User and Group Administration
What is a user?
In Linux user is one who uses the system.
How many types of users available in Linux?
There are 5 types of users available in Linux.
(i) System user (Admin user who control the whole system nothing but root user).
(ii) Normal user (Created by the Super user. In RHEL - 7 the user id's from 1000 - 60000).
(iii) System user (Created when application or software installed ).
(In RHEL - 7 the System users are Static system user id's from 1 - 200 and Dynamic system user user id's from 201 - 999).
(iv) Network user (Nothing but remote user, ie., who are login to the system trough network created in Windows Active Directory or in Linux LDAP or NIS).
(v) Sudo user (The normal users who are having admin or Super user privileges)
What is user management?
User management means managing user.
ie., Creating the users, deleting the users and modifying the users.
What are fields available in /etc/passwd file?
<user name> : x : <uid> : <gid> : <comment> : <user's home directory> : <login shell>
(where 'x' means link to password file ie., /etc/shadow file)
What are fields available in /etc/shadow file?
user name : password : last changed : min. days : max. days : warn days : inactive days : expiry days : reserved for future
What are the files that are related to user management?
/etc/passwd -----> Stores user's information like user name, uid, home directory and shell ...etc.,
/etc/shadow ----> Stores user's password in encrypted form and other information.
/etc/group ------> Stores group's information like group name, gid and other information.
/etc/gshadow ---> Stores group's password in encrypted form.
/etc/passwd- ---> Stores the /etc/passwd file backup copy.
/etc/shadow- ---> Stores the /etc/shadow file backup copy.
/etc/default/useradd ----> Whenever the user created user's default settings taken from this file.
/etc/login.defs ----> user's login defaults settings information taken from this file.
/etc/skell ------> Stores user's all environmental variables files and these are copied from this directory to user's home directory.
In how many ways can we create the users?
(i) # useradd - <options><user name>
(ii) # adduser - <options><user name>
(iii) # newusers <file name> (In this file we have to enter the user details same as /etc/passwd file)
What is the syntax ofuseradd command with full options?
# useradd -u <uid> -g <gid> -G <secondary group> -c <comment> -d <home directory> -s <shell><user name>
Example : # useradd -u 600 -g 600 -G java -c "oracle user" -d /home/raju -s /bin/bash raju
What is the syntax of adduser command with full options?
# adduser -u <uid> -g <gid> -G <secondary group> -c <comment> -d <home directory> -s <shell><user name>
Example : # adduser -u 700 -g 700 -G linux -c "oracle user" -d /home/ram -s /bin/bash ram
What is the syntax of newuser command?
# newusers <file name> (This command will create multiple users at a time)
* When we execute this command new users will be created but their environmental files like
.bash_logout, .bash_profile, .bashrc and .bash_history files will not be copied from /etc/skell directory. So, we have to copied manually from /etc/skell directory.
What is the syntax of userdel command with full options?
# userdel <options><user name>
* The options are,
-f -----> forcefully delete
-r -----> recursively
How to check whether user is already created or not?
We can check in different ways.
(i) # id <user name> (It shows the user id group id and user name if that is already created)
(ii) # grep <user name> /etc/passwd
What is syntax of the usermod command with full options?
# usermod <options><user name>
* The options are, -L -----> lock the password
-U -----> unlock the password
-o ----->creates duplicate user modify the user's id same as other user
-u ----->modify user id
-g -----> modify group id
-G -----> modify or add the secondary group
-c -----> modify comment
-d -----> modify home directory
-s -----> modify user's login shell
-l -----> modify user's login name
-md ----> modify the users home directory and the old home directory
How to create the duplicate root user?
# useradd -o -u 0 -g root <user name>
How to recover if the user deleted by mistake?
# pwunconv (It creates the users according /etc/passwd file and deletes the /etc/shadow file)
What are the uses of .bash_logout, .bash_profile and .bashrc files?
.bash_logout : is a user's logout ending program file. It will execute first whenever the user is logout.
.bash_profile : is user's login startup program file. It will execute first whenever the user is login. It consists the user's environmental variables.
.bashrc : This file is used to create the user's custom commands and to specify the umask values for that user's only.
What is a group?
The collection of users is called a group. There are two types of groups.
Primary group : It will be created automatically whenever the user is created. User belongs to on group is called as primary group.
Secondary group : It will not create automatically. The admin user should be created manually and users belongs to more than one group is called secondary group. A user can be assigned to max. 16 groups.
ie., 1 primary group and 15 secondary groups.
What is the command to check the user belongs to how many groups?
# groups <user name>
What is the syntax to create the group?
# groupadd <options><group name>
The options -f -----> add the group forcefully
-g -----> group id no.
-o ----->non-unique (duplicate group id)
-p -----> group password
-r -----> system group
-R -----> root group
What is the syntax to modify the group?
# groupmod <options><group name>
The options -g ------> group id
-n ------> new name for existing one, ie., rename the group
-o ------> non-unique (duplicate group id)
-p ------> group passwd
-R ------>root group
What is syntax to delete the group?
# groupdel <group name> (to delete the group without options)
# groupdel -R <group name> (to delete the group and apply changes to the root directory)
How to assign the password to the group?
# gpasswd <group name> (to assign a password to the group without any options)
# gpasswd <options><group name>
The options -a ------>add users to the group
-d ------> delete the user from the group
-r ------> remove the group password
-R ------> restrict to access that group
-A ------> set the list of Administrative users
-M ------> set the list of group members
How add 45 days to the current system date?
# date -d "+ 45 days"
Explain the sudo user?
- Sudoers (nothing but sudo users) allows particular users to run various root user commands without needing a root password.
- /etc/sudoers is the configuration file for sudoers to configure the normal user as privileged user.
-It is not recommended to open this file using # vim editor because this editor cannot check the syntax by default and whatever we typed in that file that will blindly save in this file.
-So, one editor is specially available for opening this file, i.e.,
# visudo and all normal users cannot execute this command.
Only root user can run this command.
How to give different sudo permissions to normal users?
Open the /etc/sudoers file by executing
#visudo command and go to line no. 98 and type as
<User name> <Machine>= <Command>
root ALL=(ALL) ALL
raju All= ALL
----Save and exit this file.
Note : When we trying to save this file if any syntax errors in this file, those errors are displayed with line no's and What you do ? (will be displayed, here press 'e' to edit this file and modify those errors or mistakes and save this file.
# su - raju (to switch to raju user)
# sudo useradd <useradd> (The normal user raju can also add the users to the system)
* We can assign sudo permissions to 'n' no. of users by specifying names separated by commas ( , ) or line by line.
* Instead of giving all permissions to normal user we can give only some commands.
Example : student ALL=/usr/sbin/useradd, /usr/sbin/usermod
raju ALL=NOPASSWD:/usr/sbin/useradd, /usr/sbin/usermod
* We can also apply to one group or groups as follows.
* First create the users, assign one group to those users and also assign the passwords for that users.
Open /etc/sudoers file by executing the command
# visudo and type as follows.
%<group name> ALL=ALL
%oracle ALL=ALL or individual commands separated by commas,
* We can also create one command alias and add some commands to that alias and mention that alias to users as follows.
Cmnd_Alias NETWORKING=/usr/sbin/route, /usr/sbin/ifconfig
<user name> <machines>=<command alias name>
raju ALL=NETWORKING
* We can also create one user alias and add the users to that alias and assign some commands to that alias as follows.
User_Alias <user alias name>=<user1>, <user2>, <user3>, .....
Example : User_Alias OURTEAM=raju, shyam, ram, gopal
OURTEAM ALL=ALL (to give all permissions of sudo)
Defaults timestamp_timeout=0 (whenever the sudo user executes any command then it will ask password every command)
* The above will apply to all users including root also. If we want to make it as only for normal users, then Defaults : <user1>, <user2>, <user3> timestamp_timeout=0(the system will ask passwords for user1, user2, user3 to execute sudo commands)
In which location the sudo user commands history is logged?
All the sudo users commands history is logged in /var/log/secure file to make a record of sudo user commands.
# cat /var/log/secure (to see the contents of this file)
# tailf /var/log/secure (to see the updates of this file continuously and press ctrl + c to quit the tailf)
How to assign the password to normal user by him whenever first login to the system?
Whenever the user is created and that user is trying to login to the system, it will ask the password. If the root user is not assign the password to that user, then that normal user can assign the password by his own using the following commands.
# useradd <user name> (to create the user)
# passwd -S <user name> (to see the status of the password of that user. if root user is not
assigned the password then the password status is locked)
# passwd -d <user name> (then delete the password for that user)
# chage -d 0 <user name>(it will change the password age policy)
# su - <user name> (Try to switch to that user then it will display the following
message)
Newpassword : (type new password for that user)
Retype password : (retype the password again)
The other useful commands :
# w (this command gives the login user information like how many users currently login and full information )
# who(to see users who are currently login and on which terminal they login)
# last (see the list of users who are login and logout since the /var/log/wtmp file was
created)
# lastb(to see the list of the users who tried as bad logins)
# lastreboot (to see all reboots since the log file was created)
# uptime (to see the information from how long the system is running, how many users login
and load average)
* The load average is from 1 sec : 5 secs : 15 secs
# df (to see the mounted partitions, their mount points and amount of disk space)
# du (to see the disk usage of the each file in bytes)
# uname -r (gives the current kernel version)
# last -x (It shows last shutdown date and time)
# last -x grep shutdown (only shutdown time shows ie., grep will filter the 'last -x' command)
* grep: It is used to search a word or sentence in file (ie., inside the file)
* find : It is used to search a command or file inside the system)
# cat /etc/shells or # chsh -l (to see how many shells that are supported by Linux)
/bin/sh -----> default shell for Unix
/bin/bash -----> default shell for Linux
/sbin/nologin -----> users cannot login shell
/bin/tcsh -----> c shell to write 'C++' language programs
/bin/csh -----> c shell to write 'C' language programs
# echo $SHELL (to see the current shell)
# chsh <user name> (to change the user's shell)
Changing shell for <user name> :
New shell : <type new shell for example /bin/sh to change the current shell>
New shell changed (But it will effect by restarting the server)
# date + %R (to display the time only)
# date + %x (to display the date only)
# history (to see the history of the commands)
#history -c (to clear the history)
# history -r (to recover the history)
# reset (to refresh the terminal)
# whoami (to see the current user name)
# who a mi (to see the current user with full details like login time and others)
# passwd <user name> (to change the password of the user)
# id (to see the current user name, user id, group name and group id, .... etc.,)
# id <user name> (to see the specified user name, user id, group name and group id)
# su (to switch to root user without root user home directory)
# su - (to switch to root user with root user home directory)
# su <user name) (to switch to the specified user without his home directory)
# su - <user name> (to switch to the specified user with his home directory)
# lspci (to list all the PCI slots present in the system)
# du -sh /etc/ (to see the size of the /etc on the disk in KBs or MBs)
# ls -l (to see the long listing of the files and directories)
d rwx rwx rwx . 2 root root 6 Dec 17 18:00 File name
d -----> type of file
rwx -----> owner permissions
rwx -----> group permissions
rwx -----> others permissions
. -----> No ACL permissions applied
root ----> owner of the file
root ----> group ownership
6 -----> size of the file
Dec 7 18:00 -----> Date and Time of the created or modified
File name -----> File name of that file
# ls -ld <directory name> (to see the long listing of the directories)
# stat <file name/directory name> (to see the statistics of the file or directory)
How many types of the files are there?
