###User Account & Password Management###
There are three type of user account in Red hat Linux .
1. Super user or Administrative account
2. Regular user account
3. service account
1. Super User created automatically at the time of installation.
2. Regular user Account:-
a. Using command line method useradd or adduser command
b. Graphical method by using Red hat user manager utility
# adduser user_name (Recommended : minimum 6 character used in password)
# passwd user_name
Example:-
#adduser rakesh
#passwd rakesh
Now open the file /etc/passwd to check the entry of user
#vi /etc/passwd
it contain 7 entry of each user
1. Username
2. Password
3. userid
4. groupid
5. blank (User information field ) comment
6. home directory
7. login shell
password entry for each user will be stored in /etc/shadow
# vi /etc/shadow
now in order to check the Userid, Group we use /etc/login.def
# vi /etc/login.def
when any user account is created then user will get userid, groupid automatically from /etc/login.def
5th field is used for user information or comment
6th field is used for home directory. When any user is created its default home directory is created inside /home/rakesh
7th field is login shell. Default shell for user is /bin/bash different shells are used
ksh, sh, csh, tcsh,zsh
shell is an user interface between user and O.S.
linux command shell is a prompt that allow us to interact with our system by executing various command.
In order to check the shell available use /etc/shells
# vi /etc/shells
in order to get the information about the group we need /etc/group
#vi /etc/group
it contain four field
1. Group name
2. password
3. GroupId
4. Member of group
# finger:this command is used to get the information about the user
Syntax:
#finger username
#finger rakesh
#id:this command is used to get userid, groupid of the user
syntax:
#id username
#id rakesh
Creating Group:
Syntax:
#groupadd groupname
#groupadd g gid groupname
Example:
#groupadd raj
Exercise:
Create a user that should have uid=1000 shell=sh description and home directory as /data
Sol:
#useradd u 1000 c rakeshpundir s /bin/sh d /data rakesh
#passwd rakesh
Grpahically
System Setting :-> User & Group
OR
#system-config-user
Every user have two group one is elementary group or primary group and secondary group
-g : Primary Group
-G : Secondary Group
Creating Group
#groupadd g1
#groupadd g2
Steps:
1. adding group to the user
#usermod g g1 G g2 rakesh
2. To change id of the user
#usermod u 1001 rakesh
3. change comment
#usermod c rakeshsingh
4. change home directory
#usermod d /rakesh-home rakesh m
5. change shell
#usermod s /bin/bash rakesh
6. change user login name
#usermod l newname oldname
#usermod l rajesh rakesh
7. Change Group name
#groupmod n newname oldname
#groupmod n group1 g1
8. change Group id
#groupmod g 2005 group1
------------------------------------------------------------------------------------------
###User/Group Management###
--------------------------------------------------------------------------------------
Features:
1. The ability to control users and groups
Primary tools:
1. useradd - used to add users and modify group membership
2. system-config-users
Task:
1. Create a user named 'student1' using 'useradd'
Note: Default user settings derive from: /etc/login.defs
a. useradd student1
b. set password for user 'student1': passwd student1
Default User Accounts DB: /etc/passwd
student1:x:501:501::/home/student1:/bin/bash
username:shadow_reference:uid:gid:Description(GECOS):$HOME:$SHELL
Note: /etc/passwd is a world-readable file
Note: /etc/shadow now stores passwords in encrypted form
Note: /etc/shadow is NOT world-readable
Fields in /etc/shadow:
student1:$1$XSFMv2ru$lfTACjN.XxaxbHA0EkB4U0:13891:0:99999:7:::
1. username:
2. encrypted_password:
3. Days_since_Unix_epoch_password_was_changed (01/01/1970)
4. Days before password may be changed
5. Days after which the password MUST be changed
6. Days before password is to expire that user is warned
7. Days after password expires, that account is disabled
8. Days since Unix epoch, that account is disabled
9. Reserved field (currently unused)
2. Modify user 'student1' to have password expire after 45 days
a. usermod
Groups:
1. groupadd - adds new group
2. groups - lists groups on the system: /etc/group
/etc/group - maintains group membership information
Task: Create a 'sales' group and add 'linuxcbt' and 'student1' as members
1. groupadd sales
2. usermod -G sales linuxcbt
3. usermod -G sales student1
Note: 2 types of groups exist:
1. Primary - used by default for a user's permissions
2. Supplemental - used to determine effective permissions
Note: use 'id' to determine the group information of user
Note: Create a new shell session to realize new group membership information
userdel/groupdel are used to delete users and groups, respectively
Features:
1. The ability to restrict/control access to files
Note: 10 bits represent permissions for files (including directories)
Note: use 'ls -l' to examine permissions or GUI application like 'Nautilus'
-rwxrwxr-x 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl
1st bit = file type. '-' = file, 'd' = directory
2nd - 4th bits = owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
5th - 7th bits = group owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
8th - 10th bits = everyone (world)
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
Task:
1. Manipulate file permissions using 'chmod'
a. chmod -x regextest.pl
-rw-rw-r-- 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl
rw = 6 or 4+2 for owner
rw = 6 or 4+2 for group owner
r = 4 for everyone else (world)
Octal notation: 664 for file 'regexetest.pl'
chmod 664 regextest.pl - removes execution for ALL users
chmod 775 regextest.pl - enables execution for ALL users
2. Ensure that 'regextest.pl' is rw by owner and noone else
a. chmod 600 regextest.pl
Note: File will now be rw by owner (linuxcbt) and 'root'
3. Ensure that 'regextest.pl' is r by owner and noone else
a. chmod 400 regextest.pl && ls -l regextest.pl
Note: chmod supports string values, which represent octal values
chmod +/- x file
chmod +/- w file
chmod +/- r file
chmod +/- u+x file - updates owner's execute permissions on the file
chmod +/- o+x file - updates other's execute permissions on the file
chmod +/- g+x file - updates group's execute permissions on the file
chmod a+rwx = chmod 777
chown - permits changing of ownership of files
a. chown root regextest.pl - changes ownership to 'root'
b. chown linuxcbt:sales regextest.pl - changes owner and group to 'linuxcbt:sales'
Task:
Update 'regextest.pl' so that owner and group owner may modify the file
a. chmod 660 regextest.pl
SETUID:
Features:
1. ability to execute file as owner
chmod 4760 regextest.pl - this will ensure that the perl script always executes as the user 'linuxcbt'
-rwsrw---- 1 linuxcbt sales 787 Jan 13 16:08 regextest.pl
's' in the execute position means that the program will execute as that user
SETGID:
Features:
1. Ability to enforce permissions to a directory structure
mkdir /sales
chmod 2775 /sales
Create a file in the '/sales' directory as 'linuxcbt'
seq 1000000 > linuxcbt.1million.txt
chgrp:
Permits updating of group permissions
Sticky Bit:
Features:
1. Ability to ensure that users cannot delete others' files in a directory
drwxrwxrwt 23 root root 4096 Jan 13 15:05 /tmp/
/tmp - users cannot delete other user's files in '/tmp'
chmod 3777 /sales - ensures that /sales will not lose files from incorrect users
Task:
1. Set '/sales' using sticky bit and test
a. chmod 3777 /sales && ls -ld /sales OR chmod 777 /sales && chmod +t /sales
Thanking You
Hope U Like it......