User and Group administrations

System administrations User managements

In our last few assignments you learnt about system administration related commands. Whether its exam or real world senior first and top most work for a system administrator is user management. In Linux user and group management is done by these for important files.

Linux files responsible for User managements

/etc/shadow      store all the Linux password in MD5 encryptions format
/etc/passwd      store all user related information's
/etc/group       store all group related information's

back-up files responsible for User managements

In this assignment we will modify these files. So it's better to take back-up before doing this assignment because your little mistake can crash Linux systems.

#mkdir  /backup
#cp /etc/passwd  /backup
#cp /etc/group   /backup
#cp /etc/shadow  /backup

Create a simple user

useradd is used to create user. Several options are used with useradd command but you will learn about then in our next assignments. In this assignment your task is to learn what exactly happens in these files when a new user is added. First observe the last line for these files.

#cat /etc/passwd |more
#cat /etc/shadow |more
#cat /etc/group  |more

Now add a simple user.

#useradd vinita
#passwd vinita

Now read these files again with cat command alternate you can use |grep switch to filter the output

#cat /etc/passwd  |grep vinita
#cat /etc/shadow  |grep vinita
#cat /etc/group   |grep vinita
# cd /home
#ls –ld vinita

User's entry in passwd

All these files are changed when a user is created In passwd files entries are in following formats separated by :

vinita           users login name
x                password required to login
503              unique user id
504              unique group id
/home/vinita     users home directory
/bin/bash        user shell

In shadow files entry is straight forwards. Whatever showing beside the user name is the password of user vinita in MD5 encrypt format.

User's entry in group

Whenever you create a normal user, users primary group form same name is automatically created. As you can verify by looking in /etc/group. 504 is the unique group id.

User's home directory

Same as group, users home directory is also created in /home partition and user get the ownership of this directory.

How to create a user without password.

To create a user without password use –d switch .

#useradd nikki
#passwd -d nikki

How to create a group.

To create group use groupadd commands. Group created by this command is called secondary group.

#groupadd test
#cat /etc/group |grep test

How to add user in groups

To add user in this group use usermod commands

#usermod –G test vinita

This command will make vinita user to member of test group.

How to delete secondary group

You can delete a group by groupdel commands

#groupdel test
#cat /etc/group |grep test

You cannot delete users primary group until user exist for example

#groupdel nikki

How to delete User

userdel command is used to delete user. When a users is deleted user’s primary group will automatically be deleted.

#userdel nikki
#groupdel nikki
groupdel: group nikki does not exist.

Whenever you delete user with userdel command. entry of user will be removed from these files. But users home folder and mail folder will not be deleted. As you can see in image. If you want completely remove user including his home folder and mail folder use –r switch with userdel commands.

System administrations User managements

In our last assignment we discuss about user and group managements. You learnt about the files which are responsible for creating user and groups. You saw what exactly happens when we add new user in these files.
To add a new user, use the useradd command. The basic syntax is

# useradd  [username]

The username is the only information required to add a new user; however, for exam prospective you should know some additional command-line arguments for useradd. The useradd command creates the account, but the account is locked.
To unlock the account and create a password for the user, use the command passwd [username]. By default, the user's home directory is created and the files from /etc/skel/ are copied into it.
The two exceptions are if the –M option is used or if the home directory already exists.
We have already discussed about these two basic commands in our last article. If you haven't completed our last assignments we suggest you to review it before going with this article as it's the sequential of last assignments.

System administrations User managements Part 1

Create a user with additional command-line arguments.In this example you are going to assign home directory on other locations so first create it and same as create first desired user's secondary group.

#mkdir /test
#groupadd example
#useradd –u 700 –d  /test/user1 –g example –c “testing user” –s /bin/sh –m user1
#passwd user1

-c [fullname]    Full name of the user (or a comment about the user).
                 If more than one word is needed, place quotation marks
                 around the value.
-d [directory]   Home directory for the user. The default value is /home/[username]/.
-g [group]       Default group for the user specified as a group name or group ID
                 number. The group name or GID must already exist. The default is
                 to create a private user group. If a private user group is not
                 created, the default is the users group.
-m               Create a home directory for the user if it doesn't exist. Files from
                 /etc/skel/ are copied into the home directory.
-s [shell]       Specify the user login shell for the user. The default shell if not
                 specified is /bin/bash.
-u [uid]         Integer to use for the user ID. Must be unique unless -o is used.
                 Values less than 500 are reserved for system users.
-M               Do not create a home directory for the user. By default, a home
                 directory is created unless this option is used or unless the
                  directory already exists.

Now login form this user. And check where did this user logged in and why its shell prompt is looking different.

$pwd
/test/user1

By default user gets bash sell prompts. But we modified this by –s switch and given user to /bin/sh shell. Now change user shell again

#usermod –s /bin/bash user1

Verify by login again from user1

How to manage bulk users

Consider a situation where you need to create more then thousand user. It will be really tedious task if you will do it by simple useradd commands. Here you have to switch to Linux shell scripts.
loop for creating user

# for USER in _ _ _ _ _ _ _ _ _  _ _
> do
>useradd $USER
>echo  _ _ _  _ |passwd  --stdin $USER
>done

Example
(replace users vinita nikkita niddhi sumit shweta vickey kaushal manoj jai to your users)

# for USER in vinita nikkita niddhi sumit shewta  vickey kaushal manoj jai
> do
>useradd $USER
>echo  friends |passwd  --stdin $USER
>done

This simple for loop will create 9 users and set their defaults passwords to friends.

