Unix workstation administration tasks-Lab Exercises

Users, Groups and Passwords

1. Using either scripts or graphic tools, create a new account for username 'mnotreal'.
2. Log into this account, set the password and create two dummy files in the account's home directory.
3. Using either scripts or graphic tools, remove the account.
4. Recreate the account, only this time do it manually. Don't forget to copy /etc/passwd before you edit it!
   • Keep track of the steps you took and methods you used.
   • Did you chose the best methods or is there a better way to do this?
5. Add the appropriate aging controls to the account.
   (Note: If you are using Linux, skip this section!)
   • The password is good for a maximum of three months.
   • It must exist for ten days before it is changed.
   • The user begins receiving notices about needing to change the password a week before the expiration date.
   • The account can remain inactive for a month before it is disabled.
   • After a year the account expires.

Introduction to Security

1. Check to see how many programs there on the system that run SUID to root.
2. Look at the /etc/hosts.equiv file.
   • Add one of the other EdCert machines to that file.
   • Create an account on that machine. (In order for this to work the account must have the same UID as the one on the machine you were originally working on.)
   • From the second machine, log into the first machine. You should be able to log in without a password.
   • If this doesn't work, check and see which account you are using. hosts.equiv does not work with the root account.
   • Remove the machine from the /etc/hosts.equiv file.
   • Now move back to that machine and log into the first machine. This time you should be asked for a password.
3. Take a look at /etc/passwd and see which system accounts belong to UUCP.
4. Look at the /etc/syslog.conf file and see where syslog messages are sent. Take a look at those messages.
5. Using the account you created in the previous set of lab exercises, create an .rhosts file in the accounts home directory.
   • Put an entry for your host in that file.
   • Now log in and see if you can use that accounts home directory.
   • Now remove the 'mnotreal' account that you created in the previous exercise.