There are 7 types of files.
1. - -----> regular file
2. d -----> directory
3. c -----> character device file (Ex. console file, open and close terminals, ...etc.,)
4. b -----> block device file (Ex. device blocks like hard disks, CD/DVD disks)
5. s -----> socket file (programmers will deal this file)
6. p -----> pipe file (programmers will deal this file)
7. l -----> linked file (nothing but short cut file)
What is syntax of chmod command with full options?
# chmod <options><file/dir name> (to change the owner or permissions of the file/dir) The options are, -c -----> changes
-f -----> silent (forcefully)
-v -----> verbose
-R -----> recursive (including sub directories and files)
To change the permissions the syntax is,
# chmod <who> <what> <which> <file name or directory>
user (u) add (+) read (4) or (r) "
group(g) remove(-) write (2) or (w) "
other (o) equal (=) execute (1) or (x) "
What is the syntax of chown command with full options?
# chown <options><file name or directory> (to change the ownership of the file or directory)
The options -c -----> changes
-f -----> silent (forcefully)
-v -----> verbose
-h -----> no difference
-R -----> recursive (including sub directories and files)
-H -----> symbolic link to a directory (command line argument)
-L -----> symbolic link to a directory (all)
-p -----> do not traverse
# chown <username> : <group name> <file name or directory name> (to change owner and group ownership of the file or directory)
What is syntax of chgrp command with full options?
# chgrp <options><file name or directory> (to change group ownership of the file directory)
The options -c -----> changes
-f -----> silent (forcefully)
-v -----> verbose
-h -----> no difference
-R -----> recursive (including sub directories and files)
-H -----> symbolic link to a directory
-L -----> do not traverse-p -----> do not traverse
What are the default permissions of a file and directory?
The default permissions of a file = 6 6 6
The default permissions of a directory = 7 7 7
What is umask in linux?
The user file-creation mode mask (umask) is used to determine the file permissions for newly created files or directories. It can be used to control the default file or directory permissions for new files. It is a four-digit octal number. The umask value for normal user is 0002 and the umask value for root user is 0022.
So, the effected file permissions for normal users = 6 6 6 - 0 0 2 = 6 6 4.
The effected directory permissions for normal users = 7 7 7 - 0 0 2 = 7 7 5.
The effected file permissions for root user = 6 6 6 - 0 2 2 = 6 4 4
The effected directory permissions for root user = 7 7 7 - 0 2 2 = 7 5 5
# umask <value> (to change the umask value temporarily)
# vim /etc/bashrc (open this file and change the umask value to effect the whole system)
# source /etc/bashrc (to updated the source file)
# vim .bashrc (open this file in user's home directory and at last type as follows)
umask <value> (save and exit the file)
# source .bashrc or logout and login again (to the system to effect that umask value)
How change the permissions using numeric representation?
The values for read = 4, write = 2, execute = 1 and null = 0. The total value = 4 + 2 + 1 = 7
# chmod <no.><no.><no.><file name or directory name>
Example : # chmod 7 7 4 file1 (to give read, write and execute to owner and read, write
and execute to group and read permission to others)
# chmod 6 6 0 file2 (to give read and write to owner and read and write to group and null (0) permission to others)
Explain about set uid (suid)?
If we plan to allow all the users to execute the root users command then we go for set uid (suid).
It can be applied for user level and is applicable for files only.
# chmod u+s <file name> (to set the suid on that file)
# chmod u-s <file name> (to remove the suid from that file)
# ls -l (if 'x' is replaced with 's' in owner's level permissions that means suid is applied on that file)
- r w s r w x r w x <file name> (here 's' is called set uid or suid)
Example : # chmod u+s /usr/sbin/init 6 (then any user can restart the system using this command #init 6)
# chmod u+s /sbin/fdisk (then any user can run the fdisk command)
# strings <command name> (to read the binary language of the command ie., the string
command converts the binary language into human readable language)
# strings mkfs (to read the mkfs command's binary language into human readable language)
* Normally set uid (suid) permission will be given on scripting files only.
Explain about set gid (sgid)?
If we plan to allow all the users of one group to get the group ownership permissions then we go for set gid (sgid).It can be applied for group level and is applicable on directories only.
Example: # chmod g+s <directory name> (to set the sgid on that directory)
# chmod g-s <directory name> (to remove the sgid from that directory)
Explain about sticky bit?
It protects the data from other users when all the users having full permissions on one directory.
It can be applied on others level and applicable for directories only.
Example : # chmod o+t <directory name> (to set the sticky bit permission on that directory)
# ls -ld <directory name>
r w x r w x r w t <directory name> (where 't' is called the sticky bit)
What are the uses of passwd and shadow files?
Passwd file : (i) When we create the user one entry is updated in password and shadow files.
(ii) It represents and tell about that user login name , uid, gid, default home directory of the use and default shell.
(iii) So, using this file we can easily get users information.
Shadow file : (i) This file tells about the login id, user's encrypted password, password when last changed, min. days the password valid, max. days valid, warning days, inactive days and expiry days.
(ii) If shadow file is missed or deleted we can recover those entries of shadow file using password file.
(iii) We can change the users encrypted passwords with the permissions of the higher authorities in case of emergency.
