User Management with Oracle Solaris 10, Solaris 11 – Part I

While working with Operating Systems, user management is an important thing which is used to manage many other services like mail server, web server etc. User’s credentials need to be created in such a way that no loop holes can be find and should be managed easily for optimized performance.

User Management - part I

Unix/Linux are better known for the secure and safe usage. For better encryption policies, /etc/security/policy.conf needs to changed to either md5 or blowfish. The line which reads: CRYPT_DEFAULT=_UNIX_ needs to be changed to 1, 2a(blowfish) or md5.

System Files which store User Account details

/etc/passwd

/etc/shadow

/etc/group

 

[symple_box color=”blue” text_align=”left” width=”100%” float=”none”] /etc/passwd
[/symple_box]

User(s) will be logging in with the details which is checked from /etc/passwd file, in which OS check about the username details. Then the password is checked from the /etc/shadow file which has the encrypted format of the passwords and verifies the password and then user is able to login into the system.

When user(s) is logged in to the system there are many groups defined for the user which is later verified for the access from /etc/group file.

[symple_box color=”gray” text_align=”left” width=”100%” float=”none”]

bash-3.2# cat /etc/passwd

root:x:0:0:Super-User:/:/sbin/sh

[/symple_box]

The format of the fields contain in the /etc/passwd file is as follows

Username:x(password_from_/etc/shadow):UID:GID:comment:home_directory:default_shell

[symple_box color=”blue” text_align=”left” width=”100%” float=”none”] #Things to note#
[/symple_box]

Root’s UID/GID values are always 0. Values from 0 to 99 are reserved for system accounts. Max UID/GID can reach upto 2 billion however try not to exceed more than 60000. UID number 60001 is reserved for nobody account and 60002 is reserved for noaccess account.

[symple_box color=”blue” text_align=”left” width=”100%” float=”none”] /etc/shadow
[/symple_box] [symple_box color=”gray” text_align=”left” width=”100%” float=”none”]

bash-3.2# cat /etc/shadow

root:SbeX2UcmUct0w:6445::::::

[/symple_box]

The format of the fields contain in the /etc/shadow file is as follows and you should note that only root user can see the shadow file.

Username:encrypted_password:num_of_days since password changed:min_hold_period:max_hold_period:num_of days prior to expiration to issue warning: inactivity limit: expiration date using unix each: failed login count

[symple_box color=”blue” text_align=”left” width=”100%” float=”none”] /etc/group
[/symple_box]

Whenever you create a user(s) you need to assign a group ID to the user. Once group is created you can manage the group with the listed users and make it more simple to administer.

[symple_box color=”gray” text_align=”left” width=”100%” float=”none”]

bash-3.2# cat /etc/group

root::0:

other::1:root

bin::2:root,daemon

sys::3:root,bin,adm

adm::4:root,daemon

[/symple_box]

The format of the fields contain in the /etc/group file is as follows

Group_name: optional_password: GID:list_of members(separated by commas)

[symple_divider style=”solid” margin_top=”20px” margin_bottom=”20px”]

[symple_box color=”gray” text_align=”left” width=”100%” float=”none”]

If you like the blog please follow us [icon name=”icon-facebook”] [icon name=”icon-twitter”] [icon name=”icon-google-plus-sign”]

[/symple_box]