Công Nghệ File

What are the three ways to properly edit the /etc/group files? (select three)

Expand section "9.7. Automatically Refreshing Package Database and Downloading Updates with Yum-cron" Collapse section "9.7. Automatically Refreshing Package Database and Downloading Updates with Yum-cron"

9.7.1. Enabling Automatic Installation of Updates
9.7.2. Setting up Optional Email Notifications
9.7.3. Enabling or Disabling Specific Repositories
9.7.4. Testing Yum-cron Settings
9.7.5. Disabling Yum-cron messages
9.7.6. Automatically Cleaning Packages

9.8. Additional Resources

IV. Infrastructure Services Expand section "IV. Infrastructure Services" Collapse section "IV. Infrastructure Services"

10. Managing Services with systemd Expand section "10. Managing Services with systemd" Collapse section "10. Managing Services with systemd"
1. 10.1. Introduction to systemd Expand section "10.1. Introduction to systemd" Collapse section "10.1. Introduction to systemd"
  1. 10.1.1. Main Features
  2. 10.1.2. Compatibility Changes
2. 10.2. Managing System Services Expand section "10.2. Managing System Services" Collapse section "10.2. Managing System Services"
  1. 10.2.1. Listing Services
  2. 10.2.2. Displaying Service Status
  3. 10.2.3. Starting a Service
  4. 10.2.4. Stopping a Service
  5. 10.2.5. Restarting a Service
  6. 10.2.6. Enabling a Service
  7. 10.2.7. Disabling a Service
  8. 10.2.8. Starting a Conflicting Service
3. 10.3. Working with systemd Targets Expand section "10.3. Working with systemd Targets" Collapse section "10.3. Working with systemd Targets"
  1. 10.3.1. Viewing the Default Target
  2. 10.3.2. Viewing the Current Target
  3. 10.3.3. Changing the Default Target
  4. 10.3.4. Changing the Current Target
  5. 10.3.5. Changing to Rescue Mode
  6. 10.3.6. Changing to Emergency Mode
4. 10.4. Shutting Down, Suspending, and Hibernating the System Expand section "10.4. Shutting Down, Suspending, and Hibernating the System" Collapse section "10.4. Shutting Down, Suspending, and Hibernating the System"
  1. 10.4.1. Shutting Down the System
  2. 10.4.2. Restarting the System
  3. 10.4.3. Suspending the System
  4. 10.4.4. Hibernating the System
5. 10.5. Controlling systemd on a Remote Machine
6. 10.6. Creating and Modifying systemd Unit Files Expand section "10.6. Creating and Modifying systemd Unit Files" Collapse section "10.6. Creating and Modifying systemd Unit Files"
  1. 10.6.1. Understanding the Unit File Structure
  2. 10.6.2. Creating Custom Unit Files
  3. 10.6.3. Converting SysV Init Scripts to Unit Files
  4. 10.6.4. Modifying Existing Unit Files
  5. 10.6.5. Working with Instantiated Units
7. 10.7. Additional Considerations While Managing Services
8. 10.8. Additional Resources
11. Configuring a System for Accessibility Expand section "11. Configuring a System for Accessibility" Collapse section "11. Configuring a System for Accessibility"
1. 11.1. Configuring the brltty Service
2. 11.2. Switch On Always Show Universal Access Menu
3. 11.3. Enabling the Festival Speech Synthesis System
12. OpenSSH Expand section "12. OpenSSH" Collapse section "12. OpenSSH"
1. 12.1. The SSH Protocol Expand section "12.1. The SSH Protocol" Collapse section "12.1. The SSH Protocol"
  1. 12.1.1. Why Use SSH?
  2. 12.1.2. Main Features
  3. 12.1.3. Protocol Versions
  4. 12.1.4. Event Sequence of an SSH Connection Expand section "12.1.4. Event Sequence of an SSH Connection" Collapse section "12.1.4. Event Sequence of an SSH Connection"
    1. 12.1.4.1. Transport Layer
    2. 12.1.4.2. Authentication
    3. 12.1.4.3. Channels
2. 12.2. Configuring OpenSSH Expand section "12.2. Configuring OpenSSH" Collapse section "12.2. Configuring OpenSSH"
  1. 12.2.1. Configuration Files
  2. 12.2.2. Starting an OpenSSH Server
  3. 12.2.3. Requiring SSH for Remote Connections
  4. 12.2.4. Using Key-based Authentication Expand section "12.2.4. Using Key-based Authentication" Collapse section "12.2.4. Using Key-based Authentication"
    1. 12.2.4.1. Generating Key Pairs
    2. 12.2.4.2. Configuring ssh-agent
3. 12.3. OpenSSH Clients Expand section "12.3. OpenSSH Clients" Collapse section "12.3. OpenSSH Clients"
  1. 12.3.1. Using the ssh Utility
  2. 12.3.2. Using the scp Utility
  3. 12.3.3. Using the sftp Utility
4. 12.4. More Than a Secure Shell Expand section "12.4. More Than a Secure Shell" Collapse section "12.4. More Than a Secure Shell"
  1. 12.4.1. X11 Forwarding
  2. 12.4.2. Port Forwarding
5. 12.5. Additional Resources
13. TigerVNC Expand section "13. TigerVNC" Collapse section "13. TigerVNC"
1. 13.1. VNC Server Expand section "13.1. VNC Server" Collapse section "13.1. VNC Server"
  1. 13.1.1. Installing VNC Server
  2. 13.1.2. Configuring VNC Server Expand section "13.1.2. Configuring VNC Server" Collapse section "13.1.2. Configuring VNC Server"
    1. 13.1.2.1. Configuring VNC Server for Two Users
  3. 13.1.3. Starting VNC Server Expand section "13.1.3. Starting VNC Server" Collapse section "13.1.3. Starting VNC Server"
    1. 13.1.3.1. Configuring VNC Server for Two Users and Two Different Displays
  4. 13.1.4. VNC setup based on xinetd with XDMCP for GDM
  5. 13.1.5. Terminating a VNC Session
2. 13.2. Sharing an Existing Desktop
3. 13.3. VNC Viewer Expand section "13.3. VNC Viewer" Collapse section "13.3. VNC Viewer"
  1. 13.3.1. Installing VNC Viewer
  2. 13.3.2. Connecting to VNC Server Expand section "13.3.2. Connecting to VNC Server" Collapse section "13.3.2. Connecting to VNC Server"
    1. 13.3.2.1. Configuring the Firewall for VNC
  3. 13.3.3. Connecting to VNC Server Using SSH
4. 13.4. Additional Resources