What is the use of group?
(i) In an organization the whole work is divided into departments for easy maintenance and easy administration.
(ii) For each department is also represented as group and that group having so many users to do
different works.
(iii) So, if we create one group and assign that group to all the users in that department, then we can easily identify which user belongs to which group.
(iv) We can share files, directories and execute some programs to that group and also give permissions to that group. So, each user of that group can easily share those directories and also can easily access, execute or even write in those shared files and directories.
Can we login to the user without password?
Yes, we can login.
How to recover the root password if missed or deleted?
RHEL - 6 :
(i) Restart the system.
(ii) Select 1st option and press 'e'.
(iii) Select 2nd option and press 'e'.
(iv) At the end give one blank space and type 1 and press Enter key.
(v) Then press 'b' to boot the system in single user mode.
(vi) Then prompt appears and type # passwd root command.
New password : XXXXXX
Retype password : XXXXXX
(vii) Exit
(viii) Then system starts as usual.
RHEL - 7 :
(i) Restart the system.
(ii) Using arrow keys select 1st line and press 'e' to edit.
(iii) Go to Linux 16 line press End key or Ctrl + e to go to the end of the line and give one space.
(iv) Then type as rd.break console=tty1 selinux=0
(v) Then press Ctrl + x to start the computer in single user mode.
(vi) After starting we get swith_root :/# prompt appears and then type as follows.
(vii) # mount -o remount, rw /sysroot and press Enter and then type as follows.
(viii) # chroot /sysroot press Enter.
(ix) Then sh - 4.2 # prompt appears and type as
(x) sh - 4.2 #passwd root
New password : XXXXXX
Retype password : XXXXXX
(xi) sh - 4.2 # exit
(xii) switch-root :/# exit
(xiii) Then the system starts and the desktop appears.
How to restrict the users from login?
(i) By removing (deleting) the user we can restrict the user from login.
(ii) Put the user's hostnames as entries in /etc/hosts.deny file (applying TCP wrappers).
(iii) #passwd -l <user name> (by locking his password we can restrict the users).
How to put never expiry to a user?
# passwd -x -1 <user login name>
Which one is the default sticky bit directory?
/tmp is the default sticky bit directory.
What is the purpose of the profiles?
(i) Profile is a file to enter some settings about users working environment. ie., we can set user home directory,login shell, path, ...etc.,
Profiles are two types.
(a) Global profile
(b) Local profile
Global profile :
(1) Only root user can set and applicable to all the users.
(2) Only global parameters can entered in this profile.
(3) The location of the global profile is /etc/bashrc
Local profile :
(1) Every user has his/her own profile.
(2) The settings entered in this profile are only for that user.
(3) The location of the profile is .bash_profile (hidden file) in that particular user's home directory.
Can we mount/unmount the O/S file system?
No, we cannot mount or unmount the O/S file system.
How to find the users who are login and how to kill them?
# fuser -cu (to see who are login)
#fuser -ck <user login name> (to kill the specified user)
what is Access Control List (ACL)?
Define more access rights nothing but permissions to files and directories. Using Access Control list we assign the permissions to some particular users to access the files and directories.
ACL can cab be applied on ACL enabled partition that means you need to enable ACL while mounting the partition.
How to implement ACLs?
Create a partition and format it with ext4 file system.
Mount the file system with ACL.
Apply ACL on it.
-Create a partition using # fdisk command.
-Format the above partition with ext4 file system using # mkfs.ext4 <partition name> command.
-Create the mount point using # mkdir /<mount point> command.
-Mount that file system on the mount point using # mount -o acl <partition name><mount point> command.
-Mount the partition permanently using # vim /etc/fstab (open this file and make an entry as
below)
<partition name><mount point><file system type> defaults, acl 0 0
-Save and exit this file.
-If the partition is already mounted then just add acl after defaults in /etc/fstab file and execute the below command # mount -o remount <partition name>
How to check the ACL permissions?
# getfacl <options><file or directory name>
The option -d -----> Display the default ACLs.
-R -----> Recurses into subdirectories.
How to assign ACL permissions?
# setfacl <options><argument> : <username>: <permissions><file or directory name>
The options -m -----> Modifies an ACL.
-x -----> Removes an ACL.
-b -----> Remove all the ACL permissions on that directory.
-R -----> Recurses into subdirectories.
The arguments are, u -----> user
g -----> group
o -----> other
What is the syntax to assign read and write permissions to particular user, group and other?
# setfacl -m u : <user name> : <permissions><file or directory>
# setfacl -m g : <user name> : <permissions><file or directory>
# setfacl -m o : <user name> : <permissions><file or directory>
What is the syntax to assign read and write permissions to particular user, group and other at a time?
# setfacl -m u : <user name> : <permissions>, g : <user name> : <permissions>, o : <user name> : <permissions><file or directory>
Useful commands :
# setfacl -x u : <user name><file or directory name> (to remove the ACL permissions from the user)
# setfacl -x g : <user name><file or directory name>(to remove the ACL permissions from group)
# setfacl -x o : <user name><file or directory name> (to remove the ACL permissions from other)
# setfacl -b <file or directory> (to remove all the ACL permissions on that file directory)
How to change the password for multiple users at a time?
# chpasswd (to change multiple user's passwords)
<user name 1> : <password>
<user name 2> : <password>
<user name 3> : <password>
<user name 4> : <password>
<user name 5> : <password> (Ctrl + d -----> to save and exit)
* Then the above 5 user's passwords will be changed at a time. But here the passwords will not be encrypted while typing passwords. So, anybody can see the passwords. ie., there is no security.
What is a user?
In Linux user is one who uses the system.
How many types of users available in Linux?
There are 5 types of users available in Linux.
(i) System user (Admin user who control the whole system nothing but root user).
(ii) Normal user (Created by the Super user. In RHEL - 7 the user id's from 1000 - 60000).
(iii) System user (Created when application or software installed ).
(In RHEL - 7 the System users are Static system user id's from 1 - 200 and Dynamic system user user id's from 201 - 999).
(iv) Network user (Nothing but remote user, ie., who are login to the system trough network created in Windows Active Directory or in Linux LDAP or NIS).
(v) Sudo user (The normal users who are having admin or Super user privileges)
What is user management?
User management means managing user.
ie., Creating the users, deleting the users and modifying the users.
What are fields available in /etc/passwd file?
<user name> : x : <uid> : <gid> : <comment> : <user's home directory> : <login shell>
(where 'x' means link to password file ie., /etc/shadow file)
What are fields available in /etc/shadow file?
user name : password : last changed : min. days : max. days : warn days : inactive days : expiry days : reserved for future
What are the files that are related to user management?
/etc/passwd -----> Stores user's information like user name, uid, home directory and shell ...etc.,
/etc/shadow ----> Stores user's password in encrypted form and other information.
/etc/group ------> Stores group's information like group name, gid and other information.
/etc/gshadow ---> Stores group's password in encrypted form.
/etc/passwd- ---> Stores the /etc/passwd file backup copy.
/etc/shadow- ---> Stores the /etc/shadow file backup copy.
/etc/default/useradd ----> Whenever the user created user's default settings taken from this file.
/etc/login.defs ----> user's login defaults settings information taken from this file.
/etc/skell ------> Stores user's all environmental variables files and these are copied from this directory to user's home directory.
In how many ways can we create the users?
(i) # useradd - <options><user name>
(ii) # adduser - <options><user name>
(iii) # newusers <file name> (In this file we have to enter the user details same as /etc/passwd file)
What is the syntax ofuseradd command with full options?
# useradd -u <uid> -g <gid> -G <secondary group> -c <comment> -d <home directory> -s <shell><user name>
Example : # useradd -u 600 -g 600 -G java -c "oracle user" -d /home/raju -s /bin/bash raju
What is the syntax of adduser command with full options?
# adduser -u <uid> -g <gid> -G <secondary group> -c <comment> -d <home directory> -s <shell><user name>
Example : # adduser -u 700 -g 700 -G linux -c "oracle user" -d /home/ram -s /bin/bash ram
What is the syntax of newuser command?
# newusers <file name> (This command will create multiple users at a time)
* When we execute this command new users will be created but their environmental files like
.bash_logout, .bash_profile, .bashrc and .bash_history files will not be copied from /etc/skell directory. So, we have to copied manually from /etc/skell directory.
What is the syntax of userdel command with full options?
# userdel <options><user name>
* The options are,
-f -----> forcefully delete
-r -----> recursively
How to check whether user is already created or not?
We can check in different ways.
(i) # id <user name> (It shows the user id group id and user name if that is already created)
(ii) # grep <user name> /etc/passwd
What is syntax of the usermod command with full options?
# usermod <options><user name>
* The options are, -L -----> lock the password
-U -----> unlock the password
-o ----->creates duplicate user modify the user's id same as other user
-u ----->modify user id
-g -----> modify group id
-G -----> modify or add the secondary group
-c -----> modify comment
-d -----> modify home directory
-s -----> modify user's login shell
-l -----> modify user's login name
-md ----> modify the users home directory and the old home directory
How to create the duplicate root user?
# useradd -o -u 0 -g root <user name>
How to recover if the user deleted by mistake?
# pwunconv (It creates the users according /etc/passwd file and deletes the /etc/shadow file)
What are the uses of .bash_logout, .bash_profile and .bashrc files?
.bash_logout : is a user's logout ending program file. It will execute first whenever the user is logout.
.bash_profile : is user's login startup program file. It will execute first whenever the user is login. It consists the user's environmental variables.
.bashrc : This file is used to create the user's custom commands and to specify the umask values for that user's only.
What is a group?
The collection of users is called a group. There are two types of groups.
Primary group : It will be created automatically whenever the user is created. User belongs to on group is called as primary group.
Secondary group : It will not create automatically. The admin user should be created manually and users belongs to more than one group is called secondary group. A user can be assigned to max. 16 groups.
ie., 1 primary group and 15 secondary groups.
What is the command to check the user belongs to how many groups?
# groups <user name>
What is the syntax to create the group?
# groupadd <options><group name>
The options -f -----> add the group forcefully
-g -----> group id no.
-o ----->non-unique (duplicate group id)
-p -----> group password
-r -----> system group
-R -----> root group
What is the syntax to modify the group?
# groupmod <options><group name>
The options -g ------> group id
-n ------> new name for existing one, ie., rename the group
-o ------> non-unique (duplicate group id)
-p ------> group passwd
-R ------>root group
What is syntax to delete the group?
# groupdel <group name> (to delete the group without options)
# groupdel -R <group name> (to delete the group and apply changes to the root directory)
How to assign the password to the group?
# gpasswd <group name> (to assign a password to the group without any options)
# gpasswd <options><group name>
The options -a ------>add users to the group
-d ------> delete the user from the group
-r ------> remove the group password
-R ------> restrict to access that group
-A ------> set the list of Administrative users
-M ------> set the list of group members
How add 45 days to the current system date?
# date -d "+ 45 days"
Explain the sudo user?
- Sudoers (nothing but sudo users) allows particular users to run various root user commands without needing a root password.
