< Day Day Up > |
We have mentioned users previously, but in this section we will examine how the sysadmin can manage the users. Users must be created, assigned a UID, provided a home directory, provided an initial set of files for their home directory, and assigned to groups so that they may use the system resources securely and efficiently. The system administrator might elect to restrict a user's access not only to files, but to the amount of disk space they use as well. (You learn more about that in the "Managing Disk Quotas" section in Chapter 7, "Managing Software and System Resources.") User Management ToolsFedora provides several command-line tools for managing users as well as graphical tools. Many experienced sysadmins prefer the command-line tools because they are quick and easy to use and they can be included in scripts if the sysadmin desires to script a repetitive task. Here are the most commonly used commands used to manage users:
Adding New UsersThe command-line approach to adding this user is actually quite simple and can be accomplished on a single line. In the example shown here, the sysadmin will use the useradd command to add the new user bernice. The command adduser (a variant found on some Unix systems) is a symbolic link to useradd, so both commands work the same. In this example, we use the -p option to set the password the user requested; we use the -s to set his special shell, and the -u option to specify his UID. (If we created a user with the default settings, we would not need to use these options.) All we want to do can be accomplished on one line: # useradd bernice -p sTitcher -s /bin/zsh -u 507 The sysadmin can also use the graphical interface that Fedora provides, as shown in Figure 13.2. It is accessed as the Users and Groups item from the System Settings menu item. Here, the sysadmin is adding a new user to the system where user bernice uses the bash command shell. Figure 13.2. Adding a new user is simple. The GUI provides a more complete set of commands for user management than for group management.These are the steps we used to add the same account as shown in the preceding command, but using the graphical User Manager interface:
Note that the user is being manually assigned the UID of 549 because that is her UID on another system machine that will be connected to this machine. Because the system only knows her as 549 and not as bernice, the two machines would not recognize bernice as the same user if two different UIDs were assigned. NOTE A Linux username can be any alphanumeric combination that does not begin with a special character reserved for shell script use (see Chapter 14 for disallowed characters, mostly punctuation characters). In Chapter 5, we told you that usernames are typically the user's first name plus the first initial of her last name. That is a common practice on larger systems with many users because it makes life simpler for the sysadmin, but is not a rule nor a requirement. Monitoring User Activity on the SystemMonitoring user activity is part of the sysadmin's duties and an essential task in tracking how system resources are being used. The w command will tell the sysadmin who is logged in, where he is logged in, and what he is doing. No one is able to hide from the superuser. The w command can be followed by a specific user's name to show only that user. The ac command provides information about the total connect time of a user measured in hours. It accesses the /var/log/wtmp file for the source of its information. TIP Interestingly, a phenomenon known as "timewarp" can occur in which an entry in the wtmp files jumps back into the past and ac will show unusual amounts of time accounted for users. Although this can be attributed to some innocuous factors having to do with the system clock, it is worthy of investigation by the sysadmin since it can also be the result of a security breach. The ac command is most useful in shell scripts to generate reports on operating system usage for management review. The last command searches through the /var/log/wtmp file and will list all the users logged in and out since that file was first created. The user reboot exists so that you might know who has logged in since the last reboot. A companion to last is the command lastb, which shows all failed, or bad, logins. It is useful for determining if a legitimate user is having trouble or if a hacker is attempting access. NOTE The accounting system on your computer keeps track of usage user statistics and is kept in the current /var/log/wtmp file. That file is managed by the init and login processes. If you want to explore the depths of the accounting system, use the GNU info system: info accounting. |
< Day Day Up > |