n> is the number of current users logged in. v Insert the version of the OS, e.g., the build-date etc.
CIS 191 - Lesson 8 /etc/motd – message of the day [root@benji ~]# cat /etc/motd [root@benji ~]# /etc/motd can be modified
CIS 191 - Lesson 8 Customizing /etc/motd – message of the day [root@benji ~]# cat /etc/motd O ) _( OO) ( OO ) ) ;-----.\(,------.,--./ ,--,' ,--. ,-.-') | .-. | | .---'| \ | |\ .-')| ,| | |OO) | '-' /_)| | | \| | )( OO |(_| | | \ | .-. `.(| '--. | . |/ | `-'| | | |(_/ | | \ || .--' | |\ | ,--. | | ,| |_.' | '--' /| `---.| | \ | | '-' /(_| | `------' `------'`--' `--' `-----' `--' [root@benji ~]# A modified /etc/motd
CIS 191 - Lesson 8 Hushing login messages for specific users [root@benji ~]# cat /etc/motd Notice: Benji will be down for five minutes at midnight tonight for an upgrade [root@benji ~]# [root@benji ~]# touch /home/cis191/.hushlogin [root@benji ~]# Placing a .hushlogin file in a users home directory will suppress login messages
CIS 191 - Lesson 8 man pages for mingetty and login MINGETTY(8) Linux Programmerâs Manual MINGETTY(8) NAME mingetty - minimal getty for consoles SYNOPSIS mingetty [--noclear] [--nonewline] [--noissue] [--nohangup] [--nohost- name] [--long-hostname] [--loginprog=/bin/login] [--nice=10] [--delay=5] [--chdir=/home] [--chroot=/chroot] [--autologin username] tty DESCRIPTION mingetty is a minimal getty for use on virtual consoles. Unlike agetty(8), mingetty is not suitable for serial lines. I recommend using mgetty(8) for this purpose. OPTIONS --noclear Do not clear the screen before prompting for the login name (the screen is normally cleared). --nonewline Do not print a newline before writing out /etc/issue. --noissue Do not output /etc/issue. --nohangup Do not call vhangup() to disable writing to this tty by other applications. LOGIN(1) Linux Programmerâs Manual LOGIN(1) NAME login - sign on SYNOPSIS login [ name ] login -p login -h hostname login -f name DESCRIPTION login is used when signing onto a system. It can also be used to switch from one user to another at any time (most modern shells have support for this feature built into them, however). If an argument is not given, login prompts for the username. If the user is not root, and if /etc/nologin exists, the contents of this file are printed to the screen, and the login is terminated. This is typically used to prevent logins when the system is being taken down. If special access restrictions are specified for the user in /etc/usertty, these must be met, or the log in attempt will be denied and a syslog message will be generated. See the section on "Special Access Restrictions". If the user is root, then the login must be occurring on a tty listed in /etc/securetty. Failures will be logged with the syslog facility. After these conditions have been checked, the password will be requested and checked (if a password is required for this username). Read these for more details on customizing the login process
CIS 191 - Lesson 8 bash startup files • etc/profile(all) • adds root's special path • etc/profile.d/*.sh (all) • kerberos directories added to path • adds color, vi aliases • language, character sets • .bash_profile (user specific) • adds user's bin to path • .bashrc(user specific) • aliases to force interactive rm, mv for root • /etc/bashrc(all) • changes umask to 0002 for regular users • sets final prompt string only executed when logging in
CIS 191 - Lesson 8 /etc/profile [root@benji ~]# cat /etc/profile # /etc/profile # System wide environment and startup programs, for login setup # Functions and aliases go in /etc/bashrc pathmunge () { if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi fi } # ksh workaround if [ -z "$EUID" -a -x /usr/bin/id ]; then EUID=`id -u` UID=`id -ru` fi # Path manipulation if [ "$EUID" = "0" ]; then pathmunge /sbin pathmunge /usr/sbin pathmunge /usr/local/sbin fi # No core files by default ulimit -S -c 0 > /dev/null 2>&1 /etc/profile is run when you login if [ -x /usr/bin/id ]; then USER="`id -un`" LOGNAME=$USER MAIL="/var/spool/mail/$USER" fi HOSTNAME=`/bin/hostname` HISTSIZE=1000 if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then INPUTRC=/etc/inputrc fi export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC for i in /etc/profile.d/*.sh ; do if [ -r "$i" ]; then . $i fi done unset i unset pathmunge [root@benji ~]# root gets extended path ls color and vi aliases added by these scripts
CIS 191 - Lesson 8 .bash_profile [root@benji ~]# cat .bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin export PATH unset USERNAME [root@benji ~]# runs .bashrc and adds user's bin directory to the path. Add custom paths for specific users in this file: [cis191@benji ~]$ cat .bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin export PATH [cis191@benji ~]$
CIS 191 - Lesson 8 .bashrc [root@benji ~]# cat .bashrc # .bashrc # User specific aliases and functions alias rm='rm -i' alias cp='cp -i' alias mv='mv -i' # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi [root@benji ~]# Adds aliases for root to force interactive prompting for commands that delete files. Add additional custom aliases for specific users to this file [cis191@benji ~]$ cat .bashrc # .bashrc # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # User specific aliases and functions [cis191@benji ~]$ Note: .bashrc calls /etc/bashrc
CIS 191 - Lesson 8 /etc/bashrc [root@benji ~]# cat /etc/bashrc # /etc/bashrc # System wide functions and aliases # Environment stuff goes in /etc/profile # By default, we want this to get set. # Even for non-interactive, non-login shells. if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then umask 002 else umask 022 fi # are we an interactive shell? if [ "$PS1" ]; then case $TERM in xterm*) if [ -e /etc/sysconfig/bash-prompt-xterm ]; then PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm else PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}"; echo -ne "\007"' fi ;; screen) if [ -e /etc/sysconfig/bash-prompt-screen ]; then PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen else PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}"; echo -ne "\033\\"' fi ;; *) [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default ;; esac Downgrades umask for regular users
CIS 191 - Lesson 8 /etc/bashrc (continued) # Turn on checkwinsize shopt -s checkwinsize [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ " fi if ! shopt -q login_shell ; then # We're not a login shell # Need to redefine pathmunge, it get's undefined at the end of /etc/profile pathmunge () { if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi fi } for i in /etc/profile.d/*.sh; do if [ -r "$i" ]; then . $i fi done unset i unset pathmunge fi # vim:ts=4:sw=4 [root@benji ~]# Here is where the familiar prompt is set
CIS 191 - Lesson 8 Starting non-login shell (when starting a graphical terminal) .bashrc is run which calls /etc/bashrc /etc/bashrc added ls aliases
CIS 191 - Lesson 8 • New commands: • chage • passwd • groupadd • groupdel • groupmod • useradd • userdel • usermod • vigr • vipw • New Files and Directories: • /etc/passwd, /etc/shadow • /etc/group, /etc/gshadow • /etc/profile, .bash_profile • /etc/bashrc, .bashrc • /etc/profile.d/*.sh • VMware: