ch3. Users And Groups Flashcards
usermod
usermod -l
usermod -c
Bash command to change a user account
-l change username
-c change comment field
passwd -l
passwd -u
Bash command
-l lock an account
-u unlock an account
userdel
userdel -r
Bash command to delete a user account. Without options, does not delete the home directory, or saved files.
-r deletes the account including the home directory and saved files
/etc/group
stores all group information
group fields
Group Name : Password : Group ID : Group List (list of members)
groupadd
groupadd -g
groupadd -f
groupadd -o
groupadd -g
groupadd -n
Bash command to create a group (by default, no password, no members)
-g create group with name or ID
-f exit command with a success status if the group already exists
-o create a group with a non-unique group ID
-g change the ID of an existing group
-n change the name of an existing group
groupdel
Bash command to delete a group, but does not delete members of the group
usermod -a -G
Bash command to add a user to a group
whoami
Bash command to display current username of currently logged-in account
who
who -u
Bash command to print the details of of a user currently logged into a system, including: username, system name, and length of connection
-u prints user and idle time
standard user prompt
$
root user prompt
#
w (this needs to be researched)
Bash command to print the status of the system + users logged in, + current activities of users
last
Bash command to print information about connect times of users
useful for finding what commands were recently run
last1
research
Where does ‘last’ retrieve info from?
/var/log/wtmp
.bashrc
file that allows customization of user’s own environment. In particular, enables command line alias that will only affect the .bashrc file’s user. Also creates an environment variable, set default directories, and file permissions for the default user. Also determines the default command prompt.
.bash_profile
shell config for initial login environment. (only used for very first login.) Think of as a default config for new users.
file to be edited to allocate system rights to other users on the system?
/etc/sudoers
file would be modified when using the useradd, usermod, or userdel commands
/etc/passwd
which file contains the hashed version of each user’s password?
/etc/shadow
when a new user is created, what file is copied into the new users home directory, and can be used to configure new user’s default directory?
/etc/skel
/etc/profile
system wide account settings for all users, not just new users. Is read before Bash configs, so any individual customizations take priority over what is established here
/etc/profile.d
location for scripts that admin use for system-wide variables
/etc/bashrc (repeat?)
system wide settings for the command line environment
user accounts are referenced by:
UID or User ID
the root account is used for:
for admin tasks, and to security guard applications/commands
Principal of Least Privilege
to grant minimal access to a system while still meeting the needs of the user
Service Account
an account disabled from a user logging into, used to grant permissions to services and applications
When to log into root
never
sudoedit
Bash command to allow a user to edit a file even if the file is only available to root and allows use of any file editor
%editors ALL = sudoedit path/to/file
example of a group file edit that allows all users in the editor’s group to edit /path/to/file with sudoedit
visudo
visudo -c
visudo -f
visudo -s
visudo -x
Bash command to edit the /etc/sudoers file in a safe manner by verifying the syntax of proposed edits before committing them.
-c check the file for errors
-f check/edit the file location
-s check file in strict mode
-x output the file in a json file format
Wheel Group
research
id
prints the username of the currently logged in account
useradd
creates a new user in /etc/passwd
/etc/login.defs
file that configures new user accounts
/home/username
location of a user’s home directory
what does useradd not do?
It does not create a password for the new user account, and until one is created, the account cannot be signed into
useradd -c
useradd -e
useradd -s
useradd -D
-c sets comment field of account (usually the full name of the user)
-e sets the expiration date
-s sets the default shell for the user
-D prints the default config for a new user
passwd
Bash command to set or reset the password for a user account. Any user can use it to reset their own account.
/etc/passwd
file that stores the: username, user id, group id, comment, home directory, and login shell for all users. It stored the passwords as well in legacy systems.
sudo !!
Bash command that executes the previously entered command as root
/etc/shadow
file that stores: username, password (in a hashed format), and various values relating to password change and warnings
chage
chage -E
chage -M
chage -W
command stands for ‘change age’
-E change the expiration date for a user account
-M change the number of days until a user needs to change their password
-W change the days ahead warning that a password needs to be changed
