Archive for April, 2009
Whats UMASK?
UMASK is a UNIX environment variable which automatically sets file permission on newly created files. The UMASK variable can be confusing to use, because it does work as a mask. In other words, you set the permissions that you do not want in the UMASK. To calculate permissions which will result from specific UMASK values, subtract the UMASK from 666 for files and from 777 for directories.
If you want all files created with permissions of 666, set your UMASK to 000. Alternatively, if you want all files created with permissions of 000, set your UMASK to 666.
A reasonable value for UMASK is 022, which will cause files to be created with permissions of 644 (rw-r–r–) and directories to be created with permissions of 755 (rwxr-xr-x). A more secure value for UMASK is 066, which will cause files to be created with permissions of 600 (rw——-) and directories to be created with permissions of 700 (rwx——).
Add comment April 11, 2009
whats ‘mkuser.default’ File?
It’s a linux file which contains the default attributes for new users. Its directory path is ‘/usr/lib/security/mkuser.default’. This file is part of Base Operating System (BOS) Runtime. This is an ASCII file that contains user stanzas. These stanzas have attribute default values for users created by the mkuser command. Each attribute has the Attribute=Value form. If an attribute has a value of $USER, the mkuser command substitutes the name of the user. The end of each attribute pair and stanza is marked by a new-line character.
There are two stanzas, user and admin, that can contain all defined attributes except the id and admin attributes. The mkuser command generates a unique id attribute. The admin attribute depends on whether the -a flag is used with the mkuser command. For examples:A typical user stanza looks like the following:
user: pgroup = staff groups = staff shell = /usr/bin/ksh home = /home/$USER auth1 = SYSTEM
Add comment April 11, 2009
Linux “Passwd’ file
File Structure of the file /etc/passwd
It stores essential information required during login i.e. user account information.It contains one entry per line for each user (or user account) of the system. All fields are separated by a colon ( : ) symbol. Total seven fields as follows.
Generally, passwd file entry looks as follows :
Name:Password: UserID:PrincipleGroup:Gecos: HomeDirectory:Shell
1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
4. Group ID (GID): The primary group ID (stored in /etc/group file)
5. User ID Info: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command.
6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please not it does not have to be a shell.
Caution: The permission on the /etc/passwd file should be read only to users (rw-r—r–) and the owner must be
root: $ ls -l /etc/passwd
Output: -rw-r–r– 1 root root 1941 Oct 13 02:08 /etc/passwd
- /etc/passwd is a text file that contains the attributes of (i.e., basic information about) each user or account on a computer running Linux or another Unix-like operating system.
- The permissions for /etc/passwd are by default set so that it is world readable, that is, so that it can be read by any user on the system1. The file can be easily read using a text editor (such as gedit or vi) or with a commandcat, which is commonly used to read files, i.e.,
cat /etc/passwdsuch as
1 comment April 11, 2009
