home account info subscribe login search My ITKnowledge FAQ/help site map contact us


 
Brief Full
 Advanced
      Search
 Search Tips
To access the contents, click the chapter and section titles.

Complete Idiot's Guide to Linux
(Publisher: Macmillan Computer Publishing)
Author(s): Manuel Ricart
ISBN: 078971826x
Publication Date: 12/22/98

Bookmark It

Search this book:
 
Previous Table of Contents Next


Adding, Modifying, and Removing Groups

Managing groups is similar to managing accounts. Note that some of the functionality provided by these commands can also be attained through programs like usermod. Your choice of which one to use will depend on what you are doing at that moment.

Groupadd

Before you can work with a group, you need to create it. Creating a group is easy; just use the groupadd command:

     groupadd -g GID groupname
     [root@digital alberto]# groupadd -g 600 weirdgroup

The one catch with groupadd is that you need to supply a GID that your /etc/group file is not currently using. To make numbering easy on you, you might want to designate custom groups to start with a GID of 30000 or some other large number less than 65536 (the maximum number).

Managing Group Memberships: gpasswd

The gpasswd program is used to manage the group file. The basic functionality for adding and removing users is straightforward. The -a flag is used to add users (note that the group must already exist), like this:

     gpasswd -a username groupname
     [root@digital alberto]# gpasswd -a flower users

The -d flag is used to delete users, like this:

     gpasswd -d username groupname

Users and Passwords

UNIX (and Linux) security begins with proper password selection. Therefore, it is a good idea to use passwords that cannot be easily guessed. Using simple scripts and available programs, a deviant hacker can test several thousand passwords in a few seconds.

Password Don’ts

  Do not use birthdays, social security numbers, or phone numbers.
  Do not use names of relatives or pets.
  Do not use words that appear in a dictionary.
  Do not give your password to anyone—not even to a system administrator. If this person is really an administrator, he or she doesn’t need your password!

Password Do’s

  Mix upper- and lower-case.
  Add numbers and punctuation marks to make it harder to guess. Your final password should probably be random letters and numbers.
  Change your password every two months or any time that you think your password might have become compromised.
  Good passwords should roll out of your fingers and be easy to type. Many people are very adept at telling what you type from the motion of your fingers. If you have to think about it, it is probably not a good password for you.

Linux and Shadow Passwords

If you are managing a computer that is connected to the Internet and that supports several users, you should consider enabling shadow passwords in your system. Shadow passwords are installed by default as a part of the standard installation. To see if shadow passwords are currently installed on your system, try this:

     $ ls /etc/shadow
     /etc/shadow
     $

You should have received the same response. If ls responds instead like this, you should install shadow password support immediately:

     ls: /etc/shadow: No such file or directory

Shadow passwords protect system passwords by making the file that actually contains passwords (/etc/shadow) readable only by root. The /etc/passwd file will contain stars (*) where the encrypted password was previously found. This is because even though passwords are encrypted in the /etc/passwd file, low-end computers have become very fast and able to decrypt them in a short amount of time. In the late 1980s, it probably would have taken days or weeks to decrypt this information. With today’s technology, however, it can take only a few minutes. By making the password file readable only by root, this establishes yet another security layer around this information.

For more information on shadow passwords and how to enable them, you should take a look at your man documentation for shadow (section 5 of the UNIX manual, man 5 shadow), pwconv, and pwuncov.


Previous Table of Contents Next


Products |  Contact Us |  About Us |  Privacy  |  Ad Info  |  Home

Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc.
All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement.