System - Chapter IV accounts and group management (Solaris certification exam tutorial) (Part 2)Solaris

Chapter IV accounts and group management (Solaris certification exam tutorial) (Part 2)

Default account and group

Solaris 9 in the built-in account management purposes are to exist. Each has a default account specific UID, friendship reminded, can not easily modify these default account user name and UID. UID 0 ~ 99 reservation system was used to account system. Default account list as indicated in Table 4.1:

When trying to use the default account the implementation of the mandate system, the implementation of the procedures will first check user name or UID, accordingly to see if you have the corresponding authority. In other words, some of the procedures will UID 0 as a super-user account (Superuser) to look at, there are some procedures will be called by user root account as a super-user. Therefore, the default account rename or change gas UID, is not a sensible attempt.

Some services (service), for example, UNIX-to-UNIX Copy Program (uucp) and the background associated with the procedures necessary to the normal operation of the two accounts: listen to the account of the network services; nobody account for the anonymous and nobody4 connectivity; noaccess users do not trust (for authenticated users) connectivity.

Built-in group is also exist for management purposes. For example, if a user want to run Admintool (a management system, such as account information system programs), one of the ways is to join the sysadmin user group (GID = 4) were. The system default group, the corresponding GID users, as well as members of the default shown in Figure 4.1.

Table 4.1 default account

Username

User ID (UID)

Comment

Root

Superuser

Daemon

Bin

Sys

Adm

Admin

Uucp

Uucp Admin

Nuucp

Uucp Admin

Smmsp

SendMail Message Submission Program

Listen

Network Admin

Line Printer Admin

Nobody

60001

Nobody

Noaccess

60002

No Access User

Nobody4

65534

SunOS 4. X Nobody

Figure 4.1 default Group

And the default account, the built-in group rename or modify GID are unwise, at the same time, although we will be able to add users to the default group, but not delete the system during installation the default account.

User management

User account is created in its preservation of the machines, if you have 10 workstations and Solaris 10 users, then you had no choice but to every user in his (her) needed for each workstation to create an account. Soon you will discover that it is only a very vexing issue. Fortunately, we can use alternatives for the use of: naming services, and directory services, such as LDAP, NIS or NIS +. These three services will be in the follow-up of chapter 15 of "naming services" are discussed in detail. Here we will discuss in a local machine create a user on the way.

User name and UID

We created an account for each must have a user name (username). In an organization, the user name must be unique. In fact, when we try to use a user name already exists when we will receive the following message:

Warning! This user name is already being used in the name service user map.

To avoid this from happening, a better proposal is in the company of using a uniform nomenclature. Some of the more common rule is that the use of user names with the first letter surname, or family name with the first five letters of the name of the first letter. For example, a man named Joe Smith users can use jsmith or smithj as its login. In Solaris, users must be in the length of the two characters or eight characters, and can consist of upper and lower case letters, numbers, the decimal point (.), A hyphen (-) and underscore (_).

Note: While we can use the user name decimal point (.), A hyphen (-) and underscore (_), but we do not recommend the use of these characters, because some software, the use of these characters, and may lead to unknown problems.

In addition, to ensure that customers were not with the mail system known alias repeat, it would lead to unknown problems.

Each account will have a correlation with the UID. UID can be between 0 ~ 2147483647 (ie: Symbol integers Max), if any, between an integer. Among them, ranged from 0 to 99 UID account system be retained for use, so users should not use the conventional UID. Although a UID is 2147483647 can be the biggest, but we do not recommend the use of the UID size of more than 60,000. UID60001 and 60002 belong to the default user and nobody noaccess.

UID more than 60,003 accounts in the name or the use of some services, problems can arise. For example, NFS and NIS services, ps-l, cpio, tar and ar orders. And with previous versions of Solaris will have compatibility problems, because some of the old version of Solaris could not distinguish the more than 65534 UID.

UID is not only used to identify users, system was also used to identify the owner of files and directories. We use the earlier of 10 users and 10 workstations example, in all the machines create different user the best way is for all machines with a user name using the same UID. In a file transfer between computers, the owner would not have been a problem.

Users can not use in the creation of the UID already exists, but it was created, it can be modified for UID and other users of the same UID. Multiple users with a UID would have serious security problems, we do not recommend such actions.

Note: To minimize potential safety problems, please do not re-use has been a subordinate to the deletion of the user UID. Solaris is based on the competence of management of the UID. Reuse old UID (have already been deleted), will inadvertently make the user has visited We do not want him to visit the resources authority.

Bookmark it: These icons link to social bookmarking sites where readers can share and discover new web pages.