- /etc/sudoers is the configuration file for sudoers to configure the normal user as privileged user.
-It is not recommended to open this file using # vim editor because this editor cannot check the syntax by default and whatever we typed in that file that will blindly save in this file.
-So, one editor is specially available for opening this file, i.e.,
# visudo and all normal users cannot execute this command.
Only root user can run this command.
How to give different sudo permissions to normal users?
Open the /etc/sudoers file by executing
#visudo command and go to line no. 98 and type as
<User name> <Machine>= <Command>
root ALL=(ALL) ALL
raju All= ALL
----Save and exit this file.
Note : When we trying to save this file if any syntax errors in this file, those errors are displayed with line no's and What you do ? (will be displayed, here press 'e' to edit this file and modify those errors or mistakes and save this file.
# su - raju (to switch to raju user)
# sudo useradd <useradd> (The normal user raju can also add the users to the system)
* We can assign sudo permissions to 'n' no. of users by specifying names separated by commas ( , ) or line by line.
* Instead of giving all permissions to normal user we can give only some commands.
Example : student ALL=/usr/sbin/useradd, /usr/sbin/usermod
raju ALL=NOPASSWD:/usr/sbin/useradd, /usr/sbin/usermod
* We can also apply to one group or groups as follows.
* First create the users, assign one group to those users and also assign the passwords for that users.
Open /etc/sudoers file by executing the command
# visudo and type as follows.
%<group name> ALL=ALL
%oracle ALL=ALL or individual commands separated by commas,
* We can also create one command alias and add some commands to that alias and mention that alias to users as follows.
Cmnd_Alias NETWORKING=/usr/sbin/route, /usr/sbin/ifconfig
<user name> <machines>=<command alias name>
raju ALL=NETWORKING
* We can also create one user alias and add the users to that alias and assign some commands to that alias as follows.
User_Alias <user alias name>=<user1>, <user2>, <user3>, .....
Example : User_Alias OURTEAM=raju, shyam, ram, gopal
OURTEAM ALL=ALL (to give all permissions of sudo)
Defaults timestamp_timeout=0 (whenever the sudo user executes any command then it will ask password every command)
* The above will apply to all users including root also. If we want to make it as only for normal users, then Defaults : <user1>, <user2>, <user3> timestamp_timeout=0(the system will ask passwords for user1, user2, user3 to execute sudo commands)
In which location the sudo user commands history is logged?
All the sudo users commands history is logged in /var/log/secure file to make a record of sudo user commands.
# cat /var/log/secure (to see the contents of this file)
# tailf /var/log/secure (to see the updates of this file continuously and press ctrl + c to quit the tailf)
How to assign the password to normal user by him whenever first login to the system?
Whenever the user is created and that user is trying to login to the system, it will ask the password. If the root user is not assign the password to that user, then that normal user can assign the password by his own using the following commands.
# useradd <user name> (to create the user)
# passwd -S <user name> (to see the status of the password of that user. if root user is not
assigned the password then the password status is locked)
# passwd -d <user name> (then delete the password for that user)
# chage -d 0 <user name>(it will change the password age policy)
# su - <user name> (Try to switch to that user then it will display the following
message)
Newpassword : (type new password for that user)
Retype password : (retype the password again)
The other useful commands :
# w (this command gives the login user information like how many users currently login and full information )
# who(to see users who are currently login and on which terminal they login)
# last (see the list of users who are login and logout since the /var/log/wtmp file was
created)
# lastb(to see the list of the users who tried as bad logins)
# lastreboot (to see all reboots since the log file was created)
# uptime (to see the information from how long the system is running, how many users login
and load average)
* The load average is from 1 sec : 5 secs : 15 secs
# df (to see the mounted partitions, their mount points and amount of disk space)
# du (to see the disk usage of the each file in bytes)
# uname -r (gives the current kernel version)
# last -x (It shows last shutdown date and time)
# last -x grep shutdown (only shutdown time shows ie., grep will filter the 'last -x' command)
* grep: It is used to search a word or sentence in file (ie., inside the file)
* find : It is used to search a command or file inside the system)
# cat /etc/shells or # chsh -l (to see how many shells that are supported by Linux)
/bin/sh -----> default shell for Unix
/bin/bash -----> default shell for Linux
/sbin/nologin -----> users cannot login shell
/bin/tcsh -----> c shell to write 'C++' language programs
/bin/csh -----> c shell to write 'C' language programs
# echo $SHELL (to see the current shell)
# chsh <user name> (to change the user's shell)
Changing shell for <user name> :
New shell : <type new shell for example /bin/sh to change the current shell>
New shell changed (But it will effect by restarting the server)
# date + %R (to display the time only)
# date + %x (to display the date only)
# history (to see the history of the commands)
#history -c (to clear the history)
# history -r (to recover the history)
# reset (to refresh the terminal)
# whoami (to see the current user name)
# who a mi (to see the current user with full details like login time and others)
# passwd <user name> (to change the password of the user)
# id (to see the current user name, user id, group name and group id, .... etc.,)
# id <user name> (to see the specified user name, user id, group name and group id)
# su (to switch to root user without root user home directory)
# su - (to switch to root user with root user home directory)
# su <user name) (to switch to the specified user without his home directory)
# su - <user name> (to switch to the specified user with his home directory)
# lspci (to list all the PCI slots present in the system)
# du -sh /etc/ (to see the size of the /etc on the disk in KBs or MBs)
# ls -l (to see the long listing of the files and directories)
d rwx rwx rwx . 2 root root 6 Dec 17 18:00 File name
d -----> type of file
rwx -----> owner permissions
rwx -----> group permissions
rwx -----> others permissions
. -----> No ACL permissions applied
root ----> owner of the file
root ----> group ownership
6 -----> size of the file
Dec 7 18:00 -----> Date and Time of the created or modified
File name -----> File name of that file
# ls -ld <directory name> (to see the long listing of the directories)
# stat <file name/directory name> (to see the statistics of the file or directory)
How many types of the files are there?
There are 7 types of files.
1. - -----> regular file
2. d -----> directory
3. c -----> character device file (Ex. console file, open and close terminals, ...etc.,)
4. b -----> block device file (Ex. device blocks like hard disks, CD/DVD disks)
5. s -----> socket file (programmers will deal this file)
6. p -----> pipe file (programmers will deal this file)
7. l -----> linked file (nothing but short cut file)
What is syntax of chmod command with full options?
# chmod <options><file/dir name> (to change the owner or permissions of the file/dir) The options are, -c -----> changes
-f -----> silent (forcefully)
-v -----> verbose
-R -----> recursive (including sub directories and files)
To change the permissions the syntax is,
# chmod <who> <what> <which> <file name or directory>
user (u) add (+) read (4) or (r) "
group(g) remove(-) write (2) or (w) "
other (o) equal (=) execute (1) or (x) "
What is the syntax of chown command with full options?
# chown <options><file name or directory> (to change the ownership of the file or directory)
The options -c -----> changes
-f -----> silent (forcefully)
-v -----> verbose
-h -----> no difference
-R -----> recursive (including sub directories and files)
-H -----> symbolic link to a directory (command line argument)
-L -----> symbolic link to a directory (all)
-p -----> do not traverse
# chown <username> : <group name> <file name or directory name> (to change owner and group ownership of the file or directory)
What is syntax of chgrp command with full options?
# chgrp <options><file name or directory> (to change group ownership of the file directory)
The options -c -----> changes
-f -----> silent (forcefully)
-v -----> verbose
-h -----> no difference
-R -----> recursive (including sub directories and files)
-H -----> symbolic link to a directory
-L -----> do not traverse-p -----> do not traverse
What are the default permissions of a file and directory?
The default permissions of a file = 6 6 6
The default permissions of a directory = 7 7 7
What is umask in linux?
The user file-creation mode mask (umask) is used to determine the file permissions for newly created files or directories. It can be used to control the default file or directory permissions for new files. It is a four-digit octal number. The umask value for normal user is 0002 and the umask value for root user is 0022.
So, the effected file permissions for normal users = 6 6 6 - 0 0 2 = 6 6 4.
The effected directory permissions for normal users = 7 7 7 - 0 0 2 = 7 7 5.
The effected file permissions for root user = 6 6 6 - 0 2 2 = 6 4 4
The effected directory permissions for root user = 7 7 7 - 0 2 2 = 7 5 5
# umask <value> (to change the umask value temporarily)
# vim /etc/bashrc (open this file and change the umask value to effect the whole system)
# source /etc/bashrc (to updated the source file)
# vim .bashrc (open this file in user's home directory and at last type as follows)
umask <value> (save and exit the file)
# source .bashrc or logout and login again (to the system to effect that umask value)
How change the permissions using numeric representation?
The values for read = 4, write = 2, execute = 1 and null = 0. The total value = 4 + 2 + 1 = 7
# chmod <no.><no.><no.><file name or directory name>
Example : # chmod 7 7 4 file1 (to give read, write and execute to owner and read, write
and execute to group and read permission to others)
# chmod 6 6 0 file2 (to give read and write to owner and read and write to group and null (0) permission to others)
Explain about set uid (suid)?
If we plan to allow all the users to execute the root users command then we go for set uid (suid).
It can be applied for user level and is applicable for files only.
# chmod u+s <file name> (to set the suid on that file)
# chmod u-s <file name> (to remove the suid from that file)
# ls -l (if 'x' is replaced with 's' in owner's level permissions that means suid is applied on that file)
- r w s r w x r w x <file name> (here 's' is called set uid or suid)
Example : # chmod u+s /usr/sbin/init 6 (then any user can restart the system using this command #init 6)
# chmod u+s /sbin/fdisk (then any user can run the fdisk command)
# strings <command name> (to read the binary language of the command ie., the string
command converts the binary language into human readable language)
# strings mkfs (to read the mkfs command's binary language into human readable language)
* Normally set uid (suid) permission will be given on scripting files only.
Explain about set gid (sgid)?
If we plan to allow all the users of one group to get the group ownership permissions then we go for set gid (sgid).It can be applied for group level and is applicable on directories only.
Example: # chmod g+s <directory name> (to set the sgid on that directory)
# chmod g-s <directory name> (to remove the sgid from that directory)
Explain about sticky bit?
It protects the data from other users when all the users having full permissions on one directory.
It can be applied on others level and applicable for directories only.
Example : # chmod o+t <directory name> (to set the sticky bit permission on that directory)
# ls -ld <directory name>
r w x r w x r w t <directory name> (where 't' is called the sticky bit)
What are the uses of passwd and shadow files?
Passwd file : (i) When we create the user one entry is updated in password and shadow files.
(ii) It represents and tell about that user login name , uid, gid, default home directory of the use and default shell.
(iii) So, using this file we can easily get users information.
Shadow file : (i) This file tells about the login id, user's encrypted password, password when last changed, min. days the password valid, max. days valid, warning days, inactive days and expiry days.
(ii) If shadow file is missed or deleted we can recover those entries of shadow file using password file.
(iii) We can change the users encrypted passwords with the permissions of the higher authorities in case of emergency.
