lpi 101 ch11 user environment

Upload: m3onh0x84

Post on 30-May-2018

230 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/9/2019 LPI 101 Ch11 User Environment

    1/16

  • 8/9/2019 LPI 101 Ch11 User Environment

    2/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Objectives

    Construct different login profiles and user accounts

    Define, explain, and modify user environments

    Explain security issues

  • 8/9/2019 LPI 101 Ch11 User Environment

    3/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Login Shells

    Shell is an interface between the user and system (kernel). It reads

    commands from the user and executes appropriate programs

    Shell is not implemented as part of OS kernel. The shells is a user-

    level program. Administrator can replace the standard shell by

    another shell.

    There are many shells on Linux:

    Bourne Again Shell (bash) : A superset of the commands of the

    origin Bournce shell, also implements features of csh and ksh

    tcsh : A superset of the commands of the origin C shell

    Public-domain Korn shell (pdksh):

    zsh : similar to the ksh with many enhencements

  • 8/9/2019 LPI 101 Ch11 User Environment

    4/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Environment Files

    When bash is executed at login time, two initialization files

    are executed :

    /etc/profile : system-wide initialization file

    ~/.bash_profile or ~/.bash_login or ~/.profile : personalinitialization file

    These files :

    Contains system commands

    Provide a common environment for all users

    Set a user-customized environment

    Contain user commands and definitions

  • 8/9/2019 LPI 101 Ch11 User Environment

    5/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    /etc/profile Script

    The /etc/profile do :

    o Exports environment variables such as LOGNAME forlogin name

    o Exports PATH for the default command patho Set some useful aliases

    o

  • 8/9/2019 LPI 101 Ch11 User Environment

    6/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    User-Specific Initialization Files

    The user-specific initialization file(s) are stored in the homedirectory of the user. These initialization files can perform allor part of the following:

    o Set the default prompt

    o Define the default printer

    o Set default permissions

    o Tell the shell where to look for new mail

    o Set noclobberto prevent overwriting of files duringredirection

    o Set the command path to the users specification

    o Set up custom commands

  • 8/9/2019 LPI 101 Ch11 User Environment

    7/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Environment Files

    bash will follow a particular sequence to initiate non-login

    shells ( e.g open a terminal session or sub-shell bash )

    bash will look for the environment file ~/. bashrc andexecute it

    If BASH _ENV has been assigned with an alternative

    file, that file is executed

  • 8/9/2019 LPI 101 Ch11 User Environment

    8/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Login sequence

  • 8/9/2019 LPI 101 Ch11 User Environment

    9/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Initialization Files Read Process

  • 8/9/2019 LPI 101 Ch11 User Environment

    10/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Environment Definitions

    Most users will need to modify some of environmentaldefinitions to suit their requirements:

    PATH=$PATH: Include required search directories

    PS1=[\u@\h \W] \$ The interactive shell prompt

    PS2=> The secondary shell prompt

    VISUAL=vi Define full-screen editor

    MAIL=/var/spool/mail/$LOGNAME Location for your mail box

    To see full list of variables, complete with description, look up

    the man pages for the shell you are using

  • 8/9/2019 LPI 101 Ch11 User Environment

    11/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Environment Definitions

    Each users environment will be established and customized

    to reflect their requirements

    To see all of your current variable settings (local), execute

    command set without any options to see the settings of all of those definitions in your current

    environment that have been exported (global), use the

    commands printenv or env.

  • 8/9/2019 LPI 101 Ch11 User Environment

    12/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    The umask Command

    The umask command is used to define default permissions on

    newly created files, and is part of the process's environment

    System administrators set a default mask in /etc/profile or

    /etc/bashrc (usually 022), but many users set their own masksin their .bash_profile or .bashrc

    Most common umask values : 000, 022, 033, 027, 077.

  • 8/9/2019 LPI 101 Ch11 User Environment

    13/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Message of the Day (motd)

    UNIX traditionally stored a "message of the day" file in/etc/motd. The login program printed this to user's terminal after

    a successful login and before executing the user's login shell

    Keep message short and up to date, otherwise users will stop

    reading it

    # more /etc/motd

    Welcome to Acme's Development System. Access to this system is

    restricted to authorized users only. Unauthorized access is

    prohibited and offenders are liable to prosecution

    System will be down all day on April 24 for preventative

    maintenance.

  • 8/9/2019 LPI 101 Ch11 User Environment

    14/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Guest Accounts

    Many systems define a login called guest, in which the

    password is null or set to guest. Disable or remove this

    account it is a security risk

    System hackers logging in as guest can: Get a list of login names (/etc/passwd)

    Use find command to look for security holes

    Find out about networked machines (/etc/hosts)

    Access the network via telnet or rlogin

  • 8/9/2019 LPI 101 Ch11 User Environment

    15/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Shared Group Directories

    Setting the group ID bit (s in the "execute" position in the

    "group" section of the directory access permissions) is very

    useful for shareddirectories

    The SGID on a directory ensures that all files created in thedirectory have their group field set to that of the directory

    and not the creating process

    Setting the sticky bit (t in the "execute" position in the

    "others" section of the directory access permissions)prevents users who are not the owner to remove files from a

    directory, even if they have write access to that directory so

    they can add files there

  • 8/9/2019 LPI 101 Ch11 User Environment

    16/16

    SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

    Summary

    Construct different login profiles and user accounts

    Define, explain, and modify user environments

    Explain security issues