user management
play

User Management Xavier Martorell-Bofill 1 Ren Serral-Graci 1 - PowerPoint PPT Presentation

Mar 24, 2023 •517 likes •821 views

User Management Xavier Martorell-Bofill 1 Ren Serral-Graci 1 Universitat Politcnica de Catalunya (UPC) May 26, 2014 Introduction Databases Baixa Login Permisos Lectures System administration introduction 1 Operating System

  1. User Management Xavier Martorell-Bofill 1 René Serral-Gracià 1 Universitat Politècnica de Catalunya (UPC) May 26, 2014

  2. Introduction Databases Baixa Login Permisos Lectures System administration introduction 1 Operating System installation 2 User management 3 Application management 4 System monitoring 5 Filesystem Maintenance 6 Local services 7 Network services 8 Security and Protection 9 10 Virtualization R. Serral-Gracià, et. al Users 2

  3. Introduction Databases Baixa Login Permisos Outline Introduction 1 Goals System Databases 2 User disabling and deletion 3 Login process 4 Permissions and protections 5 R. Serral-Gracià, et. al Users 3

  4. Introduction Databases Baixa Login Permisos Goals Coneixements Knowledge about the system databases File and Directory permissions and protections SetUID/SetGID bits Abilities User management tasks User creation Group creation and user assignment User disabling and creation Commands and Files chmod , chown , id , useradd , userdel , umask /etc/passwd , /etc/group , /etc/shadow R. Serral-Gracià, et. al Users 4

  5. Introduction Databases Baixa Login Permisos Outline Introduction 1 System Databases 2 User disabling and deletion 3 Login process 4 5 Permissions and protections R. Serral-Gracià, et. al Users 5

  6. Introduction Databases Baixa Login Permisos System Databases /etc/passwd /etc/group /etc/shadow /etc/aliases N:M 1:1 Mail Users Passwords Alias N:M Groups R. Serral-Gracià, et. al Users 6

  7. Introduction Databases Baixa Login Permisos /etc/passwd Must be readable by all the users Format username:passwd:uid:gid:real_name:homedir:shell root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: nobody:x:99:99:Nobody:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin aramirez:x:500:500:Alex Ramirez, C6117, 54040:/home/aramirez:/bin/bash R. Serral-Gracià, et. al Users 7

  8. Introduction Databases Baixa Login Permisos More about users Special users root UID 0 (the username does not matter) ftp Anonymous FTP access (without password) nobody Special user for NFS — and other services System users Used to run services without superuser privileges Without shell — neither password Set of privileges to allow performing the tasks R. Serral-Gracià, et. al Users 8

  9. Introduction Databases Baixa Login Permisos /etc/group A group may have lots of users Each user has a main group (/etc/passwd) Each group has a member list Format groupname:passwd:gid:username,username, . . . root:x:0:root wheel:x:10:root bin:x:1:root,bin,daemon Mail:x:12:mail daemon:x:2:root,bin,daemon news:x:13:news sys:x:3:root,bin,adm uucp:x:14:uucp adm:x:4:root,adm,daemon man:x:15: tty:x:5: games:x:20: disk:x:6:root ftp:x:50: lp:x:7:daemon,lp nobody:x:99: mem:x:8: users:x:100:aramirez kmem:x:9: aramirez:x:500: R. Serral-Gracià, et. al Users 9

  10. Introduction Databases Baixa Login Permisos More about groups Groups with special meaning — configuration dependent wheel User groups with administration privileges nobody Special group for NFS — and other services users All users belong to it R. Serral-Gracià, et. al Users 10

  11. Introduction Databases Baixa Login Permisos /etc/shadow Only accessible by root Encrypted Password Password expiration policy Format username:passwd:password expiration policy passwd : change user’s password chage : allows to change password expiration policy Max/Min time between password changes Account expiration date root:$1$iVKd84gQ$IV7vHG0CHdIGGnYnNs00E/:12260:0:99999:7::: bin:*:12260:0:99999:7::: daemon:*:12260:0:99999:7::: ... aramirez:$1$jGmk47hy$6Lkk.QYrMI67qPqvhTCdS.:12262::99999:::: R. Serral-Gracià, et. al Users 11

  12. Introduction Databases Baixa Login Permisos /etc/aliases E-mail alias data base Allows E-mail redirection For the pseudo-users → to administrator → to programs → to the “outside” # Basic system aliases -- these MUST be present. mailer-daemon: postmaster postmaster: root # General redirections for pseudo accounts. bin: root webmaster: root support: postmaster # Person who should get root e-mail root: aduran, xavim@ac.upc.edu R. Serral-Gracià, et. al Users 12

  13. Introduction Databases Baixa Login Permisos Exercise Individually Detail the user creation process Modification of the data bases Directory creation Default files . . . In group Gather the notes and discuss Make the pseudo-code for the useradd command R. Serral-Gracià, et. al Users 13

  14. Introduction Databases Baixa Login Permisos User Management – Basic commands User Management useradd ( adduser ) userdel usermod — To modify all the fields except the username passwd newusers vipw Group Management groupadd groupdel groupmod gpasswd ( passwd -g ) newgrp , sg vigr R. Serral-Gracià, et. al Users 14

  15. Introduction Databases Baixa Login Permisos Outline Introduction 1 System Databases 2 User disabling and deletion 3 Disabling User deletion User management policies Login process 4 5 Permissions and protections R. Serral-Gracià, et. al Users 15

  16. Introduction Databases Baixa Login Permisos Disabling Temporarily disable an user → We must avoid the user access to the system Password invalidation 1 Insert an invalid character (*) It allows to recover the original password afterward Invalidate the shell 2 Change it with another one ( /bin/false , /bin/nologin ) Informs the user it has been disabled If the user tries to login the administrator is informed R. Serral-Gracià, et. al Users 16

  17. Introduction Databases Baixa Login Permisos User deletion Once we are sure the user account is not needed anymore . . . Disable the account (Password invalidation) 1 Check that the user is not working on the system 2 Backup the user’s data 3 Delete the user’s data 4 Delete the user from the system databases 5 /etc/shadow /etc/passwd /etc/group Add e-mail redirection 6 /etc/aliases R. Serral-Gracià, et. al Users 17

  18. Introduction Databases Baixa Login Permisos User management policies UIDs Assignment Do NOT recycle UIDs username Assignment Store additional information, Office and phone number Home organization /home Flat All the users located at ( /home/ . . . ) Hierarchical, creating different directory levels Based on departments . . . floors . . . offices . . . ( /home/ac/user ) . . . in several disks R. Serral-Gracià, et. al Users 18

  19. Introduction Databases Baixa Login Permisos Outline Introduction 1 System Databases 2 User disabling and deletion 3 Login process 4 5 Permissions and protections R. Serral-Gracià, et. al Users 19

  20. Introduction Databases Baixa Login Permisos Login process uid/gid /etc/passwd fork login init additional password groups /etc/group setuid/setgid /etc/shadow login exec program shell fitxer fork access? root process user process R. Serral-Gracià, et. al Users 20

  21. Introduction Databases Baixa Login Permisos Privilege escalation Performed through SetUID/SetGID calls Working as root is dangerous — and mostly unneeded It’s better to have an admin user and escalate privileges when needed su [user] [-c command] Allows changing the user (by default root ) sudo [command] Allows executing a command as another user Admin can restrict which commands can be executed by each user R. Serral-Gracià, et. al Users 21

  22. Introduction Databases Baixa Login Permisos Outline Introduction 1 System Databases 2 User disabling and deletion 3 Login process 4 5 Permissions and protections R. Serral-Gracià, et. al Users 22

  23. Introduction Databases Baixa Login Permisos Permissions and protections (-,d) rwx rwx rwx owner group 3 types of permissions Read, write and execution ( rwx ) Regular files . . . Directories . . . 3 areas of application Owner, group, others ( ugo ) Commands: chown : to change a file owner chgrp : to change a file group chmod : to change permissions Set-UID/Set-GID Bits( s ) Sticky Bit ( t ) only directories R. Serral-Gracià, et. al Users 23

  24. Introduction Databases Baixa Login Permisos Permissions and protections Files Directories r Read the contents List the contents w Write/Modify file contents Create/Delete files x Run Access the directory SetUID Runs with owner’s UID No effects SetGID Runs with owner’s GID File creation with the same group as the directory owner Sticky Bit No effects Only the file owners can erase them R. Serral-Gracià, et. al Users 24

  25. Introduction Databases Baixa Login Permisos Exercise – In group Assign the directory and file protections for the file . . . $ ls -l ./dirdades/dades.txt -rw-rw-r-- 1 aso01 aso01 9778 Nov 28 18:10 ./dirdades/dades.txt Can only be modified by the owner Readable only by its group Only deletable by its owner Only the owner can run “ls” in the directory R. Serral-Gracià, et. al Users 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

End- End -to to- -End End QoS QoS Management Management - Reliability User User-based

End- End -to to- -End End QoS QoS Management Management - Reliability User User-based

Purdue MSI Proposal May 5, 1999 NSF CISE/EIA Research Infrastructure PI Workshop MSI : Research I nf rastructure f or I ntegrated Quality of Service (QoS) Management in Multimedia Computing Environments A.K. Elmagarmid, A. Ghafoor, T. Korb,

574 views • 8 slides
The Big Picture So Far From the Architecture to the OS to the User : Architectural resources, OS

The Big Picture So Far From the Architecture to the OS to the User : Architectural resources, OS

The Big Picture So Far From the Architecture to the OS to the User : Architectural resources, OS management, and User Abstractions. Hardware abstraction Example OS Services User abstraction Processor Process management, Scheduling, Traps,

608 views • 13 slides
User Pays User Committee User Pays User Committee 8 th August 2011 1 2 Agenda

User Pays User Committee User Pays User Committee 8 th August 2011 1 2 Agenda

User Pays User Committee User Pays User Committee 8 th August 2011 1 2 Agenda Introduction Minutes of last meeting & Actions arising IAD Replacement Update Change Management Operational Update

578 views • 23 slides
Device Management Jonas Berge Emerson Process Management Malaysia End-User Seminar 1 11

Device Management Jonas Berge Emerson Process Management Malaysia End-User Seminar 1 11

Device Management Jonas Berge Emerson Process Management Malaysia End-User Seminar 1 11 November 2009 Topics What is intelligent device management? Integrated device management Why do I need a handheld field communicator? With

561 views • 33 slides
Sidecars and Service Meshes Next level scaling for microservices User Interface(s): HTML, CSS,

Sidecars and Service Meshes Next level scaling for microservices User Interface(s): HTML, CSS,

Sidecars and Service Meshes Next level scaling for microservices User Interface(s): HTML, CSS, etc HTTPS API Gateway: REST, gRPC, etc Message Session User Management Handling Management Post-Processing Data Retrieval Model Execution

513 views • 27 slides
Information Sharing and User Privacy in the Third-party Identity Management Landscape Anna

Information Sharing and User Privacy in the Third-party Identity Management Landscape Anna

Information Sharing and User Privacy in the Third-party Identity Management Landscape Anna Vapen, Niklas Carlsson, Anirban Mahanti, Nahid Shahmehri Linkping University, Sweden NICTA, Australia 2 Information Sharing and User

246 views • 24 slides
1 User Threads Benefits Responsiveness Thread management done by a user-level threads

1 User Threads Benefits Responsiveness Thread management done by a user-level threads

Contents CMSC 421 Spring 2004 Section 0202 Overview Multithreading Models Threading Issues Pthreads Solaris 2 Threads Windows 2000 Threads Part II: Process Management Linux Threads Chapter 5 Java Threads Threads

239 views • 8 slides
Implementation, Visualization and User Interfaces Advanced Herd Management Thomas N. Madsen

Implementation, Visualization and User Interfaces Advanced Herd Management Thomas N. Madsen

Implementation, Visualization and User Interfaces Advanced Herd Management Thomas N. Madsen Technology | Network | Management Advanced Herd Management - Implementation, Visualization and User Interfaces Outline GUI Design Making

318 views • 11 slides
Data Management and Best Practices for Data Movement Craig Steffen BW SEAS (User Support) Team

Data Management and Best Practices for Data Movement Craig Steffen BW SEAS (User Support) Team

June 6, 2019 Data Management and Best Practices for Data Movement Craig Steffen BW SEAS (User Support) Team The most important resource on Blue Waters: Web Portal (bluewaters.ncsa.Illinois.edu) user guide: 1. Mouse over 2. Click on

587 views • 44 slides
User friendly management of continuously improving standard macro systems Katja Gla Topics

User friendly management of continuously improving standard macro systems Katja Gla Topics

User friendly management of continuously improving standard macro systems Katja Gla Topics Motivation Developing Standards User friendly aspects Example Macro Supporting Standards Conclusion and Perspective User Friendly

621 views • 24 slides
User Focus in Quality Healthcare User Focus in Quality Healthcare Management: Indian

User Focus in Quality Healthcare User Focus in Quality Healthcare Management: Indian

User Focus in Quality Healthcare User Focus in Quality Healthcare Management: Indian Scenario Presentation By: S. Krishnan & Bejon Misra, Consumer Experts Consumer Experts www.bejonmisra.com bejonmisra@gmail.com At The 5 th

268 views • 9 slides
Is it difficult to create Intuitive user interfaces? Straight forward to do? user

Is it difficult to create Intuitive user interfaces? Straight forward to do? user

Introduction 8.10.2007 Motivation Unconventional User Interaction Design for creative use What is User Interface Engineering Technology trends User Interfaces in a Pervasive Computing World Examples LumiTouch Bed as

893 views • 10 slides
UX/UI What is UX and UI? UX Process User Research User Research Creating User

UX/UI What is UX and UI? UX Process User Research User Research Creating User

UX/UI What is UX and UI? UX Process User Research User Research Creating User Profiles (Personas) Competitive Analysis User Goals & Business Goals Information Architecture Wireframing & Interaction Design

1.01k views • 66 slides
Web Content Problems Content Management Support Team Poor / Duplicate Page Titles User

