cis 191 - lesson 8 users and groups. cis 191 - lesson 8 users and groups user and group management...
TRANSCRIPT
CIS 191 - Lesson 8
Usersand
Groups
CIS 191 - Lesson 8
Users and GroupsUser and Group Management
Where user and group information resides:
• /etc/passwd• /etc/shadow• /etc/group• /etc/gshadow
CIS 191 - Lesson 8
id command
[root@benji htdocs]# id cis191uid=500(cis191) gid=500(cis191) groups=500(cis191) context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@benji htdocs]# id rootuid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t:SystemLow-SystemHigh
Note: id command in newer distros shows SELinux contexts for users
CIS 191 - Lesson 8
/etc/passwd
Fields f1:f2:f3:f4:f5:f6
f1=Login name or username (up to 32 chars)f2=Password field
• x for /etc/shadow • * to lock
f3=User id (UID)f4=Primary Group ID (GID)f5=Comment (GECOS)f6=Home directoryf7=Command/shell
Note: a user may belong to more than one group. The primary GID in /etc/passwd is used when creating new files
CIS 191 - Lesson 8
/etc/shadow
Fields f1:f2:f3:f4:f5:f6:f7:f8
f1=User namef2=Password
• $1$... (MD5 encrypted password)• * (locked)• !! (no password set)
f3=Last time changed (days since 1/1/70) f4=Min days to elapse between password changesf5=Max days to elapse without changing passwordf6=Number of warning days before expirationf7=Grace period before it really expiresf8=Date (days since 1/1/70) account will expire
CIS 191 - Lesson 8
/etc/group
Fields f1:f2:f3:f4
f1=Group namef2=Password
• x = password in /etc/gshadowf3=Group IDf4=Group members (users)
CIS 191 - Lesson 8
/etc/gshadow
Fields f1:f2:f3:f4
f1=Group namef2=Encrypted password
• ! = no user allowed to access group using newgrp command• !! = same as ! but password has never been set•empty = only group members can log into the group
f3=Group administratorsf4=Group members
More on Groups
CIS 191 - Lesson 8
/
[roddyduk@opus ~]$ id roddydukuid=1156(roddyduk) gid=103(cis90) groups=103(cis90),100(users) context=user_u:system_r:unconfined_t[roddyduk@opus ~]$ groups roddydukroddyduk : cis90 users
Excerpt from /etc/passwdroddyduk:x:1156:103:Duke Roddy:/home/cis90/roddyduk:/bin/bashsimmsben:x:1160:103:Benji Simms:/home/cis90/simmsben:/bin/bashguest191:x:1161:191:CIS 191 guest account:/home/cis191/guest191:/bin/bashwoolahen:x:1162:103:Henry Woolard:/home/cis90/woolahen:/bin/bashstanlcha:x:1163:103:Charles Stanley:/home/cis90/stanlcha:/bin/bashbolasale:x:1164:103:Alexa Bolas:/home/cis90/bolasale:/bin/bashseatocol:x:1165:103:Collin Seaton:/home/cis90/seatocol:/bin/bashminvirob:x:1166:103:Robert Minvielle:/home/cis90/minvirob:/bin/bashwrigholi:x:1167:103:Oliver Wright:/home/cis90/wrigholi:/bin/bash
Excerpt from /etc/groupusers:x:100:guest90,jimg,mainart,solommat,villeill,cresszer,simmsmar,roddyduk,simmsben,woolahen,stanlcha,bolasale,seatocol,minvirob,wrigholi,dymesdia,simmsric,milesfre,cafielar,sterlchr,barrecol,ruizdav,gantden,deakifre,bellhil,sinopjam,chaffjan,clarkjef,lemiejoh,simmsjon,bobisjoe,rivasjul,smithkay,farramar,talpamar,lemusosc,weavepat,roneyric,kriewron,smithstu,scalenoa,childtim,husmalei,blackwil,doddkev,lyonsrob,ybarrser,valdemar,elliokat,jessuwes,luisjus,perezave,thrascat,meyerjas,bergelyl,hutmabry,gardnnic,mohanchi,whitfbob,wichemic,crivejohcis90:x:103:jimg,guest,rsimmscis191:x:191:jimg,rsimms
roddyduk is not listed for cis90 group because cis90 is his primary group and that is shown in /etc/passwd
