SlideShare a Scribd company logo

7 - User Administration in Red Hat

Download as PPTX, PDF
Shafaan Khaliq Bhatti
Shafaan Khaliq Bhatti

RHCSA - User Admin

Education
1 of 33
User Administration
Users and Groups •Three different types of user accounts: • Root • Normal user • System (or what some people like to call “pseudo-user”) accounts. 2
Users (Root) • The root account is the equivalent of the Administrator or Enterprise Admin account in the Windows world. • It is the most powerful account on the system and has access to everything. • You should already realize that because of the power this account has, you should never use it. Ever! 3
Users (Normal User) • Normal user accounts have no write access to anything on the system except their home directory (they can read and explore much of the system, however), which is created when the user account is added. • As an administrator, you can assign access rights to different files and directories, allowing your users to gain access to different areas of the system (outside their home directory). 4
Users (System User) • A system account is similar to a normal user account. • The main difference is that system users normally don’t have a home directory and can’t log in the way normal users do. • Many system users are created or associated with applications or services to help run them more securely 5
Users •When dealing with users, you need to • create their accounts • give them passwords • manage password settings • modify their account settings • delete their accounts when they are no longer needed. 6
Users To manage user accounts, you can use the following commands: • useradd Creates user or system accounts • usermod Modifies user accounts • userdel Removes a user or system account 7
useradd command • Syntax: useradd [options] LOGIN • Options • -b Sets the base directory for the new user account home directory • -c COMMENT Creates a description/label for the user account • -e EXPIRE_DATE Sets the date when the account will expire • -m Creates a home directory for the new user account 8
useradd command (Options) • -r Creates a system account • -s SHELL Defines what shell the user will log in to • -u UID Forces the use of the UID for the new user account • To make the first user account, you can use the following: • # useradd -c “Avg Joe” -m -s /bin/bash user02 9
UIDs • In Red Hat, UIDs start at 500 for normal users and can extend into the thousands. • For system users, the UID starts at 1 and goes to 499. • Red Hat also uses a policy called User Private Groups that assigns the UID to be the same as the username. • Although the GID doesn’t have to match, it frequently does. • This ensures that all users maintain security over their own files. 10
User • You can check to see the new user’s home directory by using the following: • # ls /home • user01 user02 • Now create another user named user03 with a home directory: • # useradd -m user03 11
usermod • Syntax: usermod [options] LOGIN • Options: • -c COMMENT Specifies the new value of the GECOS field • -d HOME_DIR Identifies the new home directory for the user account • -g GROUP Uses GROUP as the new primary group • -G GROUPS Specifies a new list of supplementary GROUPS • -l NEW_LOGIN Provides a new value for the login name • -L Locks the user account • -s SHELL Opens a new login shell for the user account • -u UID Specifies a new UID for the user account • -U Unlocks the user account 12
userdel • Syntax: userdel [options] LOGIN • Options: • -f Forces deletion of the user even if he’s still logged in • -r Removes the user’s home directory and mail spool 13
Passwords • no password was specified for any of the users created so far. • Does this mean that each user’s password is blank and anyone can log in with a user’s account? • Actually no. • By default, an account is locked until a password is assigned to it. 14
Passwords • For password management, you can use the following commands: • passwd Sets a password or resets a password for a user account • chage Enables you to modify the parameters surrounding passwords (complexity, age, expiration) • pwck Verifies the consistency of passwords across database files 15
passwd command • Syntax: passwd [options] LOGIN • Options: • -l Locks a user’s account • -u Unlocks a user’s account • -s Sets status of the password on the account 16
The Password File •Syntax of /etc/passwd: • <username>:<password placeholder>:<UID>:<GID>:<comments>:<home dir>:<shell> • # cat /etc/passwd | grep user02 • user02:x:501:501:Avg Joe:/home/user02:/bin/bash 17
The Password File • When making users, including system users, you can always check this file to ensure they have been created properly. • You can see that all the options specified during user creation are present here. • The password field is actually just a placeholder (with an x). • The reason is that the passwords are actually stored in a different file, /etc/shadow. 18
The Shadow File • Syntax of /etc/shadow: • <username>:<encrypted password>:<last passwd change>:<min>:<max>:<warn>:<inactive>:<expires>:<not used> • With the exception of the username and password fields, all values are in days. • To view the information about the user you just created, use the following: • # cat /etc/shadow | grep user02 • user02:$1$cMT6t6Ld$OXCCg5Pm2v2/YXxEjmz9O1:14767:0:99999:7::: 19
The Shadow File • You can see here the username and encrypted password. • The next field, 14767, is the number of days since the password has been changed. • Well, you just made this user account, so where did that large number come from? • This number is actually based on the number of days since epoch time (January 1, 1970), which is a standard for keeping track of how long it’s been since something has elapsed. • Also, notice that the next two fields show the minimum number of days before you can change your password (0) and the number of days your password is valid (the 99999 is basically forever, so the password won’t expire). • The difference between the max days field and expires field is that max days requires you to change your password, whereas the expires field disables, or 20
chage command • You can edit and manage the password expiration details with the chage command. • Syntax: chage [options] USER • Options: • -d LAST_DAY Indicates the day the password was last changed • -E EXPIRE_DATE Sets the account expiration date • -I INACTIVE Changes the password in an inactive state after the account expires • -l Shows account aging information • -m MIN_DAYS Sets the minimum number of days between password changes • -M MAX_DAYS Sets the maximum number of days a password is valid • -W WARN_DAYS Sets the number of days to warn before the password expires 21
chage command • chage -l user03 • Set user03’s account to expire in one week (say today’s date is 15-11-2022): • # chage -E 2022-01-22 user03 22
pwck command • When you create or delete users, sometimes things don’t always work out properly. This can cause the password files to become inconsistent. You can use the pwck command to verify the consistency between the /etc/passwd file and the /etc/shadow file: • # pwck • user adm: directory /var/adm does not exist • user news: directory /etc/news does not exist • user uucp: directory /var/spool/uucp does not exist • pwck: no changes 23
Groups • Creating a group is similar to creating a user. • Here are the commands for group creation and management: • id Shows UID/GID for the group of a given user • groupadd Creates a group • groupmod Modifies the properties of a group • groupdel Deletes a group 24
groupadd •Syntax: groupadd [options] GROUP •Options • -r Creates a system group • -g GID Uses the GID specified for the group • # groupadd Sales 25
The Group File • Syntax of /etc/group: • <group name>:<password placeholder>:<GID>:<members> • You can verify that your group was added successfully by checking this file for the new group’s existence. • # cat /etc/group | grep sales • sales:x:503: • Notice that there is an x placeholder as in the user’s file, but this field is not typically used with groups. 26
The Group File • You have the Sales group, add some of the users to that group: • # usermod -G Sales user02 • This adds user02 to the Sales group. Verify with • # cat /etc/group | grep Sales • Sales:x:503:user02 • Here, you can see the group named Sales and the last field, which shows a list of members for the group. 27
The Group File • Next, add another user to the Sales group. • # usermod -G Sales user03 • Now if you verify, you should see two user accounts in the last field: • # cat /etc/group | grep Sales • Sales:x:503:user02,user03 28
id command • Another way you can verify what groups a user belongs to is to use the id command: • Syntax: id [options] [username] • Options • -G Shows the GID • -n Shows the name instead of the ID • -u Shows the UID 29
id command • Let’s check out the groups to which user02 belongs: • # id -Gn user02 • user02 Sales • If the id command is called without any options, you can also see what UID and GID the user has: • # id user02 • uid=501(user02) gid=501(user02) groups=500(user02) • context=user_u:system_r:unconfined_t 30
Switching Accounts • With all these user accounts floating around, someone is bound to run into a problem sooner or later. • Being able to switch accounts is most useful when you’re troubleshooting some specific problem a user has or if you want to show a user how to do something. • su Enables you to run a command as another user or switch user accounts • sudo Enables you to run a command as the root user 31
Switching Accounts • Suppose you are logged in as user02, but user03 is having trouble executing a command. • You can switch over to user03’s account to check that the command is able to be run and that the problem is not just a user error. • To switch accounts, use this command: • # su user03 • Password: To create a new user with a normal user account, you can use the following • command: • # sudo useradd user09 32
Group Collaboration • setuid This flag is used to allow multiuser access. • setgid This flag is used to allow multigroup access. • sticky bit This flag prevents accidental delete by users or groups. • chmod Changes permissions on files and directories • chown Changes ownership of files and directories 33

Recommended

06 users groups_and_permissions
06 users groups_and_permissions06 users groups_and_permissions
06 users groups_and_permissionsShay Cohen
 
User and group administration in Linux
User and group administration in LinuxUser and group administration in Linux
User and group administration in LinuxMohammed Yazdani
 
Users and groups in Linux
Users and groups in LinuxUsers and groups in Linux
Users and groups in LinuxKnoldus Inc.
 
