Chapter 6 - User and Group Management

Question 1

Which command to use to get information about a user account?

Answer 1

id

Example: id linda

Question 2

What are the various ways to run tasks with elevated permissions?

Answer 2

Method Description

1. su = Opens a subshell as a different user, with the advantage that commands are executed as root only in the subshell
2. sudo = Enables you to set up an environment where specific tasks are executed with administrative privileges
3. PolicyKit = Enables you to set up graphical utilities to run with administrative privileges

Question 3

What is the difference between “su -“ and just “su”?

Answer 3

When you use “su” from a shell, The subshell that is started when using su is an environment where you are able to work as the target user account, but environment settings for that user account have not been set.

If you need complete access to the entire environment of the target user account, you can use su - to start a login shell. If you start a login shell, all scripts that make up the user environment are processed, which makes you work in an environment that is exactly the same as when logging in as that user.

Using su - is better than using su. When the - is used, a login shell is started; without the -, some variables may not be set correctly

Question 4

How to assign administrative persmissions to a user only for running specific commands?

Answer 4

sudo
the system administrator can configure sudo to
give that user administrator permissions to perform the specific task.
use “visudo” to edit the sudoers configuration file and give user access to specific commands only

For example, if you would include the line linda
ALL=/usr/bin/useradd, /usr/bin/passwd in this file, that would allow user linda to run only the commands useradd and passwd with administrative privileges

Question 5

What is policykit?

Answer 5

Most administration programs with a graphical user interface use PolicyKit to authenticate as the root user.

Question 6

What command to create a user laura who is a member of the group wheel

Answer 6

useradd -G wheel laura

Question 7

What are the two types of user accounts in Linux?

Answer 7

System Accounts and Normal Accounts

Question 8

What is a Normal account in Linux?

Answer 8

normal user accounts for the people who need to work on a server and who need limited access to the resources on that server

Question 9

What is a system account in Linux?

Answer 9

system accounts that are used by the services the server is offering.

Question 10

In which directory or configuration files are the properties of the user accounts saved?

Answer 10

/etc/passwd

/etc/shadow

Question 11

What are the different fields in the /etc/passwd file?

Answer 11

Username
Password
UID
GID
Comment field
Directory
Shell

Question 12

What is the file /etc/shadow used for?

Answer 12

One part of the user configuration is stored in the /etc/passwd file and another part of the user configuration is stored in the file /etc/shadow. The settings in this file are used to set properties of the password. Only the user root and processes running as root have access to /etc/shadow

Question 13

What are the various fields in the /etc/shadow file?

Answer 13

1. Login name
2. Encrypted password
3. Days since Jan. 1, 1970, that the password was last changed
4. Days before password may be changed
5. Days after which password must be changed
6. Days before password is to expire that user is warned
7. Days after password expires that account is disabled
8. Days since Jan. 1, 1970, that account is disabled
9. A reserved field, which was once added “for future use”

Question 14

What are the commands that can be used to manage password properties?

Answer 14

passwd or chage

Question 15

What is the command to edit the contents of the /etc/passwd and /etc/shadow configuration files directly?

Answer 15

vipw

Question 16

What are the different ways of creating or adding new users in linux?

Answer 16

vipw –> used to directly edit the contents of passwd or shadow file
useradd command

Question 17

Which command can be used to delete a user?

Answer 17

userdel

Question 18

Which command can be used to delete a user and his/her complete environment?

Answer 18

userdel -r

Question 19

In which directory are the properties of the group defined?

Answer 19

/etc/group

Question 20

Which command can be used to edit the contents of the file /etc/group

Answer 20

vigr

Question 21

What is the most common utility in Linux for managing users?

Answer 21

useradd

Example : useradd -m -u 1201 -G sales,ops linda

to create a user linda who is a member of the secondary groups sales and ops with
UID 1201 and add a home directory to the user account as well

Question 22

What is the command-line utility for modifying user properties?

Answer 22

usermod

Question 23

What is the one thing that usermod does not do well or for which usermod is not preferrable to be used?

Answer 23

setting passwords. If as root you want to change the user password, you’d use the passwd command

Question 24

When using useradd command some default values are assumed, where are these default values taken from , which file are these default values stored in?

Answer 24

/etc/login.defs

/etc/default/useradd

Question 25

List some of the properties that can be set from /etc/login.defs

Answer 25

MOTD_FILE
ENV_PATH
PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE
UID_MIN
CREATE_HOME

Question 26

What does the command “passwd -n 30 -w 3 -x 90 linda” do?

Answer 26

sets the password for user linda to a minimal usage period of 30 days and an expiry after 90 days, where a warning is generated 3 days before expiry

Question 27

What are the few files that play an important role in constructing the user environment ?

Answer 27

/etc/profile
/etc/bashrc
~/.profile
~/.bashrc

Question 28

What. is the purpose of this file /etc/profile

Answer 28

Used for default settings for all users when starting a login shell

Question 29

What is the purpose of this file /etc/bashrc

Answer 29

Used to define defaults for all users when starting a subshell

Question 30

What is the purpose of this file ~/.profile

Answer 30

Specific settings for one user applied when starting a login shell

Question 31

What is the purpose of this file ~/.bashrc

Answer 31

Specific settings for one user applied when starting a subshell

Question 32

Which directory is the user’s primary group membership defined?

Answer 32

user’s primary membership is stored in /etc/passwd. The group itself is stored in /etc/group configuration file

Question 33

What is primary group and secondary group for users in linux?

Answer 33

Every user must be a member of the primary group, and there is only one primary group. When creating files, the primary group becomes group.
Users can be a member of one or more secondary groups as well. A user can be a member of a secondary group in addition to the primary group owner of these files

Question 34

What are the different ways to create a new group?

Answer 34

vigr command - this edits the /etc/group file directly

Or you can use the groupadd command

Question 35

What are the fields in the /etc/group file?

Answer 35

1. Group Name
2. Group Password
3. Group ID
4. Members

Question 36

Which option with groupadd command allows you to specify the group id?

Answer 36

-g option with groupadd command.

Question 37

Which is the command used to manage the group propoerties?

Answer 37

“groupmod” command. This can be used to change the group name or id but it does not allow you to add members to a group

Question 38

Which command allows to add users to a group?

Answer 38

usermod
Example : usermod -aG sales linda
This command assigns user linda to group sales

Question 39

Which command can be used to check the groups to which a user is assigned?

Answer 39

groupmems

Example : “groupmems -g sales -l” to see which users are a member of the group sales

Question 40

Which command can be used to see the properties of a user?

Answer 40

id command

Example : id linda