roddyduk is listed in users group
roddyduk's primary group is 103 (cis90)
Note: roddyduk is a member of cis90 and users
Groups
CIS 191 - Lesson 8
/
Every user is a member of a primary group (shown in /etc/passwd) and multiple secondary groups (shown in /etc/group)
[roddyduk@opus ~]$ groups roddydukroddyduk : cis90 users
[roddyduk@opus ~]$ iduid=1156(roddyduk) gid=103(cis90) groups=100(users),103(cis90) context=user_u:system_r:unconfined_t
[roddyduk@opus ~]$ touch mydogs[roddyduk@opus ~]$ ls -l mydogs-rw-rw-r-- 1 roddyduk cis90 0 Oct 20 14:25 mydogs
primary secondary
New files are created using primary group
newgrp commandChanges your default group used when creating new files
CIS 191 - Lesson 8
/
[root@benji ~]# usermod -G users cis191[root@benji ~]# grep cis191 /etc/groupusers:x:100:cis191cis191:x:500:
fails because user cis191 is not a member of group users
root adds user cis191 to users group
new files created using default group
[cis191@benji ~]$ newgrp usersSorry.cis191@benji ~]$ iduid=500(cis191) gid=500(cis191) groups=500(cis191) context=user_u:system_r:unconfined_t
cis191@benji ~]$ id cis191uid=500(cis191) gid=500(cis191) groups=500(cis191),100(users) context=user_u:system_r:unconfined_t[cis191@benji ~]$ newgrp users[cis191@benji ~]$ grep cis191 /etc/passwdcis191:x:500:500:cis 191:/home/cis191:/bin/bash[cis191@benji ~]$ touch newfile[cis191@benji ~]$ ls -l newfile-rw-r--r-- 1 cis191 users 0 Oct 27 05:12 newfile[cis191@benji ~]$ rm newfile[cis191@benji ~]$ newgrp cis191[cis191@benji ~]$ touch newfile[cis191@benji ~]$ ls -l newfile-rw-rw-r-- 1 cis191 cis191 0 Oct 27 05:13 newfile
Note: newgrp does not change /etc/passwd
CIS 191 - Lesson 8
Adding and modifying usersedit /etc/passwd (vipw), GUI and commands
Three ways to manage groups:
1.Directly edit /etc/passwd and /etc/shadow with vipw command.
2.Use useradd, usermod and userdel commands.
3.Use User Manager GUI utility.
CIS 191 - Lesson 8
Adding and modifying usersGUI User Manager Tool
• Use Add User button to add new groups
• Select group and use Properties button to add users to groups
• Select user and use delete button to delete
Select Users tab to see users
CIS 191 - Lesson 8
Adding and modifying usersvipw command
• Remember to add entry to /etc/shadow.
• Remember to create users home directory
• Remember to set permissions correctly in users home directory
• remember to copy /etc/skel files to users home directory
• remember to set the passwd with passwd command
• Remember to add the user to the appropriate groups by editing /etc/group with vigr
Note: after writing and quitting you get prompted to edit the /etc/shadow file
CIS 191 - Lesson 8
Adding usersuseradd - Creates a new user account
useradd [-c comment] [-d home_dir] [-g initial_group] [-G group[,...]] [-m [-k skeleton_dir]] [-s shell] [-u uid [ -o]] login
-c comment The new user's password file comment field.-d home_dir The new user will be created using home_dir as
the value for the user's login directory.-g initial_group The group name or number of the user's initial
login group. -G group,[,...] A list of supplementary groups which the user is
also a member of.-m The user's home directory will be created if it
does not exist.-s shell The name of the user's login shell. -u uid The numerical value of the user's ID.
