Unit 5 User Administration

Randy Marchany VA Tech Computing Center

Understanding the Login Procedure

Multiple ways of logging into the system
telnet cleartext not recommended ssh encrypted highly recommended
Ssh clients available on VTNET CD for PC/MAC

User information is parsed from /etc/passwd file at login and the base environment variables are set.

Understanding the Login Procedure

Base environment variables
HOME location of your home directory LOGNAME your login name (userid)

PATH default search path for commands

SHELL default shell MAIL location of your email directory TZ time zone specification

/etc/password, /etc/shadow
These files are the critical files that contain all of the user information for your system /etc/passwd is world readable, /etc/shadow is readable by root only. Why?
/etc/shadow contains the encrypted password string for each userid. There are password

cracking programs that will use this encrypted string to brute force guess the userid password.

/etc/passwd Format
7 fields Userid:Password string:UID:GID:Name field:home directory location:default shell Userid the login id of the user account Password string a marker X, in older Unix systems this is where the encrypted password string would have been stored.

/etc/passwd Format
UID unique number that identifies the userid. The OS uses this NOT the username to identify an account. GID unique number identifying the group the userid belongs to. Name field name of the account owner Home directory location where the default home directory for this userid is located. Default shell the default shell activated upon logging into the system

The UID/GID Pair

The UID must be unique between userids. You can have multiple usernames associated with the same UID. Solaris will treat all of them as the same userid. UID 0 is root. There should be only 1 account with this UID. UIDs must be unique across systems.

Adding Users
Admintool is the main GUI that handles user management. useradd command adds a new user. Command line:
useradd d dir u uid s shell g group c comment username These are the most common flags but there are others. See the man page.

Modifying Users
Admintool is the preferred method. /usr/sbin/usermod is the command line version. Command line:
/usr/sbin/usermod u uid g group s

shell userid

There are more flags but these are the most common ones used.

Deleting Users
Admintool is the preferred method The userdel command deletes a user from the system and modifies /etc/passwd, /etc/group, /etc/shadow appropriately. Command line:
/usr/sbin/userdel r userid The r option deletes the users home directory.

Adding/modifying Groups
Admintool GUI is the first choice. groupadd command creates a new group. Command line:
/usr/sbin/groupadd g gid groupname

Modifying the group via command line

/usr/sbin/groupmod g gid n name group

Deleting Groups
Admintool is the preferred method (duh!) The groupdel command deletes a group from the system. Command line:
/usr/sbin/groupdel group

Setting Up the User Environment

System initialization files define environment variables when a user shell is started. 2 types
System sets environment variable for everyone on the system

User sets the environment variable for a single user only

Setting Up the User Environment

System initialization files are executed first when the user logs in.
Bourne shell: /etc/profile

Korn shell: /etc/profile

C shell: /etc/.login

User initialization files are executed next.

Bourne shell: $HOME/.profile Korn shell: $HOME/.profile C shell: $HOME/.cshrc, $HOME/.login

Setting Up the User Environment

Default /etc/profile and /etc/.login files check quotas, print the MOTD, and check for email (You have Mail). If $HOME/.hushlogin exists, the MOTD is not printed. You can add any other system wide commands to these files.

The .profile file

Each user can make changes to their .profile or .cshrc or .login files. The user customizes their environment by adding or deleting commands from these files. The most common variable is the PATH command. This defines the search order for your commands.

The /etc/profile file

This file sets the default permissions for files (umask command). It prints out the MOTD. The MOTD is stored in /etc/motd with additional information in /etc/issue. It can be used to set the environment for third party software such as Arcinfo or any other GIS software.

The /etc/skel files

Templates that are used to create the user initialization files are stored in /etc/skel. Bourne and Korn shells use the template /etc/skel/local.profile. C shell uses the templates /etc/skel/local.cshrc and /etc/skel/local.login. These templates are modified based on the information provided by useradd and the copies are moved to the user home directories. They are renamed to .profile, .login and .cshrc as needed.

The /etc/skel files

You can modify these templates to ensure your customizations are placed in all user environments. Sun recommends you create a new directory to contain your site specific files. Make the changes in these files and copy them to the user directories. I must admit that I dont do this.