CREATING AND MANAGING USER ACCOUNTS.pdf
CREATING AND MANAGING USER ACCOUNTS.pdfCREATING AND MANAGING USER ACCOUNTS.pdf
CREATING AND MANAGING USER ACCOUNTS.pdfSolomonAnab1
 
Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03gameaxt
 
sun solaris
sun solarissun solaris
sun solarisAshis Das (CSE,MBA,RHCSA,RHCE)
 
configuration ,management and troubleshooting of Group Accounts.
configuration ,management and troubleshooting of Group Accounts.configuration ,management and troubleshooting of Group Accounts.
configuration ,management and troubleshooting of Group Accounts.Rajpoot Sulahry
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainNapoleon NV
 

Recommended

06 users groups_and_permissions
06 users groups_and_permissions06 users groups_and_permissions
06 users groups_and_permissionsShay Cohen
 
User and group administration in Linux
User and group administration in LinuxUser and group administration in Linux
User and group administration in LinuxMohammed Yazdani
 
Users and groups in Linux
Users and groups in LinuxUsers and groups in Linux
Users and groups in LinuxKnoldus Inc.
 
CREATING AND MANAGING USER ACCOUNTS.pdf
CREATING AND MANAGING USER ACCOUNTS.pdfCREATING AND MANAGING USER ACCOUNTS.pdf
CREATING AND MANAGING USER ACCOUNTS.pdfSolomonAnab1
 
Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03Microsoft Offical Course 20410C_03
Microsoft Offical Course 20410C_03gameaxt
 
sun solaris
sun solarissun solaris
sun solarisAshis Das (CSE,MBA,RHCSA,RHCE)
 
configuration ,management and troubleshooting of Group Accounts.
configuration ,management and troubleshooting of Group Accounts.configuration ,management and troubleshooting of Group Accounts.
configuration ,management and troubleshooting of Group Accounts.Rajpoot Sulahry
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainNapoleon NV
 
Basic linux day 5
Basic linux day 5Basic linux day 5
Basic linux day 5Saikumar Daram
 
User and groups administrator
User and groups administratorUser and groups administrator
User and groups administratorAisha Talat
 
ManagingLocalLinuxUsersandGroups(2)
ManagingLocalLinuxUsersandGroups(2)ManagingLocalLinuxUsersandGroups(2)
ManagingLocalLinuxUsersandGroups(2)Bipul Kumar
 
MS AD
MS ADMS AD
MS ADTonyNg97
 
Useradmin
Useradmin Useradmin
Useradmin ARYA TM
 
User Administration in Linux
User Administration in LinuxUser Administration in Linux
User Administration in LinuxSAMUEL OJO
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9APSU
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9APSU
 
How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7VCP Muthukrishna
 
Linux lecture
Linux lectureLinux lecture
Linux lecturePaktia University
 
MySQL Performance Schema in Action
MySQL Performance Schema in ActionMySQL Performance Schema in Action
MySQL Performance Schema in ActionSveta Smirnova
 
Mcts chapter 5
Mcts chapter 5Mcts chapter 5
Mcts chapter 5Sadegh Nakhjavani
 
Ch11
Ch11Ch11
Ch11Ameha Gero
 
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptxUNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptxLeahRachael
 
A Complete Guide to “useradd” Command in Linux with Examples _ Hostbillo
A Complete Guide to “useradd” Command in Linux with Examples _ HostbilloA Complete Guide to “useradd” Command in Linux with Examples _ Hostbillo
A Complete Guide to “useradd” Command in Linux with Examples _ HostbilloKiyanaSharma1
 
Synapse india reviews on drupal intro
Synapse india reviews on drupal introSynapse india reviews on drupal intro
Synapse india reviews on drupal introTarunsingh198
 
Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...
Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...
Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...Nicolas Desachy
 
UGIF 12 2010 - new security features in IDS - nov 2010
UGIF 12 2010 - new security features in IDS - nov 2010UGIF 12 2010 - new security features in IDS - nov 2010
UGIF 12 2010 - new security features in IDS - nov 2010UGIF
 