See man page for full details
CIS 191 - Lesson 8
Adding usersuseradd defaults
[root@benji ~]# useradd frodo[root@benji ~]# grep frodo /etc/passwd /etc/shadow /etc/group /etc/gshadow/etc/passwd:frodo:x:501:501::/home/frodo:/bin/bash/etc/shadow:frodo:!!:14179:0:99999:7:::/etc/group:frodo:x:501:/etc/gshadow:frodo:!::[root@benji ~]#[root@benji ~]# ls -a /home/frodo/. .. .bash_logout .bash_profile .bashrc[root@benji ~]#[root@benji ~]# id frodouid=501(frodo) gid=501(frodo) groups=501(frodo)
context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@benji ~]# userdel -r frodo[root@benji ~]# grep frodo /etc/passwd /etc/shadow /etc/group /etc/gshadow[root@benji ~]# ls -a /home/frodo/ls: /home/frodo/: No such file or directory[root@benji ~]#[root@benji ~]# id frodoid: frodo: No such user
CIS 191 - Lesson 8
Adding usersuseradd - Creates a new user account
[root@benji ~]# useradd -d /home/cis191/frodo -g hobbits -u 601 -c "Frodo Baggins" frodo[root@benji ~]# grep frodo /etc/passwd /etc/shadow /etc/group /etc/gshadow/etc/passwd:frodo:x:601:600:Frodo Baggins:/home/cis191/frodo:/bin/bash/etc/shadow:frodo:!!:14179:0:99999:7:::[root@benji ~]# ls -a /home/cis191/frodo/. .. .bash_logout .bash_profile .bashrc[root@benji ~]# id frodouid=601(frodo) gid=600(hobbits) groups=600(hobbits)
context=root:system_r:unconfined_t:SystemLow-SystemHigh[root@benji ~]#
This time we are setting custom UID, GID, comment and home directory
CIS 191 - Lesson 8
Locking and unlocking userspassword and usermod commands
passwd [-l] [-u] [-d] [ login ]
-l Locks password entry for name.-u Unlocks accounts-d Removes a password from an account
See man page for full details
usermod [-L] [-U] login
-L Locks password entry for name.-U Unlocks accounts
CIS 191 - Lesson 8
Adding userspasswd to set, lock and unlock accounts
[root@benji ~]# grep frodo /etc/passwd /etc/shadow /etc/group /etc/gshadow/etc/passwd:frodo:x:601:600:Frodo Baggins:/home/cis191/frodo:/bin/bash/etc/shadow:frodo:!!:14179:0:99999:7:::root@benji ~]# passwd frodoChanging password for user frodo.New UNIX password:BAD PASSWORD: it is based on a dictionary wordRetype new UNIX password:passwd: all authentication tokens updated successfully.[root@benji ~]# grep frodo /etc/passwd /etc/shadow /etc/group /etc/gshadow
/etc/passwd:frodo:x:601:600:Frodo Baggins:/home/cis191/frodo:/bin/bash/etc/shadow:frodo:$1$Q4Hv5FL5$2WApPtaHOs.Io28jnq4RN1:14179:0:99999:7:::[root@benji ~]# passwd -l frodoLocking password for user frodo.passwd: Success[root@benji ~]# grep frodo /etc/passwd /etc/shadow /etc/group /etc/gshadow/etc/passwd:frodo:x:601:600:Frodo Baggins:/home/cis191/frodo:/bin/bash/etc/shadow:frodo:!!$1$Q4Hv5FL5$2WApPtaHOs.Io28jnq4RN1:14179:0:99999:7:::[root@benji ~]# passwd -u frodoUnlocking password for user frodo.passwd: Success.[root@benji ~]# grep frodo /etc/passwd /etc/shadow /etc/group /etc/gshadow/etc/passwd:frodo:x:601:600:Frodo Baggins:/home/cis191/frodo:/bin/bash/etc/shadow:frodo:$1$Q4Hv5FL5$2WApPtaHOs.Io28jnq4RN1:14179:0:99999:7:::[root@benji ~]#
Use –l option to lock account
Use –u option to lock account
Initially no password is set. Use passwd to set or change password
CIS 191 - Lesson 8
Users and GroupsPassword Rules and Aging
chage command
[root@benji ~]# chage -m 0 -M 190 -E 2008-10-31 -W 14 frodo[root@benji ~]# grep frodo /etc/shadowfrodo:$1$brrqEcEf$Pa7PSOK86a9jgpXDtLu221:14179:0:190:14::14183:[root@benji ~]#
min
imum
max
imum
expi
ratio
n
days
of w
arni
ng
CIS 191 - Lesson 8
Users and GroupsForcing a user to change their password
root
frodo
On chage command, set –d option (last day) to 0 to force user to change their password
CIS 191 - Lesson 8
Modifying usersusermod - Enables a super user or root to modify a group
usermod [-c comment] [-d home_dir [ -m]] [-g initial_group] [-G group[,...]] [-l login_name] [-s shell] [-u uid [ -o]] [-p encrypted-pw ] login
-c comment The new value of the user's password file comment field.-d home_dir The user's new login directory. If the -m option is given the
contents of the current home directory will be moved to the new home directory, which is created if it does not already exist.
