Đang tải... (xem toàn văn)
Module Linux essentials - Module 14 introduce managing users and groups. After studying this chapter students should be able to: Creating users and groups, understanding user and group commands, creating user IDs.
Module 14 Managing Users and Groups This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Exam Objective 5.2 Creating Users and Groups Objective Summary – – Understanding user and group commands Creating User IDs This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Working with Groups This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Creating a Group • The most common reason to create a group is to provide a way for users to share files After creating or modifying a group, you can verify the changes by viewing the /etc/group file or running the getent command This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 The groupadd Command • • • The groupadd command creates a new group The -g option can be used to specify a group id : groupadd -g 506 research If the -g option is not provided, the groupadd command will automatically provide a GID for the new group This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Group ID Considerations • • • Avoid creating GIDs in the same numeric ranges where you expect to create user IDs if your system uses UPG Recall that GIDs of under 500 are reserved for system use The -r option will assign the new group a GID that will be less than the lowest standard UID This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Group Naming Considerations • • • • The first character of the name should be either an underscore (_) or a lower-case alphabetic character (a-z) Up to 32 characters are allowed on most Linux distributions, but using more than 16 can be problematic as some distributions may not accept more than 16 After the first character, the remaining characters can be alphanumeric, dash (-) and underscore(_) The last character should not be a hyphen (-) This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Modifying a Group • • • • • The groupmod –n command changes a group’s name The groupmod –g command changes a group’s ID If you change the GID for a group, then all files that were associated with that group will no longer be associated with that group These are called “orphaned” files To find “orphaned” files: find / -nogroup This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Deleting a Group • • • Delete a group with the groupdel command This may result in “orphaned” files Only supplemental groups can be deleted This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Working with Users This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 The /etc/login.defs File Field Example Description MAIL_DIR /var/mail/spool The directory in which the user's mail spool file will be created PASS_MAX_DAYS 99999 The maximum number of days that a user can continue to use the same password PASS_MIN_DAYS The shortest time that a user are required to keep a password PASS_MIN_LEN This indicates the minimum number of characters that a password must contain PASS_WARN_AGE This is the default for the warning field UID_MIN 500 The UID_MIN determines the first UID that will be assigned to an ordinary user UID_MAX 60000 The UID_MAX determines the highest possible UID that will be assigned to an ordinary user GID _MIN 500 The GID _MIN determines the first GID that will be assigned to an ordinary group GID _MAX 60000 The GID_MAX determines the highest possible GID that will be assigned to a regular group CREATE_HOME yes The value of this determines whether or not a new directory will be created for the user, when their account is created UMASK 077 Determines what the default permissions will be for the user's home directory This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Working with Account Information This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Advantages to Individuals having Separate Accounts • • • Accounts can be used to grant selective access to files or services The sudo command can be configured to grant the ability to specify individuals to permit execution of select administrative commands Each account can have group memberships and rights associated with it allowing for greater management flexibility This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Account Considerations Before creating a user account, consider what values you want to set for the following: • – – – – – – – – User name UID Primary Group Supplementary group(s) Home Directory Skeleton Directory Shell Comment This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 The useradd Command The useradd command will allow you to create new users Example: • useradd -u 1000 -c 'Jane Doe' jane Modifies the following files: • – – – – • /etc/passwd /etc/shadow /etc/group /etc/gshadow Creates mail spool (/var/spool/mail/jane) and user’s home directory (/home/jane) This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Password Security This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Picking a Password • • • • Avoid using personal information in passwords Encourage complex passwords Encourage longer passwords, but not too long as to make them hard to remember Consider how often users will be required to reset their passwords This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Setting a Password • • • • • • The passwd command will allow you to change a password The root user can change any user password: passwd user_name The root user can break password rules besides “no empty passwords” A user can change their own password by running the passwd command with no argument Regular users can not break password rules Password rules vary from one distribution to another This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 chage Command This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Using the chage Command • Used to change password aging settings for a user Short option Long option Description -l list List the account aging information -d LAST_DAY lastday LAST_DAY Set the date of the last password change to LAST_DAY -E EXPIRE_DATE expiredate EXPIRE_DATE Set account to expire on EXPIRE_DATE -h help Show the help for chage -I INACTIVE inactive INACTIVE Set account to permit login for INACTIVE days after password expires -m MIN_DAYS mindays MIN_DAYS Set the minimum number of days before password can be changed to MIN_DAYS -M MAX_DAYS maxdays MAX_DAYS Set the maximum number of days before a password should be changed to MAX_DAYS -W WARN_DAYS warndays WARN_DAYS Set the number of days before a password expires to start displaying a warning to WARN_DAYS This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Modifying a User Account This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Modify a User • • The user may need to be logged off to modify the account Use the who, w or last commands to determine if a user is currently logged in to the system This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 The usermod Command Used to modify a user account • Option Description -c COMMENT Sets the value of the GECOS or comment field to COMMENT -d HOME_DIR Sets a new home directory for the user -e EXPIRE_DATE Set account expiration date to EXPIRE_DATE -f INACTIVE Set account to permit login for INACTIVE days after password expires -g GROUP Set GROUP as primary group -G GROUPS Set supplementary groups to a list specified in GROUP -a Append the user's supplemental groups with those specified by –G -h Show the help for usermod -l NEW_LOGIN Change the user's login name -L Lock the user account -s SHELL Specify the login shell for the account -u NEW_UID Specify the user's UID to be NEW_UID -U Unlock the user account This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Removing a User This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Delete a User • • • Use the userdel command to delete a user account By default, only the account is deleted, not any of the files owned by the user By using the –r option, files in the user’s home directory and the user’s mail spool are deleted This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 ...Exam Objective 5.2 Creating Users and Groups Objective Summary – – Understanding user and group commands Creating User IDs This slide deck is for LPI Academy instructors... groupadd Command • • • The groupadd command creates a new group The -g option can be used to specify a group id : groupadd -g 506 research If the -g option is not provided, the groupadd command will... EXPIRE_DATE -f INACTIVE Set account to permit login for INACTIVE days after password expires -g GROUP Set GROUP as primary group -G GROUPS Set supplementary groups to a list specified in GROUP -a Append