usermod -L <user>
lock user account
usermod -U <user>
Unlock user account
system-config-authentication requires
authconfig-gtk
LDAP configuration yum dependencies
sssd krb5-workstation nss-pam-ldapd
ipa configuration (client)
ipa-client-install
Join AD
install realmd
realm discover domain.example.com
realm join domain.example.com
realm permit --realm domain.example.com --all
OR
realm permit --realm domain.example.com DOMAIN\\Alicia DOMAIN\\Cao
join IPA domain
Install ipa-client
ipa-client-install --domain=serverx.example.domain --no-ntp --mkhomedir
Enter admin account when prompted
u+s
Files executes as user that owns the file
4
g+s
File executes as the group that owns the file
2
o+t
Sticky - users with write can remove files they own, not files created by other users
1
default umask set in or /home/user/.bashrc
/etc/bashrc
umask <umask>
chage -d 0 <user>
Require password reset on next login
+ in permissions
indicates ACL
getfacl
list acl
getfacl group
Show MASK settings; not group-owner settings
mask::rw-
List maximum permissions for all users
other::---
All others have no permissions
setfacl -m u:name:rX <file>
X allows directory search
setfacl -m o::- <file>
no permissions for others
setfacl -x
remove acl
setfacl -b
Delete all ACLs
setfacl -Rm
recursive set
setfacl -m d:u:<user>:- <dir>
Set default permissions for user
setfacl -m d:g:<group>:rwx <dir>
Set default permissions for group