5.1 Lesson 1
Certificate: |
Linux Essentials |
---|---|
Version: |
1.6 |
Topic: |
5 Security and File Permissions |
Objective: |
5.1 Basic Security and Identifying User Types |
Lesson: |
1 of 1 |
Introduction
This lesson will focus on the basic terminology of the accounts, access controls and security of local Linux systems, the command line interface (CLI) tools in a Linux system for basic security access controls and the basic files to support user and group accounts, including those used for elementary privilege escalation.
Basic security in Linux systems is modeled after Unix access controls that, despite being nearly fifty years-old, are quite effective in comparison to some popular consumer operating systems of much newer lineage. Even some other, popular, Unix-based operating systems tend to “take liberties” that are focused on “ease-of-access,” while Linux does not.
Modern Linux desktop environments and interfaces simplify the creation and management of users and often automate the assignment of access controls when a user logs in — e.g., to the display, audio and other services — requiring virtually no manual system administrator intervention. However, it is important to understand the basic concepts of an underlying Linux operating system.
Accounts
Security involves many concepts, one of the most common being the general concept of access controls. Before one can tackle file access controls such as ownership and permissions, one must understand the basic concepts of Linux user accounts, which are broken out into several types.
Every user on a Linux system has an associated account which besides login information (like username and password) also defines how, and where, the user can interact with the system. Privileges and access controls define the “boundaries” within which each user can operate.
Identifiers (UIDs/GIDs)
The User and Group Identifiers (UIDs/GIDs) are the basic, enumerated references to accounts. Early implementations were limited 16-bit (values 0 to 65535) integers, but 21st century systems support 64-bit UIDs and GIDs. Users and groups are enumerated independently, so the same ID can stand for both a user and group.
Every user has not only an UID, but also a primary GID. The primary GID for a user can be unique to that user alone, and may end up not being used by any other users. However, this group could also be a group shared by numerous users. In addition to these primary groups, each user can be member of other groups, too.
By default on Linux systems, every user is assigned to a group with the same name as their username, and same GID as his UID. E.g., create a new user named newuser
and, by default, its default group is newuser
as well.
The Superuser Account
On Linux the superuser account is root
, which always has UID 0. The superuser is sometimes called the system administrator, and has unlimited access and control over the system, including other users.
The default group for the superuser has the GID 0
and is also named root
. The home directory for the superuser is a dedicated, top level directory, /root
, only accessible by the root
user himself.
Standard User Accounts
All accounts other than root
are technically regular user accounts, but on a Linux system the colloquial term user account often means a “regular” (unprivileged) user account. They typically have the following properties, with select exceptions:
-
UIDs starting at 1000 (4 digits), although some legacy systems may start at 500.
-
A defined home directory, usually a subdirectory of
/home
, depending on the site-local configuration. -
A defined login shell. In Linux the default shell is usually the Bourne Again Shell (
/bin/bash
), though others may be available.
If a user account does not have a valid shell in their attributes, the user will not be able to open an interactive shell. Usually /sbin/nologin
is used as an invalid shell. This may be purposeful, if the user will only be authenticated for services other than console or SSH access, e.g., Secure FTP (sftp
) access only.
Note
|
To avoid confusion, the term user account will only apply to standard or regular user accounts going forward. E.g., system account will be used to explain a Linux user account that is of the system user account type. |
System Accounts
System accounts are typically pre-created at system installation time. These are for facilities, programs and services that will not run as the superuser. In an ideal world, these would all be operating system facilities.
The system accounts vary, but their attributes include:
-
UIDs are usually under 100 (2-digit) or 500-1000 (3-digit).
-
Either no dedicated home directory or a directory that is usually not under
/home
. -
No valid login shell (typically
/sbin/nologin
), with rare exceptions.
Most system accounts on Linux will never login, and do not need a defined shell in their attributes. Many processes owned and executed by system accounts are forked into their own environment by the system management, running with the specified, system account. These accounts usually have limited or, more often than not, no privileges.
Note
|
From the standpoint of the LPI Linux Essentials, system accounts are UIDs <1000, with 2 or 3 digit UIDs (and GIDs). |
In general, the system accounts should not have a valid login shell. The opposite would be a security issue in most cases.
Service Accounts
Service accounts are typically created when services are installed and configured. Similar to system accounts, these are for facilities, programs and services that will not run as the superuser.