Web Content Problems Content Management Support Team Poor / Duplicate Page Titles User

Web Content Problems Content Management Support Team Poor / Duplicate Page Titles User experience: - Is this the right place? - This has the same name as that other page University risk: - Lack of site user engagement -

347 views • 18 slides
IT Infrastructure Management User-Friendly End-to-End Easily Customizable & Deployable

IT Infrastructure Management User-Friendly End-to-End Easily Customizable & Deployable

The Straight and Easy Way to Complete IT Infrastructure Management User-Friendly End-to-End Easily Customizable & Deployable Scalable Readily Integrated & Realizable High Web-Based ROI Everest is an End-to-End IT Infrastructure

210 views • 19 slides
SAM, GUMS, IDMAP From discussion to reality by Andrew Bartlett & Simo Sorce User Management

SAM, GUMS, IDMAP From discussion to reality by Andrew Bartlett & Simo Sorce User Management

SAM, GUMS, IDMAP From discussion to reality by Andrew Bartlett & Simo Sorce User Management in samba 2.0 Smbpasswd is used mainly for password storage No other password database backend Smbpasswd stores the unix user name and uid

450 views • 17 slides
Anonymity Networks for Crypto Geeks, the Department of Defense, and you. Nick Mathewson

Anonymity Networks for Crypto Geeks, the Department of Defense, and you. Nick Mathewson

Anonymity Networks for Crypto Geeks, the Department of Defense, and you. Nick Mathewson <nickm@freehaven.net> The Free Haven Project MIT SIPB talk; 2 Feb 2006 This talk is about anonymity. Technical Social 1. What is it? 2. Why does

1.02k views • 71 slides
INTERNET CLIENT PROGRAMMING USING PYTHON C U A U H T E M O C C A R B A J A L I T E S M C E M A

INTERNET CLIENT PROGRAMMING USING PYTHON C U A U H T E M O C C A R B A J A L I T E S M C E M A

INTERNET CLIENT PROGRAMMING USING PYTHON C U A U H T E M O C C A R B A J A L I T E S M C E M A P R I L 0 6 , 2 0 1 3 1 INTRODUCTION In the previous lecture we took a look at low-level networking communication protocols using sockets.

1.16k views • 76 slides
Vulnerable Machines with Ansible Nathaniel Beckstead whoami Nathaniel Beckstead Automation

Vulnerable Machines with Ansible Nathaniel Beckstead whoami Nathaniel Beckstead Automation

Vulnerable Machines with Ansible Nathaniel Beckstead whoami Nathaniel Beckstead Automation Infrastructure Tooling scriptingis.life 2 Why Vulnerable Machines? King of the Hill Practice Red team - scan and exploit Blue team

304 views • 18 slides
JAP Web-Mixes Stefan Kpsell, TU Dresden, sk13@inf.tu-dresden.de Overview Statistics

JAP Web-Mixes Stefan Kpsell, TU Dresden, sk13@inf.tu-dresden.de Overview Statistics

JAP Web-Mixes Stefan Kpsell, TU Dresden, sk13@inf.tu-dresden.de Overview Statistics Mix Development and Deployment How to attract Developers ? Attracting Users Abuse Results of a users Survey Overview

441 views • 17 slides
Unix Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L19 1

Unix Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L19 1

Unix Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L19 1 Agenda A short history of Unix Login and user accounts access control Instances of general security principles Audit configuration

641 views • 38 slides
Simulation in Particle Physics David Grellscheid What are the fundamental building blocks of

Simulation in Particle Physics David Grellscheid What are the fundamental building blocks of

Simulation in Particle Physics David Grellscheid What are the fundamental building blocks of Nature? T-Shirt, explain rules here T-Shirt, explain rules here 4e candidate with m 4e = 124.6 GeV p T (electrons)= 24.9, 53.9, 61.9, 17.8 GeV m

1.09k views • 50 slides
Outline Clare in our context Religion and contemplation Violence as Clares context

Outline Clare in our context Religion and contemplation Violence as Clares context

9/25/19 Class 1b Life as a Sacred Text: Clare of Assisi Outline Clare in our context Religion and contemplation Violence as Clares context Radical poverty as a response to violence Responses to violence in our world 1 9/25/19

513 views • 12 slides
Global Ionosphere Maps and Related Products Generated by CODE Stefan Schaer Astronomical

Global Ionosphere Maps and Related Products Generated by CODE Stefan Schaer Astronomical

Global Ionosphere Maps and Related Products Generated by CODE Stefan Schaer Astronomical Institute, University of Berne, Switzerland stefan.schaer@aiub.unibe.ch January 17, 2002 IGS Ionosphere Workshop ESA/ESOC, Darmstadt, Germany

248 views • 11 slides

More recommend