1 / 90

SUSE Linux Enterprise Server Administration (Course 3037)

SUSE Linux Enterprise Server Administration (Course 3037). Chapter 2 Manage User Access and Security. Objectives. Describe Basic Linux User Security Features Manage Linux Users and Groups Manage and Secure the Linux User Environment. Objectives (continued).

natara
Download Presentation

SUSE Linux Enterprise Server Administration (Course 3037)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security

  2. Objectives • Describe Basic Linux User Security Features • Manage Linux Users and Groups • Manage and Secure the Linux User Environment SUSE Linux Enterprise Server Administration (Course 3037)

  3. Objectives (continued) • Secure Files and Directories with Permissions • Configure User Authentication with PAM • Implement and Monitor Enterprise Security Policies SUSE Linux Enterprise Server Administration (Course 3037)

  4. Describe Basic Linux User Security Features • Maintaining a secure environment includes • File System Security Components • Users and Groups • Ownership and Access Permissions SUSE Linux Enterprise Server Administration (Course 3037)

  5. File System Security Components • Types of components • Users • Groups • Ownerships • Permission SUSE Linux Enterprise Server Administration (Course 3037)

  6. Users and Groups • Users and Group ID numbers • user ID (UID) • Assigned to each user • group ID (GID) • Users are usually included in the group users • Command id • Displays user’s UID and the groups she is assigned • Command groups • Displays groups of which a user is a member • Command finger • Displays additional information about local users SUSE Linux Enterprise Server Administration (Course 3037)

  7. Users and Groups (continued) • Regular vs. System users • Regular users • Allow employees to log in to the Linux environment • System users • Used by services, utilities, and other applications to run effectively on the server • Public vs. Private group schemes • Private scheme • User is assigned his own group that he can manage • Public scheme • User is assigned to a general, public group SUSE Linux Enterprise Server Administration (Course 3037)

  8. Users and Groups (continued) • User accounts and home directories • Each user has a user account • Identified by a login name and a personal password • Each user has her own directory • In the directory /home/ • Root account has its own home directory in /root/ • User and group configuration files • /etc/passwd • /etc/shadow • /etc/group SUSE Linux Enterprise Server Administration (Course 3037)

  9. Users and Groups (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  10. Users and Groups (continued) • /etc/passwd • Stores information for each user • /etc/shadow • Stores encrypted user passwords and password expiration information • /etc/group • Stores group information SUSE Linux Enterprise Server Administration (Course 3037)

  11. Users and Groups (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  12. Users and Groups (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  13. Users and Groups (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  14. Users and Groups (continued) • How to check /etc/passwd and /etc/shadow • tail command • Used to view the contents of both files at once • pwconv command • Corrects discrepancies in both files • pwck command • Similar to pwconv SUSE Linux Enterprise Server Administration (Course 3037)

  15. Exercise 2-1 Check User and Group Information on Your Server • In this exercise you will check the user and group information on your SLES 9 server SUSE Linux Enterprise Server Administration (Course 3037)

  16. Ownership and Access Permissions • Each file and directory is assigned access permissions • Permissions determine level of access • For each user • Permissions are assigned at 3 levels • Owner • Group • Other SUSE Linux Enterprise Server Administration (Course 3037)

  17. Manage Linux Users and Groups • Tasks include • Create and Edit User Accounts with YaST • Create and Edit Groups with YaST • Edit User Account Properties • Configure Account Password Settings • Manage User Accounts from the Command Line • Manage Groups from the Command Line • Create Text Login Messages SUSE Linux Enterprise Server Administration (Course 3037)

  18. Create and Edit User Accounts with YaST • Use Edit and Create Users module in YaST • To create, edit, and delete Linux user accounts • Steps • Start YaST Edit and Create users module • Select Set Filter • Create a new user account or edit an existing one • Enter or edit information • Save settings • Configure your server with the new settings SUSE Linux Enterprise Server Administration (Course 3037)

  19. Create and Edit User Accounts with YaST (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  20. Create and Edit User Accounts with YaST (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  21. Create and Edit Groups with YaST • Use Edit and Create groups module in YaST • To create, edit, and delete Linux groups • Steps • Start YaST Edit and Create groups module • Select Set Filter • Create a new group or edit an existing one • Enter or edit information • Return to the Group Administration dialog box • Configure your server with the new settings SUSE Linux Enterprise Server Administration (Course 3037)

  22. Create and Edit Groups with YaST (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  23. Create and Edit Groups with YaST (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  24. Edit User Account Properties • Use YaST • To edit user account properties • Steps • Start YaST Edit and Create users module • Select the user account to modify • Edit user account properties • Enter or edit information • Continue by selecting Next • Save the configuration SUSE Linux Enterprise Server Administration (Course 3037)

