Managing Unix Users and Unix Groups

Download 11,68 Mb. Pdf ko'rish
bet	69/174
Sana	15.01.2024
Hajmi	11,68 Mb.
	#137314

1 ... 65 66 67 68 69 70 71 72 ... 174

Bog'liq
Kali-Linux-Revealed-2021-edition

Using getent to Consult the User Database

5.2. Managing Unix Users and Unix Groups
The database of Unix users and groups consists of the textual files
/etc/passwd
(list of users),
/etc/shadow
(encrypted passwords of users),
/etc/group
(list of groups), and
/etc/gshadow
(encrypted passwords of groups). Their formats are documented in
passwd(5)
,
shadow(5)
,
group(5)
, and
gshadow(5)
respectively (see section
6.1.1
, “
Manual Pages
” [page 128]). While
these files can be manually edited with tools like
vipw
and
vigr
, there are higher level tools to
perform the most common operations.
Using
getent
to Consult
the User Database
The
getent
(get entries) command checks the system databases (including those of
users and groups) using the appropriate library functions, which in turn call the name
service switch (NSS) modules configured in the
/etc/nsswitch.conf
file. The com-
mand takes one or two arguments: the name of the database to check, and a possible
search key. Thus, the command
getent passwd kaliuser1
will return the informa-
tion from the user database regarding the user
kaliuser1
.
# getent passwd kaliuser1
kaliuser1:x:1001:1001:Kali User
å
,4444,123-867-5309,321-867-5309:/home/kaliuser1:/bin/
å
bash
5.2.1. Creating User Accounts
Although Kali is most often run while privileged with sudo permissions, you may often need to
create non-privileged user accounts for various reasons, particularly if you are using Kali as a
primary operating system. The most typical way to add a user is with the
adduser
command,
which takes a required argument: the username for the new user that you would like to create.
The
adduser
command asks a few questions before creating the account but its usage is fairly
straightforward. Its configuration file,
/etc/adduser.conf
, includes many interesting settings.
You can, for example, define the range of user identifiers (UIDs) that can be used, dictate whether
or not users share a common group or not, define default shells, and more.
The creation of an account triggers the population of the user’s home directory with the contents
of the
/etc/skel/
template. This provides the user with a set of standard directories and config-
uration files.
In some cases, it will be useful to add a user to a group (other than their default main group) in
order to grant additional permissions. For example, a user who is included in the docker group
has full access to docker commands and services. This can be achieved with a command such as
adduser user group
.
112
Kali Linux Revealed

5.2.2. Modifying an Existing Account or Password
The following commands allow modification of the information stored in specific fields of the user
databases:
•
passwd
—permits a regular user to change their password, which in turn, updates the
/etc/
shadow
file.
•
chfn
—(CHange Full Name), reserved for the super-user (root), modifies the GECOS, or ”gen-
eral information” field.
•
chsh
—(CHange SHell) changes the user’s login shell. However, available choices will be lim-
ited to those listed in
/etc/shells
; the administrator, on the other hand, is not bound by
this restriction and can set the shell to any program chosen.
•
chage
—(CHange AGE) allows the administrator to change the password expiration settings
by passing the user name as an argument or list current settings using the -l
user
option.
Alternatively, you can also force the expiration of a password using the
passwd -e user
command, which forces the user to change their password the next time they log in.
5.2.3. Disabling an Account
You may find yourself needing to disable an account (lock out a user) as a disciplinary measure, for
the purposes of an investigation, or simply in the event of a prolonged or definitive absence of a
user. A disabled account means the user cannot login or gain access to the machine. The account
remains intact on the machine and no files or data are deleted; it is simply inaccessible. This is
accomplished by using the command
passwd -l user
(lock). Re-enabling the account is done in
similar fashion, with the -u option (unlock).
5.2.4. Managing Unix Groups
The
addgroup
and
delgroup
commands add or delete a group, respectively. The
groupmod
com-
mand modifies a group’s information (its gid or identifier). The command
gpasswdgroup
changes
the password for the group, while the
gpasswd -r group
command deletes it.

Download 11,68 Mb.

1 ... 65 66 67 68 69 70 71 72 ... 174

Download 11,68 Mb.

Pdf ko'rish