Security - Control who can access what

Concept: Principle of Least Privilege

Linux OS's based off of Unix (50+ Years Old!)

​

​Why Accounts

UID: User ID
GID: Group ID

Every user has a UID and PRIMARY GID

Groups can have 1 or many users

Users can be in 1 or many groups

​

​Identifiers

Root UID is 0 - SUPERUSER!

Standard User ID's > 1000
- Have defined home directory (usually subdirectory of /home)
- Defined login shell (default Bash in /bin/bash)

​

​Types of Linux User Accounts

Typically pre-created at system/services installation

Used by facilities/programs/services that don't require SU

-No dedicated home directory
-No valid login shell

​

​System & Service Accounts

Command: id

​Shows UID and name, primary GID and name and additional groups

​Get Information About Users

Command: chsh
-Some users need to boot into shell
-Default is BASH (bourne again shell, what you've been learning)
-Can define different default shell using chsh
-Try change your shell to /usr/bin/zsh (zshell)

​

​Change default shell.

Command: last
Shows when users last logged into the system

Command: lastb
Shows last BAD attempts to login

​

​When did users log in?

Commands who and w differ slightly

Think of effectiveness as a server admin

​Currently Active?

• su - switches to root (needs root password) or su user switches user

• sudo runs individual commands as root

​Switching Users and Privilege Escalation

• /etc/passwd: User info

• /etc/shadow: Password hashes

• /etc/group: Group info

• /etc/sudoers: Sudo permissions

​

​Access Control Files

• /etc/shadow stores one-way password hashes

• Hashes are salted and not reversible

​

​Password Hashing

​Review

-Accounts are used for security
-UID and GID numbers define users and groups (user IDs > 1000)
-Root is account 0
-Typically standard users have a home directory, system and service accounts do not
-Command id shows user information
-last shows the last time users logged in
-who and w show active users
-su switch user to root/another user
-sudo inline privilege escalation
-etc passwd, shadow, group, sudoers directories have user information
-shadow has user passwords hashed