  25. Edit User Account Properties (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  26. Configure Account Password Settings • Use YaST • To configure password settings • Steps • Start YaST Edit and Create users module • Select the user account to modify • Select Password Settings • Enter or edit information • Save the configuration SUSE Linux Enterprise Server Administration (Course 3037)

  27. Configure Account Password Settings (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  28. Manage User Accounts from the Command Line • You must be logged as root user • Commands • useradd • Creates a new user account • userdel • Deletes an existing user account • usermod • Modifies settings for an existing account • passwd • Changes a user’s password SUSE Linux Enterprise Server Administration (Course 3037)

  29. Manage Groups from the Command Line • You must be logged as root user • Commands • groupadd • Creates a new group • groupdel • Deletes an existing group • groupmod • Modifies settings for an existing group SUSE Linux Enterprise Server Administration (Course 3037)

  30. Create Text Login Messages • Text login messages • Useful for displaying information when a user logs in • Files • /etc/issue • Contains initial message for users logging into the system • /etc/motd • Contains initial message of the day SUSE Linux Enterprise Server Administration (Course 3037)

  31. Exercise 2-2 Create and Manage Users and Groups from the Command Line • In this exercise you will set up your SLES 9 server with user accounts and groups • To help train the database administrators in your Digital Airlines office SUSE Linux Enterprise Server Administration (Course 3037)

  32. Manage and Secure the Linux User Environment • Tasks involved • Perform Administrative Tasks as root • Delegate Administrative Tasks with sudo • Set Defaults for New User Accounts • Configure Security Settings SUSE Linux Enterprise Server Administration (Course 3037)

  33. Perform Administrative Tasks as root • Switch to another user with su • Assume the UID of root or of other users • Syntax • su [options] ...[-] [user[argument]] • To change to the user root and execute a single command • You can use the option -c • Switch to another group with newgrp • Users can have only one effective group at a time • Commands newgrp or sg • Change the effective group GID SUSE Linux Enterprise Server Administration (Course 3037)

  34. Perform Administrative Tasks as root (continued) • Start Programs as Another User from KDE • In KDE you can start any program with a different UID • As long as you know the password SUSE Linux Enterprise Server Administration (Course 3037)

  35. Perform Administrative Tasks as root (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  36. Delegate Administrative Tasks with sudo • Command sudo • Enables a command to be run by a normal user • File /etc/sudoers • Specifies which commands a user can or cannot enter • Modify it by using the command visudo • Lines 1 to 9 define aliases • Lines 14 to 17 show how aliases can be used in actual rules SUSE Linux Enterprise Server Administration (Course 3037)

  37. Delegate Administrative Tasks with sudo (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  38. Set Defaults for New User Accounts • Use YaST to select default settings • To be applied to new user accounts • Enter or edit the following information • Default group • Secondary groups • Default Login shell • Default home • Skeleton directory • Default expiration date • Days after password expiration Login is usable SUSE Linux Enterprise Server Administration (Course 3037)

  39. Set Defaults for New User Accounts (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  40. Configure Security Settings • Preset security settings • Level 1 (Home Workstation) • Level 2 (Networked Workstation) • Level 3 (Network Server) • You can also create your own configuration • Password settings • Checking new passwords • Plausibility test for passwords • Password encryption method • DES • MD5 • Blowfish SUSE Linux Enterprise Server Administration (Course 3037)

  41. Configure Security Settings (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  42. Configure Security Settings (continued) • Password settings • Number of significant characters in the password • Minimum acceptable password length • Days to password change warning • Days before password expires warning • Boot settings • Interpretation of Ctrl + Alt + Del • Shutdown behavior of KDM SUSE Linux Enterprise Server Administration (Course 3037)

  43. Configure Security Settings (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  44. Configure Security Settings (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  45. Configure Security Settings (continued) • Login settings • Delay after incorrect login attempt • Record failed login attempts • Record successful login attempts • Allow remote graphical login • Adding user settings • User ID limitations • Group ID limitations SUSE Linux Enterprise Server Administration (Course 3037)

  46. Configure Security Settings (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  47. Configure Security Settings (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  48. Configure Security Settings (continued) • Miscellaneous global settings • Setting of file permissions • Easy • Secure • Paranoid • User launching updatedb • Current directory in root’s path • Current directory in the path of regular users • Enable magic SysRq keys SUSE Linux Enterprise Server Administration (Course 3037)

  49. Configure Security Settings (continued) SUSE Linux Enterprise Server Administration (Course 3037)

  50. Exercise 2-3 Configure the Password Security Settings • In this exercise you will configure the password security settings SUSE Linux Enterprise Server Administration (Course 3037)

More Related