1z0-821 Oracle Solaris 11 System Administration – Administering User Accounts Part 2
4. Setting Up User Accounts
Now that we’ve talked about user accounts in detail, let’s look at how to set them up. Now, Oracle Solaris Eleven, as it came out from Oracle, did not have the builtin GUI that normal Linux and Unix distributions have, that was used for administering user accounts and groups. And this was kind of strange. All you could do was administer from the command line unless you downloaded a third party utility. Now, another strange thing happened is while we were producing this particular tutorial, solaris Eleven one released. And of course we wanted to incorporate any changes that were in there between eleven and eleven one just for you. So lo and behold, in there as one of the changes is a Gui you can use to administer user accounts and groups. Now, we’ve included any changes that were in Solaris Eleven one just for you, just in case you see them on the exam.
But essentially not much has changed and you probably won’t see too much changed for the exam as well, but just in case they’re in there. Now, how you would traditionally set up user accounts is using the command line utilities, and of course, these are included in Solaris Eleven, and we’ll show you those as well, along with the GUI. Now, most of these user account management commands are located in a directory called USR SBIN. And there’s a few commands that we’ll go over during this particular session. Some we won’t until another session, and you’ll get to know them fairly well and you need to practice them for the exam just to go over a few of them with you.
There’s the command to add users, and that’s basically user ad command to add groups, and that’s group ad the command to remove a user, user dell the command to remove a group, group dell the command to set a user’s password is password. And the command you’ll probably use most often to modify characteristics of a user account is user mod. Let’s go ahead and take a look at setting up a user account in both the GUI and the command line utilities. All right, we’re back in Solaris Eleven, and the first thing I want to show you is the new GUI for user management. And if we go into system administration, we’ll see a new icon down here, user Manager. And once we go into this, you can see that there’s a couple of accounts created. One thing I want to point out right here is that it tells me what my username is for the purposes of performing this action. Now there’s an unlocked icon here, and that tells me that I’m authorized to perform these changes.
If there’s something that I get into in a different panel or something, it will be locked if I’m not authorized to. And I could click that to log in using the appropriate role or user. We show two users here. Let’s go ahead and click on a new user and we’re just going to create just a basic new user. We’re going to call this user Barbara and we can put her full name. And if we leave the user ID field blank, one will automatically be assigned. Same thing with group. If we were to leave that blank, one would automatically be assigned and it would be the default staff, although there are several you could choose from. Let’s go ahead and leave it as the default. If we don’t specify home directory, one will be put in there and it typically is going to be home the username and we’ll go ahead and leave the login shell as the default. We’ll discuss login shells in a couple of sessions. We’re going to leave the password blank as well for right now. We’ll set that later.
So let’s say, okay, give it a few seconds and we should have a new user there. You can see that she’s been assigned a user ID of 60,006, a home directory, a login shell and a default group. Let’s close out this and go to the command line now. And what we want to do is go ahead and create another user using user ad and we’ll just call this user Ben. That’s all we needed to do. That was very easy. Now right now Ben doesn’t have a user or a password, so we could go password ben and it would prompt us for a new password and I’ll put that in there and it’ll ask us to repeat it and we could do the same thing for Barbara as well. Now one of the things we could also look at is different groups. And if we just go A groups right here, this shows us all the groups that root is in. But what if we want to add, say, Ben to a group? We could add a group. Let’s say that Ben backs up the system and that’s all he does. So we’ll call the group backups and then we’ll go ahead and add bin to that group and we’ve added bin to that group now so that’s actually easy to use these commands to add users and we’ll do a little bit more with user mod in a few sessions coming up. So that gives you some of the basic commands you can use to modify groups, set up user accounts, and also use the GUI for user management.
5. Managing User Accounts pt. 1
Now that we’ve looked at setting up user accounts, let’s talk a little bit about managing them. Now managing them basically involves several routine tasks that you could do on a day to day basis. Things like changing account information for a particular user, maybe changing their username or changing their full name, such as when someone gets married, for example. Also could mean changing passwords occasionally for users, and typically it will involve adding users to roles or assigning roles to users and adding users to groups. These are routine things that you would typically do. You also may do other things such as setting quotas and so forth, but we’ll talk about that in a session specifically devoted to user quotas. Now, there’s a few commands that we’ll look at. Primarily we’re going to look at the GUI user manager, but we’ll also look at the user mod command and that’s the primary command you’ll use to manage user accounts from the command line interface.
A couple of examples I’ve got on the screen here are role management. For example, adding a role to a user is user mod capital r, and adding a user to a group is usermod lowercase g. And we’ll take a look at some of the switches we can use with user mod here in a second. For now, let’s go ahead and look at the GUI user manager and look at managing user accounts in some of these roles. We’re in Solaris Eleven again and I’ve already brought up the user manager and I’ve got some users listed here that I’d like to go ahead and talk about. We created a user, Barbara earlier, and she’s got a username of Barbara User ID of 60,006. She belongs to the staff group by default, has a home directory and a shell. Now let’s look at some advanced settings just briefly. We see a few things here. We can add her to a root role if we want, or we can create another role for her.