-G group[,...] A list of supplementary groups which the user is also a member of.-l login_name The name of the user will be changed from login to
login_name. -s shell The name of the user's new login shell.-u uid The numerical value of the user's ID. -p Set new password using encrypted sting
See man page for full details
CIS 191 - Lesson 8
Deleting usersuserdel - Enables a super user or root to remove a user
userdel [-r] login
-r Files in the user's home directory will be removed along with the home directory itself and the user's mail spool.
See man page for full details
CIS 191 - Lesson 8
Adding and modifying groupsedit /etc/group (vigr), GUI and commands
Three ways to manage groups:
1.Directly edit /etc/groups and /etc/gshadow with vigr command.
2.Use groupadd, groupmod and groupdel commands.
3.Use User Manager GUI utility.
CIS 191 - Lesson 8
Adding and modifying groupsedit /etc/group (vigr)
Note: prompts you to update /etc/gshadow after writing and quitting
CIS 191 - Lesson 8
Adding and modifying groupsGUI User Manager Tool
• Use Add Group button to add new groups
• Use Properties button to add users to groups
• Select group and use delete button to delete
Select Groups tab to see groups
CIS 191 - Lesson 8
Adding and modifying groupsgroupadd - Creates a new group
groupadd [-g gid [-o]] group
-g gid The numerical value of the group's ID.
CIS 191 - Lesson 8
Adding and modifying groupsgroupmod - Enables a super user or root to modify a group
groupmod [-g gid [-o]] [-n group_name ] group
-g gid The numerical value of the group's ID.
-n group_name The name of the group will be changed from group to group_name.
CIS 191 - Lesson 8
Deleting groupsgroupdel - Enables a super user or root to remove a group
groupdel group
CIS 191 - Lesson 8
Logging in
CIS 191 - Lesson 8
Users and GroupsSetting Account Defaults
• User Profiles • System defaults • The role of /etc/profile versus /etc/bashrc
• The order of precedence • Creating /etc/skel account Templates
CIS 191 - Lesson 8
Logging in
Terminal Login Graphical Login
CIS 191 - Lesson 8
Logging in
# Run gettys in standard runlevels1:2345:respawn:/sbin/mingetty tty12:2345:respawn:/sbin/mingetty tty23:2345:respawn:/sbin/mingetty tty34:2345:respawn:/sbin/mingetty tty45:2345:respawn:/sbin/mingetty tty56:2345:respawn:/sbin/mingetty tty6
# Run xdm in runlevel 5x:5:respawn:/etc/X11/prefdm -nodaemon[root@benji htdocs]#
It starts in /etc/inittabTerminal login with mingetty
Graphical login with xdm
CIS 191 - Lesson 8
Graphical Login with xdm[root@benji htdocs]# cat /etc/X11/prefdm#!/bin/sh
< snipped >
# Run preferred X display managerpreferred=if [ -f /etc/sysconfig/desktop ]; then . /etc/sysconfig/desktop if [ "$DISPLAYMANAGER" = GNOME ]; then preferred=/usr/sbin/gdm elif [ "$DISPLAYMANAGER" = KDE ]; then preferred=/usr/bin/kdm elif [ "$DISPLAYMANAGER" = XDM ]; then preferred=/usr/bin/xdm elif [ -n "$DISPLAYMANAGER" ]; then preferred=$DISPLAYMANAGER fifi
shopt -s execfail
[ -n "$preferred" ] && exec $preferred "$@" >/dev/null 2>&1 </dev/null
< snipped >exit 1[root@benji htdocs]#
/etc/X11/prefdm runs preferred display manager
CIS 191 - Lesson 8
Login and Passwords
[cis191@benji ~]$ ps t tty1 PID TTY STAT TIME COMMAND 3557 tty1 Ss+ 0:00 /sbin/mingetty tty1
[cis191@benji ~]$ ps t tty1 PID TTY STAT TIME COMMAND 3557 tty1 Ss+ 0:00 /bin/login –
[cis191@benji ~]$ ps t tty1 PID TTY STAT TIME COMMAND 3603 tty1 Ss+ 0:00 –bash
1) init starts up the mingetty process on each terminal whichprompts for login username, gets it, then execs login (no PID change)
2) login collects the password and checks it with /etc/passwd and /etc/shadow
3) login then starts up the shell specified in the /etc/passwd file
CIS 191 - Lesson 8
Customizing /etc/issue
[cis191@benji ~]$ cat /etc/issueCentOS release 5 (Final)Kernel \r on an \m
b Insert the baudrate of the current line. d Insert the current date. s Insert the system name, the name of the operating system. l Insert the name of the current tty line. m Insert the architecture identifier of the machine, e.g., i686. n Insert the nodename of the machine, also known as the hostname. o Insert the domainname of the machine. r Insert the release number of the kernel, e.g., 2.6.11.12. t Insert the current time. u Insert the number of current users logged in. U Insert the string "1 user" or "<n> users" where <n> is the number of current users logged in. v Insert the version of the OS, e.g., the build-date etc.
