Password Management in Linux by using passwd command

 A password(commonly knows as passwd in linux) is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user. Typically, users of a multiuser or securely protected single-user system claim a unique name (called a user ID) that can be generally known. In order to verify that someone entering that user ID really is that person, a second identification, the password, known only to that person and to the system itself, is entered by the user. Most networks require that end users change their passwords on a periodic basis.

passwd command
The passwd command is used to create and change the password of a user account. A normal user can run passwd to change their own password, and a system administrator (the superuser ROOT) can use passwd to change another user’s password, or define how that account’s password can be used or changed.

PASSWD SYNTAX

passwd [OPTION] [USER]
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the named account (root only)
-u, --unlock unlock the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before password expiration
(root only)
-i, --inactive=DAYS number of days after password expiration when an account becomes 
disabled (root only)
-S, --status report password status on the named account (root only)
--stdin read new tokens from stdin (root only)

Change the password for Normal user

When you logged in as non-root user like anu in my case and run passwd command then it will reset password of logged in user.

[anu@linuxgosolution ~]$ passwd
Changing password for user anu.
Changing password for anu.
(current) UNIX password:
New password:
Retype new password:
passwd: 
all authentication tokens updated successfully.

When you logged in as root user and run passwd command then it will reset the root password by default and if you specify the user-name after passwd command then it will change the password of that particular user.

Display Password Status Information

To display password status information of a user , use -S option in passwd command.

[root@linuxgosolution ~]# passwd -S anu
anu PS 2016-04-21 0 99999 7 -1 (Password set, SHA512 crypt.)

In the above output first field shows the user name and second field shows Password status (PS = Password Set , LK = Password locked , NP = No Password ), third field shows when the password was changed and last & fourth field shows minimum age, maximum age, warning period, and inactivity period for the password.

we can display password status information for all users at a time by using the option –Sa

root@linuxgosolution:~# passwd -Sa

 

Removing Password of a User

we can remove the password for particular user by using option -d

[root@linuxgosolution ~]# passwd -d anu
Removing password for user anu.
passwd: Success
[root@linuxgosolution ~]#

Lock the password of System User

Use ‘-l‘ option in passwd command to lock a user’s password, it will add “!” at starting of user’s password. A User can’t Change it’s password when his/her password is locked.

[root@linuxgosolution ~]# passwd -l anu
Locking password for user anu.
passwd: Success

 

Unlock User’s Password using -u option

use -u option to unlock the user accounts locked by passwd -l option

[root@linuxgosolution ~]# passwd -u anu
Unlocking password for user anu.
passwd: Success

 

Setting inactive days using -i option

use -i option along with  passwd command to set inactive days for a system user. This will come into the picture when password of user  expired and user didn’t change its password in ‘n‘ number of days ( i.e 7 days in my case)  then after that user will not able to login.

[root@linuxgosolution ~]# passwd -i 7 anu
Adjusting aging data for user anu.
passwd: Success
[root@linuxgosolution ~]# passwd -S anu
anu PS 2016-04-21 0 99999 7 7 (Password set, SHA512 crypt.)
[root@linuxgosolution ~]#

 

Setting Minimum No.of Days to Change Password using passwd -n option

Using the option -n along with passwd command we can set the minimum number of days to change the password. A value of zero shows that user can change it’s password in any time.

[root@linuxgosolution ~]# passwd -n 90 anu
Adjusting aging data for user anu.
passwd: Success
[root@linuxgosolution ~]# passwd -S anu
anu PS 2016-04-21 90 99999 7 7 (Password set, SHA512 crypt.)
[root@linuxgosolution ~]#

Setting the  Warning days before password expire using passwd -w option

Using the option -w along with passwd can be used to set the warning days before the password expires.

[root@linuxgosolution ~]# passwd -w 30 anu
Adjusting aging data for user anu.
passwd: Success
[root@linuxgosolution ~]# chage -l anu
Last password change                                    : Apr 21, 2016
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 90
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 30
[root@linuxgosolution ~]#

Thanks
Gurpreet Singh

Linux Kernel configuration and build

Linux Kernel configuration and build  

In Last chapter we have got overview of Architecture of Linux kernel and basic subsystems of Linux kernel. Now question arise from where to Download the kernel and how to build a Linux Kernel. After Downloading the Linux Kernel we need to build Linux Kernel, If we want to install Linux kernel in any hardware . Before installing Linux Kernel in any hardware and booting,we need to do some kernel configuration according to that device. We will discuss various way of  kernel configuration in this tutorial.

