Archive for the tag 'Accounts'

Simplifying Setup of User Accounts in Plesk

Before you start signing up new users for your services, you should create account configuration presets, referred to as reseller account templates and client account templates. They will simplify setting up user accounts for new customers. The templates cover all resource usage allotments, permissions and limits that you can define for a user account. There are predefined reseller account and client account templates: You can modify them as required and use them, or you can create your own templates. The default templates cannot be removed.

To create a reseller account template:

1. Go to Resellers > Reseller Account Templates > Create Reseller Account Template.

Click OK to complete creation of a template.

During setup of a new reseller account, you will select the required template and the account will be created and allocated the resources you defined.

To create a client account template:

1. Go to Clients > Client Account Templates > Create Client Account Template.

Click OK to complete creation of a template.

During setup of a new user account, you will select the required template and the account will be created and allocated the resources you defined.

SBDavid

Checking for Unlocked Accounts

Checking for Unlocked Accounts

It is important that all system and vendor accounts that are not used for logins are locked.

To get a list of unlocked accounts on your system, you can check for accounts that do NOT have an encrypted password string starting with “!” or “*” in the /etc/shadow file. If you lock an account using passwd -l, it will put a ‘!!’ in front of the encrypted password, effectively disabling the password.

If you lock an account using usermod -L, it will put a ‘!’ in front of the encrypted password. Many system and shared accounts are usually locked by default by having a ‘*’ or ‘!!’ in the password field which renders the encrypted password into an invalid string.

~$ sudo egrep -v ‘.*:\*|:\!’ /etc/shadow | awk -F: ‘{print $1}’
root
buddies
nagios

Also make sure all accounts have a ‘x’ in the password field in /etc/passwd. The following command lists all accounts that do not have a ‘x’ in the password field:

# grep -v ‘:x:’ /etc/passwd

A ‘x’ in the password fields means that the password has been shadowed, i.e. the encrypted password has to be looked up in the /etc/shadow file. If the password field in /etc/passwd is empty, then the system will not lookup the shadow file and it will not prompt the user for a password at the login prompt.

All system or vendor accounts that are not being used by users, applications, by the system or by daemons should be removed from the system. You can use the following command to find out if there are any files owned by a specific account:

# find / -path /proc -prune -o -user [account] -ls

The -prune option in this example is used to skip the /proc filesystem. If you are sure that an account can be deleted, you can remove the account using the following command:

# userdel -r [account]

« Prev