ITI481: Unix Administration

1
ITI-481 Unix Administration

• Meeting 3
• Christopher Uriarte, Instructor
• Rutgers University Center for Applied Computing
  Technologies

2
Todays Agenda

• Account Management
• File and directory permissions and management
• UNIX networking basics

3
Unix System Accounts

• Access to system resources is controlled through
  user and group assignments.
• Two types of user accounts
• Root user the system administrator the
  superuser who has permission to execute every
  command and read every file on the system.
  Root has total control of everything on the
  system.
• Normal user any user that is not the root user.
• As youve experienced thus far, almost all UNIX
  administration is done as the root user.

4
Becoming the Root User

• There are two ways that you can log in as the
  root user
• Sitting at the system console, you can simply log
  in as root.
• If your are logged in as another user, you can
  use the su command at the command prompt to
  change to the root user (you will be prompted for
  the root password). You then have full root
  rights until you exit your shell.
• Root login is restricted via remote access
  (telnet or ssh) you must first log in as a
  non-root user and then use su

5
UNIX System Components Related to Account Creation

• /etc/password The system user file, contains
  information about users on the system.
• /etc/shadow The file that actually contains the
  passwords
• /etc/group The system group file, defines user
  groups on the system.
• User Home Directories (/home/username)
• Initialization shell scripts (.login,
  .bash_profile, .cshrc, etc.)

6
Passwords on UNIX Systems

• Should always be encrypted when stored all
  modern UNIX systems use password encryption.
• Crypt encryption up to 8 characters
• MD5 encryption up to 256 characters
• Should be a combination of random letters,
  numbers, and special characters.
• Used to be stored in /etc/password, but now
  stored in /etc/shadow
• Passwords are set using the passwd command.
  Only the root user can change passwords for other
  users.
• passwd changes your own password
• passwd username changes another users password

7
The /etc/passwd File

• Stores a users username, unique user ID number,
  default group ID number, Full name, home
  directory and login shell.
• Each user on the system has a unique UID,
  assigned by the system.
• The root user has the UID of 0 (zero) THIS is
  what characterizes the root user, not the
  username root
• /etc/passwd File format (One Entry Per Line,
  fields separated by colons)usernamexuser ID
  (UID)default group (GID)name (GECOS) home
  directorylogin shell
• Sample entry (with shadow file)kkaplanx500500
  Kellee Kaplan/home/kkaplan/bin/bash
• Typical file permissions-rw-r--r-- 1 root
  root 865 Mar 28 1044 /etc/passwd

8
The /etc/shadow File

• Stores encrypted user passwords.
• /etc/shadow File Formatlogin nameencrypted
  password other options for password expiration
  and changing (non-standard)
• Sample entry (One Entry Per Line, fields
  separated by colons)kkaplan1iwdVDneiaBcxvpyY
  i0610987099999
• Typical permissions (IMPORTANT!)-r-------- 1
  root root 752 Jan 31 1145 /etc/shadow

9
The /etc/group File

• Contains information about system groups and the
  users that are members of each group.
• Contains the fields Groups Name, unique group
  ID number and a list of the groups members.
• Entry formatgroup namexGIDcomma-separated
  list of group members
• Sample entrystaffx103kkaplan,jsmith,jdoe
• (a group called staff with the members kkaplan,
  jsmith and jdoe)

10
Account Management Tools

• With the exception of /etc/group, all account
  management files are managed through simple
  command-line tools.
• Command line
• Users useradd, userdel, usermod
• Groups groupadd, groupdel, groupmod
• Specific fields passwd, chsh
• Graphical
• LinuxConf (Linux only)
• Control-panel
• Lots of other graphical UNIX utilities.

11
Managing Users

• The useradd utility is used to create system user
  accounts.
• You can simply add a user with
• useradd johndoe
• (Creates the user johndoe on the system)
• useradd has a number of simple options, that
  allow you to specify user attributes during
  account creation.

12
useradd Syntax and options

• Useradd options include
• -u UID -g default group
• -d home directory -s default shell path
• -c Comment or Full name
• -m (make the user's home directory)
• useradd m d /opt/home/chrisjur g staff s
  /bin/bash chrisjur
• Creates a user named chrisjur, makes his home
  directory, sets his home directory to
  /opt/home/chrisjur, sets his group to staff,
  sets his shell to /bin/bash

13
Important useradd Tip!

• After you add a user, YOU MUST assign a password
  to the user using the passwd command.
• passwd username
• The user will not be able to login until you set
  a password!