V. Servers Expand section "V. Servers" Collapse section "V. Servers"

14. Web Servers Expand section "14. Web Servers" Collapse section "14. Web Servers"
1. 14.1. The Apache HTTP Server Expand section "14.1. The Apache HTTP Server" Collapse section "14.1. The Apache HTTP Server"
  1. 14.1.1. Notable Changes
  2. 14.1.2. Updating the Configuration
  3. 14.1.3. Running the httpd Service Expand section "14.1.3. Running the httpd Service" Collapse section "14.1.3. Running the httpd Service"
    1. 14.1.3.1. Starting the Service
    2. 14.1.3.2. Stopping the Service
    3. 14.1.3.3. Restarting the Service
    4. 14.1.3.4. Verifying the Service Status
  4. 14.1.4. Editing the Configuration Files
  5. 14.1.5. Working with Modules Expand section "14.1.5. Working with Modules" Collapse section "14.1.5. Working with Modules"
    1. 14.1.5.1. Loading a Module
    2. 14.1.5.2. Writing a Module
  6. 14.1.6. Setting Up Virtual Hosts
  7. 14.1.7. Setting Up an SSL Server Expand section "14.1.7. Setting Up an SSL Server" Collapse section "14.1.7. Setting Up an SSL Server"
    1. 14.1.7.1. An Overview of Certificates and Security
  8. 14.1.8. Enabling the mod_ssl Module Expand section "14.1.8. Enabling the mod_ssl Module" Collapse section "14.1.8. Enabling the mod_ssl Module"
    1. 14.1.8.1. Enabling and Disabling SSL and TLS in mod_ssl
  9. 14.1.9. Enabling the mod_nss Module Expand section "14.1.9. Enabling the mod_nss Module" Collapse section "14.1.9. Enabling the mod_nss Module"
    1. 14.1.9.1. Enabling and Disabling SSL and TLS in mod_nss
  10. 14.1.10. Using an Existing Key and Certificate
  11. 14.1.11. Generating a New Key and Certificate
  12. 14.1.12. Configure the Firewall for HTTP and HTTPS Using the Command Line Expand section "14.1.12. Configure the Firewall for HTTP and HTTPS Using the Command Line" Collapse section "14.1.12. Configure the Firewall for HTTP and HTTPS Using the Command Line"
    1. 14.1.12.1. Checking Network Access for Incoming HTTPS and HTTPS Using the Command Line
  13. 14.1.13. Additional Resources
15. Mail Servers Expand section "15. Mail Servers" Collapse section "15. Mail Servers"
1. 15.1. Email Protocols Expand section "15.1. Email Protocols" Collapse section "15.1. Email Protocols"
  1. 15.1.1. Mail Transport Protocols Expand section "15.1.1. Mail Transport Protocols" Collapse section "15.1.1. Mail Transport Protocols"
    1. 15.1.1.1. SMTP
  2. 15.1.2. Mail Access Protocols Expand section "15.1.2. Mail Access Protocols" Collapse section "15.1.2. Mail Access Protocols"
    1. 15.1.2.1. POP
    2. 15.1.2.2. IMAP
    3. 15.1.2.3. Dovecot
2. 15.2. Email Program Classifications Expand section "15.2. Email Program Classifications" Collapse section "15.2. Email Program Classifications"
  1. 15.2.1. Mail Transport Agent
  2. 15.2.2. Mail Delivery Agent
  3. 15.2.3. Mail User Agent
3. 15.3. Mail Transport Agents Expand section "15.3. Mail Transport Agents" Collapse section "15.3. Mail Transport Agents"
  1. 15.3.1. Postfix Expand section "15.3.1. Postfix" Collapse section "15.3.1. Postfix"
    1. 15.3.1.1. The Default Postfix Installation
    2. 15.3.1.2. Upgrading From a Previous Release
    3. 15.3.1.3. Basic Postfix Configuration
    4. 15.3.1.4. Using Postfix with LDAP Expand section "15.3.1.4. Using Postfix with LDAP" Collapse section "15.3.1.4. Using Postfix with LDAP"
      1. 15.3.1.4.1. The /etc/aliases lookup example
  2. 15.3.2. Sendmail Expand section "15.3.2. Sendmail" Collapse section "15.3.2. Sendmail"
    1. 15.3.2.1. Purpose and Limitations
    2. 15.3.2.2. The Default Sendmail Installation
    3. 15.3.2.3. Common Sendmail Configuration Changes
    4. 15.3.2.4. Masquerading
    5. 15.3.2.5. Stopping Spam
    6. 15.3.2.6. Using Sendmail with LDAP
  3. 15.3.3. Fetchmail Expand section "15.3.3. Fetchmail" Collapse section "15.3.3. Fetchmail"
    1. 15.3.3.1. Fetchmail Configuration Options
    2. 15.3.3.2. Global Options
    3. 15.3.3.3. Server Options
    4. 15.3.3.4. User Options
    5. 15.3.3.5. Fetchmail Command Options
    6. 15.3.3.6. Informational or Debugging Options
    7. 15.3.3.7. Special Options
  4. 15.3.4. Mail Transport Agent [MTA] Configuration
4. 15.4. Mail Delivery Agents Expand section "15.4. Mail Delivery Agents" Collapse section "15.4. Mail Delivery Agents"
  1. 15.4.1. Procmail Configuration
  2. 15.4.2. Procmail Recipes Expand section "15.4.2. Procmail Recipes" Collapse section "15.4.2. Procmail Recipes"
    1. 15.4.2.1. Delivering vs. Non-Delivering Recipes
    2. 15.4.2.2. Flags
    3. 15.4.2.3. Specifying a Local Lockfile
    4. 15.4.2.4. Special Conditions and Actions
    5. 15.4.2.5. Recipe Examples
    6. 15.4.2.6. Spam Filters
5. 15.5. Mail User Agents Expand section "15.5. Mail User Agents" Collapse section "15.5. Mail User Agents"
  1. 15.5.1. Securing Communication Expand section "15.5.1. Securing Communication" Collapse section "15.5.1. Securing Communication"
    1. 15.5.1.1. Secure Email Clients
    2. 15.5.1.2. Securing Email Client Communications
6. 15.6. Configuring Mail Server with Antispam and Antivirus Expand section "15.6. Configuring Mail Server with Antispam and Antivirus" Collapse section "15.6. Configuring Mail Server with Antispam and Antivirus"
  1. 15.6.1. Configuring Spam Filtering for Mail Transport Agent or Mail Delivery Agent Expand section "15.6.1. Configuring Spam Filtering for Mail Transport Agent or Mail Delivery Agent" Collapse section "15.6.1. Configuring Spam Filtering for Mail Transport Agent or Mail Delivery Agent"
    1. 15.6.1.1. Configuring Spam Filtering in a Mail Transport Agent
    2. 15.6.1.2. Configuring Spam Filtering in a Mail Delivery Agent
  2. 15.6.2. Configuring Antivirus Protection
  3. 15.6.3. Using the EPEL Repository to install Antispam and Antivirus Software
7. 15.7. Additional Resources Expand section "15.7. Additional Resources" Collapse section "15.7. Additional Resources"
  1. 15.7.1. Installed Documentation
  2. 15.7.2. Online Documentation
  3. 15.7.3. Related Books
16. File and Print Servers Expand section "16. File and Print Servers" Collapse section "16. File and Print Servers"
1. 16.1. Samba Expand section "16.1. Samba" Collapse section "16.1. Samba"
  1. 16.1.1. The Samba Services
  2. 16.1.2. Verifying the smb.conf File by Using the testparm Utility
  3. 16.1.3. Understanding the Samba Security Modes
  4. 16.1.4. Setting up Samba as a Standalone Server Expand section "16.1.4. Setting up Samba as a Standalone Server" Collapse section "16.1.4. Setting up Samba as a Standalone Server"
    1. 16.1.4.1. Setting up the Server Configuration for the Standalone Server
    2. 16.1.4.2. Creating and Enabling Local User Accounts
  5. 16.1.5. Setting up Samba as a Domain Member Expand section "16.1.5. Setting up Samba as a Domain Member" Collapse section "16.1.5. Setting up Samba as a Domain Member"
    1. 16.1.5.1. Joining a Domain
    2. 16.1.5.2. Verifying That Samba Was Correctly Joined As a Domain Member
