• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Urban Penguin

The Urban Penguin - Linux Training

  • Home
  • About
  • Live Training
  • Shop
  • Our Latest eBook Offer
  • Programming
    • Master Editing Text Files Using VIM
    • Learn Shell Scripting with BASH
    • PERL Scripting in Linux
    • Ruby Scripting in Linux
    • Scripting with PowerShell
    • Learn C Programming using Linux and the Raspberry Pi
    • General Java Tutorials
    • Java 7 OCA Exam 1ZO-803
  • OS Tutorials
    • Red Hat and CentOS Training
      • RHCE – EX294 – Automation With Ansible
    • Learning Ubuntu
    • LPI Training
      • LPI Linux Essentials
      • LPIC-1 Linux Administrator
      • LPIC-2 Certified Linux Engineer
      • LPIC-3 Senior Level Certification
        • LPIC-3 Exam 300 : Mixed Environments
        • LPIC-3 Exam 303 : Security
        • LPIC-3 Exam 304 : Virtualization and High Availability
    • Linux Technologies
      • Apache HTTPD Server
      • Learning PHP
      • Learning PUPPET
      • Learning SAMBA
      • Linux File-Systems
      • Monitoring with Nagios Core
      • MYSQL
      • openLDAP Directories on Linux
  • Pluralsight Courses
You are here: Home / Linux / Certification / LPI Linux Essentials / 5.1 Basic Security and Identifying User Types

5.1 Basic Security and Identifying User Types

August 1, 2013 by The Urban Penguin

Weight: 2
Description: Various types of users on a Linux system.
Key Knowledge Areas:
Root and Standard Users.
System users.
The following is a partial list of the used files, terms and utilities:
/etc/passwd, /etc/group, id, who, w, sudo.
Nice to know: su.

The predominate administrative  account on Linux systems is the root account with the user ID (UID) of 0. To manage the Linux system you will need access to this account either directly or via sudo. As we discuss this further you will see that sudo is the preferred method of delegated administration as, in this way, the administrative users do not need access to the root password. Whereas logging into the system directly as root or using the substitute user command, su, knowledge of the root password is required.

Each Linux host must, at the minimum, have a local root account defined in the /etc/passwd file. The local user account store is /etc/passwd, passwords, on the other hand passwords are usually held in the /etc/shadow file. Each user, including the root user will need both a UID and a GID group ID. Users must belong to a minimum of one group; some systems such a Red Hat run a private group system where users belong to their own private groups, other systems including SUSE have a public group system where users belong to a shared groups : users. Local groups are recorded in the file /etc/group With root privileges users can be created and managed with the command useradd and groups with groupadd. Even though you would be expected to use the tools provided to manage users and groups there is nothing stopping  changes being made directly to the appropriate file.

/etc/passwd file
/etc/passwd file

These are text files writable by the root account. The seven fields of the passwd file are delimited with a colon and are described as:

  1. user name
  2. password or a single x denotes the password is stored in /etc/shadow
  3. UID
  4. GID
  5. Comments
  6. Home directory path
  7. Default user shell, (command line environment)

To display information about a user account, whether your own or another account the command id , (/usr/bin/id). By default the command will display the user name uid and gid and secondarygroups, but more specific information can be honed in upon with additional switches. The command finger, (/usr/bin/finger), can be used to display further information about users account information. The following screenshots first show the out from id then finger:

Output from id
Output from id
Output from /usr/bin/finger
Output from /usr/bin/finger

To return information on currently logged in users, perhaps if you need to bring a server down for maintenance, the use of the commands who (/usr/bin/who) or w (/usr/bin/w) are useful. With typical Linux humor the shorter command w, provides the more verbose output.

Output from who and the more verbose w

Controlling access to sudo, (/usr/bin/sudo) ,and what you are allowed to do with it, is a task that the root user will achieve through editing the file /etc/sudoers. So that mistakes are less likely to occur, root is encouraged to edit the file using visudo (/usr/sbin/visudo ) ; as this program closes the file is syntax checked helping prevent errors. Users can be delegated rights to run certain commands though the /etc/sudoers file; this way knowledge of the root password is not required when administering the host but the commands must be prefaced with sudo. On some systems, such as Ubuntu, the root account password is not shown during installation and all tasks are managed thorough sudo. This, is many ways is a correct administration model avoiding directly accessing the root account.

When using sudo, the command is prefaced with sudo
When using sudo, the command is prefaced with sudo

For ease of access to many administration commands consider adding the /sbin and usr/sbin directories into the PATH variable of your delegated administrators. In this way the previous command in the screenshot could be reduced to : sudo useradd -m bob .

When required if you have access to the root password you may use the su (/bin/su) command to substitute your current user id with the root user ID. (note the command su can be used to access any account you know the password to , not just root). It is possible to disallow remote access via SSH to root, you can still logon on as a standard account and su to root as required.


Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: LPI Linux Essentials Tagged With: Linux Essentials, LPI

Primary Sidebar

Newest Video

The Urban Penguin On Youtube

Live Training

Powered by Eventbrite

Categories

Pages

  • About The Urban Penguin
  • Contact Us
  • Shop
    • Basket
    • Checkout
    • My Account
  • LPI Training from The Urban Penguin
    • Live and Pluralsight hosted courses
    • Complete Linux Essentials
    • Scheduled Linux Essentials Classes
    • LPIC-3 Senior Level Certification
      • LPIC-3 Exam 300 : Mixed Environments
      • LPIC-3 Exam 303 : Security
      • LPIC-3 Exam 304 : Virtualization and High Availability
    • LPIC-2 Certified Linux Engineer
    • LPIC-1 Linux Administrator
    • LPI Linux Essentials for Raspberry Pi
    • LPI Linux Essentials
  • Operating System Tutorials
    • Linux Foundation Training
    • Solaris 11 OCA 1ZO-821
    • Learning Ubuntu
    • Learning SUSE
    • Red Hat and CentOS Training
      • RHCE – EX294 – Automation With Ansible
  • Scripting – the power of repetition!
    • Java 7 OCA Exam 1ZO-803
    • General Java Tutorials
    • Learn C Programming using Linux and the Raspberry Pi
    • Ruby Scripting in Linux
    • Scripting with PowerShell
    • PERL Scripting in Linux
    • Learn Shell Scripting with BASH
    • Master Editing Text Files Using VIM
  • Linux Technologies
    • Learning PUPPET
    • openLDAP Directories on Linux
    • Monitoring with Nagios Core
    • Linux File-Systems
    • Learning SAMBA
    • Apache HTTPD Server
    • Learning PHP
    • MYSQL
  • OpenStack
    • Pluralsight
    • Udemy
    • Raspberry Pi Tutorials
    • Citrix Videos
  • Courses

© 2019 The Urban Penguin · All Rights Reserved

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok