Intermediate System Administration for the Solaris 10 Student Guide phần 7 docx

Exercise: Adding User Accounts and Group Entries Level 1Exercise: Adding User Accounts and Group Entries Level 1 In this exercise, you use the Solaris Management Console, as well as the

Trang 1

Managing User Accounts

The following example changes the login name and home directory for

newuser1tousera

# usermod -m -d /export/home/usera -l usera newuser1

The smuser modify Command Format and Options

The following is the command format for the smuser modifycommand:

smuser modify [auth_args] [subcommand_args]

In general, the options for the smuser modifycommand function thesame as for the smuser addcommand Refer to thesmuser(1M)manpage for additional options

Table 10-8 shows the options for the smuser modifycommand

The following example changes the login name and home directory for

newuser2touserb

# /usr/sadm/bin/smuser modify -n newuser2 -N userb -d

/export/home/userb

Authenticating as user: root

Type /? for help, pressing <enter> accepts the default denoted by [ ]

Please enter a string value for: password :: Enter_The_root_Password

Loading Tool: com.sun.admin.usermgr.cli.user.UserMgrCli from sys-02

Login to sys-02 as user root was successful

-e expire Sets an expiration date on the user account

Specifies the date (mm/dd/yy) on which a user can

no longer log in and access the account After thatdate, the account is locked

loginname Identifies the user’s login name for the current

user account

Table 10-7 Key Options for theusermodCommand (Continued)

Table 10-8 Options for thesmuser modifyCommand

Option Definition

-nlogin Specifies the user’s login name

-N login Specifies the user’s new login name

Trang 2

10-22 Intermediate System Administration for the Solaris™ 10 Operating System

Deleting a User Account

Use theuserdelcommand or smuser deletecommand to delete auser’s login account from the system

The following is the command format for the userdelcommand:

userdel -r login

Theuserdelcommand also removes the user’s home directory and all ofits contents if you request it to do so Use the-roption to remove theuser’s home directory from the local file system This directory must exist

The following example removes the login account for a user named

Note – This command does not remove all files owned by the user, just

the home directory The system administrator should run a find

command to locate all files owned by the user to be backed up orremoved

The smuser delete Command Format and Options

The following is the command format for the smuser deletecommand:

smuser delete [auth_args] [subcommand_args]

The following example removes theuserbaccount from the system:

# /usr/sadm/bin/smuser delete -n userb

Loading Tool: com.sun.admin.usermgr.cli.user.UserMgrCli from sys-02

Login to sys-02 as user root was successful

Download of com.sun.admin.usermgr.cli.user.UserMgrCli from sys-02 wassuccessful

Trang 3

Note – Unlike theuserdelcommand, thesmuser deletecommand has

no -requivalent option for deleting the home directory The user’shome

directory must be deleted manually

Creating a Group Entry

As the rootuser, you create new group entries on the local system byusing the groupaddorsmgroup addcommand These commands add anentry for the new group into the /etc/groupfile Like the smuser

command, thesmgroup addcommand uses the same subcommands andauthentication arguments derived from the Solaris Management Console

The groupadd Command Format and Options

The following is the command format for the groupaddcommand:

groupadd [ -g gid [ -o ] ] groupname

Table 10-9 shows the options for the groupaddcommand

The following example uses the groupaddcommand to create the newgroup class1on the local system:

# groupadd -g 301 class1

The smgroup add Command Format and Options

The following is the command format for the smgroup addcommand:

/usr/sadm/bin/smgroup subcommand [auth_args] [subcommand_args]

Table 10-9 Options for thegroupaddCommand

Option Description

-ggid Assigns the GID number for the new group

Trang 4

Table 10-10 shows the options for thesmgroup addcommand

The following example uses thesmgroup addcommand to create a newgroup calledworkgroupwith a GID of123, and to adduserato thegroup:

# /usr/sadm/bin/smgroup add -n workgroup -g 123 -m usera

Loading Tool: com.sun.admin.usermgr.cli.group.UserMgrGroupCli from sys-02Login to sys-02 as user root was successful

Download of com.sun.admin.usermgr.cli.group.UserMgrGroupCli from sys-02was successful

Modifying a Group Entry

You can use the following commands to modify a group entry:

● The groupmodcommand

● The smgroup modifycommand

The groupmod Command Format and Options

The following is the command format for the groupmodcommand:

groupmod [ -g gid [ -o ] ] [ -n name ] groupname

Table 10-10 Options for thesmgroup addCommand

-mgroup_member Specifies the new members to add to the group

-ngroup_name Specifies the name of the new group

Trang 5

Table 10-11 defines the options for the groupmodcommand:

The following example changes theclass1account group GID number to

400:

# groupmod -g 400 class1

The smgroup modify Command Format and Options

The following is the command format for the smgroup modifycommand:

Table 10-12 shows the options for the smgroup modifycommand

The following example changes the group workgrouptoschoolgroup:

# /usr/sadm/bin/smgroup modify -n workgroup -N schoolgroup

Table 10-11 Options for thegroupmodCommand

Options Description

-nname Specifies the new name for the group

Table 10-12 Options for thesmgroup modify Command

-n name Specifies the name of the group you want to

modify

-m new_member Specifies the new members to add to the group

-N new_group Specifies the new group name

Trang 6

Deleting a Group Entry

Use thegroupdelorsmgroup deletecommands to delete a group entryfrom the/etc/groupfile on the system

The groupdel Command Format

The following is the command format for the groupdelcommand:

groupdel groupname

The following example removes the group entryclass1from the localsystem:

# groupdel class1

The smgroup delete Command Format and Options

The following is the command format for thesmgroup deletecommand:

You can use the -n group_nameoption with the smgroup delete

command to specify the name of the group you want to delete

The following example deletes the group entryschoolgroupfrom thelocal system:

# /usr/sadm/bin/smgroup delete -n schoolgroup

Trang 7

Managing User AccountsUsing the Solaris Management Console Users Tool

The Solaris Management Console Users Tool is a graphical user interface(GUI) that provides access to Solaris OS system administration tools Youcan use it for adding, removing, and modifying user and group entries.The following sections contain a demonstration

Start the Solaris Management Console by typing smc&on the commandline or by clicking the SMC icon under the Tools submenu After the

“Welcome to Solaris Management Console” message appears, click ThisComputer to open the Solaris Management Console window See

Figure 10-2

Figure 10-2 Solaris Management Console Window

Adding a User Account

The default method of adding a user account through Solaris

Management Console is to add the user account with the user’s homedirectory automounted The following steps demonstrate how to build auser template that adds the user account with the user’s directory underthe /export/homedirectory

To add a user account, perform the following steps:

1 Click This Computer in the Navigation pane to display the systemmanagement tools

Trang 8

2 Click System Configuration to display the tool for setting up a newuser account

3 Click Users and enter the user name and password to be used forauthentication if prompted to do so by Solaris Management Console

4 Double-click User Templates to access the tool to create and manageuser templates

5 From the Menu Bar, select Add User Template from the Action list.Figure 10-3 shows the Add User Template window

Figure 10-3 Add User Template Window

6 TypeSA200userin the User Template Name field You can provide

an optional description if you would like

Trang 9

7 Click the Home Directory tab Type your system name in the HomeDirectory Server field Uncheck the check box labeled AutomaticallyMount Home Directory

Figure 10-4 shows the Add User Template window with the HomeDirectory Information completed

Figure 10-4 Add User Template Window (Home Directory Tab)

Trang 10

8 Click OK, and the Solaris Management Console (User Templates)window, as shown in Figure 10-5, reappears with the SA200user

template in the View pane

Figure 10-5 Management Tools: Solaris Management Console Window –

User Templates

Trang 11

9 Click User Accounts from the Navigation pane, and a list of useraccounts on the system appears in the View pane See Figure 10-6

Figure 10-6 Management Tools: Solaris Management Console Window –

User Accounts

Trang 12

10 From the Menu Bar, select Action Then select Add User, and thenselect From Template The Add User From Template windowappears See Figure 10-7

Figure 10-7 Add User From Template Window

Because you only have one template created, it is the default templateavailable from the User Template pull-down list

11 In the field beside User Name, enter the login ID of the user youwant to create A full name and description are optional

