Chapter 5
User admin
Users are started with some default environment variables:
| HOME |
home directory -- where the user starts. |
| LOGNAME |
user name -- eg: class01 |
| PATH |
where to look for commands |
| SHELL |
program used to interpret and execute commands |
| MAIL |
where to look for email |
| TZ |
timezone for this user |
Example /etc/passwd file:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologi
twburton:x:554:554::/home/twburton:/bin/bash
ilp-save:x:555:555::/home/ilp-save:/bin/bash
dude:x:556:556::/home/dude:/bin/bash
grey:x:557:557::/home/grey:/bin/bash
vincent:x:558:558::/home/vincent:/bin/bash
/etc/passwd file Fields:
1
|
2
|
3
|
4
|
5
|
6
|
7
|
logname
|
password (obsolete)
|
UID
|
GID
|
GCOS (comments)
|
home dir( $HOME)
|
shell ($SHELL)
|
Logging in:
telnet (or ssh) to the machine.
at the 'login' prompt provide your user name
at the password prompt, provide your password.
Note: SSH is insecure
Restricting root logins from remote:
edit the file: /etc/default/login
, look for a CONSOLE entry
CONSOLE=/dev/console
(only allows root logins from the console)
CONSOLE=
(does not allow root logins anywhere)
#CONSOLE=
(comments out line -- same as removing
it)
Allows root logins from any terminal (local or remote).
If the file /etc/default/su has an entry (and it is uncommented):
SULOG=/var/adm/sulog
logs su attempts to the file
/var/adm/sulog
SU
The 'su' command (stands for SuperUser, or Set User) allows you
to change yourself to root (or any other user).
su <cr>
attemtps to authenticate as root...
Same as
su root
su someuser
Attempts to set your userid to the user
'someuser'
changing passwords:
The command:
password
will change your password
password username
will change the password for the user
'username'
(only works as root)
password aging:
forces passwords to be changed on a regular
basis:
min minimum
number of days between changes
max maximum number of
days between changes
warn how many days to give a
warning before reaching 'max'
passwd -s
Shows status of the user:
uname stat lastset min
max warn
stat
PS Has valid password
LK locked (password disabled)
NP no password
lastset min
max warn only shown if password aging is
on for account
lastset: is the date the password was last set
min max warn (same
as for password aging)
Eg:
unknown# passwd -s samuel
samuel PS 12/10/04 3 90 7
(means the user samuel has password set, last changed it on dec 10, and
can't change it before dec 13 (dec 10+3) , must change it within 90
days , and will be
warned about that necessity for the last 7 days.
Who is logged in?
Three common commands:
w
who
finger
each gives lslightly different output..
adding/deleting/ Changing accounts:
useradd add a user
userdel
delete a user
usermod modify a
user
format:
user{add,mod,del} [options] username
options for useradd/usermod
-c 'the comment
for the user'
-d /home/directory/name
-e #days the account stays active (expire time)
-f #days of inactivity that will cause expirey of
account
-g group-id of account
-G secondary Group IDs
-m make the user
directory (almost always used)
-o old uid
(already in use) ... forces a second account with the same uid
-s shell
-k skeleton
directory (is copied into home direcory when created)
useradd -D
allows
setting of Defaults for
-b base dir
(i.e. -b /some/home means user mike
wll have default home of /some/home/mike)
-e expire time
default
-f default expire time (inactive)
-g default group
Groupadd
groupadd [-g gid [-o]] groupname
-o old
groupid (allows duplicates)
-g want specific group ID#
groupmod
groupmod [-g gid [-o]] [-n name] group
usermod
accepts most options for useradd,, plus:
-l 'new logname'
userdel
userdel [-r] username
-r remove directory
groupdel
groupdel groupname
init files:
Bourne shell (also bash)
/etc/profile
$HOME/.profile
Korn shell:
/etc/profile
$HOME/.profile
$HOME/.kshrc
C shell
/etc/.login
$HOME/.cshrc
$HOME/.login