Download Linux Kernel

Linux kernel is open source and maintained by Linux kernel community . Every member of this community keep on working for enhancement of Kernel. This community maintain kernel repository on https://www.kernel.org/ . Every contributor of Linux kernel updates there changes on this mainline kernel so that other can get the updated kernel. We can get Latest kernel from this site anytime without paying any charge for it.

Download kernel from:

https://www.kernel.org

From Kernel.org we get tar file of Linux kernel. So after downloading Linux kernel  first job we need to do is to uncompress the Kernel by following command 

tar -xvf kernel_name.tar.xz 

Linux kernel Configuration

Kernel which we get from Kernel.org is generic kernel which we can build and install on different hardware platform . But before building Linux kernel we need to customize or configure the Linux kernel or we can say we need to do some platform specific changes to port our linux kernel on our hardware platform.

For configuring the kernel go into root directory of Kernel uncompressed folder and use one of the following way of Kernel Configuration.

Linux kernel provides us various way of configuring the Linux Kernel. Following are  some method to configure the Linux kernel

1) make config

2) make menuconfig

3) make defconfig 

1) make config

make config is a character based questions answers session method in which kernel start asking character based question like whether to enable a particular setting or not. We have to answer according to our requirement.[caption id="attachment_31" align="alignnone" width="1336"] make config[/caption]

2) make menuconfig Linux provides a graphical view of configuring kernel , menuconfig. when we run above command we get a GUI on which we can see multiple kernel settings.For having this GUI we should have ncurses library installed in our system . If we haven't installed in our system we might come across following error

How to fix ncurses Error:download and install following library to fix this issue

1. $ sudo apt-get update
2. $ sudo apt-get install libncurses5-dev

After doing above step make menu config will run successfully and below screen appear.

3) make defconfig

When we download kernel form kernel.org , kernel comes with default configuration which is set by kernel maintainer. To create this default configuration give below command

$ make defconfig

How to Build a Linux Kernel

 As now we have done the basic setting required for building Linux kernel. Now final step is to build the Linux kernel. Below are the steps to build Linux kernel

1) Go to root directory of uncompressed kernel.

2) Give Make command

$ make

If our PC has multi core then we can use below command to improve the speed of kernel build .make -j4 here specify number of cores available present plus 1. by using this command we are forcing to use all the available cores for building the Kernel.

You Can also watch our Linux Device Drivers Video Tutorials for Better understanding

Introduction To Linux Kernel Architecture

This is the first chapter of Linux device driver Tutorials. In this tutorial we will discuss about Architecture of Linux Operating System, Architecture of Linux Kernel, Main Features of Linux , introduction to Linux kernel, Different subsystems of Linux kernel etc. This tutorial is for beginners who don't have idea about Linux operating system and Linux kernel. In embedded system its required that you should have knowledge of the operating system platform on which development has to be done. Without Development platform knowledge its hard to have expertise in Embedded systems. As this series of device driver tutorials is based on Linux platform so its must to understand basic fundamentals of Linux operating system and Linux kernel.

Introduction to Linux Operating System

 Linux is a Unix type operating system.
1) 1991: Linux kernel was written by Linus Torvalds in six months to overcome the limitation of his 80386 PC.
2) 1992: Linux released kernel under GNU general public license.
3) 1994: Linux 1.0.0 released.
4) 1995: GNU/Linux and free software developing in Internet servers.
5) 2002: Many industry started adopting Linux.
6) 2015: kernel version 4.0 released.