In much documentation, system and service accounts are similar, and interchanged often. This includes the location of home directories typically being outside of /home
, if defined at all (service accounts are often more likely to have one, compared to system accounts), and no valid login shell. Although there is no strict definition, the primary difference between system and service accounts breaks down to UID/GID.
- System account
-
UID/GID <100 (2-digit) or <500-1000 (3-digit)
- Service account
-
UID/GID >1000 (4+ digit), but not a “standard” or “regular” user account, an account for services, with an UID/GID >1000 (4+ digits)
Some Linux distributions still have pre-reserved service accounts under UID <100, and those could be considered a system account as well, even though they are not created at system installation. E.g., on Fedora-based (including Red Hat) Linux distributions, the user for the Apache Web server has UID (and GID) 48, clearly a system account, despite having a home directory (usually at /usr/share/httpd
or /var/www/html/
).
Note
|
From the standpoint of the LPI Linux Essentials, system accounts are UIDs <1000, and regular user accounts are UIDs >1000. Since the regular user accounts are >1000, these UIDs can also include service accounts. |
Login Shells and Home Directories
Some accounts have a login shell, while others do not for security purposes as they do not require interactive access. The default login shell on most Linux distributions is the Bourne Again Shell, or bash
, but other shells may be available, like the C Shell (csh
), Korn shell (ksh
) or Z shell (zsh
), to name a few.
A user can change his login shell using the chsh
command. By default the command runs in interactive mode, and displays a prompt asking which shell should be used. The answer should be the full path to the shell binary, like below:
$ chsh Changing the login shell for emma Enter the new value, or press ENTER for the default Login Shell [/bin/bash]: /usr/bin/zsh
You can also run the command in non-interactive mode, with the -s
parameter followed by the path to the binary, like so:
$ chsh -s /usr/bin/zsh
Most accounts have a defined home directory. On Linux, this is usually the only location where that user account has guaranteed write access, with some exceptions (e.g., temporary file system areas). However, some accounts are purposely setup to not have any write access to even their own home directory, for security purposes.
Getting Information About Your Users
Listing basic user information is a common, everyday practice on a Linux system. In some cases, users will need to switch users and raise privilege to complete privileged tasks.
Even users have the ability to list attributes and access from the command line, using the commands below. Basic information under limited context is not a privileged operation.
Listing the current information of a user at the command line is as simple as a two letter command, id
. The output will vary based on your login ID:
$ id uid=1024(emma) gid=1024(emma) 1024(emma),20(games),groups=10240(netusers),20480(netadmin) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
In the preceding listing, the user (emma
) has identifiers which breakdown as follows:
-
1024
= User ID (UID), followed by the username (common name aka login name) in parenthesis. -
1024
= the primary Group ID (GID), followed by the groupname (common name) in parenthesis. -
A list of additional GIDs (groupnames) the user also belongs to.
Listing the last time users have logged into the system is done with the command last
:
$ last emma pts/3 ::1 Fri Jun 14 04:28 still logged in reboot system boot 5.0.17-300.fc30. Fri Jun 14 04:03 still running reboot system boot 5.0.17-300.fc30. Wed Jun 5 14:32 - 15:19 (00:46) reboot system boot 5.0.17-300.fc30. Sat May 25 18:27 - 19:11 (00:43) reboot system boot 5.0.16-100.fc28. Sat May 25 16:44 - 17:06 (00:21) reboot system boot 5.0.9-100.fc28.x Sun May 12 14:32 - 14:46 (00:14) root tty2 Fri May 10 21:55 - 21:55 (00:00) ...
The information listed in columns may vary, but some notable entries in the preceding listing are:
-
A user (
emma
) logged in via the network (pseudo TTYpts/3
) and is still logged in. -
The time of current boot is listed, along with the kernel. In the example above, about 25 minutes before the user logged in.
-
The superuser (
root
) logged in via a virtual console (TTYtty2
), briefly, in mid-May.
A variant of the last
command is the lastb
command, which lists all the last bad login attempts.
The commands who
and w
list only the active logins on the system:
$ who emma pts/3 2019-06-14 04:28 (::1) $ w 05:43:41 up 1:40, 1 user, load average: 0.25, 0.53, 0.51 USER TTY LOGIN@ IDLE JCPU PCPU WHAT emma pts/3 04:28 1:14m 0.04s 0.04s -bash
Both commands list some of the same information. For example, one user (emma
) is logged in with a pseudo TTY device (pts/3
) and the time of login is 04:28.
The w
command lists more information, including the following:
-
The current time and how long the system has been up
-
How many users are connected
-
The load averages for the past 1, 5 and 15 minutes
And the additional information for each active user session.
-
Select, total CPU utilization times (
IDLE
,JCPU
andPCPU
) -
The current process (
-bash
). The total CPU utilization time of that process is the last item (PCPU
).
Both commands have further options to list various, additional information.
Switching Users and Escalating Privilege
In an ideal world, users would never need to escalate privilege to complete their tasks. The system would always “just work” and everything would be configured for various access.
Luckily for us, Linux — out-of-the-box — works like this for most users who are not system administrators, despite always following the least privilege security model.
However, there are commands that allow for privilege escalation when needed. Two of the most important ones are su
and sudo
.
On most Linux systems today, the su
command is only used for escalating privileges to root, which is the default user if a username is not specified after the command name. While it can be used to switch to another user, it is not good practice: users should login from another system, over the network, or physical console or terminal on the system.
emma ~$ su - Password: root ~#
After entering the superuser (root
) password, the user has a superuser shell (notice the #
at the end of the command prompt) and is, for all intents and purposes, the superuser (root
).
Sharing passwords is a very bad security practice, so there should be very few, if any, need for the su
command in a modern Linux system.
The dollar symbol ($
) should terminate the command line prompt for a non-privileged user shell, while the pound symbol (#
) should terminate the command line prompt for the superuser (root
) shell prompt. It is highly recommend that final character of any prompt never be changed from this “universally understood” standard, since this nomenclature is used in learning materials, including these.
Warning
|
Never switch to the superuser ( |
What is the biggest issue with using su
to switch to the superuser (root
)? If a regular user’s session has been compromised, the superuser (root
) password could be captured. That’s where “Switch User Do” (or “Superuser Do”) comes in:
$ cat /sys/devices/virtual/dmi/id/board_serial cat: /sys/devices/virtual/dmi/id/board_serial: Permission denied $ sudo cat /sys/devices/virtual/dmi/id/board_serial [sudo] password for emma: /6789ABC/
In the preceding listing, the user is attempting to look up the serial number of their system board. However, the permission is denied, as that information is marked privileged.
However, using sudo
, the user enters his own password to authenticate who he is. If he has been authorized in the sudoers
configuration to run that command with privilege, with the options allowed, it will work.
Tip
|
By default, the first authorized |
Access Control Files
Nearly all operating systems have a set of places used to store access controls. In Linux these are typically text files located under the /etc
directory, which is where system configuration files should be stored. By default, this directory is readable by every user on the system, but writable only by root
.
The main files related to user accounts, attributes and access control are:
/etc/passwd
-
This file stores basic information about the users on the system, including UID and GID, home directory, shell, etc. Despite the name, no passwords are stored here.
/etc/group
-
This file stores basic information about all user groups on the system, like group name and GID and members.
/etc/shadow
-
This is where user passwords are stored. They are hashed, for security.
/etc/gshadow
-
This file stores more detailed information about groups, including a hashed password which lets users temporarily become a member of the group, a list of users who can become a member of the group at and time and a list of group administrators.
Warning
|
These files are not designed to and should never be edited directly. This lesson only covers the information stored in these files, and not editing these files. |
By default, every user can enter /etc
and read the files /etc/passwd
and /etc/group
. And also by default no user, except root
, may read the files /etc/shadow
or /etc/gshadow
.
There are also files involved with basic privilege escalation on Linux systems, like on the commands su
and sudo
. By default, these are only accessible by the root
user.
/etc/sudoers
-
This file controls who can use the
sudo
command, and how. /etc/sudoers.d
-
This directory may contain files that supplement the settings on the
sudoers
file.
From the standpoint of the LPI Linux Essentials exam, just know the path and filename of the default sudo configuration file, /etc/sudoers
. Its configuration is beyond the scope of these materials.
Warning
|
Even though |
/etc/passwd
The file /etc/passwd
is commonly referred to as the “password file”. Each line contains multiple fields always delimited by a colon (:
). Despite the name, the actual one-way password hash is nowadays not stored in this file.
