This chapter explains how to create a new user account, how to modify the account properties, how to delete the account.
Different Linux systems have different tools. What is an account? When a computer is used by multiple people, you often need to distinguish between users, for example, the individual files remain personal. Even if the computer at the same time only for one person, it is also important, as most of the computer. Therefore, each user is given a separate user name, this name is used to log in. Users in addition to name and more. An account is all files, resources, and belong to the user's information. This is implied to be a Bank, in a commercial system, each account is usually associated with some money, and these money depends on how many users use the system to a different speed to be spend. For example, disk space may have a per-MB price day, processing time may also have a price per second. Create user Linux kernel itself only treat users to a number. Each user with a single integer identifying the userid or uid, because digital on the computer than a text name process quicker and easier. The core of a separate database for each userid arranged text name, i.e. user name username. This database also contains some additional information. To create a user, you need to give the user database to increase information about the user, and to his home directory. Training users, to establish the appropriate initialize environment are also necessary. There are many Linuxdistributions generated account number of the program, and more. Adduser and useradd is one of the two; possibly GUI tools. Whatevertheprogram,theresultisthatthereislittleifanymanualworktobedone.Evenifthedetailsaremanyandintricate,theseprogramsmakeeverythingseemtrivial.However,section8.2.4describeshowtodoitbyand. /Etc/passwd and other information files UNIX system's basic user database is a text file,/etc/passwd (called password file) that lists all the valid user name and related information. File in one row for each user, is divided into 7 by: delimited fields: username password encrypted format by userid number numbers groupid full name or the account of other instructions home directory login shell (program running when you log on) detailed formatting instructions in passwd (5). Any user in the system can read password files, so they can get another user's name. That is, anyone can get the password (second field). Password file encrypted passwords, so profits says there should be no problem. However, encryption can be cracked, especially when the password is relatively simple (such as too short, or can be found in a dictionary). Therefore, the password in the password file exists and is not good. Many Linux systems have a shadow password shadowpasswords file. This method adds the encrypted password exists in another file, but this/etc/shadow files only root can read. /Etc/passwd file in the second domain only one specialmarker. Anyprogramthatneedstoverifyauserissetuid, then you can access the shadow password file. Instead of using password file to other domains in the ordinary procedure, cannot be a password. Obtaining digital user and group ID most systems regardless of the number of user and group ID, but if you use the network file system (NFS), all systems must have the same uid and gid. Because NFS uid authentication users are also used. If you do not use NFS, you can use the account to produce tools automatically obtains UID. If you are using NFS, you must use a mechanism to synchronize the account information. One approach is to use the NIS system (see [Kir]). Initial environment:/etc/skel when new user's home directory, use directory-file initialization/etc/skel. System administrators can generate files in/etc/skel to users to provide a good default environment. For example, produce a/etc/skel/.profile set EDITOR environment variable, provides a new user friendly Editor. However, it is usually best to keep as small as/etc/skel itwillbenexttoimpossibletoupdateexistingusers'files. for example, if a friendly Editor's name has changed, all existing users must edit their .profile. System administrators can use a script to automate, but still may damage a user's files. Whenever possible, it is best to put the global settings in the global file, such as/etc/profile. This can be upgraded, and avoid damage to the user's own settings. To manually create the user by the following steps to manually create a new user: Use vipw (8) edit/etc/passwd, as a new user to add a new row. Note that the syntax. Do not use the editor to directly edit the! locks the file vipw, other commands when you cannot update it. Set the password field is "*", so you cannot log on. Similarly, if you want to create a new group, use edit/etc/group vigr. Use mkdir creates the user's home directory. The text of the/etc/skelItems are copied to the new home directory. Use chown and chmod change owner and permissions. -R option is most useful. Thecorrectpermissionsvaryalittlefromonesitetoanother,butusuallythefollowingcommandsdotherightting: cd/home/newusername chown-Rusername.group. chmod-Rgo=u,go-w. chmodgo=. Use passwd (1) set the password. The last step in setting up a password, you can use this account. Should not be at all other things done before setting the password, otherwise the user may not allow logon whileyou'restillcopyingthefiles. Sometimes it is necessary to produce not to anyone's use of false (dummy) account for example, an anonymous FTP server (so anyone can download a file from it, without an account), you must generate a call ftp account. In this case, it is usually not necessary to the subsequent step of password settings. Moreover, it is best to not set so that no one can use the account, unless you first become root, because any user root can become. Changing user properties have several different properties to change the account's command (i.e. application of the relevant domain/etc/passwd): cfn change the full name field. Cs change login shell. Passwd change password. Power users can use the password change any account's properties. The average user can only change your account's properties. Sometimes it may be necessary to make these commands are not available to normal users (chmod), for example in a lot of newbie environment. Other tasks need to be performed manually. For example, change the user name, you need to edit/etc/passwd (remember: Use vipw). Similarly, if you need to add or remove users, edit the tomoregroups/etc/group (vigr). This task is less need for caution: for example, change the username and the email will not be able to reach the user, unless you have a mail alias. Delete the user to delete a user, you must first delete all files, and then remove from/etc/passwd and/etc/group related rows. Some Linuxdistributions with specific commands, see deluser or userdel. However, manual removal is also very simple. Temporary ban a user sometimes needs to temporarily prohibit a user without deleting it. For example, the user does not have to pay, or system administrator suspected hacker got an account's password. Prohibit a user of the best method is to use it in the shell variable to a specific print out a message of the program, use this method, any wish to login to this account will be unable to log on and learn why. This information can tell the user and system administrator to deal with any issues. You can also change the username or password, but that user does not know how it happened. Confusedusersmeanmorework. Specific programs of producing such a simple approach is to write "tailscripts": #!/usr/bin/tail + 2 Thisaccounthasbeenclosedduetoasecuritybreac. Pleasecall555-1234andwaitforthemeninblacktoarrive. The first 2 characters ("#!") Tell the rest of the core Bank is the interpretation of this file to run the command. This tail command will output the first line of treatment for all the things to standard output. If you suspect that billg was a security breach, system administrators can do this: # chsh-s/usr/local/lib/no-login/securitybillg # su-tester Thisaccounthasbeenclosedduetoasecuritybreac. Pleasecall555-1234andwaitforthemeninblacktoarrive. # Su aims at changing is working. Tailscripts should be placed in a separate directory, so that their name does not interfere with normal user command
No comments:
Post a Comment