Upload
draju19886148
View
216
Download
0
Embed Size (px)
Citation preview
7/30/2019 power point for Ubuntu comend
1/25
Users
&Groups
7/30/2019 power point for Ubuntu comend
2/25
Objectives
This PPT introduces the concepts of AIX
users and groups, and also the files that
contain user account information.
Defines the concepts of users and groups,and define how and when these should be
allocated on the system
Add/Change/Delete user and group
accounts
Identify the data files associated with users
7/30/2019 power point for Ubuntu comend
3/25
Security ConceptsUser Accounts
Each user has a unique name, numeric IDand password
File ownership is determined by a numericuser ID
The owner is usually the user who createdthe file, but ownership can be transferredby root
Default users:
root super useradm, sys, bin IDs that own system files but
cannot be used for login
7/30/2019 power point for Ubuntu comend
4/25
Groups
A group is a set of users, all of whom need accessto a given set of files
Every user is a member of at least one group andcan be a member of several groups
The user has access to files in their groupset. Tolist the groupset use groups
The users primary group is used for file ownershipon creation.To change the primary group use the
newgrp Default groups:
-System administrators
-staff ordinary users
7/30/2019 power point for Ubuntu comend
5/25
Groups
7/30/2019 power point for Ubuntu comend
6/25
User Hierarchy
To protect important users/groupsfrom members of the security groupAIX has admin users and admin
groups Onlyroot can add/change/remove an
admin user or admin group
Any user on the system can be definedas an admin user regardless of thegroup they are in
7/30/2019 power point for Ubuntu comend
7/25
7/30/2019 power point for Ubuntu comend
8/25
Security Logs
7/30/2019 power point for Ubuntu comend
9/25
User Administration Related
Files /etc/security/environ Contains the environment
attributes for users. /etc/security/lastlog Contains the last login attributes
for users. /etc/security/limits Contains process resource limits
for users.
/etc/security/user Contains extendedattributes for users. /usr/lib/security/mkuser.default
Contains the default attributes for newusers.
/usr/lib/security/mkuser.sys
Customizes new user accounts. /etc/passwd Contains the basic attributesof users.
/etc/security/passwd Contains password information.
7/30/2019 power point for Ubuntu comend
10/25
/etc/security/login.cfg Contains system default loginparameters.
/etc/utmp Contains a record of users loggedinto the system.
/var/adm/wtmp Contains connect-time accountingrecords.
/etc/security/failedloginRecords all failed login attempts.
/etc/motd Contains the message to be
displayed every time a user logs in to the system. /etc/environment Specifies the basic environment for
all processes. /etc/profile Specifies additional environment
settings for all users. $HOME/.profile Specifies environment settings for
a specific user. /etc/group Contains the basic attributes of
groups. /etc/security/group Contains the extended attributes
of groups.
7/30/2019 power point for Ubuntu comend
11/25
User Initialization Process
7/30/2019 power point for Ubuntu comend
12/25
User Commands
mkuser Creates a new user account. passwd Creates or changes the password of a
user. chuser Changes user attributes.
lsuser Displays user account attributes. Rmuser Removes a user account. chsec Changes the attributes in the security
stanza files. login Initiates a user session.
who Identifies the users currently logged in. dtconfig Enables or disables the desktop
autostart feature.
7/30/2019 power point for Ubuntu comend
13/25
Add a New User
SYNTAX: mkuser
To create the smith account with smith as anadministrator, enter:
# mkuser -a smith
To create the smith user account and set the suattribute to a value of false,enter:
# mkuser su=false smith
To create a user account, smith, with the default
values in the/usr/lib/security/mkuser.default file,enter:
# mkuser smith
7/30/2019 power point for Ubuntu comend
14/25
List users
SYNTAX: lsuser
To display the user ID and group-relatedinformation for ALL
#lsusera id home ALL
To display the user ID and group-relatedinformation for the root account in stanza form,enter:
# lsuser -f -a id pgrp home root
To display all the attributes of user smith in the
default format, enter:# lsuser smith
To display all the attributes of all the users, enter:
# lsuser ALL
7/30/2019 power point for Ubuntu comend
15/25
Changing User Attributes
SYNTAX: chuser
To enable user smith to access this systemremotely, enter:
# chuser rlogin=true smith To add smith to the group program, enter:
#chuser groups=program smith
To change the expiration date for the smith
user account to 8 a.m., 1 December, 1998,enter:
#chuser expires=1201080098 smith
7/30/2019 power point for Ubuntu comend
16/25
Removing User Accounts
SYNTAX: rmuser
To remove a user account smith and its attributesfrom the local system:
# rmuser smith
To remove the user smith account and all itsattributes, including passwords and other userauthentication information in the/etc/security/passwd file:
# rmuser -p smith
The users home directory is not deleted, thereforeyou must manually clean up the user directories(remember to backup important files)
#rmuserr /home/smith
7/30/2019 power point for Ubuntu comend
17/25
Creating or Changing User
Password
SYNTAX: passwd, pwdadm
To change the full name of user smith in
the /etc/passwd file, enter:
# passwd -f smith
To change your password, enter:
# passwd
To change root or user in security group# pwdadm username
7/30/2019 power point for Ubuntu comend
18/25
Regaining roots Password
Boot from CD-ROM or a bootable tape
Select option 3 from the Installation andMaintenance menu: start MaintenanceMode for System Recovery
Follow the options to activate the rootvolume group and obtain a shell
Once a shell is available, execute thepasswd command to change roots
password. #sync ;sync
Reboot the System
7/30/2019 power point for Ubuntu comend
19/25
Changing Security Attributes of
User SYNTAX: chsec [ -fFile] [ -s Stanza] [ -a Attribute =
Value ... ]
To change the /dev/tty0 port to automatically lockif five unsuccessful login attempts occur within 60
seconds, enter:# chsec -f /etc/security/login.cfg -s /dev/tty0-a logindisable=5a logininterval=60
To unlock the /dev/tty0 port after it has beenlocked by the system, enter:
# chsec -f /etc/security/portlog -s /dev/tty0 -alocktime=0
7/30/2019 power point for Ubuntu comend
20/25
Displaying currently loggedusers
SYNTAX : who, who am I
To display information about all the users who arelogged on to the system:
# who
To display information about your user name:
# who am I
To display the run-level of the local system node:
# whor
To display any active process that was spawned byinit:
# who -p
7/30/2019 power point for Ubuntu comend
21/25
Group Commands
mkgroup Creates a new groupaccount.
chgroup Changes group attributes.
lsgroup Displays selected or allgroups on the system.
Rmgroup Removes a group account.
7/30/2019 power point for Ubuntu comend
22/25
To create the group using smit:
#smit mkgroup
To create the group administrator (-a)parameter is added with mkgroup:
# mkgroupa
To change attributes of the group:
#smit chgroup
To change either the administrators or themembers a group for which they are groupadministrator:
#chgrpmem
7/30/2019 power point for Ubuntu comend
23/25
To remove a group from the system. This commandhas no options and the only parameter is the groupname. Only the root user can delete anadministrative group.
#rmgroup To list selected or all groups on the system. The
data is presented in line format by default or incolon format (-c) or in stanza format (-f).
lsgroup [-c|-f] [-a attribute] {ALL|groupname}
#lsgroupcf ALL
7/30/2019 power point for Ubuntu comend
24/25
Summary
User and groups can be added and deleted fromthe system SMIT or by high level commands
Passwords must be set for all users either usingpwdadm or passwd
Administrative users and groups can only beadministered by root
Every user must be in at least one group
Certain groups give users additional privileges
Security files are located in ACSII text files in /etcand /etc/security
7/30/2019 power point for Ubuntu comend
25/25
Exercises
The following exercises provide sample topics for self study.
1. Add a new user account (james) and try to log in to the new account. Canyou
log in without creating a password for this account?
2. Create a password for a newly created user account (james).
3. You want all the users to get the following message when they log in:
***************************************************************************
Please assemble in the meeting room at 13:00 hrs on Feb.20,2009****************************************************************************
Which file needs to be edited to contain this message so that the message is
displayed when a user logs in?
4. Move the file /etc/utmp to /etc/wtmp.org. Run the who command. What isthe
output?
5. Change the password of a user account who does not remember his oldpassword.
6. How can you disable the desktop autostart?
7. Display the attributes of the user account.
8. Permanently change your shell prompt to display the current directory.