13,420
edits
Changes
no edit summary
[[Category:OPS235]][[Category:OPS235 Labs]]
= User/Group Management =
== Investigation 8: The /etc/passwd file ==
# Look at the /etc/passwd file.
# Make note of the contents of that file.
# Read about the file: http://linux.die.net/man/5/passwd
# Make sure you know what information each field contains.
# Why do you think there are so many users?
# Look at the names of the users. What do you think these user names represent? Are they people?
# What is the numeric user ID (UID) of the root user?
# The user IDs of real users (people) are different from the user IDs of system accounts. What is the pattern?
== Investigation 9: Adding users ==
{{Admon/note|Use f16host|Perform these steps in the '''f16host''' system. Due to a configuration issue, these steps may not work normally in the fedora1 virtual host (previous versions of this lab used fedora1 for this investigation).}}
# Read the man page for the useradd command.
# Create a new user account for each of your pod mates, using their learn account name as a user name. Give each user a password.
# Grep the /etc/passwd file for each of the new users.
#* What is the home directory of each user?
#* What group is each user in?
#* What else do you know about each user?
#* Where are the passwords stored?
# Look at the man page for /etc/shadow using the command man 5 shadow
#* Grep the /etc/shadow file for each of the new users.
#* Make note of this information.
# Create two new dummy users, ops235_1 and ops235_2.
# Investigate the home directory of one of your new users.
#* What files are there? Be sure to include hidden files.
#* What do you think these files are used for <span class="plainlinks">?
#* How does the operating system determine which files are created in a new home account? The answer can be found here: http://www.linuxhowtos.org/Tips%20and%20Tricks/using_skel.htm
#* Look at the files (including hidden files) in the template directory referred to in the article. Compare them to what is in a home directory for a new user. What do you notice?
#* Create a new file in this directory with the following command: <code>touch foo</code>
#* Create a new user named foobar, with the option to automatically create a home directory.
#* Look at the contents of foobar's home directory. What do you notice?
# Be sure to record your observations in your lab notes.
{{Admon/note|Use fedora3|Perform these steps in the '''fedora3''' virtual machine.}}
# Add your matrix account user to '''fedora3'''.
== Investigation 10: Managing Groups ==
{{Admon/note|Use fedora1|Perform these steps in the '''fedora1''' virtual machine.}}
# Read the man page for the groupadd and groupdel commands.
# Note which option allows you to set the Group ID number (GID) when you create a new group.
# Examine the file /etc/group
#* Which values of GID are reserved for system accounts?
#* Which values of GID are reserved for non-system user accounts?
#8 What is the lowest available GID number for non-system users?
#* What is the default group name of a new user?
#* Add a new group named ops235 with a GID of 600.
#* You are angry at some irresponsible users on your system.
#** Add a new group named idiots.
#** Look at /etc/group and note the GID of idiots.
#** What GID is given to a new group if if you do not specify it?
#** Your anger has subsided. Delete the idiots group.
#** Look at /etc/group again and note the change.
Be sure to record your observations in your lab notes.
== Investigation 11: Deleting users ==
{{Admon/note|Use fedora1|Perform these steps in the '''fedora1''' virtual machine.}}
# Read the man page for the userdel command. Note which option automatically removes the users home directory when that user is deleted.
# Delete the user ops235_1 using the command <code>userdel ops235_1</code>
# Delete the user ops235_2 using the same command with the option which removes the home directory of the user.
# Check the contents of the /home directory. What do you notice?
# Check the contents of the /etc/group directory. What do you notice?
Be sure to record your observations in your lab notes.
== Investigation 12: Modifying users ==
{{Admon/note|Use fedora1|Perform these steps in the '''fedora1''' virtual machine.}}
# Read the man page for the usermod command. Note which options change the user's full name, primary group, supplementary groups, and shell.
# Add each of your new users to the group ops235 (in other words, add ops235 to each user as a supplementary group).
# Examine <code>/etc/group</code>. What has changed?
# Use the usermod command to associate each of your pod mates' full name to their user name, as shown in your text. With each change, examine their entries in the <code>/etc/passwd</code> file. What has changed?
# Be sure to record your observations in your lab notes.
<!-- == Investigation 13: Security Tip: Removing Unnecessary Users and Groups ==
{{Admon/note|Use fedora1|Perform these steps in the '''fedora1''' virtual machine.}}
The default Linux distribution installs many users and groups to the system for the purpose of running various services. You will rarely, if ever, need to run all of these services on a single server, and some are actually obselete for most systems. Servers tend to be specialized, for both performance and security reasons. For example, a web server would probably not be running as an email server and file server at the same time. While having all the possible user accounts installed by default makes it easier to set services up, it also increases the complexity of the machine. The more complex a system is, the more places it can fail, and hence its security is lessened. Therefore, we can increase our server's security by removing unnecessary users.
There is no set list of users we can safely remove. The requirements of each system varies greatly, and it is up to the administrator to know these requirements, and understand which accounts can be removed. However, the list we provide here can usually be removed, unless their services are specifically required.
# Before attempting the following, make backup copies of your /etc/passwd and /etc/group files, in case we delete a user or group that is essential to our system's operation.
# Carefully remove the following users from your system, if they exist:
#* games
#* gopher
#* lp (if no printer is installed)
#* news
#* nfsnobody
#* nscd (if not using nscd)
#* uucp
# Carefully remove the following groups from your system, if they exist:
#* games
#* gopher
#* lp (if no printer is installed)
#* news
#* nfsnobody
#* nscd (if not using nscd)
#* uucp -->
= State when starting Lab 4 =