Unix Administration 3
Unix Administration 3Unix Administration 3
Unix Administration 3Information Technology
 
Lecture 7 naming and structuring objects
Lecture 7 naming and structuring objectsLecture 7 naming and structuring objects
Lecture 7 naming and structuring objectsWiliam Ferraciolli
 
1- Introduction to Red Hat
1- Introduction to Red Hat1- Introduction to Red Hat
1- Introduction to Red HatShafaan Khaliq Bhatti
 
Linux Servers
Linux ServersLinux Servers
Linux ServersShafaan Khaliq Bhatti
 

More Related Content

Similar to 7 - User Administration in Red Hat

User and groups administrator
User and groups administratorUser and groups administrator
User and groups administratorAisha Talat
 
ManagingLocalLinuxUsersandGroups(2)
ManagingLocalLinuxUsersandGroups(2)ManagingLocalLinuxUsersandGroups(2)
ManagingLocalLinuxUsersandGroups(2)Bipul Kumar
 
Useradmin
Useradmin Useradmin
Useradmin ARYA TM
 
User Administration in Linux
User Administration in LinuxUser Administration in Linux
User Administration in LinuxSAMUEL OJO
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9APSU
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9APSU
 
How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7VCP Muthukrishna
 
MySQL Performance Schema in Action
MySQL Performance Schema in ActionMySQL Performance Schema in Action
MySQL Performance Schema in ActionSveta Smirnova
 
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptxUNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptxLeahRachael
 
A Complete Guide to “useradd” Command in Linux with Examples _ Hostbillo
A Complete Guide to “useradd” Command in Linux with Examples _ HostbilloA Complete Guide to “useradd” Command in Linux with Examples _ Hostbillo
A Complete Guide to “useradd” Command in Linux with Examples _ HostbilloKiyanaSharma1
 
Synapse india reviews on drupal intro
Synapse india reviews on drupal introSynapse india reviews on drupal intro
Synapse india reviews on drupal introTarunsingh198
 
Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...
Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...
Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...Nicolas Desachy
 
UGIF 12 2010 - new security features in IDS - nov 2010
UGIF 12 2010 - new security features in IDS - nov 2010UGIF 12 2010 - new security features in IDS - nov 2010
UGIF 12 2010 - new security features in IDS - nov 2010UGIF
 
Lecture 7 naming and structuring objects
Lecture 7 naming and structuring objectsLecture 7 naming and structuring objects
Lecture 7 naming and structuring objectsWiliam Ferraciolli
 

Similar to 7 - User Administration in Red Hat (20)

Basic linux day 5
Basic linux day 5Basic linux day 5
Basic linux day 5
 
User and groups administrator
User and groups administratorUser and groups administrator
User and groups administrator
 
ManagingLocalLinuxUsersandGroups(2)
ManagingLocalLinuxUsersandGroups(2)ManagingLocalLinuxUsersandGroups(2)
ManagingLocalLinuxUsersandGroups(2)
 
MS AD
MS ADMS AD
MS AD
 
Useradmin
Useradmin Useradmin
Useradmin
 
User Administration in Linux
User Administration in LinuxUser Administration in Linux
User Administration in Linux
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
 
How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7
 
Linux lecture
Linux lectureLinux lecture
Linux lecture
 
MySQL Performance Schema in Action
MySQL Performance Schema in ActionMySQL Performance Schema in Action
MySQL Performance Schema in Action
 
Mcts chapter 5
Mcts chapter 5Mcts chapter 5
Mcts chapter 5
 
Ch11
Ch11Ch11
Ch11
 
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptxUNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptx
 
A Complete Guide to “useradd” Command in Linux with Examples _ Hostbillo
A Complete Guide to “useradd” Command in Linux with Examples _ HostbilloA Complete Guide to “useradd” Command in Linux with Examples _ Hostbillo
A Complete Guide to “useradd” Command in Linux with Examples _ Hostbillo
 
Synapse india reviews on drupal intro
Synapse india reviews on drupal introSynapse india reviews on drupal intro
Synapse india reviews on drupal intro
 
Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...
Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...
Informix User Group France - 30/11/2010 - IDS les nouvelles fonctionnalités s...
 