Loop for creating groups
Now create 3 groups named sales market productions using for loop

#for GROUP in sales market productions
> do
>groupadd $GROUP
>done
 Verify by cat and grep commands

For loop for deleting bulk users
Now remove all the user which we created in pervious example.

#for USER in vinita nikkita niddhi sumit shweta  vickey kaushal manoj jai
>do
>userdel  -r $USER
>done

For loop for deleting bulk users
Remove groups which we create in pervious example

#for GROUP in sales market productions
> do
>groupdel $GROUP
>done

By the end of this assignments you have learnt that

• Which files are responsible for user and group managements
• How can you create a normal user
• How to create user without password
• How to create bulk users and groups
• How to delete bulk user and groups

System administrations User profiles su sudo Shell operations

In our last two assignments you have learnt about user managements. You discover that

• Files those are responsible for user and group managements
• How to create a normal user
• How to create user without password
• How to create bulk users and groups
• How to delete bulk user and groups

linux system administrations user managments part1
linux system administrations user managments part2

In this assignment we will discuss about user variables and profiles. User's session starting from his login to till exit is controlled by some profile files. These files are located in /etc/skel. When you create a new user script files from this directory are copied in user's home directory. There is only exceptions when user is created with –M switch or user home directoy is already exist.

In such a situations you need to copy these file manually. These file are hidden and can be seen by –a switch with ls commands.

$ls –a

.bash_profile

This script file instructs user session to check .bashrc file for user aliases and functions. Further its set user command path . if you want add your own directory to your command path. Edit this file. For example user vinita wants her home directory should be check while excuting commands she can add this line in her .bash_profile files.

$vi .bash_profile
PATH=$PATH:$HOME/BIN:/home/vinita

.bashrc

This file is used to controls user variable and other profile during his login session. If you want to execute any command automatically on user logon set that command in this file. For example if user vinita wants to clear screen immediately after her login. She need to add clear command at end of this file.

$vi .bashrc

# add your command only in the end of file
clear

With this file you can play a funny trick with your friends. Create a user and set exit command in his .bashrc files. Now ask your friends to login with this user. exit command will logout the user as soon as user will login and user will never will be able to login.

.bash_logout

This file is used to clear the terminals after the exit of current user.

Aliases

The alias command is used to create another name for a command. The alias does not exactly replace the name of the command; it simply gives another name to that command. An alias command begins with the keyword alias and the new name for the command, followed by an equal sign and the command the alias will reference. No spaces can be around the equal sign used in the alias command. In the next example, list becomes another name for the ls command:

$ alias list=ls
$ ls
Report vickey nikki
$ list
Report vickey nikki
$

You can also use an alias to alternate for a command and its option, but you need to enclose both the command and the option within single quotes. Any command you alias that contains spaces must be enclosed in single quotes as well. In the next example, the alias longlist is set for command ls -l

$ alias longlist='ls -l'

Controlling some important Shell Operations

The BASH shell has several features that enable you to control the way different shell operations work. You need not know all these options for exam. But some hand operations you should always try in exam.

To stop logout form CTRL+D

Several commands in Linux are completed with CTRL+D. for example if you are making file form cat command the CTRL+D is used to save the files. And if you are using calculator on command prompt then CTRL+D is used to exit form calculators. But what if you pressed accidently CTRL+D two times, it will logout you from current session and you have login again.

$set –o ignoreeof

Now press CTRL+D and you will get a message “Use “logout” to leave the shell.

To stop overwriting of files

Other important shell operations are overwriting. How many times you have overwritten files. For example

$cat > test
Testing file
 $ls
test

now run this command once again

$cat > test
Old matter will overwrite without any message
$ls
$cat test
Old matter will overwrite without any message

Notice how easily Linux can overwrite file. To turnoff this shell feature

$set –o noclobber

Now whenever you will try to overwrite it will stop you with error message.

Whatever you set with –o option can be correct with + sign.

$set +o ignoreeof
Now again you can logout with CTRL+D.

Changing shell prompt

By default shell prompt show user name hostname and current working directory. You can change this prompt to following variable.

The following table lists the codes for configuring your prompt:

Prompt     Codes Description 
\!         Current history number
\$         Use $ as prompt for all users except
           the root user, which has the # as its prompt
\d         Current date
\#         History command number for just the current shell
\h         Hostname
\s         Shell type currently active
\t         Time of day in hours, minutes, and seconds
\u         Username
\v         Shell version
\w         Full pathname of the current working directory
\W         Name of the current working directory
\\         Displays a backslash character
\n         Inserts a newline
\[ \]      Allows entry of terminal-specific display characters
           for features like color or bold font
\nnn       Character specified in octal format

Granting root privilege to normal user

Generally in Linux, a system administrator does everything possible as a normal user. It's a good practice to use superuser privileges only when absolutely necessary. But one time when it's appropriate is during the Red Hat exams. Good administrators will return to being normal users when they're done with their tasks. Mistakes as the root user can disable your Linux system. There are two basic ways to make this work:
su
The superuser command, su, prompts you for the root password before logging you in with root privileges.