    3. 16.1.5.3. Understanding ID Mapping Expand section "16.1.5.3. Understanding ID Mapping" Collapse section "16.1.5.3. Understanding ID Mapping"
      1. 16.1.5.3.1. Planning ID Ranges
      2. 16.1.5.3.2. The * Default Domain
    4. 16.1.5.4. The Different ID Mapping Back Ends Expand section "16.1.5.4. The Different ID Mapping Back Ends" Collapse section "16.1.5.4. The Different ID Mapping Back Ends"
      1. 16.1.5.4.1. Using the tdb ID Mapping Back End
      2. 16.1.5.4.2. Using the ad ID Mapping Back End
      3. 16.1.5.4.3. Using the rid ID Mapping Back End
      4. 16.1.5.4.4. Using the autorid ID Mapping Back End
  6. 16.1.6. Configuring File Shares on a Samba Server Expand section "16.1.6. Configuring File Shares on a Samba Server" Collapse section "16.1.6. Configuring File Shares on a Samba Server"
    1. 16.1.6.1. Setting up a Share That Uses POSIX ACLs Expand section "16.1.6.1. Setting up a Share That Uses POSIX ACLs" Collapse section "16.1.6.1. Setting up a Share That Uses POSIX ACLs"
      1. 16.1.6.1.1. Adding a Share That Uses POSIX ACLs
      2. 16.1.6.1.2. Setting ACLs
      3. 16.1.6.1.3. Setting Permissions on a Share
    2. 16.1.6.2. Setting up a Share That Uses Windows ACLs Expand section "16.1.6.2. Setting up a Share That Uses Windows ACLs" Collapse section "16.1.6.2. Setting up a Share That Uses Windows ACLs"
      1. 16.1.6.2.1. Granting the SeDiskOperatorPrivilege Privilege
      2. 16.1.6.2.2. Enabling Windows ACL Support
      3. 16.1.6.2.3. Adding a Share That Uses Windows ACLs
      4. 16.1.6.2.4. Managing Share Permissions and File System ACLs of a Share That Uses Windows ACLs
    3. 16.1.6.3. Managing ACLs on an SMB Share Using smbcacls Expand section "16.1.6.3. Managing ACLs on an SMB Share Using smbcacls" Collapse section "16.1.6.3. Managing ACLs on an SMB Share Using smbcacls"
      1. 16.1.6.3.1. Understanding Access Control Entries
      2. 16.1.6.3.2. Displaying ACLs Using smbcacls
      3. 16.1.6.3.3. Calculating an ACE Mask
      4. 16.1.6.3.4. Adding, Updating, And Removing an ACL Using smbcacls
    4. 16.1.6.4. Enabling Users to Share Directories on a Samba Server Expand section "16.1.6.4. Enabling Users to Share Directories on a Samba Server" Collapse section "16.1.6.4. Enabling Users to Share Directories on a Samba Server"
      1. 16.1.6.4.1. Enabling the User Shares Feature
      2. 16.1.6.4.2. Adding a User Share
      3. 16.1.6.4.3. Updating Settings of a User Share
      4. 16.1.6.4.4. Displaying Information About Existing User Shares
      5. 16.1.6.4.5. Listing User Shares
      6. 16.1.6.4.6. Deleting a User Share
    5. 16.1.6.5. Enabling Guest Access to a Share
  7. 16.1.7. Setting up a Samba Print Server Expand section "16.1.7. Setting up a Samba Print Server" Collapse section "16.1.7. Setting up a Samba Print Server"
    1. 16.1.7.1. The Samba spoolssd Service
    2. 16.1.7.2. Enabling Print Server Support in Samba
    3. 16.1.7.3. Manually Sharing Specific Printers
    4. 16.1.7.4. Setting up Automatic Printer Driver Downloads for Windows Clients Expand section "16.1.7.4. Setting up Automatic Printer Driver Downloads for Windows Clients" Collapse section "16.1.7.4. Setting up Automatic Printer Driver Downloads for Windows Clients"
      1. 16.1.7.4.1. Basic Information about Printer Drivers
      2. 16.1.7.4.2. Enabling Users to Upload and Preconfigure Drivers
      3. 16.1.7.4.3. Setting up the print$ Share
      4. 16.1.7.4.4. Creating a GPO to Enable Clients to Trust the Samba Print Server
      5. 16.1.7.4.5. Uploading Drivers and Preconfiguring Printers
  8. 16.1.8. Tuning the Performance of a Samba Server Expand section "16.1.8. Tuning the Performance of a Samba Server" Collapse section "16.1.8. Tuning the Performance of a Samba Server"
    1. 16.1.8.1. Setting the SMB Protocol Version
    2. 16.1.8.2. Tuning Shares with Directories That Contain a Large Number of Files
    3. 16.1.8.3. Settings That Can Have a Negative Performance Impact
  9. 16.1.9. Frequently Used Samba Command-line Utilities Expand section "16.1.9. Frequently Used Samba Command-line Utilities" Collapse section "16.1.9. Frequently Used Samba Command-line Utilities"
    1. 16.1.9.1. Using the net Utility Expand section "16.1.9.1. Using the net Utility" Collapse section "16.1.9.1. Using the net Utility"
      1. 16.1.9.1.1. Using the net ads join and net rpc join Commands
      2. 16.1.9.1.2. Using the net rpc rights Command
      3. 16.1.9.1.3. Using the net rpc share Command
      4. 16.1.9.1.4. Using the net user Command
      5. 16.1.9.1.5. Using the net usershare Command
    2. 16.1.9.2. Using the rpcclient Utility
    3. 16.1.9.3. Using the samba-regedit Application
    4. 16.1.9.4. Using the smbcacls Utility
    5. 16.1.9.5. Using the smbclient Utility Expand section "16.1.9.5. Using the smbclient Utility" Collapse section "16.1.9.5. Using the smbclient Utility"
      1. 16.1.9.5.1. Using smbclient in Interactive Mode
      2. 16.1.9.5.2. Using smbclient in Scripting Mode
    6. 16.1.9.6. Using the smbcontrol Utility
    7. 16.1.9.7. Using the smbpasswd Utility
    8. 16.1.9.8. Using the smbstatus Utility
    9. 16.1.9.9. Using the smbtar Utility
    10. 16.1.9.10. Using the testparm Utility
    11. 16.1.9.11. Using the wbinfo Utility
  10. 16.1.10. Additional Resources
2. 16.2. FTP Expand section "16.2. FTP" Collapse section "16.2. FTP"
  1. 16.2.1. The File Transfer Protocol
  2. 16.2.2. The vsftpd Server Expand section "16.2.2. The vsftpd Server" Collapse section "16.2.2. The vsftpd Server"
    1. 16.2.2.1. Starting and Stopping vsftpd
    2. 16.2.2.2. Starting Multiple Copies of vsftpd
    3. 16.2.2.3. Encrypting vsftpd Connections Using TLS
    4. 16.2.2.4. SELinux Policy for vsftpd
  3. 16.2.3. Additional Resources Expand section "16.2.3. Additional Resources" Collapse section "16.2.3. Additional Resources"
    1. 16.2.3.1. Installed Documentation
    2. 16.2.3.2. Online Documentation
3. 16.3. Print Settings Expand section "16.3. Print Settings" Collapse section "16.3. Print Settings"
  1. 16.3.1. Starting the Print Settings Configuration Tool
  2. 16.3.2. Starting Printer Setup
  3. 16.3.3. Adding a Local Printer
  4. 16.3.4. Adding an AppSocket/HP JetDirect printer
  5. 16.3.5. Adding an IPP Printer
  6. 16.3.6. Adding an LPD/LPR Host or Printer
  7. 16.3.7. Adding a Samba [SMB] printer
  8. 16.3.8. Selecting the Printer Model and Finishing
  9. 16.3.9. Printing a Test Page
  10. 16.3.10. Modifying Existing Printers Expand section "16.3.10. Modifying Existing Printers" Collapse section "16.3.10. Modifying Existing Printers"
    1. 16.3.10.1. The Settings Page
    2. 16.3.10.2. The Policies Page Expand section "16.3.10.2. The Policies Page" Collapse section "16.3.10.2. The Policies Page"
      1. 16.3.10.2.1. Sharing Printers
      2. 16.3.10.2.2. The Access Control Page
      3. 16.3.10.2.3. The Printer Options Page
      4. 16.3.10.2.4. Job Options Page
