Managing Users and Groups



CIT 370 Lab 8

Topic : Managing Users and Groups

Due: Thursday, October 1

From this assignment forward, you will use your Virtual CentOS machine. Log in, start VMware, click Connect to Local Host and then Click on Run. It will take a few minutes to boot the virtual machine. Once you have reached the log in screen, log in using the personal account you created near the end of lab 7 (not the root account).

In this assignment, you will create and edit user accounts and group accounts using both graphical tools and command line tools, and to explore how user and group information is stored in /etc files. You will also see how to set up a user’s personal information in their account. This is a lengthy lab, you will probably not complete it in 1 hour. Make plans to complete this lab before the next class period as you will need these accounts set up for the next lab.

Open two terminal windows and in one, start vi so that you can enter your answers to the questions below. NOTE: you will need to read the Users & Groups course notes first before trying this lab as many of the commands are described there instead of here.

1. Bring up the User and Group Manager tool (from the Systems menu, select Administration and from there, select Users and Groups from the submenu). You will be asked to log in as root at this point to use the tool (your root password should be cit370).

a. Create a new user by clicking on Add User. User Name: zappaf. Full Name: Frank Zappa. Enter and confirm a password (it really doesn’t matter what password you use, you will change it shortly), leave login shell as /bin/bash, the home directory as the default, leave private group box checked to create a private group and use the default for the user ID. Click on OK. A second user will appear in the User Manager window, underneath the account you had already created for yourself. NOTE: You can change all of these default settings, but for typical users, we will not need or want to. To explore the values from a user, highlight the user and click on Properties. There are four choices of data, and you can modify this simply by changing/editing these properties: user data (user’s full name, password, home directory or login shell, username), account info (set durations on user account to expire), password info (change password expiration), and Groups (add and remove users from groups). Close the user properties window.

b. Highlight your own account and look over the information. Next, highlight zappaf and change this account to expire tomorrow. How did you accomplish this?

c. In your terminal window, enter ls /home/zappaf. What was the output? Why?

d. Switch to root by typing su and enter the root password when asked. su allows you to switch to root, changing your prompt to #. Type ls /home/zappaf. Notice that there is nothing in the directory but you have access to it. Or is there? Type ls –al /home/zappaf. Why did this second command show you files when the first didn’t? Obviously you had not created any of these files. How did these files get here?

e. Let’s change zappaf’s password. Type passwd zappaf. As root, you are allowed to change anyone’s password. You are asked to enter a new password and reconfirm it without asking for the original password. Enter the password gail. What warning did you get when you used the password gail? You will be asked to retype the password, enter gail again. Note that if you just typed passwd without zappaf, you would be changing root’s password, so be careful!

f. Switch to zappaf (su zappaf). Notice how you didn’t have to enter a password. As root, you can switch to any user without entering a password! Type exit to switch back to root and exit again to switch back to your user account. Now su zappaf. You are asked to enter a password, enter gail. You are zappaf. Type whoami. What was displayed? Type exit to return to your own account.

2. Switch to the Group tab in your User Manager tool. You will see that there are already 2 groups, one for each user (yourself and zappaf). These are “private groups” and if you do an ls –l, usually you see files that are owned by a particular user also have the same group name. You will now create other groups and add users to these groups. In the next lab, we will explore how to change protection on files and how to change groups (and owners) of files. Add a group cit370. Add yourself and zappaf to this group. To add users to a group, highlight the row for that group in the User Manager tool and select Properties. From the pop-up window, click on the Group Users tab and scroll down in the window until you find the users you want to add to this group and click in the checkbox for each. Create another group informatics and add yourself. Add a group called dummies and add zappaf to it. Close the User Manager Tool at this point.

3. While the GUI tool to manage accounts and groups is useful, you will often want to manage accounts from the command line. To create a new account, use useradd, which is in /usr/sbin. NOTE that /usr/sbin is probably not in your path, so you will have to type the full command (/usr/sbin/useradd).

a. su to root if you are not currently root. Type in /usr/sbin/useradd. Since you did not provide a new user’s name (the minimum information required by useradd), you will instead get a list of the various parameters expected or available for the command. Read about useradd and these parameters in the course notes. Most of the time, you will want to use the default settings for shell, group, directory and uid. The common parameters that you will use are –m to indicate that a home directory should be created for the user, and –c to provide a comment, which should be the person’s name, as in –c “Frank Zappa”. Create a new user, underwoodr, whose name is Ruth Underwood, with a home directory, using the defaults. What command did you enter? Give this user an initial password of xylophone using the passwd command. What command did you enter? What warning message did you get?

b. Create a new user, creamcheeses, whose name is Suzie Creamcheese, and add her to the group CIT370 by using –G and adding the group name. What command did you enter? Give the user an initial password of xyz12abc. What warning did you get?

c. Create a new user, cartmane, whose name is “Eric Cartman” and add him to groups informatics and dummies and give him the shell /bin/csh. What command did you enter? Give the user an initial password of your own. What password did you use and did you get a warning?

d. Create a new user cit, with the comment “for use by CIT courses” and make this account one that is created without a home directory. What command did you enter? Give the user an initial password of citcit. What warning did you get?

4. When creating a user’s account, a number of things are created. First, if you specify –m, the user is given their own home directory along with some initial files, you will explore this in part a. Second, a finger entry is set up for them. The finger program allows you to inquire about information of any user. You will explore this later in the lab. In addition, entries are made into several /etc files, passwd, group and shadow.

a. Examine the /etc/skel directory (use ls –al) and compare these files to the files placed in a newly created account. What can you conclude about how /etc/skel is used when creating a new user account?

b. When user accounts are created, a new line is entered into the file /etc/passwd. You can examine this file typing less /etc/passwd or more /etc/passwd. Save your answers file and close the file for now. Type tail -6 /etc/passwd >> answerfile where answerfile is the name of your text answer file (this will append the last 6 lines of the passwd file into your answers). Examine your answer file (use cat answerfile), does it have these 6 lines at the end? Each user is listed on a separate line, storing username, encrypted password (for security reasons, the encrypted password is now stored in a file called /etc/shadow and what you see is simply x in its place), user ID, group ID, comment field (usually the user’s full name), home directory and default shell.

c. Type cat /etc/shadow (note: if you for some reason were no longer root, you must su to root before trying to access the shadow file). The second field is your encrypted password. It used an MD-5 hash of your password. Using egrep and >>, add the line that contains your username entry to your answers file.

d. The file /etc/group stores group information just as /etc/passwd stores user account information. Using tail and >>, add the last three lines of /etc/group to your answers file.

NOTE: you can directly edit /etc/passwd and /etc/group, but it is far safer to use vipw and vigr (these commands start vi with the proper file, passwd or group, in the editor for you to edit). However, unless you have a specific reason for editing one of these files, its best NOT TO!

5. Open your answers text file again to continue answering questions. We will now examine some other commands for user and group manipulation.

a. The groupadd instruction (also in /usr/sbin) is simpler than useradd, just groupadd –g GID groupname. GID is the group ID (a number), and we will often use the default. See /etc/group to find the last GID used by the system. Using groupadd, add a group called students numbered with the next available ID. What command did you enter? Type cat /etc/group. What was the entry for the group students. You will not often add groups but it can be useful for permission sharing (covered in the next lab).

b. The usermod instruction allows you to modify an already existing user. The parameters are much like useradd. Use usermod (in /usr/sbin) to add creamcheeses and cartmane to the students group. This will look like this usermod –G students creamcheeses followed a similar instruction for cartmane. When done adding them to the students group, type tail -1 /etc/group. What is the entry for the group students? Note: There is also a groupmod operation to modify groups. Modifying users and groups can also be performed via the User Manager graphical tool.

c. The –e option for usermod allows you to add an expiration date (or modify an expiration date) for a user’s account. After –e, you supply the expiration date, which will be of the form YYYY-MM-DD, such as 2009-03-30. Use usermod –e to change zappaf’s expiration date from tomorrow to December 31, 2009. What command did you use? You can confirm that this worked correctly by opening up the User Manager Tool and inspecting the properties for zappaf.

d. To delete a user, use userdel username which removes the user from /etc/passwd or use the User Manager tool and select the user and click on the Delete button. When deleting a user with userdel, the user’s directory remains in existence. When using the User Manager tool to delete a user, a pop-up window will appear asking if you want to remove the user’s home directory. In either case, you may want to leave the directory in existence (there may be important files there that you want to archive). But, if you need to erase the user’s directory afterward, you can easily do so as root by doing rm –r /home/username (where username is the deleted user’s account name). Delete underwoodr using userdel. What command did you enter? Type ls /home, what directories appear?

NOTE: Some system administrators prefer to leave the user’s account in the /etc/passwd file but disable the account (expire it) and delete the user’s directory to free up space. The rationale is that if a future user has a similar name, this would force the system administrator to use a different user name and thus prevent the two users from having the same email address.

6. To wrap up this lab, we will examine a couple of things that a new user might want to do. These steps are not something that a system administrator would do for a new user, but it is important that you know of these in case a new user were to have questions. First, a new user may want to tailor their own bash environment. For instance, they may set up their own aliases and paths. We will do this by editing your .bashrc file in your home directory.

a. Switch to your own user account for these final steps (exit out of root) and cd to your home directory. Using vi, edit .bashrc. Move to the very end of the file and enter insert mode. On separate lines, add any aliases you desire. For instance, you might enter alias dir=ls so that you can type dir instead of ls (if you are used to typing dir) or you might enter alias more=less if you only want to use less. Next, create your own PATH variable. PATH will already have been defined in /etc/bashrc, so we don’t want to override that variable, so instead we will start with PATH=$PATH. What does PATH=$PATH mean?

b. Add to this line :/sbin:/usr/sbin:Desktop:/usr/share/ Save and exit vi. Now type source .bashrc which will cause bash to reprocess this file. Type echo $PATH. Did you get the expanded list in your path?

c. The finger utility will allow you to find out information about another user, such as when they last logged in, whether they have new email or not, and what their plan is (a plan should be a schedule, but could really be anything you want to say including your favorite signature quote. Type finger account where account is your own user account name (such as foxr). What did you see?

d. In order to create a plan, create a file called .plan in your home directory. Using vi, create this file and insert your favorite quote. Finger your account again and see if the plan appears. Next, type in chfn account where again account is your user account name. You will have to supply your password. This allows you to modify what appears when someone fingers you. Modify the information as asked (leave the name as is, but add your “office” – use your work office or your personal address, your home phone number and work phone number. The item displayed in [ ] will be the default (what is currently stored there). If you press enter, the default is left unchanged. Don’t worry about including any personal information here, no one outside of you will ever see it. Exit your answer text file. Type finger account >> answerfile where answerfile is your textfile. This will send the output of finger to your answer file. You are done with this lab, although you might want to reopen your answer file and check it over.

Email your answer file to your instructor. Close any terminal windows and the User Management Tool (if it is still open). Shut down your CentOS virtual machine and exit from VMware.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download