What is the use of group?
(i) In an organization the whole work is divided into departments for easy maintenance and easy administration.
(ii) For each department is also represented as group and that group having so many users to do
different works.
(iii) So, if we create one group and assign that group to all the users in that department, then we can easily identify which user belongs to which group.
(iv) We can share files, directories and execute some programs to that group and also give permissions to that group. So, each user of that group can easily share those directories and also can easily access, execute or even write in those shared files and directories.
Can we login to the user without password?
Yes, we can login.
How to recover the root password if missed or deleted?
RHEL - 6 :
(i) Restart the system.
(ii) Select 1st option and press 'e'.
(iii) Select 2nd option and press 'e'.
(iv) At the end give one blank space and type 1 and press Enter key.
(v) Then press 'b' to boot the system in single user mode.
(vi) Then prompt appears and type # passwd root command.
New password : XXXXXX
Retype password : XXXXXX
(vii) Exit
(viii) Then system starts as usual.
RHEL - 7 :
(i) Restart the system.
(ii) Using arrow keys select 1st line and press 'e' to edit.
(iii) Go to Linux 16 line press End key or Ctrl + e to go to the end of the line and give one space.
(iv) Then type as rd.break console=tty1 selinux=0
(v) Then press Ctrl + x to start the computer in single user mode.
(vi) After starting we get swith_root :/# prompt appears and then type as follows.
(vii) # mount -o remount, rw /sysroot and press Enter and then type as follows.
(viii) # chroot /sysroot press Enter.
(ix) Then sh - 4.2 # prompt appears and type as
(x) sh - 4.2 #passwd root
New password : XXXXXX
Retype password : XXXXXX
(xi) sh - 4.2 # exit
(xii) switch-root :/# exit
(xiii) Then the system starts and the desktop appears.
How to restrict the users from login?
(i) By removing (deleting) the user we can restrict the user from login.
(ii) Put the user's hostnames as entries in /etc/hosts.deny file (applying TCP wrappers).
(iii) #passwd -l <user name> (by locking his password we can restrict the users).
How to put never expiry to a user?
# passwd -x -1 <user login name>
Which one is the default sticky bit directory?
/tmp is the default sticky bit directory.
What is the purpose of the profiles?
(i) Profile is a file to enter some settings about users working environment. ie., we can set user home directory,login shell, path, ...etc.,
Profiles are two types.
(a) Global profile
(b) Local profile
Global profile :
(1) Only root user can set and applicable to all the users.
(2) Only global parameters can entered in this profile.
(3) The location of the global profile is /etc/bashrc
Local profile :
(1) Every user has his/her own profile.
(2) The settings entered in this profile are only for that user.
(3) The location of the profile is .bash_profile (hidden file) in that particular user's home directory.
Can we mount/unmount the O/S file system?
No, we cannot mount or unmount the O/S file system.
How to find the users who are login and how to kill them?
# fuser -cu (to see who are login)
#fuser -ck <user login name> (to kill the specified user)
what is Access Control List (ACL)?
Define more access rights nothing but permissions to files and directories. Using Access Control list we assign the permissions to some particular users to access the files and directories.
ACL can cab be applied on ACL enabled partition that means you need to enable ACL while mounting the partition.
How to implement ACLs?
Create a partition and format it with ext4 file system.
Mount the file system with ACL.
Apply ACL on it.
-Create a partition using # fdisk command.
-Format the above partition with ext4 file system using # mkfs.ext4 <partition name> command.
-Create the mount point using # mkdir /<mount point> command.
-Mount that file system on the mount point using # mount -o acl <partition name><mount point> command.
-Mount the partition permanently using # vim /etc/fstab (open this file and make an entry as
below)
<partition name><mount point><file system type> defaults, acl 0 0
-Save and exit this file.
-If the partition is already mounted then just add acl after defaults in /etc/fstab file and execute the below command # mount -o remount <partition name>
How to check the ACL permissions?
# getfacl <options><file or directory name>
The option -d -----> Display the default ACLs.
-R -----> Recurses into subdirectories.
How to assign ACL permissions?
# setfacl <options><argument> : <username>: <permissions><file or directory name>
The options -m -----> Modifies an ACL.
-x -----> Removes an ACL.
-b -----> Remove all the ACL permissions on that directory.
-R -----> Recurses into subdirectories.
The arguments are, u -----> user
g -----> group
o -----> other
What is the syntax to assign read and write permissions to particular user, group and other?
# setfacl -m u : <user name> : <permissions><file or directory>
# setfacl -m g : <user name> : <permissions><file or directory>
# setfacl -m o : <user name> : <permissions><file or directory>
What is the syntax to assign read and write permissions to particular user, group and other at a time?
# setfacl -m u : <user name> : <permissions>, g : <user name> : <permissions>, o : <user name> : <permissions><file or directory>
Useful commands :
# setfacl -x u : <user name><file or directory name> (to remove the ACL permissions from the user)
# setfacl -x g : <user name><file or directory name>(to remove the ACL permissions from group)
# setfacl -x o : <user name><file or directory name> (to remove the ACL permissions from other)
# setfacl -b <file or directory> (to remove all the ACL permissions on that file directory)
How to change the password for multiple users at a time?
# chpasswd (to change multiple user's passwords)
<user name 1> : <password>
<user name 2> : <password>
<user name 3> : <password>
<user name 4> : <password>
<user name 5> : <password> (Ctrl + d -----> to save and exit)
* Then the above 5 user's passwords will be changed at a time. But here the passwords will not be encrypted while typing passwords. So, anybody can see the passwords. ie., there is no security.
No comments:
Post a Comment