ITI-481: Unix Administration

Meeting 3Christopher Uriarte, Instructor

Rutgers University Center for Applied Computing Technologies

Today’s Agenda

• Account Management

• File and directory permissions and management

Unix System Accounts• Access to system resources is controlled

through user and group assignments.• Two types of user accounts:

– “Root” user – the system administrator; the “superuser” who has permission to execute every command and read every file on the system. “Root” has total control of everything on the system.

– Normal user – any user that is not the root user.

• As you’ve experienced thus far, almost all UNIX administration is done as the root user.

Becoming the Root User• There are two ways that you can log in as the

root user– Sitting at the system console, you can simply log in

as root.– If your are logged in as another user, you can use

the “su” command at the command prompt to change to the root user (you will be prompted for the root password). You then have full root rights until you exit your shell.

– Root login is restricted via remote access (telnet or ssh) – you must first log in as a non-root user and then use “su”

UNIX System Components Related to Account Creation• /etc/passwd – The system user file, contains

information about users on the system.• /etc/shadow – The file that actually contains the

passwords• /etc/group – The system group file, defines user

groups on the system.• User Home Directories (/home/username)• Initialization shell scripts

(.login, .bash_profile, .cshrc, etc.)

Passwords on UNIX Systems• Should always be encrypted when stored – all modern

UNIX systems use password encryption.– Crypt encryption – up to 8 characters– MD5 encryption – up to 256 characters

• Should be a combination of random letters, numbers, and special characters.

• Used to be stored in /etc/passwd, but now stored in /etc/shadow

• Passwords are set using the “passwd” command. Only the root user can change passwords for other users.– passwd – changes your own password– passwd username – changes another user’s

password

The /etc/passwd File• Stores a user’s username, unique user ID number, default group ID

number, Full name, home directory and login shell.– Each user on the system has a unique UID, assigned by the system.

– The root user has the UID of 0 (zero) – THIS is what characterizes the root user, not the username “root”

• /etc/passwd File format: (One Entry Per Line, fields separated by colons):username:x:user ID (UID):default group (GID):name (GECOS): home directory:login shell

• Sample entry (with shadow file):kkaplan:x:500:500:Kellee Kaplan:/home/kkaplan:/bin/bash

• Typical file permissions:-rw-r--r-- 1 root root 865 Mar 28 10:44 /etc/passwd

The /etc/shadow File

• Stores encrypted user passwords.• /etc/shadow File Format:

login name:encrypted password: other options for password expiration and changing (non-standard)

• Sample entry (One Entry Per Line, fields separated by colons):kkaplan:$1$iwdVDnei&aBcxvpyYi06:10987:0:99999:

• Typical permissions (IMPORTANT!):-r-------- 1 root root 752 Jan 31 11:45 /etc/shadow

The /etc/group File• Contains information about system groups

and the users that are members of each group.

• Contains the fields: Groups Name, unique group ID number and a list of the groups members.

• Entry format:group name:x:GID:comma-separated list of group members

• Sample entry:staff:x:103:kkaplan,jsmith,jdoe

(a group called staff with the members kkaplan, jsmith and jdoe)

Account Management Tools• With the exception of /etc/group, all account

management files are managed through simple command-line tools.

• Command line– Users: useradd, userdel, usermod– Groups: groupadd, groupdel, groupmod– Specific fields: passwd, chsh

• Graphical– LinuxConf (Linux only)– Control-panel – Lots of other graphical UNIX utilities.

Managing Users

• The useradd utility is used to create system user accounts.

• You can simply add a user with:– useradd johndoe

(Creates the user johndoe on the system)

• useradd has a number of simple options, that allow you to specify user attributes during account creation.

useradd Syntax and options

• Useradd options include:-u UID -g default group

-d home directory -s default shell path

-c “Comment or Full name”

-m (make the user's home directory)

useradd –m –d /opt/home/chrisjur –g staff –s /bin/bash chrisjur

• Creates a user named “chrisjur”, makes his home directory, sets his home directory to /opt/home/chrisjur, sets his group to “staff”, sets his shell to /bin/bash

Important useradd Tip!

