Lab2 - Report

Procedures: In this lab, instead of chaining the commands together during the user creation,I did each one separately to get a better feel as to what each command does. I created the users first and then added them to the groups changing parameters as I went. I used the useradd –c command to enter the user’s full name in the comment line followed by the username I was going to use. After creating the user accounts I went ahead and changed their passwords to a default of “password” with the passwd password command. To get the passwords to expire for them and to change at next login I did the chage –d 0 <username> command to force the passwords to expire. After all the initial user accounts have been created,I changed the shell for the accusers and mgtusers with the chsh –s /bin/sh <username> command. After the accounts have been created,I created and joined them to groups. I created groups with the groupadd followed by the name of the group. Now I had to join the users to the group and make it their primary group with the usermod –g <username>. I then verified that it was their primary group with the less /etc/passwd and less /etc/group commands to view the account information. I logged in as each user and changed the passwords to “12151986”. I also locked the 2nd account for each user with the passwd –l <username > command. Finally, to get the user account information to be stored in the shadow file I used pwconv and grpconv commands to better secure the user information. Learned: During the process of creating user accounts you could streamline much of the process with just a single useradd command, making the process seem less tedious. Also, the default parameters can be preconfigured by editing the /etc/login.defs file, making the customization process go much easier. I also learned more about switch specifics, as in the –G versus the –g for the usermod command. I tried making the groups the user’s primary with the –G option which actually made the groups the user’s supplementary group instead of the primary (keeping the user’s own UID asthe GID). The –g solved this issue. I also found that the user’s initial GID is the UID, which makes sense because they don’t belong to any inheriting group rights but their own. Also, the /etc/passwd file can hold very relevant information about users which could cause a security risk. Therefore it is best to secure the information by using the shadow files instead.

Reflection Questions: 1. What command is used to create user accounts from the command line? I used the useradd-c <username> command. 2. What is the -p switch used for when creating user accounts

It creates an encrypted password , so if you typed in an unencrypted password it will not work. Need to crypt the password first and then dump that as the password. 3. Why should the shadow file be used for when creating user accounts? It moves the hashed password out of the publically available file from /etc/passwd to /etc/shadow file which is more secure. 4. What command was used to create the groups? I used the groupadd command to add the groups. 5. What command was used to add users to the group? I used the usermod -g <username>command to add the group and make it the user’s primary group. 6. Is the command to set the password for users the same as the command to lock the accounts? If so what is the command? It can be, with the passwd -p command it would result in an account lockout. You could also use passwd -l <username> 7. What are the possible shells available for the users. The available shells in /etc/shells are: /bin/sh /bin/bash /bin/nologin

Deliverables 1. Document user accounts and passwords Users

Passwords

ituser1 ituser2 prguser1 prguser2 accuser1 accuser2 mgtuser1 mgtuser2 hduser1 hduser2

12151986 12151986 12151986 12151986 12151986 12151986 12151986 12151986 12151986 12151986

2. Document group names and memberships

Groups IS MGT ACC PRG HD

Members of the groups ituser1,ituser2 mgtuser1,mgtuser2 accuser1,accuser2 prguser1,prguser2 hduser1,hduser2