We can also look at groups to add her to, and if we want, let’s go ahead and add her to the backups group. Let’s find it. Maybe we want her to be able to back up the system so we add her to that group. Or maybe the backups group has access to certain files that other groups don’t have. We also may add her to other groups such as probably Ops operations for example, so we can add her to those groups. We can look here at roles as well and add her to roles. I’m not going to add her to one right now because I’d like to create a role with less than root privileges. Another thing we look at is rights profiles. And these rights profiles are basically built when you create or alter a role. And things like this basic solaris user has certain granted rights to it and we can add those to her as well. And these are very basic things again, possibly looking at different directories, being able to manage very low level tasks and shutting the system down and so forth.
There are different roles that we can assign to her and different rights profiles. We also have authorizations here that we can assign as well. And we’ll talk about those authorizations a little bit later in the course when we discuss security. Let’s say okay to this. And the next thing I want to do is go ahead and change filters here. I want to actually go and click the filter button and it lets me edit instead of users, it’ll let me edit roles. So if I say okay to that right now, we only have one role built into the system and that’s the root role. Let’s go ahead and add a new role to this. When we create a role, we need to give it a name or description. I’m going to put something like backups and these people can back up the system and only that. And in the role ID, I can leave blank because one will be assigned automatically out of the pool of IDs that we have. Group I’ll leave alone home directory. It may or may not create one in the place that we think it may create one based upon where the system chooses to a default shell. Now, one thing you need to know about roles is you don’t typically log into them directly they’re assigned to you, but you do assign them a password.
So I’m going to assign a password to the role itself and say, okay, so I’ve created a backup role. Now let’s look at the advanced settings for that role and we see that we can be assigned to groups. It can also be assigned rights profiles, authorizations. So let me look at some rights profiles here and see what might appropriately apply to a backup role. We scroll down a little bit and we’ll see different roles here or rights profiles, rather things that we can do to the system. And we might want to add maintenance repair rights profiles to it. We might want to add media backup to it, media catalog and media restore. So now we have a role that has these different rights profiles. And these rights profiles basically are groupings of rights that are appropriate for a particular type of operation. So let’s say okay, and then if we want we can change our filter again.
Let’s go ahead and apply these changes really quick and then let’s change our filter again back to user and then let’s go back to Barbara advanced settings and we’re going to add her to that role. Now we have the role in there for her. Let’s add her. Now she can perform as that role. When she has to perform a task, she may be prompted for that role’s particular password. So she’ll have to know that and we say okay to that. And that’s basically looking at the user manager GUI. In the next session, we’ll look at the command line utility user mod.
6. Managing User Accounts pt. 2
To continue our discussion on modifying users. I’m still in the solaris eleven box and I’m at the command line interface. And the one thing I want to do first is to show you the different command options available with user mod. And I didn’t put a command in there, so it gave me the invalid syntax. But you can actually do that to see what switches are there. And you can choose from a wide variety of things. You can add groups, you can add roles, you can change login information and profile information. You can make a user account inactive or make it expire. You can give them a new login name, you can add authorizations. Now some of these we’ll talk about when we talk about security, so don’t get too wrapped up yet. If there’s some things on here you don’t understand just yet. We’re going to perform a couple of simple operations with user mod right here, just so you can kind of get the feel for how it works. One thing that I did earlier is I created a new role for backup operators.
Let’s see if we can see what that is. We added it to the user account, Barbara, and it’s called backup. So we want to add this same role to another user. So why don’t we add this to the Sam account and we use a capital R to do that. And we need to go ahead and add the role backup to the Sam account. We did that. So now if we went roles Sam, we could see that he’s been added to that. Now we also have different groups that we’ve created too. And we can add things like groups to users, obviously put them in groups. So in order to do that, you might say user mod g, and then you would get the group name. We’ll see Ops in this case and I’m going to give it to Ben or add him to that group rather. And so we can use user mod to manage user accounts, groups and roles interchangeably.
Now there are some commands that can be used to add roles. And as a matter of fact, if you use the role add command by itself, it tells you what you can do with the roles. You can add them, you can specify shells, you can create these authorizations for them and writes profiles and so forth. Now obviously it’s a little bit easier to do it in the GUI, and I would recommend that you use the GUI and play with it until you get comfortable with the actual tasks themselves and then experiment a good bit with things like user mod, roll, ad rodel and things like that. The user mod command obviously is very interactive. You can do a lot of different things with it and some administrators basically prefer to use it by itself. Now there’s other commands out here too, userdell, which deletes a user, although you could do that in the GUI if you like. Let’s delete the account.
Sam and it did just that. No issues about it does not prompt you. There are some switches that you can use with it and basically R will delete all the files and you can specify whether it is from a file on the local system, your local etsy password file which contains on the user accounts, or you can specify if it’s from an LDAP directory, a network wide LDAP directory. We haven’t discussed that yet either, but basically that would be from an LDAP database such as something like open. LDAP that Linux and Unix can use or from even active directory. You can even put a Solaris eleven box on an active directory network and use it to help administer active directory accounts, believe it or not. So there’s different things you can do to user accounts using user mod, definitely, and even user dell user ad. So there’s some command line utilities there for you if your command junkie to help you manage user accounts. But again, you’ve got the trusty old GUI if you need it. Now with Solaris eleven one.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »