Documentos de Académico
Documentos de Profesional
Documentos de Cultura
1. Users
Typesofuser
Switchinguserswithsucommand&idforuserdetails
Sudocommand&/etc/sudoersfile.
Understanding/etc/passwd&/etc/shadowfile.
passwordhash
ManagingLocalUserAccountsusinguseradd,usermod,userdel,id,passwd
2. Groups
Understanding/etc/groupand/etc/gshadowfile
ManagingLocalGroupAccounts
Managinggrouppassword.
User:
Every process(running program) on the system runs as particular user. Every file is
ownedbyaparticularuser.
Typesofuser
Ingeneraltherearefourtypesofuser:
1. Rootuseri.e0
2. PseudoUser
3.
Systemuser
4.Otheruser
Rootuseri.e0:
Root user have power to override normal privileges on the file system and is used to
manage and administer the system. In short it has power to damage the system,
removefilesanddirectories,removeuserandaccounts,addbackdoors.
PseudoUser:
Normaluserwithspecialprivilegetoexecuteanycommandasarootuser.
Systemuser:
A system user is created default by OS during installation time or when you installed
anypackages and it runs as daemonsinbackground.Ubuntuitsrangestartfrom100
999
Source/etc/adduser.conf
Otheruser:
Other users are createdbyroot or sudo users.It has a limitedaccessonthesystem.In
Ubuntuitsrangestartfrom100029999.Source/etc/adduser.conf
Switchinguserswithsucommand&idforuserdetails
1. suCommandsallowsausertoswitchtodifferentuseraccount.
su<username>
Thecommandsu<username>startsanonloginshell
su<username>startloginshell.
2. The main distinctionis su setsuptheshellenvironmentasifthiswere a clean
login as that user, while su just starts a shell as that user with current environment
settings.
3.idcommandisusedtoshowinformationaboutthecurrentloggedinuser.
$id
#Currentloggedinuser
$idlucy
#Otheraccount
4.Toviewtheuserassociatedwithafileordirectoryusethe
$lsl
5. To view process information, use the ps command and add a option to view all
process with a terminal. To view the user associated with a process include the u
option.
$psau
sudocommand&/etc/sudoersfile.
1. Thesudocommand allows ausertobepermittedtoruncommandasroot,oras
anotheruser,basedonsettinginthe/etc/sudoers
2. sudorequiresuserstoentertheirownpasswordforauthentication.
3. In ubuntu member of group admincanuse sudo to runcommandsasany user,
includingroot.SimilarinFedora/Redhatwheelgroup.
4. Allcommandexecutedbysudousersareloggedin/var/log/secure
5. Weusevisudocommandtoedit/etc/sudoersfile.
/etc/sudoersFiles
1. #ThisfileMUSTbeeditedwiththe'visudo'commandasroot.
2. #
3. #Pleaseconsideraddinglocalcontentin/etc/sudoers.d/insteadof
4. #directlymodifyingthisfile.
5. #
6. #Seethemanpagefordetailsonhowtowriteasudoersfile.
7. #
8. Defaults
env_reset
9. Defaults
mail_badpass
10. Defaults
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
11.
12. #Hostaliasspecification
13.
14. #Useraliasspecification
15.
16. #Cmndaliasspecification
17.
18. #Userprivilegespecification
19. root ALL=(ALL:ALL)ALL
20.
21. #Membersoftheadmingroupmaygainrootprivileges
22. %adminALL=(ALL)ALL
23.
24. #Allowmembersofgroupsudotoexecuteanycommand
25. %sudoALL=(ALL:ALL)ALL
26.
27. #Seesudoers(5)formoreinformationon"#include"directives:
28.
29. #includedir/etc/sudoers.d
30.
Question : Can we run any single /sbin command or root privileges command
thoughnormaluser?
Yeswecan,letstakeanexampleaddusercommand
1. Loginintotherootaccountorsudoaccount
2. Createanormaluserwithpassword.
3. Gothethelinenumber20,andeditthelinewith
lucy ALL=(ALL) /usr/sbin/adduser
4.Nowloginintothelucyaccount,andyouaredone.
Question: Can we run any single /sbin command or root privileges command
withoutpasswordauthentication?
Yeswecan,throughfollowingsteps
1. Gotothelinenumber20,andeditthelinewith
lucyALL=(ALL)NOPASSWD:ALL
2.Nowloginintothelucyaccount,andyourareagaindone.
