Systems Security Administration

COIT20266 Systems Security Administration
Week 04 [1]
COIT20266 – Systems Security Administration
Week 04 – Users and Security
This week we learn the basics of access control, how to add new
users and a way to share our filesystem so it can be accessed by
other systems.
We will be using Samba to share our filesystem. This may not be
the best way to allow remote access to filesystems in many cases,
but it allows us to work through the configuration process which
is helpful in understanding what is required for remote access in
general. We will be able to ‘connect’ to our systems filesystem,
from our desktop, using a network share.
No supporting installation guide is provided this week – we are
asked to install and configure Samba ourselves. Expect this to
take some time and remember, we are using a Virtual environment –
it costs nothing to create a test clone to work through the
process, if something goes wrong we can simply delete that clone
and create another one.
Summary
Software we need to install
* Samba (www.samba.org, help.ubuntu.com/community/Samba) –
providing support for cross-platform file and printer sharing with
Microsoft Windows.
Chapters we need to read
* 04 – Access Control and Rootly Powers
* 07 – Adding New Users
* 30 – Cooperating with Windows

COIT20266 Systems Security Administration
Week 04 [2]
Tasks
Readings
Read all of the recommended chapters before installing the
software or attempting the assessment items. The readings will
give us some background information that should help in
understanding the access control and permissions required for our
system and details of what is involved in adding new users to our
system.
Read through the assessment items before making any changes.
Assessment
1. List and describe a sequence of commands that modifies another
user’s password entry, and show how you could cover your tracks
(i.e. leave no record that you did it). Assume you only have sudo
power (all commands allowed, but no shells or su).
[Source: Textbook E4.4]
2. Summarise the process of creating entries in your systems sudo
configuration file. The method used on Ubuntu is a little
different to those described in the textbook. Use ‘man’ to
research how it should be done. [Hint: you will need to know about
the /etc/sudoers.d directory.]
3. Submit a single user (not a pseudo-user) entry from your
/etc/shadow file and describe what each field represents.
4. Submit a list of the basic *manual* steps required to create a
new user.
5. Creating and deleting users:
a) Create a new user (donohoej) using the adduser script. The
user’s full name is “Jack Donohoe” [all other details should be
left blank]. Set the initial password to “[email protected]”. Capture
the output as you create the user and submit it. Once created,
login as Jack and try to view the /etc/shadow file (try sudo as
well) – what was the result and why?
b) Login as donohoej and create a file named ‘secrets’ in the
/tmp directory and then logout. Now delete the user donohoej
using the deluser script. What happened to the /tmp/secrets file?

COIT20266 Systems Security Administration
Week 04 [3]
What group and owner does it have? Submit a listing of the file
that shows the group and owner. [Leave the file as it is for
now.]
c) After deleting the user donohoej, create a new user with full
name “Edward Kelly”. Set the initial password to “[email protected]”.
Once the new user kellye has been created, submit a file listing
showing the group and owner of the /tmp/secrets file. Submit a
file listing of the subdirectories in the /home directory. Who
now owns the /tmp/secrets file and /home/donohoej directory and
all its files? What problems could this cause? How would you
prevent it?
6. Install and configure Samba to allow *home* directory sharing.
Create a list of the installation steps and configuration changes.
Submit your list and your configuration file [smb.conf]. Provide
a screenshot showing file access from your desktop to your server
home directory. Create a new file, samba.txt, in your home
directory, using your desktop file manager (Windows Explorer) and
submit a listing of the file from the server command line, showing
the group, owner and permissions of the samba.txt file. What
owner, group and permissions does this file have? Why?
[Setting up Samba for the first time can be very problematic. We
want you to try to do it yourself. Use the samba man pages to
help in the configuration. There are many traps, so if/when you
get stuck, use the course forum for help. Tip: you’ll also have
to use the smbpasswd command.]
How to submit:
Include all lists, answers etc. in a single Word document. Your
smb.conf file and Word document should be zipped up as
week04.zip.
Don’t submit it yet – it’s not due till Week 6.
Weeks 2,3,4 and 5 need to be submitted together and all are due in
Week-6. At that time you should zip up your weeks 2,3,4 and 5 zip
files as
Week2345.zip and submit it.