Hi Friends,
Today, we faced an issue like, we were resetting the user's password on the server. But every time we were not able to login into the server for some three to four users. the error was "access denied", Yes we had one ID, using that ID we were trying the resetting of password :) .
after trying multiple times even the IDs were locked out, then we unlocked them and reset again. but same access denied message appeared.
then we checked /var/adm/syslog/syslog.log file, there we saw user was getting message of authentication denied with /bin/false. With /bin/false shell the user can be made to never login into the server. and in our case this happened with a tool running at Security Team end. They run a tool which makes server's users login disabled or put the entry in /etc/passwd appending the user's 7th parameter i.e.shell. like it makes the entry :-
#grep ABC /etc/passwd
ABC:x:UID:GID:/home/ABC:System Admimn:/sbin/sh /bin/false
#
then with this the user will not be able to login until we correct it with.
#usermod -s /bin/bash or /sbin/sh ABC
#
after doing this we can login to the server or system.
Things which i have faced for user's access issues, please share with me also if my friends you have. Need to learn more about it.
a. Shell if not properly defined then user faces an issue in login.
b. if "passwd" after useradd command is not run then user will not be able to login.
c. Account is locked out. unlock the same with :-
#passwd -u ABC
d. Password should have a special character, a number, alphabets CAPS and small combination.
please avoid using easily crackable passwords like :-
a. India@123
b. Welcome123
etc. , Password should be combination of four things mentioned above.
e. Issue comes in Linux and HP UNIX servers when users do sudo su - and their password has "@" in their password or in root password then the system doesn't accept it and don't allow you to enter complete password.
f. There can be many errors related to AD authentication or NIS or LDAP. So we can discuss those later.
g. You should remember your password, and change the same timely and if its too critical then keep changing the password and weekly or twice a month.
h. Password expire, User expire, Account expires, we can use " chage -l "username" to check this.
There can be and should be many more, will keep sharing and updating. Please share your experience about User's management issues. so that everyone can know and learn.
=====
#faillog -r
this command is important to be run if we are using trusted system. we can run this command after unlocking or resetting of a user's password.
passwd -u "username"
will unlock the user's password. and to lock it back. we can use below command :-
passwd -l "username"
====
We faced an issue of only one user was not able to login in several other users. I mean to say that all users except one were able to login and we were getting error
"permission denied error on /var/log/btmp"
so checked the permission using :-
ls -ld
getfacl /var/log/btmp
owner should be root and utmp, permission should be 0600 or 0644. Both of these were working. Even after changing the permission that user was not able to login. so we ran faillog -r command after troubleshooting all parameters.
it worked.
so before troubleshooting any user related problem, Request to check if the server or system is trusted or not.
Love Sharing
Amit Chopra
Today, we faced an issue like, we were resetting the user's password on the server. But every time we were not able to login into the server for some three to four users. the error was "access denied", Yes we had one ID, using that ID we were trying the resetting of password :) .
after trying multiple times even the IDs were locked out, then we unlocked them and reset again. but same access denied message appeared.
then we checked /var/adm/syslog/syslog.log file, there we saw user was getting message of authentication denied with /bin/false. With /bin/false shell the user can be made to never login into the server. and in our case this happened with a tool running at Security Team end. They run a tool which makes server's users login disabled or put the entry in /etc/passwd appending the user's 7th parameter i.e.shell. like it makes the entry :-
#grep ABC /etc/passwd
ABC:x:UID:GID:/home/ABC:System Admimn:/sbin/sh /bin/false
#
then with this the user will not be able to login until we correct it with.
#usermod -s /bin/bash or /sbin/sh ABC
#
after doing this we can login to the server or system.
Things which i have faced for user's access issues, please share with me also if my friends you have. Need to learn more about it.
a. Shell if not properly defined then user faces an issue in login.
b. if "passwd" after useradd command is not run then user will not be able to login.
c. Account is locked out. unlock the same with :-
#passwd -u ABC
d. Password should have a special character, a number, alphabets CAPS and small combination.
please avoid using easily crackable passwords like :-
a. India@123
b. Welcome123
etc. , Password should be combination of four things mentioned above.
e. Issue comes in Linux and HP UNIX servers when users do sudo su - and their password has "@" in their password or in root password then the system doesn't accept it and don't allow you to enter complete password.
f. There can be many errors related to AD authentication or NIS or LDAP. So we can discuss those later.
g. You should remember your password, and change the same timely and if its too critical then keep changing the password and weekly or twice a month.
h. Password expire, User expire, Account expires, we can use " chage -l "username" to check this.
There can be and should be many more, will keep sharing and updating. Please share your experience about User's management issues. so that everyone can know and learn.
=====
#faillog -r
this command is important to be run if we are using trusted system. we can run this command after unlocking or resetting of a user's password.
passwd -u "username"
will unlock the user's password. and to lock it back. we can use below command :-
passwd -l "username"
====
We faced an issue of only one user was not able to login in several other users. I mean to say that all users except one were able to login and we were getting error
"permission denied error on /var/log/btmp"
so checked the permission using :-
ls -ld
getfacl /var/log/btmp
owner should be root and utmp, permission should be 0600 or 0644. Both of these were working. Even after changing the permission that user was not able to login. so we ran faillog -r command after troubleshooting all parameters.
it worked.
so before troubleshooting any user related problem, Request to check if the server or system is trusted or not.
Love Sharing
Amit Chopra
No comments:
Post a Comment