Managing users and user logins on Solaris 10
ByManaging users and user logins
We are tasked to create 5 user accounts with special permissions, groups and a shared folder for the group.
First we need to create a new group.
#groupadd –g 101 mindframes
Now we can create the users and add them to the new group.We will be using the 4000 group id for the new users.
bash-3.00# useradd -u 4001 -g mindframes -d /export/home/Bmind -m -s /bin/sh –c “Bit Mind” Bmind
64 blocks
bash-3.00# passwd Bmind
New Password:
Re-enter new Password:
passwd: password successfully changed for Bmind
We will use the same command to create the following users for the mindframes group:
Breal
Ilobo
Msimms
Kleon
all passwords are set to password.
To set password aging to the accounts we will edit the shadow file found in /etc/
Bmind:mfX/BwHM1XeQs:14154:3:14:2:::
The minimum number of days a password is valid before a user must change is set to 3
The maximum time a password is valid is 14 days
The days before the user is warned about password expiry is set to 2 days
The syntax we use is in the form:
username:password:lastchg:min:max:warn:inactive:expire
We will create a public folder for the group to share called braindump. Because it is a shared directory we need to also set permissions on the folder so only the owner of the files can delete them, this will prevent anyone else from deleting a users files.
#mkdir braindump | chmod 1777 braindump
We will use the sticky bit to chmod the directory so only the owner of files can delete them.
Next we want to secure the server from attempt to login as root.
We will create a loginlog file under /var/adm/
#touch /var/adm/loginlog
#chmod 600 /var/adm/loginlog
#chgrp sys /var/adm/loginlog
Attempts to login as root are logged to /var/default/su
To display the attempts via the console we edit the su file in vi and uncomment the following line:
CONSOLE=/dev/console
Tags: ip, study, cisco, router, switch, 802.1q
