Linux with Operating System Concepts

Installing Linux
◾
349
21. Assume that a computer uses page/frame sizes of 1024 bytes.
a. A program is 64 MBytes. How many pages does it have?
b. A computer has 8 GBytes of memory. How many frames does it have?
22. When multitasking, a computer is running multiple programs (processes) at one 
time. To handle this, the computer loads these programs (or portions of them) into 
memory. One strategy is to divide the memory equally among all programs. Another 
strategy is to divide memory so that each of the users have the same amount of mem-
ory, but for any one user, that space is further subdivided based on the number of 
processes. For instance, let us assume a computer has 1024 frames and has three users 
plus the operating system using the computer. Two of the users are running 1 process 
apiece and the other user is running 5 processes. We could divide the 1024 frames in 
at least two ways:
a. 256 frames for each user and the operating system so that the third user must split 
the 256 frames among the 5 processes
b. 128 frames for each process so that the third user actually gets 640 frames (5*128)
Which of the two approaches seems fairest? Does your answer change if the com-
puter typically only has a single user? Explain your answers.
23. For SELinux, explain the notation 
user_u:user_r:user_t
.
24. For SELinux, what is the difference between enforcing and disabled?
25. Provide an allow rule for SELinux that would allow user_t to open, read, and close the 
/etc directory. NOTE: /etc is denoted by etc_t.

351
C h a p t e r
9
User Accounts
T
his chapter’s learning objectives are
• To understand the role of the user account and the group account
• To know how to create, modify, and delete user and group accounts
• To understand strong passwords and the various tools available for password 
management
• To understand the role of the passwd, group, and shadow files
• To know how to use the various Linux facilities to establish user resources
• To know how to set up sudo access
• To understand issues involved in user account policies
9.1 INTRODUCTION
The user account is the mechanism by which the Linux operating system is able to han-
dle the task of 
protection
. Protection is needed to ensure that users do not maliciously 
or through accident destroy (delete), manipulate, or inspect resources that they should 
not have access to. In Linux, there are three forms of user accounts: root, user (human) 
accounts, and software accounts.
The root account has access to all system resources. The root account is automatically 
created with the Linux installation. Most software and configuration files are owned by 
root. No matter what permissions a file has, root can access it.
As root lies at one end of the spectrum of access rights, software accounts typically are at 
the other end. Most software does not require its own account. However, if the software has 
its own files and directory space that the user should not directly access, then the software 
is often given its own account. Software, unlike users, usually has no login shell. Thus, if 
hackers attempt to log into a Linux system under a software account, the hackers would 
find themselves unable to issue commands. You might recall from Chapter 3 that we can 

352
◾
Linux with Operating System Concepts
assign the execution permission to be ‘s’ rather than ‘x’ so that the software runs under 
the file owner’s permissions rather than the user’s permissions. The software account is 
another approach to running processes whereby the software has its own directory space 
and access rights.
The user account lies in between these extremes. With each user account comes several 
different attributes (unless overridden):
• A username, user ID number (UID), and password (although the password may ini-
tially not have a value)
• An entry in both /etc/passwd and /etc/shadow indicating user account and password 
information
• A private group with a group ID number (GID), entered in /etc/group
• An initial home directory, by default under the directory /home, with default files
• A login shell, by default, Bash
In this chapter, we look at the programs available to create, modify, and delete users and 
groups. We look at the mechanisms available to the system administrator to automatically 
establish users with initial files. We also look at controlling passwords (i.e., using Linux 
tools to require that users to update their passwords in a timely fashion). We also discuss 
user account policies.
9.2 CREATING ACCOUNTS AND GROUPS
There are two approaches to creating user accounts and groups. First, there is a GUI tool, 
the User Manager, and second, there are command line programs. While the GUI tool is 
very simple to use, it is not necessarily preferred because, to create an account for many 
users, it requires a good deal of interaction. Instead, the command line program can be 
used in a shell script, which we will examine later in the chapter.
9.2.1 Creating User and Group Accounts through the GUI
The GUI User Manager program is launched either from the menu selecting System>
Administration 
>
Users and Groups, or from the command line issuing 
/usr/bin/ 
system-config-users
. This brings up the tool shown in Figure 9.1.
In this figure, there are three (human) users already created: Student, foxr, and zappaf. The 
user information for these users is shown in the tool: username, UID, primary (or private) 
group, full name (none has been established for these users), login shell, and home directory. 
The system accounts (e.g., root, adm, bin) and software accounts are not shown in this tool.
From the User Manager GUI, you can add a user, delete a user, modify a user, add a 
group, delete a group, or modify a group. Here, we will concentrate on users. Later, we will 
look at groups.
Creating a new user is accomplished by clicking on the Add User button. This causes 
the Add User popup window to appear (see Figure 9.2). In this window, you enter the new 

User Accounts
◾
353
username, that user’s full name, and an initial password (both of these are optional but 
recommended). You can also alter the login shell if desired from the default (bash) to any 
of the other available shells. Typically, Linux comes with sh (the original bourne shell), csh, 
and tcsh. If you add other shells (e.g., korn, ash, zoidberg), they should also appear. One 
last choice is /sbin/nologin. This is the choice for any software account as you do not want 
anyone to be able to log in as software and issue commands via a shell.
FIGURE 9.1 
User Manager tool.
FIGURE 9.2 
Adding users.

354
◾
Linux with Operating System Concepts
As you enter the username, the home directory is automatically filled out as /home/

Download 5,65 Mb.

Do'stlaringiz bilan baham: