power point for Ubuntu comend

7/30/2019 power point for Ubuntu comend

1/25

Users

&Groups


2/25

Objectives

This PPT introduces the concepts of AIX

users and groups, and also the files that

contain user account information.

Defines the concepts of users and groups,and define how and when these should be

allocated on the system

Add/Change/Delete user and group

accounts

Identify the data files associated with users


3/25

Security ConceptsUser Accounts

Each user has a unique name, numeric IDand password

File ownership is determined by a numericuser ID

The owner is usually the user who createdthe file, but ownership can be transferredby root

Default users:

root super useradm, sys, bin IDs that own system files but

cannot be used for login


4/25

Groups

A group is a set of users, all of whom need accessto a given set of files

Every user is a member of at least one group andcan be a member of several groups

The user has access to files in their groupset. Tolist the groupset use groups

The users primary group is used for file ownershipon creation.To change the primary group use the

newgrp Default groups:

-System administrators

-staff ordinary users


5/25

Groups


6/25

User Hierarchy

To protect important users/groupsfrom members of the security groupAIX has admin users and admin

groups Onlyroot can add/change/remove an

admin user or admin group

Any user on the system can be definedas an admin user regardless of thegroup they are in


7/25


8/25

Security Logs


9/25

User Administration Related

Files /etc/security/environ Contains the environment

attributes for users. /etc/security/lastlog Contains the last login attributes

for users. /etc/security/limits Contains process resource limits

for users.

/etc/security/user Contains extendedattributes for users. /usr/lib/security/mkuser.default

Contains the default attributes for newusers.

/usr/lib/security/mkuser.sys

Customizes new user accounts. /etc/passwd Contains the basic attributesof users.

/etc/security/passwd Contains password information.


10/25

/etc/security/login.cfg Contains system default loginparameters.

/etc/utmp Contains a record of users loggedinto the system.

/var/adm/wtmp Contains connect-time accountingrecords.

/etc/security/failedloginRecords all failed login attempts.

/etc/motd Contains the message to be

displayed every time a user logs in to the system. /etc/environment Specifies the basic environment for

all processes. /etc/profile Specifies additional environment

settings for all users. $HOME/.profile Specifies environment settings for

a specific user. /etc/group Contains the basic attributes of

groups. /etc/security/group Contains the extended attributes

of groups.


11/25

User Initialization Process


12/25

User Commands

mkuser Creates a new user account. passwd Creates or changes the password of a

user. chuser Changes user attributes.

lsuser Displays user account attributes. Rmuser Removes a user account. chsec Changes the attributes in the security

stanza files. login Initiates a user session.

who Identifies the users currently logged in. dtconfig Enables or disables the desktop

autostart feature.


13/25

Add a New User

SYNTAX: mkuser

To create the smith account with smith as anadministrator, enter:

# mkuser -a smith

To create the smith user account and set the suattribute to a value of false,enter:

# mkuser su=false smith

To create a user account, smith, with the default

values in the/usr/lib/security/mkuser.default file,enter:

# mkuser smith


14/25

List users

SYNTAX: lsuser

To display the user ID and group-relatedinformation for ALL

#lsusera id home ALL

To display the user ID and group-relatedinformation for the root account in stanza form,enter:

# lsuser -f -a id pgrp home root

To display all the attributes of user smith in the

default format, enter:# lsuser smith

To display all the attributes of all the users, enter:

# lsuser ALL


15/25

Changing User Attributes

SYNTAX: chuser

To enable user smith to access this systemremotely, enter:

# chuser rlogin=true smith To add smith to the group program, enter:

#chuser groups=program smith

To change the expiration date for the smith

user account to 8 a.m., 1 December, 1998,enter:

#chuser expires=1201080098 smith


16/25

Removing User Accounts

SYNTAX: rmuser

To remove a user account smith and its attributesfrom the local system:

# rmuser smith

To remove the user smith account and all itsattributes, including passwords and other userauthentication information in the/etc/security/passwd file:

# rmuser -p smith

The users home directory is not deleted, thereforeyou must manually clean up the user directories(remember to backup important files)

#rmuserr /home/smith


17/25

Creating or Changing User

Password

SYNTAX: passwd, pwdadm

To change the full name of user smith in

the /etc/passwd file, enter:

# passwd -f smith

To change your password, enter:

# passwd

To change root or user in security group# pwdadm username


18/25

Regaining roots Password

Boot from CD-ROM or a bootable tape

Select option 3 from the Installation andMaintenance menu: start MaintenanceMode for System Recovery

Follow the options to activate the rootvolume group and obtain a shell

Once a shell is available, execute thepasswd command to change roots

password. #sync ;sync

Reboot the System


19/25

Changing Security Attributes of

User SYNTAX: chsec [ -fFile] [ -s Stanza] [ -a Attribute =

Value ... ]

To change the /dev/tty0 port to automatically lockif five unsuccessful login attempts occur within 60

seconds, enter:# chsec -f /etc/security/login.cfg -s /dev/tty0-a logindisable=5a logininterval=60

To unlock the /dev/tty0 port after it has beenlocked by the system, enter:

# chsec -f /etc/security/portlog -s /dev/tty0 -alocktime=0


20/25

Displaying currently loggedusers

SYNTAX : who, who am I

To display information about all the users who arelogged on to the system:

# who

To display information about your user name:

# who am I

To display the run-level of the local system node:

# whor

To display any active process that was spawned byinit:

# who -p


21/25

Group Commands

mkgroup Creates a new groupaccount.

chgroup Changes group attributes.

lsgroup Displays selected or allgroups on the system.

Rmgroup Removes a group account.


22/25

To create the group using smit:

#smit mkgroup

To create the group administrator (-a)parameter is added with mkgroup:

# mkgroupa

To change attributes of the group:

#smit chgroup

To change either the administrators or themembers a group for which they are groupadministrator:

#chgrpmem


23/25

To remove a group from the system. This commandhas no options and the only parameter is the groupname. Only the root user can delete anadministrative group.

#rmgroup To list selected or all groups on the system. The

data is presented in line format by default or incolon format (-c) or in stanza format (-f).

lsgroup [-c|-f] [-a attribute] {ALL|groupname}

#lsgroupcf ALL


24/25

Summary

User and groups can be added and deleted fromthe system SMIT or by high level commands

Passwords must be set for all users either usingpwdadm or passwd

Administrative users and groups can only beadministered by root

Every user must be in at least one group

Certain groups give users additional privileges

Security files are located in ACSII text files in /etcand /etc/security


25/25

Exercises

The following exercises provide sample topics for self study.

1. Add a new user account (james) and try to log in to the new account. Canyou

log in without creating a password for this account?

2. Create a password for a newly created user account (james).

3. You want all the users to get the following message when they log in:

***************************************************************************

Please assemble in the meeting room at 13:00 hrs on Feb.20,2009****************************************************************************

Which file needs to be edited to contain this message so that the message is

displayed when a user logs in?

4. Move the file /etc/utmp to /etc/wtmp.org. Run the who command. What isthe

output?

5. Change the password of a user account who does not remember his oldpassword.

6. How can you disable the desktop autostart?

7. Display the attributes of the user account.

8. Permanently change your shell prompt to display the current directory.

Documents

power point for Ubuntu comend