ITI-481: Unix Administration - PowerPoint PPT Presentation

About This Presentation
Title:

ITI-481: Unix Administration

Description:

You then have full root rights until you exit your shell. ... Initialization shell scripts (.login, .bash_profile, .cshrc, etc.) Passwords on UNIX Systems ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 27
Provided by: kkap
Category:

less

Transcript and Presenter's Notes

Title: ITI-481: Unix Administration


1
ITI-481 Unix Administration
  • Meeting 3
  • Christopher Uriarte, Instructor
  • Rutgers University Center for Applied Computing
    Technologies

2
Todays Agenda
  • Account Management
  • File and directory permissions and management

3
Unix System Accounts
  • Access to system resources is controlled through
    user and group assignments.
  • Two types of user accounts
  • Root user the system administrator the
    superuser who has permission to execute every
    command and read every file on the system.
    Root has total control of everything on the
    system.
  • Normal user any user that is not the root user.
  • As youve experienced thus far, almost all UNIX
    administration is done as the root user.

4
Becoming the Root User
  • There are two ways that you can log in as the
    root user
  • Sitting at the system console, you can simply log
    in as root.
  • If your are logged in as another user, you can
    use the su command at the command prompt to
    change to the root user (you will be prompted for
    the root password). You then have full root
    rights until you exit your shell.
  • Root login is restricted via remote access
    (telnet or ssh) you must first log in as a
    non-root user and then use su

5
UNIX System Components Related to Account Creation
  • /etc/passwd The system user file, contains
    information about users on the system.
  • /etc/shadow The file that actually contains the
    passwords
  • /etc/group The system group file, defines user
    groups on the system.
  • User Home Directories (/home/username)
  • Initialization shell scripts (.login,
    .bash_profile, .cshrc, etc.)

6
Passwords on UNIX Systems
  • Should always be encrypted when stored all
    modern UNIX systems use password encryption.
  • Crypt encryption up to 8 characters
  • MD5 encryption up to 256 characters
  • Should be a combination of random letters,
    numbers, and special characters.
  • Used to be stored in /etc/passwd, but now stored
    in /etc/shadow
  • Passwords are set using the passwd command.
    Only the root user can change passwords for other
    users.
  • passwd changes your own password
  • passwd username changes another users password

7
The /etc/passwd File
  • Stores a users username, unique user ID number,
    default group ID number, Full name, home
    directory and login shell.
  • Each user on the system has a unique UID,
    assigned by the system.
  • The root user has the UID of 0 (zero) THIS is
    what characterizes the root user, not the
    username root
  • /etc/passwd File format (One Entry Per Line,
    fields separated by colons)usernamexuser ID
    (UID)default group (GID)name (GECOS) home
    directorylogin shell
  • Sample entry (with shadow file)kkaplanx500500
    Kellee Kaplan/home/kkaplan/bin/bash
  • Typical file permissions-rw-r--r-- 1 root
    root 865 Mar 28 1044 /etc/passwd

8
The /etc/shadow File
  • Stores encrypted user passwords.
  • /etc/shadow File Formatlogin nameencrypted
    password other options for password expiration
    and changing (non-standard)
  • Sample entry (One Entry Per Line, fields
    separated by colons)kkaplan1iwdVDneiaBcxvpyY
    i0610987099999
  • Typical permissions (IMPORTANT!)-r-------- 1
    root root 752 Jan 31 1145 /etc/shadow

9
The /etc/group File
  • Contains information about system groups and the
    users that are members of each group.
  • Contains the fields Groups Name, unique group
    ID number and a list of the groups members.
  • Entry formatgroup namexGIDcomma-separated
    list of group members
  • Sample entrystaffx103kkaplan,jsmith,jdoe
  • (a group called staff with the members kkaplan,
    jsmith and jdoe)

10
Account Management Tools
  • With the exception of /etc/group, all account
    management files are managed through simple
    command-line tools.
  • Command line
  • Users useradd, userdel, usermod
  • Groups groupadd, groupdel, groupmod
  • Specific fields passwd, chsh
  • Graphical
  • LinuxConf (Linux only)
  • Control-panel
  • Lots of other graphical UNIX utilities.

11
Managing Users
  • The useradd utility is used to create system user
    accounts.
  • You can simply add a user with
  • useradd johndoe
  • (Creates the user johndoe on the system)
  • useradd has a number of simple options, that
    allow you to specify user attributes during
    account creation.

12
useradd Syntax and options
  • Useradd options include
  • -u UID -g default group
  • -d home directory -s default shell path
  • -c Comment or Full name
  • -m (make the user's home directory)
  • useradd m d /opt/home/chrisjur g staff s
    /bin/bash chrisjur
  • Creates a user named chrisjur, makes his home
    directory, sets his home directory to
    /opt/home/chrisjur, sets his group to staff,
    sets his shell to /bin/bash

13
Important useradd Tip!
  • After you add a user, YOU MUST assign a password
    to the user using the passwd command.
  • passwd username
  • The user will not be able to login until you set
    a password!

14
useradd Syntax and options
  • If no options are specified, system defaults are
    used when creating a user (default shell, default
    home directory path, etc.)
  • Similarly, the usermod command can be used to
    modify an existing users attributes using the
    same syntax as useradd.
  • usermod s /bin/sh chrisjur
  • Changes chrisjurs shell to /bin/sh

15
Deleting System User Accounts
  • System users can be deleted using the userdel
    command with the syntax
  • userdel username
  • e.g
  • userdel chrisjur
  • Deletes the user chrisjur from the system.
  • userdel DOES NOT delete a users home directory
    or its contents. You must either delete it
    manually or use the -r switch with userdel
    (userdel r username)

16
Exercise Account Creation with Command Line
Tools
  • Use useradd to create an account for the login
    student3. Use the appropriate flags to set a
    default group of users, a home directory of
    /home/student3, and a password of your choosing.
  • Login to the student3 account.
  • Use userdel to remove the student3 account.

17
UNIX Groups
  • UNIX provides a grouping functionality that
    allows you to group system users together,
    allowing them to access common system resources,
    such as files and directories.
  • UNIX groups provide a typical way for non-root
    users to collaborate on projects by sharing
    permissions (write/read/execute permissions) on
    system resources.

18
Grouping Example
  • Problem You have a series of web pages files
    that reside under /var/opt/www/htdocs. You need
    give your 3-person web-development team the
    ability to edit these files.
  • Solution Create a group called webdev, place
    the 3 users in the devel team in the group and
    make /var/opt/www/htdocs and all its files
    group-readable, writeable and executable.

19
Creating UNIX Groups
  • You can create UNIX groups using the groupadd
    utility
  • groupadd staff
  • Creates a group called staff
  • After creating a group, you must then manually
    add members to the group by adding their
    usernames to that groups line in the /etc/group
    file.
  • Group members are added to /etc/group as a
    comma-separated list after the group name and
    parameters.

20
Adding Users to Groups
  • After creating a group called staff (using
    groupadd staff), an entry is placed in /etc/group
    that looks like this
  • staffx506
  • You can add the users chris,john and joe to the
    group by editing /etc/group and adding them after
    the last colon
  • staffx506chris,john,joe

21
Deleting Groups
  • You can delete groups using the groupdel command
  • groupdel groupname

22
Changing File Ownership
  • If you want to change the ownership of a file or
    directory to another user, you can use the chown
    command
  • chown ltusergt ltfile(s)gt
  • chown chris /home/chris/hisfile.txt
  • chown chris /home/chris
  • Useful chown option -R recursively change
    ownership
  • chown R chris /home/chris
  • Changes /home/chris and all files/directories
    under it to chriss ownership

23
Changing Group Associations
  • If you would like to associated a file or
    directory with a particular group, you can use
    the chgrp command
  • chgrp ltgroup namegt ltfile(s)gt
  • chgrp staff /home/staff/groupfile.txt
  • chgrp staff /home/staff/projects
  • Useful chgrp option -R recursively change
    group associations
  • chown R staff /home/staff
  • Associates /home/staff and all files/directories
    under it with the staff group

24
Using chmod with Groups
  • You can use chmod to change a files group
    permissions.
  • -rwxr--r-- chris staff 100 Apr 4 2000 file.txt
  • file readable, writeable and executable by its
    owner, and readable by members of its group and
    other users.
  • Use chmod to allow members of the staff group to
    read, write and execute the file.
  • user_at_host chmod grwx file.txt
  • -rwxrwxr-- chris staff 100 Apr 4 2000 file.txt
  • file is now readable, writeable and executeable
    by its owner AND members of the staff group but
    only readable by all other system users.

25
Exercise User and Group Creation
  • Create two users user1 and user2
  • Create a group called class
  • Create a file called /etc/classtest.txt with the
    words Hello world in it.
  • Associate the file /etc/classtest.txt with the
    class group
  • Set the permissions so members of its group can
    write to the file.
  • Add user1 and user2 to the group.
  • Logout and log back in as user1 attempt to
    write to the file. Logout.
  • Login as user2 - attempt to write to the file.

26
Homework
  • TBA
Write a Comment
User Comments (0)
About PowerShow.com