Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.
For the best experience please use the latest Chrome, Safari or Firefox browser.
CIS 225
User Account Management
User Accounts
- Allows multiple people to share resources
- Each user can have different permissions
- Aids in auditing (who did what)
- Protects system from unauthorized use
Authentication vs. Authorization
- Authentication - Confirming a user is who he or she claims to be (logging in)
- Authorization - Allow an authenticated user access to specific resources
- Authentication DOES NOT IMPLY Authorization
Authentication Methods
One or more of the following factors
- Ownership factors - something user has
- Knowledge factors - something user knows
- Inherence factors - something user is or does
Authorization Methods
- Security Policies
- Access Control Lists (ACL)
- File System Security Settings
User Identification
- Operating systems refer to users by a unique identifier
- Linux: user identifier (UID)
- Windows: security identifier (SID)
- This allows user to change usernames without affecting the account
User Account Information
- UID / SID
- Username
- Password
- Home directory
- Group(s)
Groups
- List of user accounts
- Aid in assigning access to users
- Each user may be a part of one or many groups
- Unique identifier
- Linux: group identifier (GID)
- Windows: security identifier (SID)
Windows 10 - Settings
Windows 10 - Control Panel
Windows 10 - Management
Windows 10 Default Accounts
- Administrator
- Access to everything
- Cannot be deleted
- Disabled by default
- Has no password by default
- Guest
- Limited access
- Disabled by default
Windows 10 Pseudo Accounts
- LocalSystem - system-level tasks & services
- LocalService - fewer rights than LocalSystem
- NetworkService - fewer rights than LocalService, but allows network access
Windows 10 Default Groups
- Administrators - complete access
- Event Log Readers - read event logs
- Guests - access system only
- Power Users - not used
- Remote Desktop Users - log on remotely
- Users - normal users
Many others, refer to documentation
User Account Control
- Protects the system from unwanted changes
- Allows administrators to run commands from a non-administrator account
Local Group Policy Editor
WIN+R - gpedit.msc
Ubuntu Account Types
- Super User (root)
- Complete control of the system
- Disabled by default on Ubuntu
- UID = 0; GID = 0
- Regular User
- User who can log on to the system
- System User
- Used by programs and services to interact with the system
Ubuntu Accounts
Regular Users:
- UID: starting at 1000 and up
- Each account has a private group created with matching GID and is made a member of that group
- Each account receives a skeleton directory in /home
Ubuntu Accounts - System Settings
Ubuntu Accounts - Users & Groups
Install "gnome-system-tools"
/etc/passwd
/etc/shadow
/etc/group
Commands
- groupadd - add a group
- groupdel - remove a group
- groupmod - modify group
- gpasswd - change group administrator or password
- useradd - add a system user
- userdel - remove a user
- usermod - modify a user
- adduser - add a regular user
- passwd - change password
sudo
- Short for "super user do"
- Allows regular users to run commands as root user
- User and rights listed in /etc/sudoers
- Add users to the "sudo" or "admin" group to give them access
- Use 'visudo' command to edit file
Best Practices
- Each person must have a unique account
- Enforce strong passwords & regular changes
- Assign minimal rights by default
- Log any logins/logouts/sudo usage
- Remove unneeded users ASAP
- Don't use admin account for daily use
Assignments
- Lab 3 - User Accounts & File Systems
Due 9/19 11:30 AM Before Lecture!!