2.2 Given a scenario, manage users and groups Flashcards
What are the commands used for creating users?
- useradd
- groupadd
Describe how to use the useradd command
The useradd command is used by the root user to create a user account
useradd julia
Describe how to add a user to a group
The groupadd command is used by the root user to create a group account
groupadd -g 2050 test
The -g option is used to specify the GID for the new group
What are the main commands designed to modify user and group accounts?
- usermod
- groupmod
- passwd
- chage
How do you use the usermod command?
The usermod command is used by the root user to modify a user account
[root@OCS ~]$ usermod -s /bin/tcsh julia
What is the groupmod command used for?
The groupmod command is used by the root user to modify a group account
[root@OCS ~]$ groupmod -n proj test
Here are some important options for groupmod command:
- g change the GID
- n Change the group name
What is the command that allows a user to change their password?
The passwd command allows a user to change their password. The root user can also use this command to change any user password or change other password based features for a user account.
-d
Delete the user’s password.
-e
Expire the user account immediately.
-l
Lock the account.
-u
Unlock the account.
-m
Change the Min field of the /etc/shadow file for the user.
-M
Change the Max field of the /etc/shadow file for the user.
-w
Change the Warn field of the /etc/shadow file for the user.
What is the command used to modify password aging features for a user?
The chage command is executed by the root user to modify password-aging features for a user account. Here are some important options for the chage command
What are the commands used to delete users and groups?
The commands used to delete users and groups are
- userdel
- groupdel
How do you delete a user?
The userdel command is used by the root user to delete a user account
[root@OCS ~]$ userdel susan
An important option for the userdel command is the -r option, which deletes the user account as well as the user’s home directory and mail spool
What is the command used to delete a group?
The groupdel command is used by the root user to delete a group account
[root@OCS ~]$ groupdel test
mportant Note
Be sure to remove all files owned by the group before running this command (or reassign the files to another group).
What does the query id do?
The id command will display basic account information. When run with no arguments, it displays the current user’s UID, username, primary GID and name, as well as all secondary group memberships:
[root@OCS ~]$ id
uid=0(root) gid=0(root) groups=0(root)
You can pass a name as a parameter:
id zackbunch
What does the whoami command do?
The whoami command displays the effective user ID
What is the command to see WHO is currently logged in?
The who command shows who is currently logged in
The output of the who command includes the username, the terminal device the user is using, the login date and time, and where the user logged in from (:0 means a local login)
[root@OCS ~]# who
student :0 2017-02-18 01:52 (:0)
student pts/0 2017-02-18 01:52 (:0)
student pts/1 2017-03-05 19:55 (:0)
student pts/2 2017-03-06 18:24 (:0)
root pts/3 2017-03-06 18:24 (localhost)
What is the w command used for?
The w command displays who is logged in as well as other useful information:
[root@OCS ~]# w
18:25:08 up 3 days, 1:24, 5 users, load average: 0.27, 0.08, 0.07
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
student :0 :0 18Feb17 41:48 1.01s gdm-session-wor
student pts/0 :0 18Feb17 4.00s 0.46s 20.33s /usr/libexec/gn
student pts/1 :0 Sun19 1:32 0.04s 0.00s less -s
student pts/2 :0 18:24 12.00s 0.05s 0.01s /usr/bin/sss_ss
root pts/3 localhost 18:24 12.00s 0.03s 0.03s -bash
What command would you use to view current and previous logins?
The last command displays information about current and previous logins:
[root@OCS ~]# last -10
root pts/3 localhost Mon Mar 6 18:24 still logged in
student pts/2 :0 Mon Mar 6 18:24 still logged in
student pts/1 :0 Sun Mar 5 19:55 still logged in
student pts/1 :0 Sat Feb 18 01:56 - 01:56 (00:00)
student pts/0 :0 Sat Feb 18 01:52 still logged in
student :0 :0 Sat Feb 18 01:52 still logged in
(unknown :0 :0 Sat Feb 18 01:48 - 01:52 (00:03)
reboot system boot 3.10.0-327.18.2.
Tue Jan 24 13:43 - 19:15 (41+05:31)
student pts/1 :0 Sun Jan 22 08:22 - 01:46 (26+17:24)
student pts/0 :0 Thu Jan 19 12:19 - 01:46 29+13:27)
wtmp begins Sat Jun 11 20:51:56 2016
What are quotas?
Quotas allow the administrator the ability to limit how much disk space can be used by individuals or groups. Quotas are per filesystem. This section focuses on how to enable and view quotas.
What are user quotas?
To enable user quotas, you must mount the filesystem with the usrquota mount option. This can be accomplished by adding usrquota to the mount option field of the /etc/fstab file:
/dev/sdb1 / ext4 usrquota 1 1
Note
To enable group quotas, use the grpquota boot option. Both options can be used together (usrquota,grpquota) to enable both user and group quotas on a filesystem.
Group Quotas
Group quotas are quotas that apply to every member of a group
What is a non-login shell?
When a user starts a new shell after login, it is referred to as a non-login shell
BASH Parameters
Initialization files can be used to modify several bash shell features. For example, shell variables can be set to modify the behavior of the bash shell or other programs
User Entries
Users can control their individual environment by modifying initialization files in their home directory
- .bashrc
- .bash_profile
- .profile
.bashrc
When a user opens a new BASH shell, the commands in the ~/.bashrc file are executed. This allows the user to set up the account by placing commands in this file.
.bash_profile
When a user logs in to the system and the user’s login shell is a BASH shell, the commands in the ~/.bash_profile file are executed if this file exists. This enables the user to set up the account by placing commands in this file.
.profile
When a user logs in to the system and the user’s login shell is a BASH shell, the commands in the ~/.profile file are executed if this file exists. This allows the user to set up the account by placing commands in this file
Global Entries
The administrator can control the BASH environment for all users by modifying initialization files in the /etc directory
- /etc/bashrc
- /etc/profile.d/
- /etc/skel
- /etc/profile
/etc/bashrc
When a user opens a new BASH shell, the commands in the /etc/bashrc file are executed. Only the root user should be allowed to modify the /etc/bashrc file. This allows the root user to set up all bash user accounts by placing commands in this file
/etc/profile.d/
Software developers often have the need to modify the BASH environment of user accounts. For example, consider a software program that uses shell variables as a means to pass the program key information, such as user account information or system information.
Software is normally installed by the root user, so developers could use this elevated privilege to directly modify global initialization files, such as the /etc/profile or /etc/bashrc file. The danger is that this modification may accidently affect other global settings.
Instead of modifying the primary configuration files, software developers (and sometimes administrators) will place files in the /etc/profile.d directory. This directory is also considerd a location for initialization files because of the following code in the /etc/profile file:
/etc/skel
The /etc/skel directory is used when a new user account is created to provide the new account with default files, such as BASH configuration files (.bashrc, .profile, and so on)
/etc/profile
When a user logs in to the system and the user’s login shell is a BASH shell, the commands in the /etc/profile file are executed. Only the root user should be allowed to modify the /etc/profile file
/etc/passwd
The /etc/passwd file is used to store user account information. It contains most of the user account data, except the password and password-aging policies
/etc/group
The /etc/group file is used to store group account information. Each line in the /etc/group file describes one group account
/etc/shadow
The /etc/shadow file is used to store user password information