The typical syntax for a line on this file is:
USERNAME:PASSWORD:UID:GID:GECOS:HOMEDIR:SHELL
Where:
USERNAME
-
The username aka login (name), like
root
,nobody
,emma
. PASSWORD
-
Legacy location of the password hash. Almost always
x
, indicating that the password is stored in the file/etc/shadow
. UID
-
User ID (UID), like
0
,99
,1024
. GID
-
Default Group ID (GID), like
0
,99
,1024
. GECOS
-
A CSV list of user information including name, location, phone number. For example:
Emma Smith,42 Douglas St,555.555.5555
HOMEDIR
-
Path to the user’s home directory, like
/root
,/home/emma
, etc. SHELL
-
The default shell for this user, like
/bin/bash
,/sbin/nologin
,/bin/ksh
, etc.
For example, the following line describes the user emma
:
emma:x:1000:1000:Emma Smith,42 Douglas St,555.555.5555:/home/emma:/bin/bash
Understanding the GECOS Field
The GECOS field contains three (3) or more fields, delimited by a comma (,
), aka a list of Comma Separated Values (CSV). Although there is no enforced standard, the fields are usually in the following order:
NAME,LOCATION,CONTACT
Where:
NAME
-
is the user’s “Full Name”, or the “Software Name” in the case of a service account.
LOCATION
-
is usually the user’s physical location within a building, room number or the contact department or person in the case of a service account.
CONTACT
-
lists contact information such as home or work telephone number.
Additional fields may include additional contact information, such as a home number or e-mail address. To change the information on the GECOS field, use the chfn
command and answer the questions, like below. If no username is provided after the command name, you will change information for the current user:
$ chfn Changing the user information for emma Enter the new value, or press ENTER for the default Full Name: Emma Smith Room Number []: 42 Work Phone []: 555.555.5555 Home Phone []: 555.555.6666
/etc/group
The /etc/group
file contains fields always delimited by a colon (:
), storing basic information about the groups on the system. It is sometimes called the “group file”. The syntax for each line is:
NAME:PASSWORD:GID:MEMBERS
Where:
NAME
-
is the group name, like
root
,users
,emma
, etc. PASSWORD
-
legacy location of an optional group password hash. Almost always
x
, indicating that the password (if defined) is stored in the file/etc/gshadow
. GID
-
Group ID (GID), like
0
,99
,1024
. MEMBERS
-
a comma-separated list of usernames which are members of the group, like
jsmith,emma
.
The example below shows a line containing information about the students
group:
students:x:1023:jsmith,emma
The user does not need to be listed in the members field when the group is the primary group for a user. If a user is listed, then it is redundant — i.e., there is no change in functionality, listed or not.
Note
|
Use of passwords for groups are beyond the scope of this section, however if defined the password hash is stored in the file |
/etc/shadow
The following table lists the attributes stored in the file /etc/shadow
, commonly referred to as the “shadow file”. The file contains fields always delimited by a colon (:
). Although the file has many fields, most are beyond the scope of this lesson, other than the first two.
The basic syntax for a line on this file is:
USERNAME:PASSWORD:LASTCHANGE:MINAGE:MAXAGE:WARN:INACTIVE:EXPDATE
Where:
USERNAME
-
The username (same as
/etc/passwd
), likeroot
,nobody
,emma
. PASSWORD
-
A one-way hash of the password, including preceding salt. For example:
!!
,!$1$01234567$ABC…
,$6$012345789ABCDEF$012…
. LASTCHANGE
-
Date of the last password change in days since the “epoch”, such as
17909
. MINAGE
-
Minimum password age in days.
MAXAGE
-
Maximum password age in days.
WARN
-
Warning period before password expiration, in days.
INACTIVE
-
Maximum password age past expiration, in days.
EXPDATE
-
Date of password expiration, in days since the “epoch”.
In the example below you can see a sample entry from the /etc/shadow
file. Note that some values, like INACTIVE
and EXPDATE
are undefined.
emma:$6$nP532JDDogQYZF8I$bjFNh9eT1xpb9/n6pmjlIwgu7hGjH/eytSdttbmVv0MlyTMFgBIXESFNUmTo9EGxxH1OT1HGQzR0so4n1npbE0:18064:0:99999:7:::
The “epoch” of a POSIX system is midnight (0000), Universal Coordinate Time (UTC), on Thursday, January 1st, 1970. Most POSIX dates and times are in either seconds since “epoch”, or in the case of the file /etc/shadow
, days since “epoch”.
