2 Administering Users & 3 Configure Perms Flashcards
User passwd fields
username
passwd
uid
gid
comment
home dir
login shell
User shadow fields
-username
-passwd
-days since change
-day before may change
-days before must change
-days until max warned to change
-days to account disable after expire
-days until expire
-reserved
/etc/profile
set system wide enviroment variables (e.g. mail notification) and start up programs
/etc/bashrc
system wide functions and aliases for new user shells
~/.bash_profile
Login shell that can source the .profile file and runs upon user login in the background . Set user-specific variables for new shell login sessions
~/.bashrc
Interactive shell that runs the terminal and accepts user inputs for specific outputs. Can apply user-specific variables and configs/preferences for each login session like aliases
/etc/skel
files copied to home directory of new user, prepopulates config files life .bashrc with suggested settings or policy docs
/etc/login.def
define default account settings:
-mail box location,
- passwd aging values,
-uid,
-guid,
-home dir creation,
-umask,
-pass encryp hash & methods (AES)
display: useradd -D
useradd -c -e -m -s -u -D
-c comment
-e expiration yyyy-mm-dd
-m home dir
-s shell
-u uid
-D default settings
usermod/del error codes 0,1,2,6,8
0 success
1 couldn’t update passwd file
2 invalid syntax
6 specified user doesn’t exist
8 cannot del, user logged in
who , w
who : displays login sessions
w : displays specific users logged in and idle time
id {uname}
display uid, guid, group memberships
passwd -d -e -l -u
-d del
-e expire passwd for change
-l lock account
-u unlock account
chage -l
display:
-last passwd change date
-Password expiration date
-Account inactive date
-account expiration date
-min days between pass changes
-max days between pass changes
- # days before pass expiration before warning
chage -l -M -m -W -E
-l display values
-M max # of days between pass changes
-m min # of days between pass changes
-W days before pass expiration before warning
-E lock account after date
pam_faillock
tracks login attempts and can configure policies after # failed attempts for lockout
display tally of logins attempts with faillock
/etc/group
groups and memberships