Linux OS Main Features

1) Portable
2) Open source
3) Multi-user
4) Hierarchical file system
5) Security
6) Memory Protection
7) Shared libraries

 

Linux Kernel Version Scheme

 Linux version is released as x.y.z.
1) Development version

• x:- release number
• y:- Odd number
• z:- identifies the exact release version number
• Example:- 2.5.54,2.7.56

  2) Stable version

• y:- even number
• Example:- 2.2.50,2.4.60

Architecture of Linux Operating System

 To protect data and functionality from fault or some unwanted access in linux, virtual memory is divided into user space and kernel space. User space and kernel space both consist multiple layers . Below is the layered architecture description of Linux operating system.

 

User space:- All the user application runs on User space.
Kernel Space:- Kernel space is the privilege space where mainly operating system kernel and device driver execute.
Gnu C-library:- This library expose APIs to user application which helps user application to interacts with kernel by using System calls.for example in our user space application we generally use printf() which is defined in C-lib and internally calls write() system call.
System Call Interface:-  System call interface provides the implementation of various System calls.
Kernel:- Below system call interface we have kernel code which is architecture independent code which is same for all the processor.
Device Driver:- Device driver is the program which actually interacts and controls the hardwares

Kernel Subsystems

Linux kernel basically composed of following subsystems.
1) Process Management
2) Memory Management
3) Virtual File System
4) Network Management
5) System Call Interface
1) Process Management :- This system has the responsibility of maintaining the execution of each process. Main part of process management subsystem is Schedule which control the scheduling or exiting of every process.
2) Memory Management:- This system maintain the system memory and control the memory request from each process. It manage virtual to physical translation of process. It's available  in /linux/mm.
3) Virtual File System :- This subsystem provides the abstraction APIs like open() , Read() and write() etc irrespective of type of file system. User doesn't need to worry about the file system types. VFS has the responsibility of passing the request of user to respective file system for which the request is raised by user application.
4) Network Stack:- It manage linux IP network or we can say everything related to network is managed by N/W subsystem.
5) System Call interface:- It provides an interface to the applications running in user space for getting the controlled access to hardware. This interface provides a mechanism by which applications can request operating system resources.

You Can also watch our Linux Device Drivers Video Tutorials for Better understanding

How to configure NAT(Network Address Translation) in Linux

NAT(Network Address Translation)

 

Network Address Translation (NAT) is a way to map an entire network (or networks) to a single IP address. NAT is necessary when the number of IP addresses assigned to you by your Internet Service Provider is less than the total number of computers that you wish to provide Internet access for.

How NAT Works

WAN = eth0 with public IP 14.139.85.12

LAN = eth1 with private IP 10.0.0.1/ 255.0.0.0

When a client on the internal network contacts a machine on the Internet, it sends out IP packets destined for that machine. These packets contain all the addressing information necessary to get them to their destination. NAT is concerned with these pieces of information: 

• Source IP address (for example, 10.0.0.69)
• Source TCP or UDP port (for example, 2132)

When the packets pass through the NAT gateway they will be modified so that they appear to be coming from the NAT gateway itself. The NAT gateway will record the changes it makes in its state table so that it can
i)reverse the changes on return packets and
ii) ensure that return packets are passed through the firewall and are not blocked.

 For example, the following changes might be made

• Source IP: replaced with the external address of the gateway (for example, 14.139.85.12) 
• Source port: replaced with a randomly chosen, unused port on the gateway (for example, 53136) 

Neither the internal machine nor the Internet host is aware of these translation steps. To the internal machine, the NAT system is simply an Internet gateway. To the Internet host, the packets appear to come directly from the NAT system; it is completely unaware that the internal workstation even exists. Translation of ICMP packets happens in a similar fashion but without the source port modification. 

IP Forwarding

Since NAT is almost always used on routers and network gateways, it will probably be necessary to enable IP forwarding so that packets can travel between network interfaces on the OpenBSD machine. IP forwarding is enabled using the sysctl mechanism:

# sysctl net.inet.ip.forwarding=1 

# echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf

Then you'll need to configure iptables to forward the packets from your internal network, on /dev/eth1, to your external network on /dev/eth0. You do this will the following commands: 

#iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

#iptables --append FORWARD --in-interface eth1 -j ACCEPT

 Apply the configuration by using the following command

 # systemctl restart iptables

In clients set the gateway ip address is your server internal address i.e 10.0.0.1