Question:Canwecreateusermanually?
Yes,wecan
Understanding/etc/passwd&/etc/shadowfile.
Theformatof/etc/passwdfollows(Sevencolonseparatedfields)
1username:2password:3UID:4GID:5GECOS:6/home/dir:7shell
1.Username:ItisamappingofaUIDtoanameforthebenefitofhumanusers.
2.Password:Historically,apasswordwherekeptinanencryptedformat
Todaytheyarekeptinseparatefilecalled/etc/shadow
3. UID: It is a user ID, a number that identifies the user atthe mostfundamental
level.
4.GID:ItistheusersprimarygroupIDnumber.
5.GECOSItisarbitrarytext,whichincludesuserdetailsandrealname.
6./home/dirItisthelocationofuserspersonaldataandconfigurationfiles.
7.ShellItisaprogramthatrunsastheuserlogsin.Foraregularuser,
thisisthenormallytheprogramthatprovidestheuserscommandlineprompt.
/etc/shadowfile.
1.
2.
3.
4.
5.
6.
Name
Thismustbeavalidaccountnameofthesystem.
PasswordItisinencryptedformat,ifitstartwith!markmeansitslocked.
LastchangeThedateatwhichlastpasswordchanged.
MinageMinimumnumberofdaysbeforepasswordmaychanged.
MaxageMaximumnumberofdaysbeforepasswordmustchange.
Warning Warning period at which password expired. 0 means no warning
given.
7. Inactive The number of days an account remains active after password has
expired. A user may log into the system and change his password. After that
specifiednumberofdays,theaccountislocked,becominginactive.
8. ExpireTheaccountexpirationdate
9. Blank:Itisusedforfutureuse.
Passwordhash
Therearethreepiecesofinformationstoredinamodernpasswordhash.
1. Hashingalgorithm.
2. HashSalt.
3. Encryptedhash.
$6$AmdWnEdR$c.Pn0d98tXDvxIUQixZwDWf4gVR7d5hqHN0QTYMwFnR7FPB5.
$6IthasSHA512hashingalgorithm.
$AmdWnEdR Salt value which is combined with password to increase hash
strength.
$c.Pn0d98tXDvxIUQixZwDWf4gVR7d5hqHN0QTYMwFnR7FPB5. : Its your
password+saltvalueinencryptedformattomakeitEncryptedhash.
Source#Shadow_file
ManagingLocalUserAccountsusinguseradd/adduser,usermod,userdel,id,passwd
Creating/Updatingpasswordforuser.Weusepasswd
#passwd<User>
Echohacker|passwdstdin<user>
Lockingthepasswordforuser
#passwdl<User>
Tounclockthepassword
Passwdu<User>
Tocheckthestatusofthepassword
#passwdS<User>
Todeletethepassword
#passwdd<User>
Tomodifyauseraccountweuseusermodcommand.
Tochangethepasswordwithusermod
#encrypted=(echo "newpassword" | openssl passwd 1 stdin)sudo usermod p
$encrypted
Tolocktheuseraccount
#usermodL<User>
ToUnlocktheuseraccount.
#usermodU<User>
Assigningaprimarygroup.
#usermodgadminbipul
Assigningasecondarygroup.
#usermodGsambabipul
Assigningmorethenonesecondarygroup
#usermodaGdbabipul
Groups
Likeuser,grouphavenameandnumberanditisdividedintotwoparts:
1. Primarygroup.
2. Secondarygroup.
Understanding/etc/groupand/etc/gshadowfile
Localgrouporprimarygroupsaredefinedin/etc/group
1groupname:2password:3GID:4Listofuserinthegroup
1. Primary group: Every user has exactly one primary group. For local user, the
primarygroupisdefinedbytheGIDnumberofthegrouplistedinthefourthfieldof
/etc/passwd
2.Supplementarygroup:Usermaybeamemberofzeroormoresupplementary
Groups.Theuserthataresupplementarymemberoflocalgroupsarelistedin
thelastfieldofthegroupentryin/etc/group
/etc/gshadow
lucy:$6$jXU9U/Yc2$sSVMymgi9rlXTYAHU9Z7agtmkX.qJYJjyzuniVgnVilgLXkg6iLaKikj
3tv8HC333gDjdzF26yqaTmtlK1uvI.::