Lab: Passwords.

Step 1: The Password Files

Before you start, you should
- Have a copy of the RootlyPowers virtual machine Rootly.ova
- Understand how to use the sudo command.
- Understand basic file permissions (rootly lab)
Remember, make notes on new commands you encounter.
We will be changing the machine in this lab, some of these changes might break the machine.
- Therefore, we will start off by duplicating an existing machine.
- Documentation on Snapshots.
- A snapshot allows you to save the current "state" of a machine.
  - You can change the machine however you wish and then revert to a previous snapshoot.
- To take a snapshot of a powerd down machine
  - Left click on the list icon
  - This will bring up a three item menu, select snapshots
  - Click on the take button.
  - Name the snapshot.
- On a running machine
  - Click on Machine at the top left hand corner
  - Select Take Snapshot
- Managing snapshots shold be fairly easy from here.
- To restore a snapshot
  - The machine must be off
  - Go to the snapshot view
  - Click on the state you want back.
  - Click on restore.
  - Start the machine.
- Save a start version of the macine, powered off.
- Start the machine and save a version with several windows open.
- Switch between the two.
Cloning the machine
- This will make a copy of the virtual machine.
- In the VirtualBox Manager
- The machine must be turned off.
- Right click on the machine
  - Select clone
  - Rename the machine to something new
  - Make a full clone.
  - Probably only clone the current machine state
    - Unless you want copies of the stored snapshots as well.
- Please make a clone of the Rootly machine called Passwords.
Start the Passwords virtual machine and log in as bob, password bob.
- Start a terminal or two.
Throughout this exercise you will be changing users from Bob to other users.
- Generally when a step is complete, you should exit the other user's shell and return to bob.
- id or whoami is very helpful to see who you are.
- But we will break those before the lab is over.
Investigating the password file.
- On stand alone modern *nix systems the password file is kept in two locations
  - /etc/passwd is the main password file
  - /etc/shadow holds the passwords and some other information.
- Look at the permissions on each of these files. (ls -l)
  - The password file needs to be readable by everyone.
  - The shadow file is only accessible to root.
  - Look at the permissions of these files and verify this.
- Look at the contents of the password file. (cat or more)
  - It contains information that all users need access to.
    - Each line represents a user on the system.
  - This is a colon separated file
    - Fields on a line are separated by a :
  - Look at the man page for passwd
    - Try man passwd.
      - What man page came up?
    - Try man -k passwd
      - What does this show?
      - try apropos passwd
    - Where there are several man entries with the same name, you can use the number
    - try man 5 passwd
  - The format is
    1. The user name
    2. An x, this field held the encrypted password at one time in history.
    3. The user id associated with the user name
    4. The default group id for the user
    5. A field called the gcos field
      - This is a comma separated field
      - This normally contains a user name,
      - But it can hold other information
    6. The user's home directory.
    7. The user's default shell.
Look at the contents of the shadow file
- You will need to be root to do this. (sudo more /etc/shadow)
- This is also a colon separated file. (man shadow
  - The first field is again the user name.
  - The next field is password hash.
    - If this contains an x, * or is empty, the account has no password
    - Otherwise it contains the encrypted password
  - The other fields are related to account aging and password maintenance.
    - These are unimportant at this time.

Notice that bob, alice and john all have password file entries.

You can do this with cat or more.
You can also try grep
- grep is a cool tool that will given a pattern will search a file for that pattern.
- (man grep)
- grep bob /etc/passwd
- sudo grep bob /etc/shadow

Add a user

most modern systems have a adduser command.
- This takes a username and, if possible adds that user to the system.
- The program is careful to
  - Modify the /etc/passwd, /etc/group, /etc/shadow, /etc/gshadow and other system file correctly
    - Breaking these files will disable accounts, or possibly break the system.
  - Make sure duplicate accounts are not created.
  - Perform other checks
Before you create an account for sue
- Make sue's password sue
- You will be asked some questions,
  - answer all of them with something.
  - Answer them with something different (they can be text)
Run sudo adduser sue
- Why do you need to run useradd using sudo?
Notice, this
- Will set up an account for sue.
- Look at /etc/passwd and /etc/shadow
  - grep sue /etc/passwd
  - sudo grep sue /etc/shadow