![]() |
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
![]() |
![]() |
To access the contents, click the chapter and section titles.
Complete Idiot's Guide to Linux
Adding, Modifying, and Removing GroupsManaging groups is similar to managing accounts. Note that some of the functionality provided by these commands can also be attained through programs like usermod. Your choice of which one to use will depend on what you are doing at that moment. GroupaddBefore you can work with a group, you need to create it. Creating a group is easy; just use the groupadd command: groupadd -g GID groupname [root@digital alberto]# groupadd -g 600 weirdgroup The one catch with groupadd is that you need to supply a GID that your /etc/group file is not currently using. To make numbering easy on you, you might want to designate custom groups to start with a GID of 30000 or some other large number less than 65536 (the maximum number). Managing Group Memberships: gpasswdThe gpasswd program is used to manage the group file. The basic functionality for adding and removing users is straightforward. The -a flag is used to add users (note that the group must already exist), like this: gpasswd -a username groupname [root@digital alberto]# gpasswd -a flower users The -d flag is used to delete users, like this: gpasswd -d username groupname Users and PasswordsUNIX (and Linux) security begins with proper password selection. Therefore, it is a good idea to use passwords that cannot be easily guessed. Using simple scripts and available programs, a deviant hacker can test several thousand passwords in a few seconds. Password Donts
Password Dos
Linux and Shadow PasswordsIf you are managing a computer that is connected to the Internet and that supports several users, you should consider enabling shadow passwords in your system. Shadow passwords are installed by default as a part of the standard installation. To see if shadow passwords are currently installed on your system, try this: $ ls /etc/shadow /etc/shadow $ You should have received the same response. If ls responds instead like this, you should install shadow password support immediately: ls: /etc/shadow: No such file or directory Shadow passwords protect system passwords by making the file that actually contains passwords (/etc/shadow) readable only by root. The /etc/passwd file will contain stars (*) where the encrypted password was previously found. This is because even though passwords are encrypted in the /etc/passwd file, low-end computers have become very fast and able to decrypt them in a short amount of time. In the late 1980s, it probably would have taken days or weeks to decrypt this information. With todays technology, however, it can take only a few minutes. By making the password file readable only by root, this establishes yet another security layer around this information. For more information on shadow passwords and how to enable them, you should take a look at your man documentation for shadow (section 5 of the UNIX manual, man 5 shadow), pwconv, and pwuncov.
|
![]() |
Products | Contact Us | About Us | Privacy | Ad Info | Home
Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. |