12 Click the button User Must Use and fill in the password andconfirmation fields with the password123pass

13 Click OK and the Solaris Management Console (User Accounts)window reappears with the user account you just created in theView pane

Trang 13

14 Double-click the user account you just created The User Propertieswindow appears, as shown in Figure 10-8 You can view and modifythe properties of that user account

Figure 10-8 User Properties Window

15 Click the Group tab

Trang 14

The screen changes to reveal a list of groups Figure 10-9 shows theinformation under the Group tab, including the primary group towhich the user belongs and a list of available groups

Figure 10-9 User Properties Window – Adding Groups

16 You can click a group listed under Available Groups, then click Add,and the group moves into the Member Of column

17 Add the groups to which you want the user to belong, and then clickOK

Trang 15

Deleting a User Account

Figure 10-10 shows the initial steps you take to remove a user accountfrom the system

Figure 10-10 Management Tools: Solaris Management Console Window –

Deleting a User Account Window

1 Highlight the user account in the User Accounts window

2 From the Menu Bar, click Edit Select Delete from the Edit menu.Figure 10-11 shows the warning window that appears asking you toverify that you want to delete the user account

Figure 10-11 Warning: Delete User

This window also contains options to remove the user’s home

directory and to remove the user’s mailbox

3 Check the appropriate boxes, and then click Delete The user account

is deleted

Trang 16

Troubleshooting Login Issues

Some of the most common problems you might encounter as a systemadministrator are user login problems There are two categories of loginproblems: login problems when the user logs in at the command line andlogin problems when the user logs in from the Common Desktop

Environment (CDE)

The CDE uses more configuration files, so there are more potentialproblems associated with logging in from the CDE When youtroubleshoot a login problem, first determine whether you can log in fromthe command line Attempt to log in from another system by using eitherthetelnetcommand or the rlogincommand, or click Options from theCDE login panel and select Command Line Login If you can log insuccessfully at the command line, then the problem is with the CDEconfiguration files If you cannot log in at the command line, then theproblem is more serious and involves key configuration files

Login Problems at the Command Line

Table 10-13 presents an overview of common login problems that occurwhen the user logs in at the command line

Table 10-13 Login Problems at the Command Line Login Problem Description

Login incorrect This message occurs when there are problems with

the login information The most common cause of

an incorrect login message is a mistyped password.Make sure the that correct password is being used,and then attempt to enter it again Remember thatpasswords are case-sensitive, so you cannot

interchange uppercase letters and lowercase letters

In the same way, the letter “o” is notinterchangeable with the numeral “0” nor is theletter “l” interchangeable with the numeral “1.”

Permissiondenied

This message occurs when there are login,password, or NIS+ security problems Most often,

an administrator has locked the user’s password orthe user’s account has been terminated

Trang 17

Login Problem Description

No shell This message occurs when the user’s shell does not

exist, is typed incorrectly, or is wrong in the

or is missing, or the home directory exists on amount point that is currently unavailable

Couldn’t fork a

process!

This message occurs then the server could not fork

a child process during login The most commoncause of this message is that the system has reachedits maximum number of processes You can eitherkill some unneeded processes (if you are alreadylogged into that system asroot) or increase thenumber of processes your system can handle

Table 10-13 Login Problems at the Command Line (Continued)

Trang 18

Login Problems in the CDE

Problems associated with logging into the CDE range from a user beingunable to login (and returning to the CDE login screen), to the customenvironment not loading properly In general, the system does not returnerror messages to the user from the CDE The following is a list of filesand directories that provide troubleshooting information about the CDE:

● DTSOURCEPROFILE=true

This line allows the user’s$HOME/.loginfile (for cshusers) or the

$HOME/.profile(for other shell users) to be sourced as part of thestartup process

Sometimes a loginor.profilefile contains problem commandsthat cause the shell to crash If the.dtprofilefile is set to source a.loginor profilefile that has problem commands, desktop startupmight fail

Consequently, no desktop appears Instead, the system redisplaysthe Solaris OS CDE login screen Startup errors from the loginor.profilefile are usually noted in the$HOME/.dt/startlogfile Use

a Failsafe login Session or a command-line login to debug problemcommands in the loginor profilefiles

Trang 19

● $HOME/.dt/sessions

This directory structure contains files and directories that configurethe display of the user’s custom desktop and determine the

applications that start when the user logs in Look for recent changes

to files and for changes to the directory structure For example,examine thehomedirectory and the home.olddirectory or a

currentdirectory and thecurrent.olddirectory Compare thechanges The changes could provide information on a newapplication or on changes in the saved desktop that cause the user’slogin to fail

● $HOME/.dt

Upon removing the entire.dtdirectory structure, log out, and logback in again for the system to rebuild a default.dtfile structure.This action allows the user to get back into the system if the problemwith the CDE files cannot be resolved

Table 10-14 shows the locations of and information found in error logs forthe CDE

Table 10-14 CDE Error Log Locations

Location Error Log

/var/dt/Xerrors The Solaris OS CDE login window system errors that

occur prior to user login

$HOME/.dt/startlog The Solaris OS CDE errors that occur during the startup

of theXsession script, while processing the

.dtprofile,.login, or.profile file

$HOME/.dt/errorlog.old

$HOME/.dt/errorlog.older

The Solaris OS CDE errors that occur after the

Xsession script start up

$HOME/.dt/sessionlogs Directory of session logs for Session Manager and

Window Manager errors

Trang 20

Performing the Exercises

You have the option to complete any one of three versions of a lab Todecide which to choose, consult the following descriptions of the levels:

● Level 1 – This version of the lab provides the least amount ofguidance Each bulleted paragraph provides a task description, butyou must determine your own way of accomplishing each task

● Level 2 – This version of the lab provides more guidance Althougheach step describes what you should do, you must determine thecommands (and options) to input

● Level 3 – This version of the lab is the easiest to accomplish becauseeach step provides exactly what you should input to the system Thislevel also includes the task solutions for all three levels

Trang 21

Exercise: Adding User Accounts and Group Entries (Level 1)

Exercise: Adding User Accounts and Group Entries

(Level 1)

In this exercise, you use the Solaris Management Console, as well as the

smuser,smgroup,usermod,userdel,groupadd, and groupdel

commands, to create, modify, and delete multiple user accounts andgroup entries

Preparation

Remote Lab Data Center (RLDC)

In addition to being able to use local classroom equipment, this lab hasalso been designed to use equipment located in a remote lab data center.Directions for accessing and using this resource can be found at:

http://fn1.brom.suned.com/

Ask your instructor for the particular SSH (Secure Shell) configuration fileyou should use to access the appropriate remote equipment for thisexercise

Refer to the lecture notes as necessary to perform the tasks listed Refer toTable 10-15 and Table 10-16 as needed

Table 10-15 Group Specifications Group Name GID Number

Secondary Group

Trang 22

locked1 Select Account is

Locked

cleared1 Select User must

set password atnext login

Table 10-16 User Specifications (Continued)

Trang 23

Exercise: Adding User Accounts and Group Entries (Level 1)Tasks

Complete the following tasks:

● Disable the Solaris OS registration window

(Steps 1–5 of Task 1 in the Level 2 lab)

● Working from Table 10-15 and Table 10-16 on page 10-41, create twonew groups and two new users by using thegroupadd,smgroup,

useradd, and smusercommands

(Steps 1–2 of Tasks 2 and 3 in the Level 2 lab)

● Launch the Solaris Management Console, and create a user template

to add users that do not use automounted home directories

(Step 3 of Task 3 in the Level 2 lab)

● Using the Solaris Management Console, add the new users user5,

locked1,and cleared1with characteristics from Table 10-16 onpage 10-41

● Verify that the shells you specify are set in the /etc/passwdfile.Determine if the password strings for users with the same passwordare also the same in the/etc/shadowfile Check the passwordstrings for the userslocked1andcleared1 Verify that the users

user3and user4are secondary members of the class1group.(Steps 1–4 of Task 4 in the Level 2 lab)

● Determine what happens when you try to log in as the user

locked1 Verify that you can log in as the usercleared1 Record thepassword requirements indicated

