05 - Basic User Management Flashcards
Listing logged-in users
who and w (what) commands show who is logged in the system
The who command references the /run/utmp file and displays the information.
The w (what) command displays information in a similar format as the who command, but it also tells the length of time the sue has been idle for (IDLE), along with the CPU time used by all processes including any existing background jobs attached to this terminal (JCPU), the CPU time used by the current process (PCPU), and current activity (WHAT).
What is pts and tty?
pts stands for pseudo terminal session, and tty identifies a terminal window on the console.
History of successful login attempts and system reboot
The last command reports the history of successful user login attempts and system reboots by consulting the wtmp file located in the var/log directory. This file keeps a record of all login and logout activities, including the login time, duration a user stayed logged in, and tty.
last reboot
last [username]
History of unsuccessful login attempts
The lastb command reports the history of unsuccessful user login attempts by reading the btmp file located in the /var/tmp directory. This file keeps a record of all unsuccessful login attempts, including the login name, time, and tty.
Reporting recent user login attempts
The lastlog command reports the most recent login evidence information for every user account that exists on the system. This information is captured in the lastlog file located in the/var/log directory. This file keeps a record of the most recent user login attempts, including the login name, time, and port (or tty)
Examining User and Group information
The id (identifier) command displays the calling user’s UID (User Identifier), username, GID (Group Identifier), group name, all secondary groups the user is a member of, the SELinux security context.
Each user and group has a corresponding number for identification purposes.
1. id [username]
The groups command, in contrast, lists all groups the calling user is a member of.
The first group listed is the primary group for the user who executed this command; all other groups are secondary (or supplementary). The groups command can also be used to view group membership information for a different user.
Local user authentication files
RHEL supports three fundamental user account types:
1. root
2. normal, and
3. service
The root user aka superuser or administrator, has full access to all services and administrative functions on the system. This user is created by default during installation.
Normal users have user-level privileges; they cannot perform any administrative functions but can run applications and programs that have been authorized.
Service accounts take care of their respective services, which include apache, ftp, mail, and chrony.
Account information for local users
Use account information for local users is stored in four files that are located in teh /etc directory.
These files are passwd, shadow, group, and gshadow.
here are updated when a user or group account i created, modified, or deleted. The same files are referenced to check and validate the credentials for a use at the time of their login attempt, and hence the files are referred to as user authentication files.
The backup for these files are passwd-, shadow-, group-, and gshadow-.
Even root have no access permission for shadow- and gshadow- files.
The passwd file
The passwd file is a simple plaintext file but it contains vital user login data. There are seven colon-separated fields per line entry.
Field 1 - Login Name
Filed 2 - Password placeholder - x - account disabled or hashed password
Filed 3 - UID - Comprises a numeric UID between 0 and ~4.2 billion
Filed 4 - GID - Group ID - comes from /etc/group
Field 5 - Comments - Called GECOS (General Eletronic Comprehensive Operating System), optionally stores general comments
Filed 6 - Home directory
Filed 7 - Shell’s absolute path - default is /bin/bashh
Hashed password
Hashed password is a combination of random letters, numbers, and special characters - is an irreversible, unique, and scrambled string of characters to safeguard a clear text password. It is generated as a result of a convesion process of a password using one of the available hashing algorithms. By default, RHEL uses th SHA-512 alrogithm for this purpose.
The shadow file
RHEL has a secure password control mechanism in place that provides an advanced level of password security for local users. This control is referred to as the shadow password. With this control mechanism in place, user passwords are hashed and stored in a more secure file /etc/shadow, but there are certain limits. These limits or other settings are defined in the /etc/login.defs file, which the shadow password mechanism enforces on user accounts. This is called password aging.
With the shadow password mechanism active, a user is initially checked in the passwd file for existence and then in the shadow file for authenticity.
Field 1 - Login Name
Field 2 - Encrypted password
Field 3 - Last Change
Field 4 - Minimum days for password change
Field 5 - Max no. of days for password validity
Field 6 - Warning in days for password change
Filed 7 - Password expiry - No of days to login in after password expiry
Field 8 - account expiry - days to expire and no longer available
Field 9 - reserved
The group file
The group file is a simple plaintext file and contains critical group information.
Every user on the system must be a member of at least one group, which is referred to as the User Private Group (UPG). By default, a group name matches the username it is associated with.
Field 1 - Group Name
Field 2 - Encrypted password - x - points to the /etc/gshadow file for the actual password
Field 3 - GID
Field 4 - Group Members
The gshadow file
The shadow password implementation also provides an added layer of protection at the group level. With this mechanism in place, the group passwords are hashed and stored in a more secure file /etc/gshadow.
Field 1 - Group name
Field 2 - Encrypted password
Field 3 - Group administrator
Field 4 - members
gpasswd
The gpasswd command is used to add group administrators, add or delete group members, assign or revoke a group-level password, and disable the ability of the newgrp command to access a group This command picks up the default values from the /etc/login.def file.
useradd file
The useradd command picks up the default values from the /etc/default/useradd and /etc/login.defs files for any options that are not specified at the command line when executing it. Moreover, the login.defs file is also consulted by the usermod, userdel, chage, and passwd commands as needed.
useradd -D