By default, a new installation of Oracle Linux uses local user and group accounts for authentication, permissions handling, and access to resources. When working with local accounts for users and groups, you use three main commands: Show
About User and Group AccountsTo implement system authentication, Oracle Linux uses two types of accounts: user and group. Together, these accounts hold information such as passwords, home directories for users, login shells, group settings and memberships, and so on. The information is used to ensure that only authorized logins are granted access to the system. Users without credentials, or whose credentials do not match the information in these accounts, are locked out of the system. By default, user and group information is located locally in the system. However, in an enterprise environment that might have hundreds of servers and thousands of users, user and group account information is better stored in a central repository rather than in files on individual servers. User and group information is configured on a central server and then retrieved through services such as the Lightweight Directory Access Protocol (LDAP) or the Network Information Service (NIS). Central management of this information is more efficient than storing and configuring user and group information locally. Where User and Group Information Is Stored Locally Unless you select a different authentication mechanism during installation or use the authselect command to create an authentication profile, Oracle Linux verifies a user's identity by using the information that is stored in the The The By default, Oracle Linux implements the user private group (UPG) scheme where adding a user account also creates a corresponding UPG with the same name as the user, and of which the user is the only member. By default, both users and
groups use shadow passwords, which are cryptographically hashed and stored in A user can use the newgrp command to log into a new group or to change the current
group ID during a login section. If the user has a password, he or she can add group membership on a permanent basis. See the The For more information about the content of these files, see the Creating User Accounts
Alternatively, you can use the newusers command to create a number of user accounts at the same time. For more information, see the To create users by using the web-based GUI, see Oracle Linux: Using the Cockpit Web Console. Locking an AccountTo lock a user's account, use the passwd -l command. sudo passwd -l username To unlock the account, use the sudo passwd -u username For more information, see the Modifying or Deleting User AccountsTo modify a user account, use the usermod command. sudo usermod [options] username For example, to add a user to a supplementary group (other than the user's default login group): sudo usermod -aG groupname username You can use the groups command to display the groups to which a user belongs, for example: sudo groups username To delete a user's account, use the userdel command: sudo userdel username For more information, see the Changing Default Settings for User AccountsTo display the default settings for a user account, use the following command: sudo useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes
You can specify options to useradd -D to change the default settings for user accounts. For example, to change the defaults for sudo useradd -D -f 3 -b /home2 -s /bin/sh Note: If you change the default login shell, you would probably also create a new If you specify The default settings are stored in the For more information, see Configuring Password Ageing and the Creating GroupsTo create a group, use the groupadd command. sudo groupadd [options] groupname Typically, you might want to use the -g option to specify the group ID (GID). For example: sudo groupadd -g 1000 devgrp For more information, see the Modifying or Deleting GroupsTo modify a group, use the groupmod command: sudo groupmod [options] username To delete a user's account, use the groupdel command: sudo groupdel username For more information, see the Configuring Group Access Modes to Directories Users whose primary group is not a UPG have a A user whose primary group is a UPG has a
To grant users in the same group write access to files within the same directory, change the group ownership on the directory to the group, and set the sudo chgrp groupname directory sudo chmod g+s directory Files that are created in such a directory have their group set to that of the directory rather than the primary group of the user who creates the file. The restricted deletion bit prevents unprivileged users from removing or renaming a file in the directory unless they own either the file or the directory. To set the restricted deletion bit on a directory: sudo chmod a+t directory For more information, see the Configuring Password Ageing To specify how users' passwords are aged, edit the following settings in the
For more information, see the To change how long a user's account can be inactive before it is locked, use the usermod command. For example, to set the inactivity period to 30 days: sudo usermod -f 30 username To change the default inactivity period for new user accounts, use the useradd command: A value of -1 specifies that user accounts are not locked due to inactivity. For more
information, see the Granting sudo Access to Users In Oracle Linux, only administrators can perform privileged tasks on the system. To grant certain users authority to be able to perform specific administrative tasks, the administrator would need to use the For example, the following entry grants the user erin ALL=(ALL) ALL frank ALL= SERVICES, SOFTWARE However, both users still need to use
For more information, see the Which of the following commands would you use to view the current soft limits on a Linux machine quizlet?Users can modify soft limits but not hard limits using the ulimit command. Which of the following commands would you use to view the current soft limits on a Linux machine? The ulimit -a command displays the current limits. The default shows soft limits.
Which type of group can be used for controlling access to objects quizlet?Which type of group can be used for controlling access to objects? Only security groups can be used for controlling access to objects. A discretionary access control list (DACL) is an implementation of discretionary access control (DAC).
What is the effect of the following command chage 60 10 Jsmith?Terms in this set (6)
What is the effect of the following command? chage -M 60 -W 10 jsmith Forces jsmith to keep the password 60 days before changing it and gives a warning 10 days before changing it. Deletes the jsmith user account after 60 days and gives a warning 10 days before it expires.
Which of the following is an example of rule based access control?Which of the following is an example of rule-based access control? Router access control lists that allow or deny traffic based on the characteristics of an IP packet. A router access control list that allows or denies traffic based on the characteristics of an IP packet is an example of rule-based access control.
|