● Establish password aging for the useruser5 Determine what

happens when you attempt to log in as that user Log in asuser5

and attempt to change the password from the command line Log in

as therootuser when you are finished

Trang 24

● Use thegroupadd command to add a group calledclass3 Use the

usermodcommand to change the UID number, home directory, anduser name for the userlocked1 Verify that the changes exist in the

/etc/passwdfile

● Use the smusercommand to change the login shell of user5toksh.Use theuserdelcommand to delete the useruser3 Verify that thehome directory has been deleted Use the smgroupcommand torename the groupclass1togroup1 Use thegroupdelcommand toremove the groupclass2 Verify the changes to the/etc/groupfile.(Steps 3–7 of Task 5 in the Level 2 lab)

Trang 25

(Level 2)

smuser,smgroup,usermod,userdel,groupadd, and groupdel

commands, to create, modify, and delete multiple user accounts andgroup entries

Preparation

Refer to the lecture notes as necessary to perform the tasks listed Refer toTable 10-15 and Table 10-16 on page 10-41 as needed

Task Summary

In this exercise, you accomplish the following:

● Working from Table 10-15 and Table 10-16 on page 10-41, create twonew groups and two new users by using the commandsgroupadd,

smgroup,useradd, and smuser

● Launch the Solaris Management Console, and create a user template

● Using the Solaris Management Console, add the new users user5,

locked1andcleared1with characteristics from Table 10-16 on page10-41

Trang 26

● Verify that the shells you specify are set in the/etc/passwdfile.Determine if the password strings for users with the same passwordare also the same in the/etc/shadowfile Check the passwordstrings for the userslocked1and cleared1 Verify that the users

user3and user4are secondary members of theclass1 group

● Establish password aging foruser5 Determine what happens whenyou attempt to log in as that user Log in asuser5and attempt tochange the password from the command line Log in as theroot

user when you are finished

/etc/passwdfile

● Use thesmusercommand to change the login shell ofuser5toKS.Use theuserdelcommand to delete the useruser3 Verify that theuser’s home directory has been deleted Use thesmgroupcommand

to rename the groupclass1togroup1 Use thegroupdelcommand

to remove the group class2 Verify the changes to the /etc/group

file

Tasks

Complete the following tasks

Task 1 – Disabling the Solaris OS Registration Window

Complete the following steps:

1 Disable the Solaris OS Registration window so that it does notappear whenever a new user logs in from the CDE

2 Log in as the rootuser (or use the sucommand to change to the

rootuser)

3 Change to the/etc/defaultdirectory

4 In thedefaultdirectory, create thesolregisfile

#vi solregis

Trang 27

5 In the solregisfile, type the keyword DISABLE=1(note that thecharacter “1” is the number one)

6 Save this file, and exit the editor

Task 2 – Adding Group Entries

Note – Refer to Table 10-15 on page 10-41 for details while adding groups.

1 As therootuser, open a terminal window

2 Add the two groups class1and class2with the groupaddand

smgroupcommands, respectively

Task 3 – Adding User Accounts

Note – Refer to Table 10-16 on page 10-41 for details while adding users

with the various tools

1 Add a user nameduser3by using the useraddcommand

2 Add a user named user4by using the smusercommand

3 Launch the Solaris Management Console by typing smc&on thecommand line After the Solaris Management Console appears,create a user template to add user accounts that do not use

automounted home directories by performing the following:

a Select This Computer, and then select System Configuration.Then select Users, and then select User Templates to open theUser Templates tool

b From the Menu Bar, select Action Then select Add User

Trang 28

4 Click User Accounts, and add theuser5account by selecting Action,then selecting Add User, and then selecting From Template on themenu bar

The Add User From Template window appears Enter user5in theUser Name field, and select 1005as the User ID Number For thepassword, click User Must Use, and enter123passin both passwordfields Click OK

5 From the Solaris Management Console, add the additional users

locked1and cleared1by using the 200usertemplate Whileadding thecleared1user, select the password option User Must SetPassword At Next Login After adding both users, double-click the

locked1user and select the tab General Under the AccountAvailability section, select the button Account is Locked Also selectthe shell as listed in Table 10-16 on page 10-41

Task 4 – Examining Configuration Files

1 Examine the contents of the/etc/passwdfile What are the full pathnames of the shells used by user3,user4, anduser5?

2 Examine the contents of the/etc/shadowfile What text is found inthe password field for the users locked1and cleared1?

3 You used the same password foruser3through user5 Are thepassword strings the same in the /etc/shadowfile?

4 Examine the contents of the/etc/groupfile Verify that user3and

user4are both listed as secondary members of theclass1group.Are they?