UGIF 12 2010 - new security features in IDS - nov 2010
UGIF 12 2010 - new security features in IDS - nov 2010UGIF 12 2010 - new security features in IDS - nov 2010
UGIF 12 2010 - new security features in IDS - nov 2010
 
Unix Administration 3
Unix Administration 3Unix Administration 3
Unix Administration 3
 
Lecture 7 naming and structuring objects
Lecture 7 naming and structuring objectsLecture 7 naming and structuring objects
Lecture 7 naming and structuring objects
 

More from Shafaan Khaliq Bhatti

15 lecture - acl part1, introduction to access control list
15 lecture - acl part1, introduction to access control list15 lecture - acl part1, introduction to access control list
15 lecture - acl part1, introduction to access control listShafaan Khaliq Bhatti
 
13 lecture - introduction and configuration of eigrp
13 lecture - introduction and configuration of eigrp13 lecture - introduction and configuration of eigrp
13 lecture - introduction and configuration of eigrpShafaan Khaliq Bhatti
 
10 lecture - ospf part1 , introduction to ospf , areas and abr
10 lecture - ospf part1 , introduction to ospf , areas and abr10 lecture - ospf part1 , introduction to ospf , areas and abr
10 lecture - ospf part1 , introduction to ospf , areas and abrShafaan Khaliq Bhatti
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardShafaan Khaliq Bhatti
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 
Chapter 2: Operating System Structures
Chapter 2: Operating System StructuresChapter 2: Operating System Structures
Chapter 2: Operating System StructuresShafaan Khaliq Bhatti
 

More from Shafaan Khaliq Bhatti (20)

1- Introduction to Red Hat
1- Introduction to Red Hat1- Introduction to Red Hat
1- Introduction to Red Hat
 
Linux Servers
Linux ServersLinux Servers
Linux Servers
 
5 - Networking in Red Hat
5 - Networking in Red Hat5 - Networking in Red Hat
5 - Networking in Red Hat
 
2- System Initialization in Red Hat
2- System Initialization in Red Hat2- System Initialization in Red Hat
2- System Initialization in Red Hat
 
3 - Disk Partitioning in Red Hat
3 - Disk Partitioning in Red Hat3 - Disk Partitioning in Red Hat
3 - Disk Partitioning in Red Hat
 
6 - Package Management in Red Hat
6 - Package Management in Red Hat6 - Package Management in Red Hat
6 - Package Management in Red Hat
 
11 - SELinux in Red Hat
11 - SELinux in Red Hat11 - SELinux in Red Hat
11 - SELinux in Red Hat
 
12 - System Security in Red Hat
12 - System Security in Red Hat12 - System Security in Red Hat
12 - System Security in Red Hat
 
15 lecture - acl part1, introduction to access control list
15 lecture - acl part1, introduction to access control list15 lecture - acl part1, introduction to access control list
15 lecture - acl part1, introduction to access control list
 
13 lecture - introduction and configuration of eigrp
13 lecture - introduction and configuration of eigrp13 lecture - introduction and configuration of eigrp
13 lecture - introduction and configuration of eigrp
 
10 lecture - ospf part1 , introduction to ospf , areas and abr
10 lecture - ospf part1 , introduction to ospf , areas and abr10 lecture - ospf part1 , introduction to ospf , areas and abr
10 lecture - ospf part1 , introduction to ospf , areas and abr
 
Message Authentication: MAC, Hashes
Message Authentication: MAC, HashesMessage Authentication: MAC, Hashes
Message Authentication: MAC, Hashes
 
Protocols for Public Key Management
Protocols for Public Key ManagementProtocols for Public Key Management
Protocols for Public Key Management
 
Authentication: keys, MAC
Authentication: keys, MACAuthentication: keys, MAC
Authentication: keys, MAC
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption Standard
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
 
Chapter 3: Processes
Chapter 3: ProcessesChapter 3: Processes
Chapter 3: Processes
 
Chapter 2: Operating System Structures
Chapter 2: Operating System StructuresChapter 2: Operating System Structures
Chapter 2: Operating System Structures
 

Recently uploaded

MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersChitralekhaTherkar
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 

Recently uploaded (20)

MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 

7 - User Administration in Red Hat

  • 2. Users and Groups •Three different types of user accounts: • Root • Normal user • System (or what some people like to call “pseudo-user”) accounts. 2
  • 3. Users (Root) • The root account is the equivalent of the Administrator or Enterprise Admin account in the Windows world. • It is the most powerful account on the system and has access to everything. • You should already realize that because of the power this account has, you should never use it. Ever! 3
  • 4. Users (Normal User) • Normal user accounts have no write access to anything on the system except their home directory (they can read and explore much of the system, however), which is created when the user account is added. • As an administrator, you can assign access rights to different files and directories, allowing your users to gain access to different areas of the system (outside their home directory). 4
  • 5. Users (System User) • A system account is similar to a normal user account. • The main difference is that system users normally don’t have a home directory and can’t log in the way normal users do. • Many system users are created or associated with applications or services to help run them more securely 5
  • 6. Users •When dealing with users, you need to • create their accounts • give them passwords • manage password settings • modify their account settings • delete their accounts when they are no longer needed. 6
  • 7. Users To manage user accounts, you can use the following commands: • useradd Creates user or system accounts • usermod Modifies user accounts • userdel Removes a user or system account 7
  • 8. useradd command • Syntax: useradd [options] LOGIN • Options • -b Sets the base directory for the new user account home directory • -c COMMENT Creates a description/label for the user account • -e EXPIRE_DATE Sets the date when the account will expire • -m Creates a home directory for the new user account 8
  • 9. useradd command (Options) • -r Creates a system account • -s SHELL Defines what shell the user will log in to • -u UID Forces the use of the UID for the new user account • To make the first user account, you can use the following: • # useradd -c “Avg Joe” -m -s /bin/bash user02 9
  • 10. UIDs • In Red Hat, UIDs start at 500 for normal users and can extend into the thousands. • For system users, the UID starts at 1 and goes to 499. • Red Hat also uses a policy called User Private Groups that assigns the UID to be the same as the username. • Although the GID doesn’t have to match, it frequently does. • This ensures that all users maintain security over their own files. 10
  • 11. User • You can check to see the new user’s home directory by using the following: • # ls /home • user01 user02 • Now create another user named user03 with a home directory: • # useradd -m user03 11
  • 12. usermod • Syntax: usermod [options] LOGIN • Options: • -c COMMENT Specifies the new value of the GECOS field • -d HOME_DIR Identifies the new home directory for the user account • -g GROUP Uses GROUP as the new primary group • -G GROUPS Specifies a new list of supplementary GROUPS • -l NEW_LOGIN Provides a new value for the login name • -L Locks the user account • -s SHELL Opens a new login shell for the user account • -u UID Specifies a new UID for the user account • -U Unlocks the user account 12
  • 13. userdel • Syntax: userdel [options] LOGIN • Options: • -f Forces deletion of the user even if he’s still logged in • -r Removes the user’s home directory and mail spool 13
  • 14. Passwords • no password was specified for any of the users created so far. • Does this mean that each user’s password is blank and anyone can log in with a user’s account? • Actually no. • By default, an account is locked until a password is assigned to it. 14
  • 15. Passwords • For password management, you can use the following commands: • passwd Sets a password or resets a password for a user account • chage Enables you to modify the parameters surrounding passwords (complexity, age, expiration) • pwck Verifies the consistency of passwords across database files 15
  • 16. passwd command • Syntax: passwd [options] LOGIN • Options: • -l Locks a user’s account • -u Unlocks a user’s account • -s Sets status of the password on the account 16
  • 17. The Password File •Syntax of /etc/passwd: • <username>:<password placeholder>:<UID>:<GID>:<comments>:<home dir>:<shell> • # cat /etc/passwd | grep user02 • user02:x:501:501:Avg Joe:/home/user02:/bin/bash 17
  • 18. The Password File • When making users, including system users, you can always check this file to ensure they have been created properly. • You can see that all the options specified during user creation are present here. • The password field is actually just a placeholder (with an x). • The reason is that the passwords are actually stored in a different file, /etc/shadow. 18
  • 19. The Shadow File • Syntax of /etc/shadow: • <username>:<encrypted password>:<last passwd change>:<min>:<max>:<warn>:<inactive>:<expires>:<not used> • With the exception of the username and password fields, all values are in days. • To view the information about the user you just created, use the following: • # cat /etc/shadow | grep user02 • user02:$1$cMT6t6Ld$OXCCg5Pm2v2/YXxEjmz9O1:14767:0:99999:7::: 19
