1 / 35

User, group and file administration

User, group and file administration. Unit objectives Create, modify, manage, and delete user and group accounts Find broken links and orphan files and use file date and time stamps. Topic A: Administering users and groups. Authentication and user accounts. Authentication

thisbe
Télécharger la présentation

User, group and file administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. User, group and file administration Unit objectives • Create, modify, manage, and delete user and group accounts • Find broken links and orphan files and use file date and time stamps

  2. Topic A: Administering users and groups

  3. Authentication and user accounts • Authentication • Act of verifying a user’s identity • Compares user name and password to a system database • Database that contains account information typically consists of two files: • /etc/passwd • Contains details of user • /etc/shadow • Contains hash of password and expiration information

  4. Administering users and groups • pwconv • Converts to using /etc/shadow file to store encrypted password • pwunconv • Reverts back to /etc/passwd file only continued

  5. /etc/passwd file • name:passwd:UID:GID:GECOS:homedirectory:shell • A + before entry marks an account as disabled, unable to log in • * in passwd field marks account as disabled • name • Username • passwd • If /etc/shadow exists • X • If no /etc/shadow • Encrypted password • User Identifier (UID) • Specifies the unique user ID assigned to each user • UID 1 to 100 reserved for system daemons continued

  6. /etc/passwd file • name:passwd:UID:GID:GECOS:homedirectory:shell • Group Identifier (GID) • Primary group ID for each user • GECOS • Text description of user-usually blank • homedirectory • Path to home directory • shell • Path to shell continued

  7. /etc/shadow file • name:passwd:lastchange:min:max:warn:disable1:disable2 • passwd • Contains encrypted passwd • If ! Then account is lcoked • lastchange • Last password change date • Measured since 1/1/1970 • min • Number of days you must wait to change • Fedora default-0 • max • Number of days you can use a password • Max 99,999 • warn • Number of days before expiration that you get warning • 7 days

  8. /etc/group file • name:passwd:GID:members • name • Group name • passwd • Group Password • Usually an x since they are rarely used

  9. Creating user accounts • useradd command • Adds a user account to the system • /etc/login.defs default values: • location for e-mail • password expiration • minimum password length • range of UIDs and GIDs • whether to create home directories continued

  10. Creating user accounts, continued • /etc/default/useradd default values: • primary group • location of home directory • disable accounts with expired password • date to disable user accounts • shell • skeleton directory • Skeleton directory • Contains the files copied to all new users’ home directories upon creation

  11. Options to the useradd command

  12. Passwd command • When user is added, password file in /etc/shadow has ! • No password set • Use passwd username command to set • passwd bobg • Sets bobg password • Done as root • Without arguments, user can set own password

  13. usermod • Used to change account proprties • Edits details of /etc/passwd, etc/shadow, etc with less risk of making mistake

  14. usermod options

  15. Modifying user accounts • chage • Modifies password expiry information • Locking an account • usermod –L username • Makes account temporarily unusable by altering the password information • Puts ! In /etc/shadow file password field • Unlock with usermod –U username • Can also change shell to /bin/false

  16. Modifying user accounts • chsh • chsh –s /bin/flase bobg • Changes a valid shell to an invalid shell

  17. Deleting user accounts • userdel command • Remove a user account from both /etc/passwd and /etc/shadow • To delete files use –r option • When an account is deleted, any files that were previously owned by the user become owned by a number that represents the UID of the deleted user

  18. Managing groups • groupadd • Adds a group • groupmod • Modifies the name of a GID • groupdel • Deletes a group • groups • Prints a list of groups the user is a member of

  19. Managing groups • newgrp • Temporarily change primary group memebership • New files have group membership according to new setting

  20. The graphical User Manager

  21. If the /etc/shadow file does not exist when pwconv is run, which of the following occur? A. The system will give an error message. B. /etc/passwd is renamed to /etc/shadow and a new soft link is created. C. Entries in the /etc/passwd file are added to a new /etc/shadow file. The /etc/passwd file is unchanged. D. Password attributes in /etc/passwd are moved to a corresponding entry in a new /etc/shadow file.

  22. If the /etc/shadow file does not exist when pwconv is run, which of the following occur? A. The system will give an error message. B. /etc/passwd is renamed to /etc/shadow and a new soft link is created. C. Entries in the /etc/passwd file are added to a new /etc/shadow file. The /etc/passwd file is unchanged. D. Password attributes in /etc/passwd are moved to a corresponding entry in a new /etc/shadow file. Answer: D

  23. A system administrator wants to disable shell access for a user. Which of the following is the appropriate shell to set? A. /bin/sh B. /bin/false C. /bin/passwd D. /bin/disable

  24. A system administrator wants to disable shell access for a user. Which of the following is the appropriate shell to set? A. /bin/sh B. /bin/false C. /bin/passwd D. /bin/disable Answer: B

  25. Examine the following /etc/passwd file: root:X:11423:0:99999:7::: dgringold:X:11423:0:99999:7::: jjones:!!:11432:0:99999:7::11688: tgold:!!:11342:11231:11678:7::: Which of the following is the password field? A. The first field B. The second field C. The third field D. The fourth field

  26. Examine the following /etc/passwd file: root:X:11423:0:99999:7::: dgringold:X:11423:0:99999:7::: jjones:!!:11432:0:99999:7::11688: tgold:!!:11342:11231:11678:7::: Which of the following is the password field? A. The first field B. The second field C. The third field D. The fourth field Answer: B

  27. Which of the following can be used to view username, UID (User ID), GID (Group ID), full name, home directory, and default shell information? A. cat /etc/group B. cat /etc/services C. cat /etc/shadow D. cat /etc/passwd

  28. Which of the following can be used to view username, UID (User ID), GID (Group ID), full name, home directory, and default shell information? A. cat /etc/group B. cat /etc/services C. cat /etc/shadow D. cat /etc/passwd Answer: D

  29. Topic B: Administering user files

  30. Broken links and files with no owners • Find and fix files with no owners or symbolic links that no longer point to a file • find / -nouser • find / -nouser –ok rm “{}” “;” • Symlinks can find “dangling” symbolic links

  31. File date and time stamps • Creation time (ctime) • At creation and when contents, permissions, owner or attributes change • ls –l –time=ctime • Access time (atime) • File is opened • ls –l –time=atime • Modification time (mtime) • When file is written and closed

  32. Unit summary • Created, modified, managed, and deleted user and group accounts using command line utilities and the User Manager • useradd • /etc/defaults/useradd • /etc/login.defs • usermod • chage • Found broken links and orphan files, used file date and time stamps • find / -nouser • symlinks –r / | grep dangling

  33. Which of the following commands will locate files that have been modified in the past two days? A. locate ­t2 B. find / ­mtime 2 C. whereis ­time 2 D. grep / ­ctime 2

  34. Which of the following commands will locate files that have been modified in the past two days? A. locate ­t2 B. find / ­mtime 2 C. whereis ­time 2 D. grep / ­ctime 2 Answer: B

  35. Any Questions?

More Related