5 Log out of the CDE, and attempt to log in aslocked1 Are you able

to log in?

6 Attempt to log in ascleared1 What happens? Attempt to use thepasswordabcdefg What are the system requirements for thepassword?

Use the passwordabc123 Log in ascleared1after you establish apassword to verify that the login works Log out, and log in as the

rootuser

Trang 29

Task 5 – Establishing Password Aging

1 Start the Solaris Management Console, and go back into the UserAccounts Tool Selectuser5from the list of users Change the

password options information foruser5so that it matches thefollowing information Click OK when you are finished, and exit theSolaris Management Console

2 Log out of yourrootlogin session Attempt to log in asuser5 Whathappens? Supply a new password if necessary

3 Complete the login asuser5 Open a terminal window, and attempt

to change the password you just set What happens?

4 Log out, and log in again as the rootuser

Task 6 – Modifying User Accounts and Group Entries

1 Use thegroupaddcommand to create a new group entry called

class3that uses GID number 103

2 Use the usermodcommand to change the login name oflocked1to

user6, the UID to 3001, and the home directory of locked1to

user6 Verify that the changes you request are recorded in the

/etc/passwdfile and the directory that was moved

3 Use thesmuser modifycommand to change the login shell ofuser5

to/bin/ksh Verify that the changes you request are recorded in the

/etc/passwdfile

4 Use theuserdelcommand to delete the user accountcleared1andthe related home directory Verify that the/export/home/cleared1

directory no longer exists

User Must Keep For: 1 (one day)

Before Change Alert User: 1 (one day)

User Must Change Within: 2 (two days)

Expires If Not Used For: 1 (one day)

Trang 30

5 Use thesmgroupcommand to change the group name of class1to

group1

6 Use thegroupdelcommand to remove the group entryclass2

7 Verify that the commands used to modify group entries havecorrectly modified the/etc/groupfile

Trang 31

(Level 3)

smuser,smgroup,usermod,userdel,groupadd,groupmod, and

groupdel commands, to create, modify, and delete multiple useraccounts and group entries

Preparation

Refer to the lecture notes as necessary to perform the tasks listed Refer toTable 10-15 and Table 10-16 on page Module 10-41 as needed

Note – Some of the commands displayed in this section are quite long and

will wrap to the next line You should consider all of the bold typefacecommands that follow a command line prompt to be all one line

Task Summary

In this exercise, you accomplish the following:

● Working from Table 10-15 and Table 10-16 on page 10-41, create twonew groups and two new user accounts using the commands

groupadd,smgroup,useradd, and smuser

● Launch the Solaris Management Console and create a user template

Trang 32

● Using the Solaris Management Console, add the new user accounts

user5,locked1, andcleared1with characteristics from Table 10-16

on page 10-41

● Verify that the shells you specify are set in the/etc/passwdfile.Determine if the password strings for users with the same passwordare also the same in the/etc/shadowfile Check the passwordstrings for the userslocked1and cleared1 Verify that the users

user3and user4are secondary members of theclass1 group

● Establish password aging for the useruser5 Determine whathappens when you attempt to log in as that user Log in asuser5

and attempt to change the password from the command line Log in

asrootwhen you are finished

/etc/passwdfile

● Use the smusercommand to change the login shell of user5toksh.Use theuserdelcommand to delete theuser3account Verify thatthe user’s home directory has been deleted Use the smgroup

command to rename the groupclass1togroup1 Use thegroupdel

command to remove the groupclass2 Verify the changes to the

/etc/groupfile

Tasks and Solutions

Complete the following tasks

Task 1 – Disabling the Solaris OS Registration Window

1 Disable the Solaris OS Registration window so that it does notappear whenever a new user logs in from the CDE

2 Log in as therootuser (or use thesucommand to change theroot

user)

3 Change to the/etc/defaultdirectory

Trang 33

4 In the defaultdirectory, create the file solregis

#vi solregis

5 In the solregisfile, type the keyword DISABLE=1(note that thecharacter “1” is the number one)

6 Save this file, and exit the editor

Task 2 – Adding Group Entries

Note – Refer to Table 10-15 on page 10-41 for details while adding groups.

