== Investigation 8: Modifying users ==
{{Admon/note|Use fedora1centos1|Perform these steps in the '''fedora1centos1''' virtual machine.}}
# Read the man page for the usermod command. Note which options change the user's full name, primary group, supplementary groups, and shell.
# Add each of your new users to the group ops235 (in other words, add ops235 to each user as a supplementary group).
# Examine <code>/etc/group</code>. What has changed?
# Use the usermod command to associate each of your pod mates' full name to their user name, as shown in your text. With each change, examine their entries in the <code>/etc/passwd</code> file. What has changed?
# Be sure to record your observations in your lab notes.
<!-- == Investigation 13: Security Tip: Removing Unnecessary Users and Groups ==
{{Admon/note|Use fedora1|Perform these steps in the '''fedora1''' virtual machine.}}
The default Linux distribution installs many users and groups to the system for the purpose of running various services. You will rarely, if ever, need to run all of these services on a single server, and some are actually obselete for most systems. Servers tend to be specialized, for both performance and security reasons. For example, a web server would probably not be running as an email server and file server at the same time. While having all the possible user accounts installed by default makes it easier to set services up, it also increases the complexity of the machine. The more complex a system is, the more places it can fail, and hence its security is lessened. Therefore, we can increase our server's security by removing unnecessary users.
There is no set list of users we can safely remove. The requirements of each system varies greatly, and it is up to the administrator to know these requirements, and understand which accounts can be removed. However, the list we provide here can usually be removed, unless their services are specifically required.
# Before attempting the following, make backup copies of your /etc/passwd and /etc/group files, in case we delete a user or group that is essential to our system's operation.
# Carefully remove the following users from your system, if they exist:
#* games
#* gopher
#* lp (if no printer is installed)
#* news
#* nfsnobody
#* nscd (if not using nscd)
#* uucp
# Carefully remove the following groups from your system, if they exist:
#* games
#* gopher
#* lp (if no printer is installed)
#* news
#* nfsnobody
#* nscd (if not using nscd)
#* uucp -->
= Completing the lab =
