Finger displays:
Login – This is the username that is used to authenticate to
the system.
Name – This is the user’s full name.
Directory – This is the user’s home directory.
Shell – This is the default shell that will be provided to
that user.
Last Login – This displays the last time the user logged in
and where from.
id Username - Displays user information (
uid, gid, groups, etc)
/etc/passwd – This file contains the user account
information for your system.
/etc/shadow – This file contains passwords for your user
accounts.
/etc/group – This file contains your system’s groups.
/etc/passwd
username:password:UID:GID:Full_Name:Home_Directory:Default_Shell
- Username:
The username field simply identifies the username the user will supply
when logging in to the system. - Password:
This is a legacy field. At one time, the user’s password was stored in
encrypted form in this field in the passwd file. However, for security
reasons, the password has been moved from /etc/passwd to /etc/shadow. - UID:
This is the user ID for the user account. We discussed the UID earlier in
this chapter. - GID:
This field references the group ID number of the user’s default group. - Full_Name:
This field contains the user’s full name. - Home_Directory:
This field contains the path to the user’s home directory. - Default_Shell:
This field specifies the shell that will be used by default.
/etc/shadow
Username:Password:Last_Modified:Min_Days:Max_Days:Days_Warn:Disabled_Days:Expire
- Username:
This is the user’s login name from /etc/passwd. - Password:
This is the user’s password in encrypted format.( Accounts that have a *
means they can’t log into the system ) - Last_Modified:
This field displays the number of days since January 1, 1970 that the
password was last changed. - Min_Days:
This field displays the minimum number of days required before a password
can be changed. - Max_Days:
This field displays the maximum number of days before a password must be
changed. - Days_Warn:
This field displays the number of days prior to password expiration that
the user will be warned of the pending expiration. - Disabled_Days:
This field displays the number of days to wait after a password has
expired to disable the account. - Expire:
This field displays the number of days since January 1, 1970 after which
the account will be disabled.
Pwck – This
command is used to check if both the /etc/passwd and /etc/shadow files are
correct and working fine.
Pwconv - This
command will add any missing user account from /etc/passwd to /etc/shadow.
useradd – create
a new user or update default new user information.
Default Configuration files for useradd:
- /etc/default/useradd – This file
contains defaults used by the useradd utility. - /etc/login.defs – This file
contains values that can be used for the GID and UID parameters when
creating an account with useradd. It also contains defaults for creating
passwords in /etc/shadow.
useradd Options:
-c Includes the users full name
-e Specifies the date when the user account will be disabled.
Format the date as yyyy-mm-dd.
-f Specified the number of days after password expiration before
the account is disabled. Use a value of 01 to disable this functionality.
-g Specifies the user’s default group.
-G Specifies additional groups that the user is to be made a member
of.
-M Specifies that the user account be created without a home
directory.
-m Specifies the user’s home directory.
-n Used only on Red Hat or Fedora system. By default, these systems
create a new group with the same name as the user every time an account is
created. Using this option will turn off this functionality.
-p Specifies the user’s password
-r Specifies that the user being created is a system user.
-s Specifies the default shell for the user.
-u Manually specifies a UID for the user.
Passwd - used to add and change passwords. Also can check status of
account.
To check password status of a
account type passwd -S username.
Passwd options:
-l Locks the user’s account. This option invalidates the user’s
password.
-u Unlocks a user’s account
-d Removes a user’s password.
-n Sets the minimum number of days required before a password can
be changed.
-x Sets the maximum number of days before a password must be
changed.
-w Sets the number of days prior to password expiration when the
user will be warned of the pending expiration.
-i Sets the number of days to wait after a password has expired to
disable the account.
Usermod - Utility to modify user accounts.
Usermod options:
-c Edits the user’s full name.
-e Sets the date when the user account will be disabled. Format the
date as yyyy-mm-dd.
-f Sets the number of days after password expiration before the
account is disabled. Use a value of -1 to disable this functionality.
-g Sets the users’s default group.
-G Specifies additional groups that the user is to be made a member
of.
-l Changes the username.
-L Locks the user’s account. This option invalidates the user’s
password.
-m Sets the user’s home directory.
-p Sets the user’s password.
-s Specifies the default shell for the user.
-u Sets the UID for the user.
-U Unlocks a user’s account that has been locked.
/etc/group – File where groups are set.
Group:Password:GID:Users
Group: Specifies the name of the group.
Password: Specifies the group password.
GID: Specifies the group ID (GID) number of the group.
Users: Lists the members of the group.
/etc/gshadow – File to define group password encrypted.
Group_Name:Password:Group_Admins:Group_Members
Groupadd - used to create a group.
Groupadd options:
-g Specifies a GID for the new group.
-p Specifies a password for the group.
-r Specifies that the group being created is a system group.
Groupmod - Modify the group settings, add users, and remove users.
Groupmod options:
-g Changes the group’s GID number.
-p Changes the group’s password.
-A Adds a user account to the group.
-R Removes a user account from the group.
Groupdel - Used to remove a group from the system.
Permissions:
Read – 4
Write – 2
Execute – 1
Chmod entity=permissions filename
U = Owner
G = Group
O = Other
Example: chmod u=rw,g=rw,o=r file.txt
You can use the minus and plug
sign to remove and add a permission.
Exmaple: chmod u-w file.txt This would remove the write permission for
owner.
Special Permissions:
SUID – 4
SGID – 2
Sticky Bit – 1
|
Permission |
Description |
Effect on Files |
Effect on |
|
SUID |
Set User ID Can only be applied to binary executable files (not shell |
When an executable file with the SUID set is run, the user |
None. |
|
SGID |
Set Group ID Can be applied to binary executable files (not shell |
When a user runs an executable file with the SGID set, the |
When a user creates a file in a directory that has SGID |
|
Sticky Bit |
|
None. |
When the Sticky Bit is assigned to a directory, users can |
Managing Disk Quotas!
To check if you have the quota package installed on a
redhat/fedora system type rpm -qi quota
at the command prompt.
You MUST mount the filesystem with the quota options. The
quota options you must add in your /etc/fstab file are usrquota and grpquota.
After you edit your fstab file with these options restart your system.
Quotacheck - scan
a filesystem for disk usage, create, check and repair quota files.
Options:
-a Checks all mounted file systems
-m Forces check on mounted file
systems.
-u Checks users.
-g Checks groups.
-v Operates in verbose mode.
To enable quota type quotaon
-av.
To view current disk space used by your users type repquota -av.
To create a disk quotq type edquota -u username.
You can enter edquota
-p source_user destination_user to copy quotas from one user to another.