  • 20. The Shadow File • You can see here the username and encrypted password. • The next field, 14767, is the number of days since the password has been changed. • Well, you just made this user account, so where did that large number come from? • This number is actually based on the number of days since epoch time (January 1, 1970), which is a standard for keeping track of how long it’s been since something has elapsed. • Also, notice that the next two fields show the minimum number of days before you can change your password (0) and the number of days your password is valid (the 99999 is basically forever, so the password won’t expire). • The difference between the max days field and expires field is that max days requires you to change your password, whereas the expires field disables, or 20
  • 21. chage command • You can edit and manage the password expiration details with the chage command. • Syntax: chage [options] USER • Options: • -d LAST_DAY Indicates the day the password was last changed • -E EXPIRE_DATE Sets the account expiration date • -I INACTIVE Changes the password in an inactive state after the account expires • -l Shows account aging information • -m MIN_DAYS Sets the minimum number of days between password changes • -M MAX_DAYS Sets the maximum number of days a password is valid • -W WARN_DAYS Sets the number of days to warn before the password expires 21
  • 22. chage command • chage -l user03 • Set user03’s account to expire in one week (say today’s date is 15-11-2022): • # chage -E 2022-01-22 user03 22
  • 23. pwck command • When you create or delete users, sometimes things don’t always work out properly. This can cause the password files to become inconsistent. You can use the pwck command to verify the consistency between the /etc/passwd file and the /etc/shadow file: • # pwck • user adm: directory /var/adm does not exist • user news: directory /etc/news does not exist • user uucp: directory /var/spool/uucp does not exist • pwck: no changes 23
  • 24. Groups • Creating a group is similar to creating a user. • Here are the commands for group creation and management: • id Shows UID/GID for the group of a given user • groupadd Creates a group • groupmod Modifies the properties of a group • groupdel Deletes a group 24
  • 25. groupadd •Syntax: groupadd [options] GROUP •Options • -r Creates a system group • -g GID Uses the GID specified for the group • # groupadd Sales 25
  • 26. The Group File • Syntax of /etc/group: • <group name>:<password placeholder>:<GID>:<members> • You can verify that your group was added successfully by checking this file for the new group’s existence. • # cat /etc/group | grep sales • sales:x:503: • Notice that there is an x placeholder as in the user’s file, but this field is not typically used with groups. 26
  • 27. The Group File • You have the Sales group, add some of the users to that group: • # usermod -G Sales user02 • This adds user02 to the Sales group. Verify with • # cat /etc/group | grep Sales • Sales:x:503:user02 • Here, you can see the group named Sales and the last field, which shows a list of members for the group. 27
  • 28. The Group File • Next, add another user to the Sales group. • # usermod -G Sales user03 • Now if you verify, you should see two user accounts in the last field: • # cat /etc/group | grep Sales • Sales:x:503:user02,user03 28
  • 29. id command • Another way you can verify what groups a user belongs to is to use the id command: • Syntax: id [options] [username] • Options • -G Shows the GID • -n Shows the name instead of the ID • -u Shows the UID 29
  • 30. id command • Let’s check out the groups to which user02 belongs: • # id -Gn user02 • user02 Sales • If the id command is called without any options, you can also see what UID and GID the user has: • # id user02 • uid=501(user02) gid=501(user02) groups=500(user02) • context=user_u:system_r:unconfined_t 30
  • 31. Switching Accounts • With all these user accounts floating around, someone is bound to run into a problem sooner or later. • Being able to switch accounts is most useful when you’re troubleshooting some specific problem a user has or if you want to show a user how to do something. • su Enables you to run a command as another user or switch user accounts • sudo Enables you to run a command as the root user 31
  • 32. Switching Accounts • Suppose you are logged in as user02, but user03 is having trouble executing a command. • You can switch over to user03’s account to check that the command is able to be run and that the problem is not just a user error. • To switch accounts, use this command: • # su user03 • Password: To create a new user with a normal user account, you can use the following • command: • # sudo useradd user09 32
  • 33. Group Collaboration • setuid This flag is used to allow multiuser access. • setgid This flag is used to allow multigroup access. • sticky bit This flag prevents accidental delete by users or groups. • chmod Changes permissions on files and directories • chown Changes ownership of files and directories 33