14
useradd Syntax and options

• If no options are specified, system defaults are
  used when creating a user (default shell, default
  home directory path, etc.)
• Similarly, the usermod command can be used to
  modify an existing users attributes using the
  same syntax as useradd.
• usermod s /bin/sh chrisjur
• Changes chrisjurs shell to /bin/sh

15
Deleting System User Accounts

• System users can be deleted using the userdel
  command with the syntax
• userdel username
• e.g
• userdel chrisjur
• Deletes the user chrisjur from the system.
• userdel DOES NOT delete a users home directory
  or its contents. You must either delete it
  manually or use the -r switch with userdel
  (userdel r username)

16
Exercise Account Creation with Command Line
Tools

• Use useradd to create an account for the login
  student100. Use the appropriate flags to set a
  default group of users, a home directory of
  /home/student3, and a password of your choosing.
• Login to the student100 account.
• Use userdel to remove the student100 account.
• a common error is sometimes made

17
UNIX Groups

• UNIX provides a grouping functionality that
  allows you to group system users together,
  allowing them to access common system resources,
  such as files and directories.
• UNIX groups provide a typical way for non-root
  users to collaborate on projects by sharing
  permissions (write/read/execute permissions) on
  system resources.

18
Grouping Example

• Problem You have a series of web pages files
  that reside under /var/opt/www/htdocs. You need
  give your 3-person web-development team the
  ability to edit these files.
• Solution Create a group called webdev, place
  the 3 users in the devel team in the group and
  make /var/opt/www/htdocs and all its files
  group-readable, writeable and executable.

19
Creating UNIX Groups

• You can create UNIX groups using the groupadd
  utility
• groupadd staff
• Creates a group called staff
• After creating a group, you must then manually
  add members to the group by adding their
  usernames to that groups line in the /etc/group
  file.
• Group members are added to /etc/group as a
  comma-separated list after the group name and
  parameters.

20
Adding Users to Groups

• After creating a group called staff (using
  groupadd staff), an entry is placed in /etc/group
  that looks like this
• staffx506
• You can add the users chris,john and joe to the
  group by editing /etc/group and adding them after
  the last colon
• staffx506chris,john,joe

21
Deleting Groups

• You can delete groups using the groupdel command
• groupdel groupname

22
Changing File Ownership

• If you want to change the ownership of a file or
  directory to another user, you can use the chown
  command
• chown ltusergt ltfile(s)gt
• chown chris /home/chris/hisfile.txt
• chown chris /home/chris
• Useful chown option -R recursively change
  ownership
• chown R chris /home/chris
• Changes /home/chris and all files/directories
  under it to chriss ownership

23
Changing Group Associations

• If you would like to associated a file or
  directory with a particular group, you can use
  the chgrp command
• chgrp ltgroup namegt ltfile(s)gt
• chgrp staff /home/staff/groupfile.txt
• chgrp staff /home/staff/projects
• Useful chgrp option -R recursively change
  group associations
• chown R staff /home/staff
• Associates /home/staff and all files/directories
  under it with the staff group

24
Using chmod with Groups

• You can use chmod to change a files group
  permissions.
• -rwxr--r-- chris staff 100 Apr 4 2000 file.txt
• file readable, writeable and executable by its
  owner, and readable by members of its group and
  other users.
• Use chmod to allow members of the staff group to
  read, write and execute the file.
• user_at_host chmod grwx file.txt
• -rwxrwxr-- chris staff 100 Apr 4 2000 file.txt
• file is now readable, writeable and executeable
  by its owner AND members of the staff group but
  only readable by all other system users.

25
Exercise User and Group Creation

• Create two users user1 and user2
• Create a group called class
• Create a file called /etc/classtest.txt with the
  words Hello world in it.
• Associate the file /etc/classtest.txt with the
  class group
• Set the permissions so members of its group can
  write to the file.
• Add user1 and user2 to the group.
• Logout and log back in as user1 attempt to
  write to the file. Logout.
• Login as user2 - attempt to write to the file.

26
Important Network Information

• When connecting your UNIX machine to a LAN or the
  Internet, you need some basic network information
  to configure it.
• Are you using DHCP (automatic network
  configuration)?
• If not, you need to know your
• IP Address and Subnet Mask
• Default gateway
• DNS Servers

27
Configuring Network Settings

• Network settings can be configured three ways
• During your UNIX install/setup
• By modifying network-specific configuration files
• By using graphical setup utilities

28
Using Graphical Network Setup Utilities

• There are many different graphical utilities
  include with UNIX distributions that allow you to
  change your network setting
• Linuxconf (Linux only)
• Control-panel
• KDE Network control panel
• There are no standard graphical utilities (so
  they may change!), but they are all easy to use.

29
Changing Network Settings through System
Configuration files

• On Linux, there are three config files that
  contain the basic network settings
• /etc/sysconfig/network contains your system
  name, default gateway and default ethernet NIC
  card (eth0)
• /etc/sysconfig/network-scripts/ifcfg-eth0
  contains your IP address and subnet mask for your
  default NIC. Also sets a flag for your boot
  protocol (Setting BOOTPROTODHCP configures your
  system to use DHCP its that simple!)
• /etc/resolv.conf contains a list of DNS
  nameservers that your system will use

30
Changing Network Settings, cont.

• System nameservers are specified in
  /etc/resolv.conf in this fashion
• Nameserver 123.4.5.6
• Nameserver 123.4.5.7
• etc.
• After making changes to network configuration
  files, you must execute
• /etc/rc.d/init.d/network restart

31
Homework

• TBA