User login, attributes, management
No user/security configuration is stored in ODM.
A user is an entity which logs into a unix system with a passwd inorder to use its resources.
Root user
User root has userid ‘0’ and has all the privileges to administer a unix system. There are some default users created with the os for other programs/subsystems. Eg: ftp, mail, bin, etc.
Apart of password a user has the following particularities
Primary group – The default group of a user (A group is a set of users). Eg: for user abc primary group is staff. The default primary group of AIX is staff.
Groups – Other groups which the user is a member of eg: user abc other groups can be apps, admin
User id – Is the number given to identify a user by the system. All permissions are based on userid.
Group id – Similar way for a group
Home directory – Is the default directory user will be placed under after login. By default they can only write in this directory.
Shell – Is the type of shell which a user will be given after login by default it is korn shell (ksh)
Geckoes (Description) – User description given for the admin to identify
This information is stored in /etc/passwd file separated by ‘:’ s.
The seven fields of /etc/passwd are
Username:encryptedpasswd:userid:groupid:userdescription:homedir:shell
In AIX the encrypted passwd is not stored in /etc/passwd. Instead it’s stored in
/etc/security/passwd
Apart of these properties in AIX there are some more attributes for a user like admin, locked/unlocked, login counts, etc.
These properties are stored in /etc/security/user
The similar configuration files for groups are
/etc/group and /etc/security/group.
User profile and root profile
Profiles are configuration files which contains the start up script to set environment for a user like environment variables, PS1, umask etc. Profile is executed at the time of login.
The root profile file is /.profile
The user profile is $HOME/.profile. ($HOME means home dir)
Apart of these files there are few more profiles executed by default are
/etc/profile
/etc/security/environ
/etc/security/environments
/etc/secutiy/limits (Contains usage limits like for memory, disk, cpu for each user)
#umask is the command to see and set the umask value for a user
#set command lists all environment variables set with their value
Managing Users
#mkuser username creates a new user
#lsuser username Command lists all attributes of a user
#chuser “attribute=vale” username Changes the attribute of a user
Eg: #chuser “Home=/home/abc” username Changes home dir of the user
#passwd username To change passwd of a user.
#rmuser username removes a user (Home dir needs to be removed)
#mkgroup groupname to add group
#rmgroup groupname to remove group
Normal user admin activities are creating, deleting a user. Changing password for user. Changing attributes like “account_locked=no”, “unsuccessful_login_count=0” “groups=staff,abc,xyz”
Etc.
Login sequence of a user (What happens while logging in)
Sbin/getty program fetches the login prompt.
When a user types username and passwd it checks with configuration in /etc/login.cfg that how to authenticate the user. If authentication method is given SYSTEM (Default) then it verifies the username and passwd with /etc/passwd and /etc/security/passwd. If not correct it puts an entry
In log file /etc/security/failedlogin and denies login.
If correct the login becomes successful. The system runs environment files /etc/security/environment, etc/security/environ, etc/security/limits, $HOME/.profile and brings the user to home dir with a shell.
Commands related to login
#who command lists all users currently logged in with their terminal, time details
#last command lists details of all previous logins with login time, logout time, terminal details etc.
Log files related to login
/etc/security/failedlogin failed login details
/var/adm/wtmp contains previous and current login details (last command takes data from this)
(Sometimes this file becomes huge and need to copy to another location. Who command is used to read the contents of the copied file)
No comments:
Post a Comment