Scribd
Upload
77 views25 pages

Managing Users: CSCI N321 - System and Network Administration

Uploaded by

hradiya
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
77 views25 pages

Managing Users: CSCI N321 - System and Network Administration

Uploaded by

hradiya
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 25

Managing Users

CSCI N321 – System and Network Administration

Copyright © 2000, 2010 by Scott Orr


and the Trustees of Indiana University
Section Overview

Users and groups


System Accounts
Account Management
System Administration Access
References

CQU 85321 System Administration Course


Textbook Lectures
Chapter 9 2003 #9
Purposes of accounts

Audit

Access Control

Authentication
Identity and Authentication
Why usernames?
 Grant access to system
 Control access to resources
 Accountability
Passwords
 Prove you are who you say you are
 Often weakest link in system security
User Accounts

UserID
User’s Full Name
Password
Home Directory
Groups
System Interface?
Username Selection
Must be unique
Max of 8 characters
Should be in all lower-case
Easy to remember
Set format
 Combination of first & last name
 No nicknames
Components of an Account
Username GECOS
Password Home Directory
UID Default Shell
GID

Stored in /etc/passwd

sorr:lYi8.KpsFAb9M:126:10:Scott Orr:/home/sorr:/bin/csh
Microsoft Security Identifiers
Created for every user, group, and
machine
Never reused
S-1-5-21-D1-D2-D3-RID
 S-1-5-21: Standard prefix for NT
 D1-D2-D3: Local or domain identifier
 RID (Relative ID): Unique part of SID
Weak Passwords
No passwords used
Smoking Joes
Information about user
Dictionary Attacks
 Modification of user ID or name
 Modification of dictionary(s) word(s)
 Keyboard patterns
 Any systematic, algorithmic generator
Selecting Strong Passwords
At least 14 characters in length
Mix of case, numbers and special
characters
Something you can remember
Techniques
 License plating (becoming weaker)
 Acronyms from phrases
 Passphrases
Pass Phrase Examples
 smo11012006
 Poor
 ardl79BEf76357
 14 spaces
 Hard to remember
 Good
 MydogSkiplovestoplayfetcheveryday
 33 spaces
 Easier to remember
 Better
 Myd0gSkipluvs2playfetchev3ryday
 31 spaces
 Easier to remember
 Limit Duplicate letters –substitute with numbers, punctuation, or
special characters
 Best
UNIX Password Storage
Uses a One-Way Hash Encryption
 Based on DES
 Uses a 2 character “salt”
 MD5/SHA1 – More secure replacement
‘*’ Used to lock accounts
Readability Issue
UNIX Password Encryption
Password balloons Salt Vs

0x00000000 DES
One-way
Hash
Randomize

25 times

VsjqYhTwQiJPw
Asciify

Newer systems use MD5/SHA1 now Valid: A-Za-z0-9./


/etc/shadow
Password field in /etc/passwd
replaced with ‘x’
Readable only by superuser
Contents
 Username
 Password
 Password aging information
Lan Manager Password Encryption
Password 14charpassword

14CHARP P ASSWORD P

DES DES
0xAAD3B435B51404EE One-way One-way
Hash Hash

0xE79E56A8E5C6F8FE 0xAAD3B435B51404EE
Windows Password Encryption

16-bit character MD4


Password
Unicode One-way Hash

• 6-14 character passwords SAM


• Stored in registry and files
• Backwards compatible with
LAN Manager (2nd entry)
Special Users
Guest
System Accounts
Superuser / Administrator
 Full Access to all system resources
 Superuser Equivalency

“Principle of Least Privilege”


Linux System Accounts
root
 System Administration account
 UID of 0
bin – Owner of standard system programs
daemon – Owner of (most) system daemons
mail – Owner of mail system
nobody – Unprivileged system account
Linux Groups
Stored in /etc/group
 Group Name
 Password (rarely used)
 Group ID Number (GID)
 List of members
newgrp – Change default group
sysadmin:*:14:root,sorr
Common Windows Groups
Administrators
Backup Operators
Power Users
Network Configuration Operators
Remote Desktop Users
Users

Role Based Model


Linux User Account Creation
Add entry to /etc/passwd
Create initial password (/etc/shadow)
Add entry to /etc/group (optional)
Create home directory & copy startup
files into it
Create mail file (optional)
Test!!!
Account Creation Tools
Manual Creation
 vipw / vigr
 passwd user
 Default scripts found in /etc/skel
useradd
GUI Tools
 Linux Web-based tools (e.g. Webmin)
 Windows: Computer->Manage->Local Users
and groups
Account Modification Tools
passwd – Change password
chfn – Change GECOS entry
chsh – Change default shell
(Listed in /etc/shells)
usermod & GUI tools
Disabling accounts
 Locking password (‘*’ as first character)
 Change shell to /bin/nologin
Removing an Account
Kill any processes owned by user
Remove all files owned by user
Remove account entries (Linux)
 /etc/passwd
 /etc/shadow
 /etc/group
userdel & GUI tools

You might also like