      5. 16.3.10.2.5. Ink/Toner Levels Page
    3. 16.3.10.3. Managing Print Jobs
  11. 16.3.11. Additional Resources
17. Database Servers Expand section "17. Database Servers" Collapse section "17. Database Servers"
1. 17.1. MariaDB Expand section "17.1. MariaDB" Collapse section "17.1. MariaDB"
  1. 17.1.1. Installing the MariaDB server Expand section "17.1.1. Installing the MariaDB server" Collapse section "17.1.1. Installing the MariaDB server"
    1. 17.1.1.1. Improving MariaDB installation security
  2. 17.1.2. Configuring the MariaDB server for networking
  3. 17.1.3. Backing up MariaDB data Expand section "17.1.3. Backing up MariaDB data" Collapse section "17.1.3. Backing up MariaDB data"
    1. 17.1.3.1. Logical back up
    2. 17.1.3.2. Physical back up
18. Configuring NTP Using the chrony Suite Expand section "18. Configuring NTP Using the chrony Suite" Collapse section "18. Configuring NTP Using the chrony Suite"
1. 18.1. Introduction to the chrony Suite Expand section "18.1. Introduction to the chrony Suite" Collapse section "18.1. Introduction to the chrony Suite"
  1. 18.1.1. Differences Between ntpd and chronyd
  2. 18.1.2. Choosing Between NTP Daemons
2. 18.2. Understanding chrony and Its Configuration Expand section "18.2. Understanding chrony and Its Configuration" Collapse section "18.2. Understanding chrony and Its Configuration"
  1. 18.2.1. Understanding chronyd and chronyc
  2. 18.2.2. Understanding the chrony Configuration Commands
  3. 18.2.3. Security with chronyc
3. 18.3. Using chrony Expand section "18.3. Using chrony" Collapse section "18.3. Using chrony"
  1. 18.3.1. Installing chrony
  2. 18.3.2. Checking the Status of chronyd
  3. 18.3.3. Starting chronyd
  4. 18.3.4. Stopping chronyd
  5. 18.3.5. Checking if chrony is Synchronized Expand section "18.3.5. Checking if chrony is Synchronized" Collapse section "18.3.5. Checking if chrony is Synchronized"
    1. 18.3.5.1. Checking chrony Tracking
    2. 18.3.5.2. Checking chrony Sources
    3. 18.3.5.3. Checking chrony Source Statistics
  6. 18.3.6. Manually Adjusting the System Clock
4. 18.4. Setting Up chrony for Different Environments Expand section "18.4. Setting Up chrony for Different Environments" Collapse section "18.4. Setting Up chrony for Different Environments"
  1. 18.4.1. Setting Up chrony for a System in an Isolated Network
5. 18.5. Using chronyc Expand section "18.5. Using chronyc" Collapse section "18.5. Using chronyc"
  1. 18.5.1. Using chronyc to Control chronyd
6. 18.6. Chrony with HW timestamping Expand section "18.6. Chrony with HW timestamping" Collapse section "18.6. Chrony with HW timestamping"
  1. 18.6.1. Understanding Hardware Timestamping
  2. 18.6.2. Verifying Support for Hardware Timestamping
  3. 18.6.3. Enabling Hardware Timestamping
  4. 18.6.4. Configuring Client Polling Interval
  5. 18.6.5. Enabling Interleaved Mode
  6. 18.6.6. Configuring Server for Large Number of Clients
  7. 18.6.7. Verifying Hardware Timestamping
  8. 18.6.8. Configuring PTP-NTP bridge
7. 18.7. Additional Resources Expand section "18.7. Additional Resources" Collapse section "18.7. Additional Resources"
  1. 18.7.1. Installed Documentation
  2. 18.7.2. Online Documentation
19. Configuring NTP Using ntpd Expand section "19. Configuring NTP Using ntpd" Collapse section "19. Configuring NTP Using ntpd"
1. 19.1. Introduction to NTP
2. 19.2. NTP Strata
3. 19.3. Understanding NTP
4. 19.4. Understanding the Drift File
5. 19.5. UTC, Timezones, and DST
6. 19.6. Authentication Options for NTP
7. 19.7. Managing the Time on Virtual Machines
8. 19.8. Understanding Leap Seconds
9. 19.9. Understanding the ntpd Configuration File
10. 19.10. Understanding the ntpd Sysconfig File
11. 19.11. Disabling chrony
12. 19.12. Checking if the NTP Daemon is Installed
13. 19.13. Installing the NTP Daemon [ntpd]
14. 19.14. Checking the Status of NTP
15. 19.15. Configure the Firewall to Allow Incoming NTP Packets Expand section "19.15. Configure the Firewall to Allow Incoming NTP Packets" Collapse section "19.15. Configure the Firewall to Allow Incoming NTP Packets"
  1. 19.15.1. Change the Firewall Settings
  2. 19.15.2. Open Ports in the Firewall for NTP Packets
16. 19.16. Configure ntpdate Servers
17. 19.17. Configure NTP Expand section "19.17. Configure NTP" Collapse section "19.17. Configure NTP"
  1. 19.17.1. Configure Access Control to an NTP Service
  2. 19.17.2. Configure Rate Limiting Access to an NTP Service
  3. 19.17.3. Adding a Peer Address
  4. 19.17.4. Adding a Server Address
  5. 19.17.5. Adding a Broadcast or Multicast Server Address
  6. 19.17.6. Adding a Manycast Client Address
  7. 19.17.7. Adding a Broadcast Client Address
  8. 19.17.8. Adding a Manycast Server Address
  9. 19.17.9. Adding a Multicast Client Address
  10. 19.17.10. Configuring the Burst Option
  11. 19.17.11. Configuring the iburst Option
  12. 19.17.12. Configuring Symmetric Authentication Using a Key
  13. 19.17.13. Configuring the Poll Interval
  14. 19.17.14. Configuring Server Preference
  15. 19.17.15. Configuring the Time-to-Live for NTP Packets
  16. 19.17.16. Configuring the NTP Version to Use
18. 19.18. Configuring the Hardware Clock Update
19. 19.19. Configuring Clock Sources
20. 19.20. Additional Resources Expand section "19.20. Additional Resources" Collapse section "19.20. Additional Resources"
  1. 19.20.1. Installed Documentation
  2. 19.20.2. Useful Websites
20. Configuring PTP Using ptp4l Expand section "20. Configuring PTP Using ptp4l" Collapse section "20. Configuring PTP Using ptp4l"
1. 20.1. Introduction to PTP Expand section "20.1. Introduction to PTP" Collapse section "20.1. Introduction to PTP"
  1. 20.1.1. Understanding PTP
  2. 20.1.2. Advantages of PTP
2. 20.2. Using PTP Expand section "20.2. Using PTP" Collapse section "20.2. Using PTP"
  1. 20.2.1. Checking for Driver and Hardware Support
  2. 20.2.2. Installing PTP
  3. 20.2.3. Starting ptp4l Expand section "20.2.3. Starting ptp4l" Collapse section "20.2.3. Starting ptp4l"
    1. 20.2.3.1. Selecting a Delay Measurement Mechanism
3. 20.3. Using PTP with Multiple Interfaces
4. 20.4. Specifying a Configuration File
5. 20.5. Using the PTP Management Client
6. 20.6. Synchronizing the Clocks
7. 20.7. Verifying Time Synchronization
8. 20.8. Serving PTP Time with NTP
9. 20.9. Serving NTP Time with PTP
10. 20.10. Synchronize to PTP or NTP Time Using timemaster Expand section "20.10. Synchronize to PTP or NTP Time Using timemaster" Collapse section "20.10. Synchronize to PTP or NTP Time Using timemaster"
  1. 20.10.1. Starting timemaster as a Service
  2. 20.10.2. Understanding the timemaster Configuration File
  3. 20.10.3. Configuring timemaster Options
11. 20.11. Improving Accuracy
12. 20.12. Additional Resources Expand section "20.12. Additional Resources" Collapse section "20.12. Additional Resources"
  1. 20.12.1. Installed Documentation
  2. 20.12.2. Useful Websites

VI. Monitoring and Automation Expand section "VI. Monitoring and Automation" Collapse section "VI. Monitoring and Automation"

21. System Monitoring Tools Expand section "21. System Monitoring Tools" Collapse section "21. System Monitoring Tools"
1. 21.1. Viewing System Processes Expand section "21.1. Viewing System Processes" Collapse section "21.1. Viewing System Processes"
  1. 21.1.1. Using the ps Command
  2. 21.1.2. Using the top Command
  3. 21.1.3. Using the System Monitor Tool
2. 21.2. Viewing Memory Usage Expand section "21.2. Viewing Memory Usage" Collapse section "21.2. Viewing Memory Usage"
  1. 21.2.1. Using the free Command
  2. 21.2.2. Using the System Monitor Tool
3. 21.3. Viewing CPU Usage Expand section "21.3. Viewing CPU Usage" Collapse section "21.3. Viewing CPU Usage"
  1. 21.3.1. Using the System Monitor Tool
4. 21.4. Viewing Block Devices and File Systems Expand section "21.4. Viewing Block Devices and File Systems" Collapse section "21.4. Viewing Block Devices and File Systems"
  1. 21.4.1. Using the lsblk Command
  2. 21.4.2. Using the blkid Command
  3. 21.4.3. Using the findmnt Command
  4. 21.4.4. Using the df Command
  5. 21.4.5. Using the du Command
  6. 21.4.6. Using the System Monitor Tool
5. 21.5. Viewing Hardware Information Expand section "21.5. Viewing Hardware Information" Collapse section "21.5. Viewing Hardware Information"
  1. 21.5.1. Using the lspci Command
  2. 21.5.2. Using the lsusb Command
  3. 21.5.3. Using the lscpu Command
6. 21.6. Checking for Hardware Errors
7. 21.7. Monitoring Performance with Net-SNMP Expand section "21.7. Monitoring Performance with Net-SNMP" Collapse section "21.7. Monitoring Performance with Net-SNMP"
  1. 21.7.1. Installing Net-SNMP
  2. 21.7.2. Running the Net-SNMP Daemon Expand section "21.7.2. Running the Net-SNMP Daemon" Collapse section "21.7.2. Running the Net-SNMP Daemon"
    1. 21.7.2.1. Starting the Service
    2. 21.7.2.2. Stopping the Service
    3. 21.7.2.3. Restarting the Service
  3. 21.7.3. Configuring Net-SNMP Expand section "21.7.3. Configuring Net-SNMP" Collapse section "21.7.3. Configuring Net-SNMP"
    1. 21.7.3.1. Setting System Information
    2. 21.7.3.2. Configuring Authentication
  4. 21.7.4. Retrieving Performance Data over SNMP Expand section "21.7.4. Retrieving Performance Data over SNMP" Collapse section "21.7.4. Retrieving Performance Data over SNMP"
    1. 21.7.4.1. Hardware Configuration
    2. 21.7.4.2. CPU and Memory Information
    3. 21.7.4.3. File System and Disk Information
    4. 21.7.4.4. Network Information
  5. 21.7.5. Extending Net-SNMP Expand section "21.7.5. Extending Net-SNMP" Collapse section "21.7.5. Extending Net-SNMP"
    1. 21.7.5.1. Extending Net-SNMP with Shell Scripts
    2. 21.7.5.2. Extending Net-SNMP with Perl
8. 21.8. Additional Resources Expand section "21.8. Additional Resources" Collapse section "21.8. Additional Resources"
  1. 21.8.1. Installed Documentation
22. OpenLMI Expand section "22. OpenLMI" Collapse section "22. OpenLMI"
1. 22.1. About OpenLMI Expand section "22.1. About OpenLMI" Collapse section "22.1. About OpenLMI"
  1. 22.1.1. Main Features
  2. 22.1.2. Management Capabilities
2. 22.2. Installing OpenLMI Expand section "22.2. Installing OpenLMI" Collapse section "22.2. Installing OpenLMI"
  1. 22.2.1. Installing OpenLMI on a Managed System
  2. 22.2.2. Installing OpenLMI on a Client System
3. 22.3. Configuring SSL Certificates for OpenPegasus Expand section "22.3. Configuring SSL Certificates for OpenPegasus" Collapse section "22.3. Configuring SSL Certificates for OpenPegasus"
  1. 22.3.1. Managing Self-signed Certificates
  2. 22.3.2. Managing Authority-signed Certificates with Identity Management [Recommended]
  3. 22.3.3. Managing Authority-signed Certificates Manually
4. 22.4. Using LMIShell Expand section "22.4. Using LMIShell" Collapse section "22.4. Using LMIShell"
  1. 22.4.1. Starting, Using, and Exiting LMIShell
  2. 22.4.2. Connecting to a CIMOM
  3. 22.4.3. Working with Namespaces
  4. 22.4.4. Working with Classes
  5. 22.4.5. Working with Instances
  6. 22.4.6. Working with Instance Names
  7. 22.4.7. Working with Associated Objects
  8. 22.4.8. Working with Association Objects
  9. 22.4.9. Working with Indications
  10. 22.4.10. Example Usage
5. 22.5. Using OpenLMI Scripts
6. 22.6. Additional Resources
23. Viewing and Managing Log Files Expand section "23. Viewing and Managing Log Files" Collapse section "23. Viewing and Managing Log Files"
1. 23.1. Locating Log Files
2. 23.2. Basic Configuration of Rsyslog Expand section "23.2. Basic Configuration of Rsyslog" Collapse section "23.2. Basic Configuration of Rsyslog"
  1. 23.2.1. Filters
  2. 23.2.2. Actions
  3. 23.2.3. Templates
  4. 23.2.4. Global Directives
  5. 23.2.5. Log Rotation
  6. 23.2.6. Increasing the Limit of Open Files
3. 23.3. Using the New Configuration Format Expand section "23.3. Using the New Configuration Format" Collapse section "23.3. Using the New Configuration Format"
  1. 23.3.1. Rulesets
  2. 23.3.2. Compatibility with sysklogd
4. 23.4. Working with Queues in Rsyslog Expand section "23.4. Working with Queues in Rsyslog" Collapse section "23.4. Working with Queues in Rsyslog"
  1. 23.4.1. Defining Queues
  2. 23.4.2. Creating a New Directory for rsyslog Log Files
  3. 23.4.3. Managing Queues
  4. 23.4.4. Using the New Syntax for rsyslog queues
5. 23.5. Configuring rsyslog on a Logging Server Expand section "23.5. Configuring rsyslog on a Logging Server" Collapse section "23.5. Configuring rsyslog on a Logging Server"
  1. 23.5.1. Using The New Template Syntax on a Logging Server
6. 23.6. Using Rsyslog Modules Expand section "23.6. Using Rsyslog Modules" Collapse section "23.6. Using Rsyslog Modules"
  1. 23.6.1. Importing Text Files
  2. 23.6.2. Exporting Messages to a Database
  3. 23.6.3. Enabling Encrypted Transport
  4. 23.6.4. Using RELP
7. 23.7. Interaction of Rsyslog and Journal
8. 23.8. Structured Logging with Rsyslog Expand section "23.8. Structured Logging with Rsyslog" Collapse section "23.8. Structured Logging with Rsyslog"
  1. 23.8.1. Importing Data from Journal
  2. 23.8.2. Filtering Structured Messages
  3. 23.8.3. Parsing JSON
  4. 23.8.4. Storing Messages in the MongoDB
9. 23.9. Debugging Rsyslog
10. 23.10. Using the Journal Expand section "23.10. Using the Journal" Collapse section "23.10. Using the Journal"
  1. 23.10.1. Viewing Log Files
  2. 23.10.2. Access Control
  3. 23.10.3. Using The Live View
  4. 23.10.4. Filtering Messages
  5. 23.10.5. Enabling Persistent Storage
11. 23.11. Managing Log Files in a Graphical Environment Expand section "23.11. Managing Log Files in a Graphical Environment" Collapse section "23.11. Managing Log Files in a Graphical Environment"
  1. 23.11.1. Viewing Log Files
  2. 23.11.2. Adding a Log File
  3. 23.11.3. Monitoring Log Files
12. 23.12. Additional Resources
24. Automating System Tasks Expand section "24. Automating System Tasks" Collapse section "24. Automating System Tasks"
1. 24.1. Scheduling a Recurring Job Using Cron Expand section "24.1. Scheduling a Recurring Job Using Cron" Collapse section "24.1. Scheduling a Recurring Job Using Cron"
  1. 24.1.1. Prerequisites for Cron Jobs
  2. 24.1.2. Scheduling a Cron Job
2. 24.2. Scheduling a Recurring Asynchronous Job Using Anacron Expand section "24.2. Scheduling a Recurring Asynchronous Job Using Anacron" Collapse section "24.2. Scheduling a Recurring Asynchronous Job Using Anacron"
  1. 24.2.1. Prerequisites for Anacrob Jobs
  2. 24.2.2. Scheduling an Anacron Job
3. 24.3. Scheduling a Job to Run at a Specific Time Using at Expand section "24.3. Scheduling a Job to Run at a Specific Time Using at" Collapse section "24.3. Scheduling a Job to Run at a Specific Time Using at"
  1. 24.3.1. Prerequisites for At Jobs
  2. 24.3.2. Scheduling an At Job Expand section "24.3.2. Scheduling an At Job" Collapse section "24.3.2. Scheduling an At Job"
    1. 24.3.2.1. Controlling Access to At and Batch
4. 24.4. Scheduling a Job to Run on System Load Drop Using batch Expand section "24.4. Scheduling a Job to Run on System Load Drop Using batch" Collapse section "24.4. Scheduling a Job to Run on System Load Drop Using batch"
  1. 24.4.1. Prerequisites for Batch Jobs
  2. 24.4.2. Scheduling a Batch Job
5. 24.5. Scheduling a Job to Run on Next Boot Using a systemd Unit File
6. 24.6. Additional Resources
25. Automatic Bug Reporting Tool [ABRT] Expand section "25. Automatic Bug Reporting Tool [ABRT]" Collapse section "25. Automatic Bug Reporting Tool [ABRT]"
1. 25.1. Introduction to ABRT
2. 25.2. Installing ABRT and Starting its Services Expand section "25.2. Installing ABRT and Starting its Services" Collapse section "25.2. Installing ABRT and Starting its Services"
  1. 25.2.1. Installing the ABRT GUI
  2. 25.2.2. Installing ABRT for the Command Line
  3. 25.2.3. Installing Supplementary ABRT Tools
  4. 25.2.4. Starting the ABRT Services
  5. 25.2.5. Testing ABRT Crash Detection
3. 25.3. Configuring ABRT Expand section "25.3. Configuring ABRT" Collapse section "25.3. Configuring ABRT"
  1. 25.3.1. Configuring Events
  2. 25.3.2. Creating Custom Events
  3. 25.3.3. Setting Up Automatic Reporting
4. 25.4. Detecting Software Problems Expand section "25.4. Detecting Software Problems" Collapse section "25.4. Detecting Software Problems"
  1. 25.4.1. Detecting C and C++ Crashes
  2. 25.4.2. Detecting Python Exceptions
  3. 25.4.3. Detecting Ruby Exceptions
  4. 25.4.4. Detecting Java Exceptions
  5. 25.4.5. Detecting X.Org Crashes
  6. 25.4.6. Detecting Kernel Oopses and Panics
5. 25.5. Handling Detected Problems Expand section "25.5. Handling Detected Problems" Collapse section "25.5. Handling Detected Problems"
  1. 25.5.1. Using the Command Line Tool
  2. 25.5.2. Using the GUI
6. 25.6. Additional Resources