Note
|
The shadow file is designed to be only readable by the superuser, and select, core system authentication services that check the one-way password hash at login or other authentication-time. |
Although different authentication solutions exist, the elementary method of password storage is the one-way hash function. This is done so the password is never stored in clear-text on a system, as the hashing function is not reversible. You can turn a password into a hash, but (ideally) it is not possible to turn a hash back into a password.
At most, a brute force method is required to hash all combinations of a password, until one matches. To mitigate the issue of a password hash being cracked on one system, Linux systems use a random “salt” on each password hash for a user. So the hash for a user password on one Linux system will usually not be the same as on another Linux system, even if the password is the same.
In the file /etc/shadow
, the password may take several forms. These forms typically include the following:
!!
-
This means a “disabled” account (no authentication possible), with no password hash stored.
!$1$01234567$ABC…
-
A “disabled” account (due to the initial exclamation mark), with a prior hash function, hash salt and hash string stored.
$1$0123456789ABC$012…
-
An “enabled” account, with a hash function, hash salt and hash string stored.
The hash function, hash salt and hash string are preceded and delimited by a dollar symbol ($
). The hash salt length must be between eight and sixteen (8-16) characters. Examples of the three most common are as follows:
$1$01234567$ABC…
-
A hash function of MD5 (
1
), with an example hash length of eight. $5$01234567ABCD$012…
-
A hash function of SHA256 (
5
), with an example hash length of twelve. $6$01234567ABCD$012…
-
A hash function of SHA512 (
6
), with an example hash length of twelve.
Note
|
The MD5 hash function is considered cryptographically insecure with today’s (2010s and later) level of ASIC and even general computing SIMD performance. E.g., the US Federal Information Processing Standards (FIPS) does not allow MD5 to be used for any cryptographic functions, only very limited aspects of validation, but not the integrity of digital signatures or similar purposes. |
From the standpoint of the LPI Linux Essentials objectives and exam, just understand the password hash for a local user is only stored in the file /etc/shadow
which only select, authentication services can read, or the superuser can modify via other commands.
Guided Exercises
-
Consider the following output of the
id
command:$ id emma uid=1000(emma) gid=1000(emma) groups=1000(emma),4(adm),5(tty),10(uucp),20(dialout),27(sudo),46(plugdev)
In which files are the following attributes stored?
UID and GID
Groups
-
Additionally, in which file is the user password stored?
-
-
Which of the following types of cryptography is used by default to store passwords locally on a Linux system?
-
Asymmetric
-
One-way Hash
-
Symmetric
-
ROT13
-
-
If an account has a User ID (UID) enumerated under 1000, what type of account is this?
-
How can you get a list of the active logins in your system, and a count of them as well?
-
Using the
grep
command, we got the result below with information about the useremma
.$ grep emma /etc/passwd emma:x:1000:1000:Emma Smith,42 Douglas St,555.555.5555,:/home/emma:/bin/ksh
Fill in the blanks of the chart with the appropriate information using the output of the previous command.
Username
Password
UID
Primary GID
GECOS
Home Directory
Shell
Explorational Exercises
-
Compare the results of
last
tow
andwho
. What details are missing from each of the commands compared to one another? -
Try issuing the commands
who
andw -his
.-
What information has been removed from the output of the
w
command with the “no header” (-h
) and “short” (-s
) options? -
What information has been added in the output the
w
command with the “ip address” (-i
) option?
-
-
Which file is the file that stores a user account’s one-way password hash?
-
Which file contains the list of groups a user account is a member of? What logic could be used to compile a list of a groups a user account is a member of?
-
One or more (1+) of the following files are not readable by regular, unprivileged users, by default. Which ones?
-
/etc/group
-
/etc/passwd
-
/etc/shadow
-
/etc/sudoers
-
-
How would you change the current user’s login shell to the Korn Shell (
/usr/bin/ksh
) in non-interactive mode? -
Why is the home directory of the
root
user not placed within/home
directory?
Summary
In this lesson we have discovered the Linux user and group databases. We have learned the most important properties of users and groups, including their names and their numeric IDs. We have also investigated how password hashing works on Linux and how users are assigned to groups.
All of this information is stored in the following four files, which provide the most basic, local security access controls on a Linux system:
/etc/passwd
-
All system-local user account POSIX attributes, other than password hash, readable by all.
