Linux User Management

[zesttec]

Linux Users and groups

Create a new user and set its password:

You need to apply the commands with root permission( with sudo or using sudo su - to switch to root account ) most of the time.

• useradd newusername
• passwd newuser'spassword

To verify new user is successfully created:

• su newusername
  switch to the new user account, type corresponding password. If you login, then it successes! To log in back to original account, you can just use exit command.

Once a new user created, it entry is added to /etc/passwd file like: newusername:x:1001:1001::/home/newusername: Username:Password:UserID(UID):GroupID(GID):UserInfo:HomeDirectory:Shell

What are these fields:

• Username: User login name used to login into system. It should be between 1 to 32 charcters long. Password: User password (or x character) stored in /etc/shadow file in encrypted format.
• User ID (UID): Every user must have a User ID (UID) User Identification Number. By default UID 0 is reserved for root user and - - UID’s ranging from 1-99 are reserved for other predefined accounts. Further UID’s ranging from 100-999 are reserved for system accounts and groups.
• Group ID (GID): The primary Group ID (GID) Group Identification Number stored in /etc/group file.
• User Info: This field is optional and allow you to define extra information about the user. For example, user full name. This field is filled by ‘finger’ command.
• Home Directory: The absolute location of user’s home directory.
• Shell: The absolute location of a user’s shell i.e. /bin/bash.

Add home directory for new user: useradd -d /home/HomeDirectoryName newusername

Change the ownership of dirs or files:

chown newusername -R a/b/c/ means giving newusername the ownship of directory a/b/c/ and all files inside it. chown newusername a/b/c/ means giving newusername the ownship of directory a/b/c/.

Created a new group

groupadd newgroupname. Groups information is stored in /etc/group

Change the group ownership of a file or directories.

chgrp [-R] groupname fileORdirectory -R option means to change the group ownership recursively of files and directories.

You can also pass multiple files to chgrp command as arguments: chgrp groupname file1 file2 file3

Reference: https://www.tecmint.com/add-users-in-linux/

[zesttec]

File Permissions

Ps: You need root privilege to perform commands.

• We can use ls -l (list long format) command to view the permissions of files/directories under the current directory. The output would be like: drwxr-xr-x 5 alex root 4096 Feb 3 05:02 dir/ -rw-r--r-- 1 alex root 0 Feb 3 05:00 file.txt For each line, the first character identifies the type of entry being listed. A dash - represents a file, a letter d represents a directory.

  The next 9 characters represent 3 sets of permissions:

  • The first three represent the permissions for the user who owns the file/directory.(user permissions)
  • The middle three represent the permissions for the members of the file/directory's group(group permissions)
  • The last three represent the permissions for anyone not in the first two cacategories(other permissions)

  There are three characters in each set of permissions:

  • r: Read permissions. The file can be opened, and its content viewed.
  • w: Write permissions. The file can be edited, modified, and deleted.
  • x: Execute permissions. If the file is a script or a program, it can be run (executed).

• Sticky Bit A Sticky bit is a permission bit that is set on a file or a directory that lets only the owner of the file/directory or the root user to delete or rename the file. No other user is given privileges to delete the file created by some other user. chmod +t file/dir turn ON the sticky bit on the directory/file by using +t flag of chmod command. Here is what happens after performing the command: drwxrwxrwt 2 alex root 4096 Feb 3 05:02 test/ as can be observed, a t is introduced in the permission bit of the directory. You can remove sticky bit through -t option: chmod -t file/dir

• setuid and setgid setuid and setgid (short for "set user ID" and "set group ID") are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.

  chmod u+s test set setuid bit on file "test". This means to provide anyone who runs test with owner's permission(you login as the owner at that moment). The permission sets will change. As can be observed, 's' replaces 'x'. The setuid bit is represented by an 's' in place of the 'x' of the executable bit. -rwxr-xr-x (before executing the command) -rwsr-xr-x (after)

  chmod g+s test give the group’s permissions to anyone who runs the program.(you log in as a member of the that group at the moment) -rwsr-sr-x This time, the 's' is present in place of 'x' on group sector.

Reference: https://www.howtogeek.com/437958/how-to-use-the-chmod-command-on-linux/ https://www.thegeekstuff.com/2013/02/sticky-bit/ https://en.wikipedia.org/wiki/Setuid http://catcode.com/teachmod/setuid.html