1 As therootuser, open a terminal window

2 Add the two groups class1and class2, with groupaddand

smgroupcommands, respectively

# groupadd -g 101 class1

# /usr/sadm/bin/smgroup add -n class2 -g 102

Task 3 – Adding User Accounts

Note – Refer to Table 10-16 on page 10-41 for details while adding users

with the various tools

1 Add a user nameduser3by using the useraddcommand

# useradd -u 1003 -g 10 -G class1 -d /export/home/user3 -m -s /bin/ksh user3

# passwd user3

New Password: 123pass

Re-enter new Password: 123pass

passwd: password successfully changed for user3

2 Add a user named user4by using the smusercommand

# /usr/sadm/bin/smuser add -n user4 -u 1004 -g 10 -G class1 -d

/export/home/user4 -s /bin/csh -x autohome=N

# passwd user4

New Password: 123pass

Re-enter new Password: 123pass

passwd: password successfully changed for user4

Trang 34

3 Launch the Solaris Management Console by typing smc&on thecommand line After the Solaris Management Console appears,create a user template to add user accounts that do not useautomounted home directories by performing the following:

a Select This Computer, and then select System Configuration.Then select Users, and then select User Templates to open theUser Templates tool

b From the Menu Bar, select Action, and then select Add UserTemplate

c The Add User Template window appears, containing blankfields for a template name and description Enter the name

200userin the User Template Name field, and SA200for theDescription field

d Click the Home Directory Tab and uncheck the AutomaticallyMount Home Directory check box Enter the name of yoursystem in the Home Directory Server field

e Click OK to create your template

4 Click User Accounts, and add theuser5account by selecting Action,then selecting Add User, and then selecting From Template on themenu bar

The Add User From Template window appears Enter user5in theUser Name field and select1005as the UID Number For password,click the button called User Must Use, and enter 123passin bothpassword fields Click OK

5 From the Solaris Management Console, add the userslocked1and

cleared1by using the200usertemplate While adding the

cleared1user, select the password option User Must Set Password

At Next Login After adding both users, double-click thelocked1

user and select the tab General Under the Account Availabilitysection, select Account is Locked Also select the shell as listed inTable 10-16 on page 10-41

Trang 35

Task 4 – Examining Configuration Files

1 Examine the contents of the/etc/passwdfile What are the full pathnames of the shells used byuser3,user4, and user5?

2 Examine the contents of the /etc/shadowfile What text is found inthe password field for the userslocked1and cleared1?

3 You used the same password for user3throughuser5 Are thepassword strings the same in the/etc/shadowfile?

No.

4 Examine the contents of the /etc/groupfile Verify that user3and

user4are both listed as secondary members of the class1group.Are they?

The namesuser3and user4should be listed in the last field for the

at least one numeric or special character.

Use the passwordabc123 Log in ascleared1after you establish a

Trang 36

Task 5 – Establishing Password Aging

1 Start the Solaris Management Console, and go back into the UserAccounts tool Select user5from the list of users Change thepassword options information for user5so that it matches thefollowing information Click OK when you are finished, and exit theSolaris Management Console

2 Log out of yourrootlogin session Attempt to log in asuser5 Whathappens? Supply a new password if necessary

You must supply a new password before you can log in.

3 Complete the login asuser5 Open a terminal window, and attempt

to change the password you just set What happens?

When you log in, a warning indicates that your password expires in two days.

When you try to change your password, the following error message appears:

passwd: Sorry: less than 1 days since the last change.Permission denied

4 Log out, and log in again as the rootuser

User Must Keep For: 1 (one day)Before Change Alert User: 1 (one day)User Must Change Within: 2 (two days)Expires If Not Used For: 1 (one day)

Định dạng
Số trang	73
Dung lượng	467,31 KB