Difference between revisions of "creating a new user on secureplatform via CLI"

Revision as of 21:45, 18 July 2013

The following instructions are performed using the root (Expert) account.

1) create user account with the standard linux useradd command...

[Expert@chkpfw]# useradd -d /home/username username

2) set the user password

[Expert@chkpfw]# /usr/bin/passwd username
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

*** note *** the full path is required in the above command because Check Point aliases passwd to...

alias passwd='/bin/expert_passwd'

If you fail to execute the passwd binary by using the full path, you most likely won't be setting the user password, but the expert password... which is actually the password for the root account

Example of the incorrect way to reset a user password from the root (Expert) account:

[Expert@chkpfw]# passwd john
Enter new expert password:          <<< if you see this prompt you messed up!

3) edit /etc/passwd...set UID and GUID to zero and default shell to /bin/cpshell. Failure to set the shell to cpshell will allow the user account root privileges immediately upon login. This would not be secure.

Example /etc/passwd line

before editing

john:x:1002:1002::/home/admin:/bin/bash

(what is should look like after editing)

john:x:0:0::/home/admin:/bin/cpshell

4) test you login with ssh. after a successful login, execute the "expert" command to gain root.