/etc/issue can be modified and the special characters below can be inserted
CIS 191 - Lesson 8
Customizing /etc/issue
[root@benji ~]# cat /etc/issue**************************** Beware of the Dog ****************************Running \r on \m with \U [\l]
b Insert the baudrate of the current line. d Insert the current date. s Insert the system name, the name of the operating system. l Insert the name of the current tty line. m Insert the architecture identifier of the machine, e.g., i686. n Insert the nodename of the machine, also known as the hostname. o Insert the domainname of the machine. r Insert the release number of the kernel, e.g., 2.6.11.12. t Insert the current time. u Insert the number of current users logged in. U Insert the string "1 user" or "<n> users" where <n> is the number of current users logged in. v Insert the version of the OS, e.g., the build-date etc.
A modified /etc/issue
CIS 191 - Lesson 8
/etc/motd – message of the day
[root@benji ~]# cat /etc/motd[root@benji ~]#
/etc/motd can be modified
CIS 191 - Lesson 8
Customizing /etc/motd – message of the day[root@benji ~]# cat /etc/motd
O ) _( OO) ( OO ) ) ;-----.\(,------.,--./ ,--,' ,--. ,-.-') | .-. | | .---'| \ | |\ .-')| ,| | |OO) | '-' /_)| | | \| | )( OO |(_| | | \ | .-. `.(| '--. | . |/ | `-'| | | |(_/ | | \ || .--' | |\ | ,--. | | ,| |_.' | '--' /| `---.| | \ | | '-' /(_| | `------' `------'`--' `--' `-----' `--'
[root@benji ~]#
A modified /etc/motd
CIS 191 - Lesson 8
Hushing login messages for specific users[root@benji ~]# cat /etc/motdNotice: Benji will be down for five minutes at midnight tonight for an upgrade[root@benji ~]#
[root@benji ~]# touch /home/cis191/.hushlogin[root@benji ~]# Placing a .hushlogin file in a
users home directory will suppress login messages
CIS 191 - Lesson 8
man pages for mingetty and loginMINGETTY(8) Linux Programmerâs Manual MINGETTY(8)
NAME mingetty - minimal getty for consoles
SYNOPSIS mingetty [--noclear] [--nonewline] [--noissue] [--nohangup] [--nohost- name] [--long-hostname] [--loginprog=/bin/login] [--nice=10] [--delay=5] [--chdir=/home] [--chroot=/chroot] [--autologin username] tty
DESCRIPTION mingetty is a minimal getty for use on virtual consoles. Unlike agetty(8), mingetty is not suitable for serial lines. I recommend using mgetty(8) for this purpose.
OPTIONS --noclear Do not clear the screen before prompting for the login name (the screen is normally cleared).
--nonewline Do not print a newline before writing out /etc/issue.
--noissue Do not output /etc/issue.
--nohangup Do not call vhangup() to disable writing to this tty by other applications.
LOGIN(1) Linux Programmerâs Manual LOGIN(1)
NAME login - sign on
SYNOPSIS login [ name ] login -p login -h hostname login -f name
DESCRIPTION login is used when signing onto a system. It can also be used to switch from one user to another at any time (most modern shells have support for this feature built into them, however).
If an argument is not given, login prompts for the username.
If the user is not root, and if /etc/nologin exists, the contents of this file are printed to the screen, and the login is terminated. This is typically used to prevent logins when the system is being taken down.
If special access restrictions are specified for the user in /etc/usertty, these must be met, or the log in attempt will be denied and a syslog message will be generated. See the section on "Special Access Restrictions".
If the user is root, then the login must be occurring on a tty listed in /etc/securetty. Failures will be logged with the syslog facility.
After these conditions have been checked, the password will be requested and checked (if a password is required for this username).