/etc/group
-
All system-local group account POSIX attributes, readable by all.
/etc/shadow
-
All system-local user password hashes (and expiration information), unreadable by any (only select processes).
/etc/sudoers
-
All system-local privilege escalation information/allowance by the
sudo
command.
The following commands were discussed in this lesson:
id
-
List real (or effective) user and group IDs.
last
-
List users who logged in last.
who
-
List users who are currently logged in.
w
-
Similar to
who
but with additional context. su
-
Switch to another user with a login shell, or run commands as that user, by passing that user’s password.
sudo
-
Switch User (or Superuser) Do, if entitled, the current user enters their own password (if required) to raise privilege.
chsh
-
Change a user’s shell.
chfn
-
Change the user’s information on the GECOS field.
Answers to Guided Exercises
-
Consider the following output of the
id
command:$ id emma uid=1000(emma) gid=1000(emma) groups=1000(emma),4(adm),5(tty),10(uucp),20(dialout),27(sudo),46(plugdev)
In which files are the following attributes stored?
UID and GID
/etc/passwd
Groups
/etc/group
-
Additionally, in which file is the user password stored?
The hashed user password is stored in
/etc/shadow
.
-
-
Which of the following types of cryptography is used by default to store passwords locally on a Linux system?
By default, a one-way hash is used to store passwords.
-
If an account has a User ID (UID) enumerated under 1000, what type of account is this?
Accounts with a UID lower than 1000 generally are system accounts.
-
How can you get a list of the active logins in your system, and a count of them as well?
Use the
w
command. Besides a list of all active logins, it will also show information like how many users are logged in, along the system load and uptime. -
Using the
grep
command, we got the result below with information about the useremma
.$ grep emma /etc/passwd emma:x:1000:1000:Emma Smith,42 Douglas St,555.555.5555,:/home/emma:/bin/ksh
Fill in the blanks of the chart with the appropriate information using the output of the previous command.
Username
emma
Password
x
- should always bex
for a valid, active user loginUID
1000
Primary GID
1000
GECOS
Emma Smith,42 Douglas St,555.555.5555
Home Directory
/home/emma
Shell
/bin/ksh
Answers to Explorational Exercises
-
Compare the results of
last
tow
andwho
. What details are missing from each of the commands compared to one another?The
w
andwho
tools only list current users logged into the system, whereaslast
also lists users that have disconnected. Thew
command lists system utilization, whilewho
does not. -
Try issuing the commands
who
andw -his
.-
What information has been removed from the output of the
w
command with the “no header” (-h
) and “short” (-s
) options?The header is not printed, which is useful for parsing, and the login time and select CPU information is not listed, respectively.
-
What information has been added in the output the
w
command with the “ip address” (-i
) option?This prints the IP address, instead of attempting DNS resolution, printing the hostname. This option to
w
better matches the default output of thelast
command.
-
-
Which file is the file that stores a user account’s one-way password hash?
The file
/etc/shadow
stores a user account’s one-way password hash, since it is not readable by a regular, unprivileged user account, unlike file/etc/passwd
. -
Which file contains the list of groups a user account is a member of? What logic could be used to compile a list of a groups a user account is a member of?
The file
/etc/group
has a CSV list of usernames in the last field, “members”, of any line for a group.Any line in the file
/etc/group
where the user is listed in the final field, “members”, would mean the user is a member of that group — assuming it is correctly formatted (CSV delimited). Additionally, the user’s primary group membership in the/etc/passwd
file will also have a matching entry in the/etc/group
file for both the group name and GID. -
One or more (1+) of the following files are not readable by regular, unprivileged users, by default. Which ones?
-
/etc/group
-
/etc/passwd
-
/etc/shadow
-
/etc/sudoers
The files
/etc/shadow
and/etc/sudoers
are not readable by default, except by select services or the superuser. These answers will be customized, based on the systems and usernames used in the laboratory.
-
-
How would you change the current user’s login shell to the Korn Shell (
/usr/bin/ksh
) in non-interactive mode?$ chsh -s /usr/bin/ksh
-
Why is the home directory of the
root
user not placed within/home
directory?Because the
root
account is required to troubleshoot and fix errors, which might include file system issues related to the/home
directory. In such cases,root
should be fully functional even when the/home
file system is not available yet.