VII. Kernel Customization with Bootloader Expand section "VII. Kernel Customization with Bootloader" Collapse section "VII. Kernel Customization with Bootloader"

26. Working with GRUB 2 Expand section "26. Working with GRUB 2" Collapse section "26. Working with GRUB 2"
1. 26.1. Introduction to GRUB 2
2. 26.2. Configuring GRUB 2
3. 26.3. Making Temporary Changes to a GRUB 2 Menu
4. 26.4. Making Persistent Changes to a GRUB 2 Menu Using the grubby Tool
5. 26.5. Customizing the GRUB 2 Configuration File Expand section "26.5. Customizing the GRUB 2 Configuration File" Collapse section "26.5. Customizing the GRUB 2 Configuration File"
  1. 26.5.1. Changing the Default Boot Entry
  2. 26.5.2. Editing a Menu Entry
  3. 26.5.3. Adding a new Entry
  4. 26.5.4. Creating a Custom Menu
6. 26.6. Protecting GRUB 2 with a Password
7. 26.7. Reinstalling GRUB 2 Expand section "26.7. Reinstalling GRUB 2" Collapse section "26.7. Reinstalling GRUB 2"
  1. 26.7.1. Reinstalling GRUB 2 on BIOS-Based Machines
  2. 26.7.2. Reinstalling GRUB 2 on UEFI-Based Machines
  3. 26.7.3. Resetting and Reinstalling GRUB 2
8. 26.8. Upgrading from GRUB Legacy to GRUB 2
9. 26.9. GRUB 2 over a Serial Console Expand section "26.9. GRUB 2 over a Serial Console" Collapse section "26.9. GRUB 2 over a Serial Console"
  1. 26.9.1. Configuring GRUB 2 for a single boot
  2. 26.9.2. Configuring GRUB 2 for a persistent change
  3. 26.9.3. Configuring a new GRUB 2 file
  4. 26.9.4. Using screen to Connect to the Serial Console
10. 26.10. Terminal Menu Editing During Boot Expand section "26.10. Terminal Menu Editing During Boot" Collapse section "26.10. Terminal Menu Editing During Boot"
  1. 26.10.1. Booting to Rescue Mode
  2. 26.10.2. Booting to Emergency Mode
  3. 26.10.3. Booting to the Debug Shell
  4. 26.10.4. Changing and Resetting the Root Password
11. 26.11. Unified Extensible Firmware Interface [UEFI] Secure Boot Expand section "26.11. Unified Extensible Firmware Interface [UEFI] Secure Boot" Collapse section "26.11. Unified Extensible Firmware Interface [UEFI] Secure Boot"
  1. 26.11.1. UEFI Secure Boot Support in Red Hat Enterprise Linux 7
12. 26.12. Additional Resources

VIII. System Backup and Recovery Expand section "VIII. System Backup and Recovery" Collapse section "VIII. System Backup and Recovery"

27. Relax-and-Recover [ReaR] Expand section "27. Relax-and-Recover [ReaR]" Collapse section "27. Relax-and-Recover [ReaR]"
1. 27.1. Basic ReaR Usage Expand section "27.1. Basic ReaR Usage" Collapse section "27.1. Basic ReaR Usage"
  1. 27.1.1. Installing ReaR
  2. 27.1.2. Configuring ReaR
  3. 27.1.3. Creating a Rescue System
  4. 27.1.4. Scheduling ReaR
  5. 27.1.5. Performing a System Rescue
2. 27.2. Integrating ReaR with Backup Software Expand section "27.2. Integrating ReaR with Backup Software" Collapse section "27.2. Integrating ReaR with Backup Software"
  1. 27.2.1. The Built-in Backup Method Expand section "27.2.1. The Built-in Backup Method" Collapse section "27.2.1. The Built-in Backup Method"
    1. 27.2.1.1. Configuring the Internal Backup Method
    2. 27.2.1.2. Creating a Backup Using the Internal Backup Method
  2. 27.2.2. Supported Backup Methods
  3. 27.2.3. Unsupported Backup Methods
  4. 27.2.4. Creating Multiple Backups
28. Choosing Suitable Red Hat Product
29. Red Hat Customer Portal Labs Relevant to System Administration
30. Revision History Expand section "30. Revision History" Collapse section "30. Revision History"
1. 30.1. Acknowledgments

Settings Close

Language: Language:
- 日本語
- 简体中文
- English
- Français
Format: Format:
- Multi-page
- Single-page
- PDF
- ePub

Language and Page Formatting Options

Language: Language:
- 日本語
- 简体中文
- English
- Français
Format: Format:
- Multi-page
- Single-page
- PDF
- ePub

Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Chapter 4. Managing Users and Groups

The control of users and groups is a core element of Red Hat Enterprise Linux system administration. This chapter explains how to add, manage, and delete users and groups in the graphical user interface and on the command line, and covers advanced topics, such as creating group directories.

4.1. Introduction to Users and Groups

While users can be either people [meaning accounts tied to physical users] or accounts that exist for specific applications to use, groups are logical expressions of organization, tying users together for a common purpose. Users within a group share the same permissions to read, write, or execute files owned by that group.

Each user is associated with a unique numerical identification number called a user ID [UID]. Likewise, each group is associated with a group ID [GID]. A user who creates a file is also the owner and group owner of that file. The file is assigned separate read, write, and execute permissions for the owner, the group, and everyone else. The file owner can be changed only by

passwd username

4, and access permissions can be changed by both the

passwd username

4 user and file owner.

Additionally, Red Hat Enterprise Linux supports access control lists [ACLs] for files and directories which allow permissions for specific users outside of the owner to be set. For more information about this feature, see Chapter 5, Access Control Lists.

Reserved User and Group IDs

Red Hat Enterprise Linux reserves user and group IDs below 1000 for system users and groups. By default, the User Manager does not display the system users. Reserved user and group IDs are documented in the setup package. To view the documentation, use this command:

cat /usr/share/doc/setup*/uidgid

The recommended practice is to assign IDs starting at 5,000 that were not already reserved, as the reserved range can increase in the future. To make the IDs assigned to new users by default start at 5,000, change the

passwd username

6 and

passwd username

7 directives in the

passwd username

8 file:

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

Note

For users created before you changed

passwd username

6 and

passwd username

7 directives, UIDs will still start at the default 1000.

Even with new user and group IDs beginning with 5,000, it is recommended not to raise IDs reserved by the system above 1000 to avoid conflict with systems that retain the 1000 limit.

4.1.1. User Private Groups

Red Hat Enterprise Linux uses a user private group [UPG] scheme, which makes UNIX groups easier to manage. A user private group is created whenever a new user is added to the system. It has the same name as the user for which it was created and that user is the only member of the user private group.

User private groups make it safe to set default permissions for a newly created file or directory, allowing both the user and the group of that user to make modifications to the file or directory.

The setting which determines what permissions are applied to a newly created file or directory is called a umask and is configured in the

juan:x:1001:1001::/home/juan:/bin/bash

1 file. Traditionally on UNIX-based systems, the

juan:x:1001:1001::/home/juan:/bin/bash

2 is set to

juan:x:1001:1001::/home/juan:/bin/bash

3, which allows only the user who created the file or directory to make modifications. Under this scheme, all other users, including members of the creator’s group, are not allowed to make any modifications. However, under the UPG scheme, this "group protection" is not necessary since every user has their own private group. See Section 4.3.5, “Setting Default Permissions for New Files Using

juan:x:1001:1001::/home/juan:/bin/bash

2” for more information.

A list of all groups is stored in the

juan:x:1001:1001::/home/juan:/bin/bash

5 configuration file.

4.1.2. Shadow Passwords

In environments with multiple users, it is very important to use shadow passwords provided by the shadow-utils package to enhance the security of system authentication files. For this reason, the installation program enables shadow passwords by default.

The following is a list of the advantages shadow passwords have over the traditional way of storing passwords on UNIX-based systems:

Shadow passwords improve system security by moving encrypted password hashes from the world-readable
```
juan:x:1001:1001::/home/juan:/bin/bash
```
6 file to
```
juan:x:1001:1001::/home/juan:/bin/bash
```
7, which is readable only by the
```
passwd username
```
4 user.
Shadow passwords store information about password aging.
Shadow passwords allow to enforce some of the security policies set in the
```
passwd username
```
8 file.