Read these for more details on customizing the login process
CIS 191 - Lesson 8
bash startup files
etc/profile (all)o adds root's special path
etc/profile.d/*.sh (all)o kerberos directories added to patho adds color, vi aliaseso language, character sets
.bash_profile (user specific)o adds user's bin to path
.bashrc (user specific)o aliases to force interactive rm, mv for root
/etc/bashrc (all)o changes umask to 0002 for regular userso sets final prompt string
only executed when logging in
CIS 191 - Lesson 8
/etc/profile[root@benji ~]# cat /etc/profile# /etc/profile
# System wide environment and startup programs, for login setup# Functions and aliases go in /etc/bashrc
pathmunge () { if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi fi}
# ksh workaroundif [ -z "$EUID" -a -x /usr/bin/id ]; then EUID=`id -u` UID=`id -ru`fi
# Path manipulationif [ "$EUID" = "0" ]; then pathmunge /sbin pathmunge /usr/sbin pathmunge /usr/local/sbinfi
# No core files by defaultulimit -S -c 0 > /dev/null 2>&1
if [ -x /usr/bin/id ]; then USER="`id -un`" LOGNAME=$USER MAIL="/var/spool/mail/$USER"fi
HOSTNAME=`/bin/hostname`HISTSIZE=1000
if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then INPUTRC=/etc/inputrcfi
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC
for i in /etc/profile.d/*.sh ; do if [ -r "$i" ]; then . $i fidone
unset iunset pathmunge[root@benji ~]#
/etc/profile is run when you login
root gets extended
pathls color and vi aliases added
by these scripts
CIS 191 - Lesson 8
.bash_profile[root@benji ~]# cat .bash_profile# .bash_profile
# Get the aliases and functionsif [ -f ~/.bashrc ]; then . ~/.bashrcfi
# User specific environment and startup programs
PATH=$PATH:$HOME/bin
export PATHunset USERNAME[root@benji ~]#
[cis191@benji ~]$ cat .bash_profile# .bash_profile
# Get the aliases and functionsif [ -f ~/.bashrc ]; then . ~/.bashrcfi
# User specific environment and startup programs
PATH=$PATH:$HOME/bin
export PATH[cis191@benji ~]$
runs .bashrc and adds user's bin directory to the path. Add custom paths for specific users in this file:
CIS 191 - Lesson 8
.bashrc[root@benji ~]# cat .bashrc# .bashrc
# User specific aliases and functions
alias rm='rm -i'alias cp='cp -i'alias mv='mv -i'
# Source global definitionsif [ -f /etc/bashrc ]; then . /etc/bashrcfi[root@benji ~]# [cis191@benji ~]$ cat .bashrc
# .bashrc
# Source global definitionsif [ -f /etc/bashrc ]; then . /etc/bashrcfi
# User specific aliases and functions[cis191@benji ~]$
Adds aliases for root to force interactive prompting for commands that delete files.
Add additional custom aliases for specific users to this file
Note: .bashrc calls /etc/bashrc
CIS 191 - Lesson 8
/etc/bashrc[root@benji ~]# cat /etc/bashrc# /etc/bashrc
# System wide functions and aliases# Environment stuff goes in /etc/profile
# By default, we want this to get set.# Even for non-interactive, non-login shells.if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then umask 002else umask 022fi
# are we an interactive shell?if [ "$PS1" ]; then case $TERM in xterm*) if [ -e /etc/sysconfig/bash-prompt-xterm ]; then PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm else PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}"; echo -ne "\007"' fi ;; screen) if [ -e /etc/sysconfig/bash-prompt-screen ]; then PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen else PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}"; echo -ne "\033\\"' fi ;; *) [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default ;; esac
Downgrades umask for regular users
CIS 191 - Lesson 8
/etc/bashrc (continued)# Turn on checkwinsize shopt -s checkwinsize [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "fi
if ! shopt -q login_shell ; then # We're not a login shell # Need to redefine pathmunge, it get's undefined at the end of /etc/profile pathmunge () { if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi fi }
for i in /etc/profile.d/*.sh; do if [ -r "$i" ]; then . $i fi done unset i unset pathmungefi# vim:ts=4:sw=4[root@benji ~]#
Here is where the familiar prompt is set
CIS 191 - Lesson 8
Starting non-login shell(when starting a graphical terminal)
.bashrc is run which calls /etc/bashrc
/etc/bashrc added ls aliases
CIS 191 - Lesson 8
New commands:chagepasswdgroupaddgroupdelgroupmoduseradduserdelusermodvigrvipw
New Files and Directories:/etc/passwd, /etc/shadow/etc/group, /etc/gshadow/etc/profile, .bash_profile/etc/bashrc, .bashrc/etc/profile.d/*.sh
VMware: