Historia de Solaris

1
Historia de Solaris

• SunOS 1.0 basado en BSD en 1982
• SunOS 2.0 sistema de archivos virtual, RPC, NIS y
  NFS
• SunOS 4.0 sistema de memoria virtual mejorado
• SunOS 4.1.3 asymetric multiprocessor
• Solaris 2.0 VFS 1992
• Solaris 2.3 i386
• Solaris 7 64-bit

2
Tareas de básicas de administración

• Manejo de usuarios
• Manejo de la seguridad del sistema
• Uso de los recursos
• Configuración de los dispositivos
• Instalación del Sistema operativo - parches
• Instalación de software adicional
• Copias de seguridad

3
What Are User Accounts and Groups?
 
Component Description
User name A name that a user uses to log in to a system (also known as a login name).
Password A secret combination of characters that a user must enter with a user name to gain access to a system.
User's home directory A directory that is usually the user's current directory at login. It typically contains most of the user's files.
User initialization files Shell scripts that control how the user's working environment is set up when a user logs in to a system.
4
/etc/passwd

• The fields in the passwd file are separated by
  colons and contain the following information
• usernamepassworduidgidcomment
• home-directorylogin-shell

5
Default passwd File Entries
User Name User ID Description
root 0   Superuser account
daemon 1 Umbrella system daemon associated with updating calendars, and so forth
bin 2 Administrative daemon associated with running system binaries to perform some routine system task
sys 3 Administrative daemon associated with system logging or updating files in temporary directories
adm 4 Administrative daemon associated with system logging
 lpd 71 Line printer daemon
uucp 5 uucp daemon
nuucp 6 uucp daemon
listen 37 Network listener daemon
nobody 60001 Anonymous user account, assigned by an NFS server when a request is received from an unauthorized root user. The nobody user account is assigned to software processes that do not need nor should have any special permissions.
noaccess 60002 Account assigned to a user or a process that needs access to a system through some application but without actually logging in.
nobody4 65534 SunOS 4.0 or 4.1 version of nobody user account.
6
Default passwd File

• rootx01Super-User//sbin/sh
• daemonx11/
• binx22/usr/bin
• sysx33/
• admx44Admin/var/adm
• lpx718Line Printer Admin/usr/spool/lp
• uucpx55uucp Admin/usr/lib/uucp
• nuucpx99uucp Admin/var/spool/uucppublic/usr/
  lib/uucp/uucico
• listenx374Network Admin/usr/net/nls
• nobodyx6000160001Nobody/
• noaccessx6000260002No Access User/
• nobody4x6553465534SunOS 4.x Nobody/

7
/etc/shadow

• The fields in the shadow file are separated by
  colons and contain the following information
• usernamepasswordlastchgminmax
• warninactiveexpire

8
Fields in the shadow File
Field Name Description
username Contains the user or login name.
password Might contain the following entries a 13-character encrypted user password the string LK, which indicates an inaccessible account or the string NP, which indicates no password for the account.
lastchg Indicates the number of days between January 1, 1970, and the last password modification date.
min Contains the minimum number of days required between password changes.
max Contains the maximum number of days the password is valid before the user is prompted to specify a new password.
inactive Contains the number of days a user account can be inactive before being locked.
expire Contains the absolute date when the user account expires. Past this date, the user cannot log in to the system.
9
/etc/group

• The fields in the group file are separated by
  colons and contain the following information
• group-namegroup-passwordgiduser-list

10
Reserved UID Numbers
User ID Numbers Login Accounts Reserved For ...
0 - 99 root, daemon, bin, sys, etc. System accounts
100 - 2147483647 Regular users General purpose accounts
60001 nobody Unauthenticated users
60002 noaccess Compatibility with Solaris 2.0 and compatible versions and SVR4 releases
11
Working with user accounts

• Add
• useradd
• Modify
• usermod
• Del
• userdel

12
Working with group accounts

• Add
• groupadd
• Modify
• groupmod
• Del
• groupdel

13
Using Large User IDs and Group IDs

• Previous Solaris software releases used 32-bit
  data types to contain the user IDs (UIDs) and
  group IDs (GIDs), but UIDs and GIDs were
  constrained to a maximum useful value of 60000.
• Starting with the Solaris 2.5.1 release and
  compatible versions, the limit on UID and GID
  values has been raised to the maximum value of a
  signed integer, or 2147483647.
• UIDs and GIDs over 60000 do not have full
  functionality and are incompatible with many
  Solaris features, so avoid using UIDs or GIDs
  over 60000.

14
Passwords

• combination of six to eight letters, numbers, or
  special characters
• Good choices for passwords include
• Phrases (beammeup)
• Nonsense words made up of the first letters of
  every word in a phrase (swotrb for SomeWhere Over
  The RainBow)
• Words with numbers or symbols substituted for
  letters (sn00py for snoopy)
• Do not use these choices for passwords
• Your name, forwards, backwards, or jumbled
• Names of family members or pets
• Car license numbers
• Telephone numbers
• Social Security numbers
• Employee numbers
• Names related to a hobby or interest
• Seasonal themes, such as Santa in December
• Any word in the dictionary

15
Home Directories

• /export/home/username
• AutoFS
• /home/username

16
Practice
17
User's Work Environment

• Each login shell has its own user initialization
  file (or files)
• When a user logs in to a system, the user's work
  environment is determined by initialization files
  that are defined by the user's startup shell,
  such as the C, Korn, or Bourne shell

18
User's Work Environment
Shell User Initialization File Purpose
Bourne HOME/.profile Defines user's environment at login  
C HOME/.cshrc Defines user's environment for all C shells invoked after login shell
    HOME/.login Defines user's environment at login  
Korn HOME/.profile Defines user's environment at login
    HOME/ENV Defines user's environment at login in the file specified by the Korn shell's ENV environment variable
19
Default User Initialization Files
Shell Default File
C     /etc/skel/local.login
C     /etc/skel/local.cshrc
Bourne or Korn /etc/skel/local.profile
20
User Initialization Files
When the accounts are created with Admintool
Shell Files Created
C The /etc/skel/local.cshrc and the /etc/skel/local.login files are copied into the user's home directory and are renamed .cshrc and .login.
Bourne and Korn The /etc/skel/local.profile file is copied into the user's home directory and renamed .profile.
21
General users environment files
/etc/motd message-of-the-day
/etc/nologin message displayed to
users attempting to login during
machine shutdown /etc/passwd
password file /etc/profile
system-wide sh and ksh login commands
/etc/shadow list of users' encrypted
passwords
HOME/.cshrc initial commands for
each csh HOME/.hushlogin
suppresses login messages HOME/.login
user's login commands for csh
HOME/.profile user's login commands
for sh and ksh HOME/.rhosts
private list of trusted hostname/username
combinations
22
General files

• /var/adm/lastlog
• time of last login
• /var/adm/utmp
• accounting
• /var/adm/wtmp
• accounting
• /var/mail/your-name
• mailbox for user your-name