Most utilities provided by the shadow-utils package work properly whether or not shadow passwords are enabled. However, since password aging information is stored exclusively in the

juan:x:1001:1001::/home/juan:/bin/bash

7 file, some utilities and commands do not work without first enabling shadow passwords:

The
```
juan:!!:14798:0:99999:7:::
```
1 utility for setting password aging parameters. For details, see the Password Security section in the Red Hat Enterprise Linux 7 Security Guide.

The

juan:!!:14798:0:99999:7:::

2 utility for administrating the

juan:x:1001:1001::/home/juan:/bin/bash

5 file.

The

juan:!!:14798:0:99999:7:::

4 command with the

juan:!!:14798:0:99999:7:::

5 or

juan:!!:14798:0:99999:7:::

6 option.

The

juan:!!:14798:0:99999:7:::

7 command with the

juan:!!:14798:0:99999:7:::

5 or

juan:!!:14798:0:99999:7:::

6 option.

4.2. Managing Users in a Graphical Environment

The Users utility allows you to view, modify, add, and delete local users in the graphical user interface.

4.2.1. Using the Users Settings Tool

Press the Super key to enter the Activities Overview, type

juan:x:1001:

0 and then press Enter. The Users settings tool appears. The Super key appears in a variety of guises, depending on the keyboard and other hardware, but often as either the Windows or Command key, and typically to the left of the Space bar. Alternatively, you can open the Users utility from the Settings menu after clicking your user name in the top right corner of the screen.

To make changes to the user accounts, first select the Unlock button and authenticate yourself as indicated by the dialog box that appears. Note that unless you have superuser privileges, the application will prompt you to authenticate as

passwd username

4. To add and remove users, select the + and - button respectively. To add a user to the administrative group

juan:x:1001:

2, change the Account Type from

juan:x:1001:

3 to

juan:x:1001:

4. To edit a user’s language setting, select the language and a drop-down menu appears.

Figure 4.1. The Users Settings Tool

When a new user is created, the account is disabled until a password is set. The Password drop-down menu, shown in Figure 4.2, “The Password Menu”, contains the options to set a password by the administrator immediately, choose a password by the user at the first login, or create a guest account with no password required to log in. You can also disable or enable an account from this menu.

Figure 4.2. The Password Menu

4.3. Using Command-Line Tools

Apart from the Users settings tool described in Section 4.2, “Managing Users in a Graphical Environment”, which is designed for basic managing of users, you can use command line tools for managing users and groups that are listed in Table 4.1, “Command line utilities for managing users and groups”.

Table 4.1. Command line utilities for managing users and groups

UtilitiesDescription

juan:x:1001:

Displays user and group IDs.

juan:!!:14798:0:99999:7:::

juan:!!:14798:0:99999:7:::

juan:x:1001:

Standard utilities for adding, modifying, and deleting user accounts.

juan:x:1001:

juan:!::

juan:!::

Standard utilities for adding, modifying, and deleting groups.

juan:!!:14798:0:99999:7:::

Utility primarily used for modification of group password in the

juan:!::

3 file which is used by the

juan:!::

4 command.

juan:!::

juan:!::

Utilities that can be used for verification of the password, group, and associated shadow files.

juan:!::

juan:!::

Utilities that can be used for the conversion of passwords to shadow passwords, or back from shadow passwords to standard passwords.

juan:!::

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

Similar to the previous, these utilities can be used for conversion of shadowed information for group accounts.

4.3.1. Adding a New User

To add a new user to the system, type the following at a shell prompt as

passwd username

useradd options username

…where options are command-line options as described in Table 4.2, “Common useradd command-line options”.

By default, the

juan:!!:14798:0:99999:7:::

7 command creates a locked user account. To unlock the account, run the following command as

passwd username

4 to assign a password:

passwd username

Optionally, you can set a password aging policy. See the Password Security section in the Red Hat Enterprise Linux 7 Security Guide.

Table 4.2. Common useradd command-line options

Option

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

4 'comment'

comment can be replaced with any string. This option is generally used to specify the full name of a user.

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

5 home_directory

Home directory to be used instead of default

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

7 date

Date for the account to be disabled in the format YYYY-MM-DD.

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

8 days

Number of days after the password expires until the account is disabled. If

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

9 is specified, the account is disabled immediately after the password expires. If

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

0 is specified, the account is not disabled after the password expires.

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

1 group_name

Group name or group number for the user’s default [primary] group. The group must exist prior to being specified here.

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

2 group_list

List of additional [supplementary, other than default] group names or group numbers, separated by commas, of which the user is a member. The groups must exist prior to being specified here.

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

Create the home directory if it does not exist.

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

Do not create the home directory.

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

Do not create a user private group for the user.

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

6 password

The password encrypted with

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

Create a system account with a UID less than 1000 and without a home directory.

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

User’s login shell, which defaults to

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

00.

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

01 uid

User ID for the user, which must be unique and greater than 999.

Important

The default range of IDs for system and normal users has been changed in Red Hat Enterprise Linux 7 from earlier releases. Previously, UID 1-499 was used for system users and values above for normal users. The default range for system users is now 1-999. This change might cause problems when migrating to Red Hat Enterprise Linux 7 with existing users having UIDs and GIDs between 500 and 999. The default ranges of UID and GID can be changed in the

passwd username

8 file.

Explaining the Process

The following steps illustrate what happens if the command

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

03 is issued on a system that has shadow passwords enabled:

A new line for

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04 is created in

juan:x:1001:1001::/home/juan:/bin/bash

juan:x:1001:1001::/home/juan:/bin/bash

The line has the following characteristics:

It begins with the user name

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04.

There is an

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

07 for the password field indicating that the system is using shadow passwords.

A UID greater than 999 is created. Under Red Hat Enterprise Linux 7, UIDs below 1000 are reserved for system use and should not be assigned to users.
A GID greater than 999 is created. Under Red Hat Enterprise Linux 7, GIDs below 1000 are reserved for system use and should not be assigned to users.
The optional GECOS information is left blank. The GECOS field can be used to provide additional information about the user, such as their full name or phone number.

The home directory for

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04 is set to

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

09.

The default shell is set to

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

00.

A new line for

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04 is created in

juan:x:1001:1001::/home/juan:/bin/bash

juan:!!:14798:0:99999:7:::

The line has the following characteristics:

It begins with the user name

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04.

Two exclamation marks [

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

14] appear in the password field of the

juan:x:1001:1001::/home/juan:/bin/bash

7 file, which locks the account.

Note

If an encrypted password is passed using the

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

6 flag, it is placed in the

juan:x:1001:1001::/home/juan:/bin/bash

7 file on the new line for the user.

The password is set to never expire.

A new line for a group named

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04 is created in

juan:x:1001:1001::/home/juan:/bin/bash

juan:x:1001:

A group with the same name as a user is called a user private group. For more information on user private groups, see Section 4.1.1, “User Private Groups”.

The line created in

juan:x:1001:1001::/home/juan:/bin/bash

5 has the following characteristics:

It begins with the group name

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04.

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

07 appears in the password field indicating that the system is using shadow group passwords.

The GID matches the one listed for

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04's primary group in

juan:x:1001:1001::/home/juan:/bin/bash

A new line for a group named

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04 is created in

juan:!::

juan:!::

The line has the following characteristics:

It begins with the group name

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04.

An exclamation mark [

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

28] appears in the password field of the

juan:!::

3 file, which locks the group.

All other fields are blank.

A directory for user

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04 is created in the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

31 directory:

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

This directory is owned by user

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04 and group

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04. It has read, write, and execute privileges only for the user

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04. All other permissions are denied.

The files within the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

35 directory [which contain default user settings] are copied into the new

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

09 directory:

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

At this point, a locked account called

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

04 exists on the system. To activate it, the administrator must next assign a password to the account using the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

38 command and, optionally, set password aging guidelines [see the Password Security section in the Red Hat Enterprise Linux 7 Security Guide for details].

4.3.2. Adding a New Group

To add a new group to the system, type the following at a shell prompt as

passwd username

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

…where options are command-line options as described in Table 4.3, “Common groupadd command-line options”.

Table 4.3. Common groupadd command-line options

OptionDescription

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

When used with

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

1 gid and gid already exists,

juan:x:1001:

9 will choose another unique gid for the group.

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

1 gid

Group ID for the group, which must be unique and greater than 999.

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

45,

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

46 key=value

Override

passwd username

8 defaults.

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

48,

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

Allows creating groups with duplicate GID.

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

51 password

Use this encrypted password for the new group.

~]# ls -la /home/juan
total 28
drwx------. 4 juan juan 4096 Mar 3 18:23 .
drwxr-xr-x. 5 root root 4096 Mar 3 18:23 ..
-rw-r--r--. 1 juan juan  18 Jun 22 2010 .bash_logout
-rw-r--r--. 1 juan juan 176 Jun 22 2010 .bash_profile
-rw-r--r--. 1 juan juan 124 Jun 22 2010 .bashrc
drwxr-xr-x. 4 juan juan 4096 Nov 23 15:09 .mozilla

Create a system group with a GID less than 1000.

4.3.3. Adding an Existing User to an Existing Group

Use the

juan:!!:14798:0:99999:7:::

4 utility to add an already existing user to an already existing group.

Various options of

juan:!!:14798:0:99999:7:::

4 have different impact on user’s primary group and on his or her supplementary groups.

To override user’s primary group, run the following command as

passwd username

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

To override user’s supplementary groups, run the following command as

passwd username

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

Note that in this case all previous supplementary groups of the user are replaced by the new group or several new groups.

To add one or more groups to user’s supplementary groups, run one of the following commands as

passwd username

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

Note that in this case the new group is added to user’s current supplementary groups.

4.3.4. Creating Group Directories

System administrators usually like to create a group for each major project and assign people to the group when they need to access that project’s files. With this traditional scheme, file management is difficult; when someone creates a file, it is associated with the primary group to which they belong. When a single person works on multiple projects, it becomes difficult to associate the right files with the right group. However, with the UPG scheme, groups are automatically assigned to files created within a directory with the setgid bit set. The setgid bit makes managing group projects that share a common directory very simple because any files a user creates within the directory are owned by the group that owns the directory.

For example, a group of people need to work on files in the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

58 directory. Some people are trusted to modify the contents of this directory, but not everyone.

passwd username

4, create the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

58 directory by typing the following at a shell prompt:

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

Add the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

61 group to the system:

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

Associate the contents of the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

58 directory with the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

61 group:

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

Allow users in the group to create files within the directory and set the setgid bit:

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

At this point, all members of the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

61 group can create and edit files in the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

58 directory without the administrator having to change file permissions every time users write new files. To verify that the permissions have been set correctly, run the following command:

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

Add users to the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

61 group:

useradd options username

4.3.5. Setting Default Permissions for New Files Using

juan:x:1001:1001::/home/juan:/bin/bash

When a process creates a file, the file has certain default permissions, for example,

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

68. These initial permissions are partially defined by the file mode creation mask, also called file permission mask or umask. Every process has its own umask, for example, bash has umask

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

69 by default. Process umask can be changed.

What umask consists of

A umask consists of bits corresponding to standard file permissions. For example, for umask

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

70, the digits mean that:

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

9 = no meaning, it is always

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

9 [umask does not affect special bits]

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

73 = for owner permissions, the execute bit is set

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

74 = for group permissions, the execute and write bits are set

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

75 = for others permissions, the execute, write, and read bits are set

Umasks can be represented in binary, octal, or symbolic notation. For example, the octal representation

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

70 equals symbolic representation

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

77. Symbolic notation specification is the reverse of the octal notation specification: it shows the allowed permissions, not the prohibited permissions.

How umask works

Umask prohibits permissions from being set for a file:

When a bit is set in umask, it is unset in the file.
When a bit is not set in umask, it can be set in the file, depending on other factors.

The following figure shows how umask

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

70 affects creating a new file.

Figure 4.3. Applying umask when creating a file

Important

For security reasons, a regular file cannot have execute permissions by default. Therefore, even if umask is

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

79, which does not prohibit any permissions, a new regular file still does not have execute permissions. However, directories can be created with execute permissions:

useradd options username

4.3.5.1. Managing umask in Shells

For popular shells, such as

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

80,

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

81,

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

82 and

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

83, umask is managed using the

juan:x:1001:1001::/home/juan:/bin/bash

2 shell

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

85. Processes started from shell inherit its umask.

Displaying the current mask

To show the current umask in octal notation:

useradd options username

To show the current umask in symbolic notation:

useradd options username

3Setting mask in shell using umask

To set umask for the current shell session using octal notation run:

useradd options username

Substitute octal_mask with four or less digits from

~]# ls -ld /home/juan
drwx------. 4 juan juan 4096 Mar 3 18:23 /home/juan

9 to

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

75. When three or less digits are provided, permissions are set as if the command contained leading zeros. For example, umask

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

75 translates to

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

89.

Example 4.1. Setting umask Using Octal Notation

To prohibit new files from having write and execute permissions for owner and group, and from having any permissions for others:

useradd options username

Or simply:

useradd options username

To set umask for the current shell session using symbolic notation:

useradd options username

Example 4.2. Setting umask Using Symbolic Notation

To set umask

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

90 using symbolic notation:

useradd options username

Working with the default shell umask

Shells usually have a configuration file where their default umask is set. For

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

80, it is

juan:x:1001:1001::/home/juan:/bin/bash

1. To show the default

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

80 umask:

useradd options username

The output shows if umask is set, either using the

juan:x:1001:1001::/home/juan:/bin/bash

2 command or the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

95 variable. In the following example, umask is set to

juan:x:1001:1001::/home/juan:/bin/bash

3 using the

juan:x:1001:1001::/home/juan:/bin/bash

2 command:

passwd username

To change the default umask for

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

80, change the

juan:x:1001:1001::/home/juan:/bin/bash

2 command call or the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

95 variable assignment in

juan:x:1001:1001::/home/juan:/bin/bash

1. This example changes the default umask to

useradd options username

02:

passwd username

1Working with the default shell umask of a specific user

By default,

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

80 umask of a new user defaults to the one defined in

juan:x:1001:1001::/home/juan:/bin/bash

To change

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

80 umaskfor a particular user, add a call to the

juan:x:1001:1001::/home/juan:/bin/bash

2 command in

useradd options username

07 file of that user. For example, to change

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

80 umask of user

useradd options username

09 to

useradd options username

02:

passwd username

2Setting default permissions for newly created home directories

To change permissions with which user home directories are created, change the

[file contents truncated]
UID_MIN         5000
[file contents truncated]
GID_MIN         5000
[file contents truncated]

95 variable in the

passwd username

8 file:

passwd username

4.4. Additional Resources

For more information on how to manage users and groups on Red Hat Enterprise Linux, see the resources listed below.

Installed Documentation

For information about various utilities for managing users and groups, see the following manual pages:

What is used to specify a group ID?

-g, –gid GID : This option is used to provide a group id [numeric] to the new group, and it should be non-negative and unique unless explicitly created to be non-unique [using -o option]. If this option is not used, the default id is assigned, which is greater than every other group already present.

What commands would grant additional users access to use the sudo command quizlet?

You need to add an administrator to the /etc/sudoers file to give them the ability to use the sudo command.

Where should administrators set system wide variables on a Linux system rather than editing the etc profile file directly?

d/ directory serves as a storage location for scripts administrators may use to set additional system-wide variables. It is recommended you set the environment variables via scripts contained in /etc/profile. d/ rather than editing the /etc/profile file directly.

What command can an administrator use to change the password of an existing user account in quizlet?

Chmod [Change Mode] allows the user to change the access [mode] of a file to read, write, execute, or a combination of those permissions. The passwd [password] command is used to change a Linux user's password. The chown [Change Owner] command is used to modify the file owner or group owner assignment.

Language and Page Formatting Options

Red Hat Training

4.1. Introduction to Users and Groups

Reserved User and Group IDs

4.1.1. User Private Groups

4.1.2. Shadow Passwords

4.2. Managing Users in a Graphical Environment

4.2.1. Using the Users Settings Tool

4.3. Using Command-Line Tools

4.3.1. Adding a New User

4.3.2. Adding a New Group

4.3.3. Adding an Existing User to an Existing Group

4.3.4. Creating Group Directories

4.3.5. Setting Default Permissions for New Files Using juan:x:1001:1001::/home/juan:/bin/bash2

4.3.5.1. Managing umask in Shells

4.4. Additional Resources

Installed Documentation

What is used to specify a group ID?

What commands would grant additional users access to use the sudo command quizlet?

Where should administrators set system wide variables on a Linux system rather than editing the etc profile file directly?

What command can an administrator use to change the password of an existing user account in quizlet?

Bài Viết Liên Quan

Toplist mới

Bài mới nhất

Chủ Đề

4.3.5. Setting Default Permissions for New Files Using
juan:x:1001:1001::/home/juan:/bin/bash
2