• After you add a user, YOU MUST assign a password to the user using the “passwd” command.passwd username

• The user will not be able to login until you set a password!

useradd Syntax and options• If no options are specified, system defaults

are used when creating a user (default shell, default home directory path, etc.)

• Similarly, the usermod command can be used to modify an existing user’s attributes using the same syntax as useradd.usermod –s /bin/sh chrisjur– Changes chrisjur’s shell to /bin/sh

Deleting System User Accounts

• System users can be deleted using the userdel command with the syntax:userdel username

• e.g:userdel chrisjur– Deletes the user chrisjur from the system.

• userdel DOES NOT delete a user’s home directory or its contents. You must either delete it manually or use the “-r” switch with userdel (userdel –r username)

Exercise: Account Creation with Command Line Tools

• Use useradd to create an account for the login student3. Use the appropriate flags to set a default group of “users”, a home directory of /home/student3, and a password of your choosing.

• Login to the student3 account.• Use userdel to remove the student3 account.

UNIX Groups

• UNIX provides a grouping functionality that allows you to group system users together, allowing them to access common system resources, such as files and directories.

• UNIX groups provide a typical way for non-root users to collaborate on projects by sharing permissions (write/read/execute permissions) on system resources.

Grouping Example

• Problem: You have a series of web pages files that reside under /var/opt/www/htdocs. You need give your 3-person web-development team the ability to edit these files.

• Solution: Create a group called “webdev”, place the 3 users in the devel team in the group and make /var/opt/www/htdocs and all its files group-readable, writeable and executable.

Creating UNIX Groups• You can create UNIX groups using the

groupadd utility:groupadd staffCreates a group called “staff”

• After creating a group, you must then manually add members to the group by adding their usernames to that groups line in the /etc/group file.

• Group members are added to /etc/group as a comma-separated list after the group name and parameters.

Adding Users to Groups

• After creating a group called “staff” (using groupadd staff), an entry is placed in /etc/group that looks like this:staff:x:506:

• You can add the users chris,john and joe to the group by editing /etc/group and adding them after the last colon:staff:x:506:chris,john,joe

Deleting Groups

• You can delete groups using the groupdel command:groupdel groupname

Changing File Ownership

• If you want to change the ownership of a file or directory to another user, you can use the chown command:chown <user> <file(s)>chown chris /home/chris/hisfile.txtchown chris /home/chris

• Useful chown option: “-R” – recursively change ownership:chown –R chris /home/chris #Changes /home/chris and all files/directories under it to chris’s ownership

Changing Group Associations

• If you would like to associated a file or directory with a particular group, you can use the chgrp command:chgrp <group name> <file(s)>chgrp staff /home/staff/groupfile.txtchgrp staff /home/staff/projects

• Useful chgrp option: “-R” – recursively change group associations:chown –R staff /home/staff #Associates /home/staff and all files/directories under it with the staff group

Using chmod with Groups

• You can use chmod to change a files group permissions.

-rwxr--r-- chris staff 100 Apr 4 2000 file.txt#file readable, writeable and executable by its owner,

and readable by members of its group and other users.

• Use chmod to allow members of the staff group to read, write and execute the file.

[user@host]# chmod g+rwx file.txt-rwxrwxr-- chris staff 100 Apr 4 2000 file.txt#file is now readable, writeable and executeable by

its owner AND members of the staff group – but only readable by all other system users.

Exercise: User and Group Creation• Create two users: user1 and user2• Create a group called “class”• Create a file called /etc/classtest.txt with the words

“Hello world” in it.• Associate the file /etc/classtest.txt with the “class” group• Set the permissions so members of its group can write

to the file.• Add user1 and user2 to the group.• Logout and log back in as user1 – attempt to write to

the file. Logout.• Login as user2 - attempt to write to the file.

Homework

• TBA