Your Ad Here

su command without any arguments will ask for root password. By giving root password you will get root privilege. To execute any command you should know the exact path of command otherwise you get command not found error. Because you will not get root’s command path. To get root’s environments and command paths and home directory use – hyphen sign with su commands

Limiting Access to su

First, you will need to add the users who you want to allow access to the su command. Make them a part of the wheel group. By default, this line in /etc/group looks like:

wheel:x:10:root

You can add the users of your choice to the end of this line directly, with the usermod -G wheel [username] command, or with the Red Hat User Manager.

#usermod –G wheel vinita

Next, you will need to make your Pluggable Authentication Modules (PAM) look for this group. You can do so by activating the following command in your /etc/pam.d/su file:

# auth   required pam_wheel.so use_uid

sudo
The sudo command allows users listed in /etc/sudoers to run administrative commands. You can configure /etc/sudoers to set limits on the root privileges granted to a specific user.

To use sudo commands you don't need to give root password. A user with appropriate right from /etc/sudoers can execute root privilege command form his own passwords.
Red Hat Enterprise Linux provides some features that make working as root somewhat safer. For example, logins using the ftp and telnet commands to remote computers are disabled by default.

Limiting Access to sudo

You can limit access to the sudo command. Regular users who are authorized in /etc/sudoers can access administrative commands with their own password. You don't need to give out the administrative password to everyone who thinks they know as much as you do about Linux. To access /etc/sudoers in the vi editor, run the visudo command.

From the following directive, the root user is allowed full access to administrative commands:

For example, if you want to allow user vinita full administrative access, add the following directive to /etc/sudoers:

root      ALL=(ALL) ALL
vinita    ALL=(ALL) ALL

In this case, all vinita needs to do to run an administrative command such as starting the network service from her regular account is to run the following command, entering her own user password (note the regular user prompt, $):

$ sudo /sbin/service network restart
Password:

You can even allow special users administrative access without a password. As suggested by the comments, the following directive in /etc/sudoers would allow all users in the wheel group to run administrative commands without a password:

%wheel   ALL=(ALL) NOPASSWD: ALL

But you don't have to allow full administrative access. For example, if you want to allow those in the %users group to shut down the local system, you can activate the following directive:

%users  localhost=/sbin/shutdown -h now 

Changing Owner and Group chown chgrp commands

In Red Hat Enterprise Linux, all files have file permissions that determine whether a user is allowed to read, write, or execute them. When you issue the command ls -l, the first column of information contains these file permissions.Within this first column are places for 10 letters or hyphens.

The first space is either a hyphen, the letter d, or the letter l.

• A hyphen means it is a file.
• If it is the letter d, the file is actually a directory.
• If it is the letter l, it is a symbolic link to a directory somewhere else on the file system.

The next nine spaces are divided into three sets of three as shown in image.

Files and directories belong to both an owner and a group. A group usually consists of a collection of users, all belonging to the same group. The first set of three is the read, write, and execute permissions for the owner of the file.
A group can also consist of one user, normally the user who creates the file. Each user on the system, including the root user, is assigned his or her own group of which he or she is the only member, ensuring access only by that user. The second set of three is the read, write, and execute permissions for anyone who belongs to the user group for the file.
The last set of permissions is for anyone who has a login to the system.

Ownership

Create a directory /test we will use this for the practical demonstration of permission.
#mkdir /test #ls –ld /test

The root user, the system administrator, owns most of the system files that also belong to the root group, of which only the root user is a member. Most administration files, like configuration files in the /etc directory, are owned by the root user and belong to the root group. Only the root user has permission to modify them, whereas normal users can read and, in the case of programs, also execute them.
In this example, the root user owns the fstab file in the /etc directory, which also belongs to the root user group.
-rw-r--r-- 1 root root 621 jan 22 11:03 fstab Certain directories and files located in the system directories are owned by a service, rather than the root user, because the services need to change those files directly. This is particularly true for services that interact with remote users, such as Internet servers. Most of these files are located in the /var directory. Here you will find files and directories managed by services like the Squid proxy server and the Domain Name Server (named).
In this example, the Squid proxy server directory is owned by the squid user and belongs to the squid group:
drwxr-x--- 2 squid squid 4096 Jan 24 16:29 squid

Changing a File's Owner or Group

Although other users may be able to access a file, only the owner can change its permissions. If you want to give other user to control over one of your file's permissions, you can change the owner of the file from yourself to the other user. The chown command transfers control over a file to another user. This command takes as its first argument the name of the other user. Following the username, you list the files you are transferring. In our example, we gives control of the /test directory to user a:
# chown a /test # ls -ld /test

You can also change the group for a file and directories, using the chgrp command. chgrp takes as its first argument the name of the new group for a files or directories.
#chgrp example /test