Transcript available here

ITI-481: Unix Administration
Meeting 3
Christopher Uriarte, Instructor
Rutgers University Center for Applied Computing Technologies
Today’s Agenda
• Account Management
• File and directory permissions and
management
• UNIX networking basics
Unix System Accounts
• Access to system resources is controlled
through user and group assignments.
• Two types of user accounts:
– “Root” user – the system administrator; the
“superuser” who has permission to execute every
command and read every file on the system.
“Root” has total control of everything on the
system.
– Normal user – any user that is not the root user.
• As you’ve experienced thus far, almost all
UNIX administration is done as the root user.
Becoming the Root User
• There are two ways that you can log in as the
root user
– Sitting at the system console, you can simply log
in as root.
– If your are logged in as another user, you can use
the “su” command at the command prompt to
change to the root user (you will be prompted for
the root password). You then have full root rights
until you exit your shell.
– Root login is restricted via remote access (telnet
or ssh) – you must first log in as a non-root user
and then use “su”
UNIX System Components Related to
Account Creation
• /etc/password – The system user file, contains
information about users on the system.
• /etc/shadow – The file that actually contains the
passwords
• /etc/group – The system group file, defines user
groups on the system.
• User Home Directories (/home/username)
• Initialization shell scripts (.login,
.bash_profile, .cshrc, etc.)
Passwords on UNIX Systems
• Should always be encrypted when stored – all
modern UNIX systems use password encryption.
– Crypt encryption – up to 8 characters
– MD5 encryption – up to 256 characters
• Should be a combination of random letters, numbers,
and special characters.
• Used to be stored in /etc/password, but now
stored in /etc/shadow
• Passwords are set using the “passwd” command.
Only the root user can change passwords for other
users.
– passwd – changes your own password
– passwd username – changes another user’s
password
The /etc/passwd File
• Stores a user’s username, unique user ID number, default group ID
number, Full name, home directory and login shell.
– Each user on the system has a unique UID, assigned by the system.
– The root user has the UID of 0 (zero) – THIS is what characterizes the
root user, not the username “root”
• /etc/passwd File format: (One Entry Per Line, fields separated by
colons):
username:x:user ID (UID):default group (GID):name
(GECOS): home directory:login shell
• Sample entry (with shadow file):
kkaplan:x:500:500:Kellee Kaplan:/home/kkaplan:/bin/bash
• Typical file permissions:
-rw-r--r--
1 root root
865 Mar 28 10:44 /etc/passwd
The /etc/shadow File
• Stores encrypted user passwords.
• /etc/shadow File Format:
login name:encrypted password: other options for
password expiration and changing (non-standard)
• Sample entry (One Entry Per Line, fields separated by
colons):
kkaplan:$1$iwdVDnei&aBcxvpyYi06:10987:0:99999:
• Typical permissions (IMPORTANT!):
-r--------
1 root
root
752 Jan 31 11:45 /etc/shadow
The /etc/group File
• Contains information about system groups
and the users that are members of each
group.
• Contains the fields: Groups Name, unique
group ID number and a list of the groups
members.
• Entry format:
group name:x:GID:comma-separated
list of group members
• Sample entry:
staff:x:103:kkaplan,jsmith,jdoe
(a group called staff with the members kkaplan, jsmith and jdoe)
Account Management Tools
• With the exception of /etc/group, all account
management files are managed through
simple command-line tools.
• Command line
– Users: useradd, userdel, usermod
– Groups: groupadd, groupdel, groupmod
– Specific fields: passwd, chsh
• Graphical
– LinuxConf (Linux only)
– Control-panel
– Lots of other graphical UNIX utilities.
Managing Users
• The useradd utility is used to create
system user accounts.
• You can simply add a user with:
– useradd johndoe
(Creates the user johndoe on the system)
• useradd has a number of simple options,
that allow you to specify user attributes
during account creation.
useradd Syntax and options
• Useradd options include:
-u UID
-g default group
-d home directory
-s default shell path
-c “Comment or Full name”
-m (make the user's home directory)
useradd –m –d /opt/home/chrisjur –g staff
–s /bin/bash chrisjur
• Creates a user named “chrisjur”, makes his home directory,
sets his home directory to /opt/home/chrisjur, sets his
group to “staff”, sets his shell to /bin/bash
Important useradd Tip!
• After you add a user, YOU MUST
assign a password to the user using the
“passwd” command.
passwd username
• The user will not be able to login until
you set a password!
useradd Syntax and options
• If no options are specified, system defaults
are used when creating a user (default shell,
default home directory path, etc.)
• Similarly, the usermod command can be
used to modify an existing user’s attributes
using the same syntax as useradd.
usermod –s /bin/sh chrisjur
– Changes chrisjur’s shell to /bin/sh
Deleting System User Accounts
• System users can be deleted using the
userdel command with the syntax:
userdel username
• e.g:
userdel chrisjur
– Deletes the user chrisjur from the system.
• userdel DOES NOT delete a user’s home
directory or its contents. You must either
delete it manually or use the “-r” switch with
userdel (userdel –r username)
Exercise: Account Creation with
Command Line Tools
• Use useradd to create an account for the
login student100. Use the appropriate
flags to set a default group of “users”, a home
directory of /home/student3, and a password
of your choosing.
• Login to the student100 account.
• Use userdel to remove the student100
account.*
*a common error is sometimes made
UNIX Groups
• UNIX provides a grouping functionality
that allows you to group system users
together, allowing them to access
common system resources, such as
files and directories.
• UNIX groups provide a typical way for
non-root users to collaborate on
projects by sharing permissions
(write/read/execute permissions) on
system resources.
Grouping Example
• Problem: You have a series of web pages
files that reside under /var/opt/www/htdocs.
You need give your 3-person webdevelopment team the ability to edit these
files.
• Solution: Create a group called “webdev”,
place the 3 users in the devel team in the
group and make /var/opt/www/htdocs and all
its files group-readable, writeable and
executable.
Creating UNIX Groups
• You can create UNIX groups using the
groupadd utility:
groupadd staff
Creates a group called “staff”
• After creating a group, you must then
manually add members to the group by
adding their usernames to that groups line in
the /etc/group file.
• Group members are added to /etc/group as a
comma-separated list after the group name
and parameters.
Adding Users to Groups
• After creating a group called “staff” (using
groupadd staff), an entry is placed in
/etc/group that looks like this:
staff:x:506:
• You can add the users chris,john and joe
to the group by editing /etc/group and
adding them after the last colon:
staff:x:506:chris,john,joe
Deleting Groups
• You can delete groups using the
groupdel command:
groupdel groupname
Changing File Ownership
• If you want to change the ownership of a file
or directory to another user, you can use the
chown command:
chown <user> <file(s)>
chown chris /home/chris/hisfile.txt
chown chris /home/chris
• Useful chown option: “-R” – recursively change
ownership:
chown –R chris /home/chris
#Changes /home/chris and all files/directories
under it to chris’s ownership
Changing Group Associations
• If you would like to associated a file or
directory with a particular group, you can use
the chgrp command:
chgrp <group name> <file(s)>
chgrp staff /home/staff/groupfile.txt
chgrp staff /home/staff/projects
• Useful chgrp option: “-R” – recursively change
group associations:
chown –R staff /home/staff
#Associates /home/staff and all
files/directories under it with the staff
group
Using chmod with Groups
• You can use chmod to change a files group
permissions.
-rwxr--r-- chris staff 100 Apr 4 2000 file.txt
#file readable, writeable and executable by its owner,
and readable by members of its group and other
users.
• Use chmod to allow members of the staff
group to read, write and execute the file.
[user@host]# chmod g+rwx file.txt
-rwxrwxr-- chris staff 100 Apr 4 2000 file.txt
#file is now readable, writeable and executeable by
its owner AND members of the staff group – but only
readable by all other system users.
Exercise: User and Group Creation
• Create two users: user1 and user2
• Create a group called “class”
• Create a file called /etc/classtest.txt with the
words “Hello world” in it.
• Associate the file /etc/classtest.txt with the
“class” group
• Set the permissions so members of its group
can write to the file.
• Add user1 and user2 to the group.
• Logout and log back in as user1 – attempt to
write to the file. Logout.
• Login as user2 - attempt to write to the file.
Important Network Information
• When connecting your UNIX machine to
a LAN or the Internet, you need some
basic network information to configure
it.
– Are you using DHCP (automatic network
configuration)?
– If not, you need to know your:
• IP Address and Subnet Mask
• Default gateway
• DNS Servers
Configuring Network Settings
• Network settings can be configured three
ways:
– During your UNIX install/setup
– By modifying network-specific configuration
files
– By using graphical setup utilities
Using Graphical Network Setup
Utilities
• There are many different graphical utilities
include with UNIX distributions that allow you
to change your network setting:
– Linuxconf (Linux only)
– Control-panel
– KDE Network control panel
• There are no “standard” graphical utilities (so
they may change!), but they are all easy to
use.
Changing Network Settings through
System Configuration files
• On Linux, there are three config files that
contain the basic network settings
– /etc/sysconfig/network – contains your system
name, default gateway and default ethernet NIC
card (eth0)
– /etc/sysconfig/network-scripts/ifcfg-eth0 – contains
your IP address and subnet mask for your default
NIC. Also sets a flag for your boot protocol
(Setting BOOTPROTO=DHCP configures your
system to use DHCP – it’s that simple!)
– /etc/resolv.conf – contains a list of DNS
nameservers that your system will use
Changing Network Settings, con’t.
• System nameservers are specified in
/etc/resolv.conf in this fashion:
Nameserver 123.4.5.6
Nameserver 123.4.5.7
etc.
• After making changes to network
configuration files, you must execute:
/etc/rc.d/init.d/network restart
Homework
• TBA