Linux User Management Deep Dive Flashcards
What 2 shortcuts of cding into home dir do you know?
cd ~
cd $HOME
How to create a new user with his full name description, specify and create new home dir, set primary and secondary group, set a password, specify a shell, and specify UID all with a SINGLE COMMAND?
useradd -c “[user description]” -d [path to home dir] -m -g [primary group] -G [secondary group] -p [password] -s [path to shell] -u [uid] [username]
How to change users primary group, change secondary group, append secondary group?
usermod -g [primary group] -G [secondary group] [user name] - change primary group, and set secondary group to the one typed in this command
usermod -aG [group] [user] - append secondary group
How to change user’s home directory to a new one, and move content of the old home dir into the new one?
usermod -d [new home dir path] -m [username]
Where are default new user’s profile files stored?
/etc/skel
Whrere is GID conf file stored?
/etc/login.defs
How to create a group with GID of 30045?
groupadd -g 30045 [groupname]
What is the difference between primary and secondary group?
Primary group – Specifies a group that the operating system assigns to files that are created by the user. Each user must belong to a primary group.
Secondary groups – Specifies one or more groups to which a user also belongs. Users can belong to up to 15 secondary groups.
How to change group ID and group name?
groupmod -g [new GID] -n [new name] [old name]
Can you remove a group that is some user’s primary group?
yes, with a grupdel -f [groupname] command
without “-f” the shell won’t allow us to do this
How to change password for a group? How to remove it?
gpasswd [groupname] - changes password
gpasswd -r [groupname] - removes it
How to add many users to a group with a single command?
gpasswd -M [user1],[user2],[user3] [group name]
How to run a integration test of user and group config files?
pwck
grpck
How the “last resort” troubleshooting /etc/passwd and /etc/group commands work?
The pwconv command creates shadow from passwd and an optionally
existing shadow.
The pwunconv command creates passwd from passwd and shadow and then removes shadow. The grpconv command creates gshadow from group and an optionally existing gshadow. The grpunconv command creates group from group and gshadow and then removes gshadow.
What types of UID there are?
0 - root
1-999 - system/application users
1000+ normal users
What is a shell and what are a few of it types? Where are they located?
Simply put, the shell is a program that takes commands from the keyboard and gives them to the operating system to perform. In the old days, it was the only user interface available on a Unix-like system such as Linux. Nowadays, we have graphical user interfaces (GUIs) in addition to command line interfaces (CLIs) such as the shell.
Bourne-Again Shell - /bin/bash
Bourn Shell - /bin/sh
Korn Shell - /bin/ksh
How to print a message for given user login attempt, and not allow that user to login into system?
We would have to change his login bash to /sbin/nologin. We would have to put message into /etc/nologin.txt file.
How to not allow an user to log in into the system at all?
Change user shell to /bin/false
or /sbin/nologin
How to allow only the root user to login into the system?
We have to create /etc/nologin file. (we can write the message in it that will display upon user’s login attempt)
Give a few examples of config files from user’s home directory?
.bash_profile
.bashrc
.bash_logout
How is /etc/passwd built?
username:x:UID:primary group GID:comment:home dir:login shell
x - password is stored in /etc/shadow file
How is /etc/gshadow built?
groupname:password:group admins:group members
password field can either have:
- encrypted password
- ”!” - no user is allowed to access the group using the newgrp command.
- ”!!” - A value of !! is treated the same as a value of ! — however, it also indicates that a password has never been set before.
- null - If the value is null, only group members can log into the group.
how is /etc/shadow built?
username:password:days after the 1.1.1970 that the password was last changed:minimum amount of days that the password can be changed:maximum amount of days before the password has to be changed:days before password expiration that the users gets warning message:days after password expiration that the user is disable:days since 1.1.1970 that the password expires
password field can either have encrypted password, or “!!” which means that the account is locked, as the password has never been set
how is /etc/group built?
name:x:GID:to which users group is set as secondary
x indicated that password info is stored in /etc/gshadow
Where can you disable automatic creation of home directories with useradd (eg. useradd user1)
/etc/login.defs
CREATE_HOME no
How to remove user account and his home directory with a single command?
userdel -r [user]
How to remove a group?
groupdel
What is the difference between .bashrc and bash_profile file?
.bash_profile is read and executed when Bash is invoked as an interactive login shell, while .bashrc is executed for an interactive non-login shell.
What is the difference between login and non-login shell?
A Login shell is started after a successful login, A Non login shell is started by a program without a login.
What does “!!” in /shadow mean?
That the account is locked, and the password had never been set. (if it doesn’t have encrypted password following “!!”)
What does “!” in /gshadow mean?
no user is allowed to access the group using the newgrp command.
What is hashed password with salt? And how does it look like in linux files?
When a password has been “hashed” it means it has been turned into a scrambled representation of itself. A user’s password is taken and – using a key known to the site – the hash value is derived from the combination of both the password and the key, using a set algorithm.
Salting is simply the addition of a unique, random string of characters known only to the site to each password before it is hashed, typically this “salt” is placed in front of each password.
In linux encrypted password has this format:
$5$saaNd4DIN34$asidasojnasd
Fields are seperated by a “$”. First fields is for ID for hashing algorithm, second is the salt, and third is the hashed password string
How to lock, unlock, delete, expire user’s password with a command?
passwd -l -u -d -e [username]
How to set the number of days after the password expires that the account is going to be disabled?
chage -I [days] [username]
How to set minimum amount of days between password changes?
chage -m
How to set maximum password life time?
passwd -x [days] [username]
or
chage -M [days] [username]
How to change amount of days before password expires that the user will get a warning message?
passwd -w [days] [username]
How to display password status? What does it show?
chage -l
How to display password status with a command different than passwd -S?
chage -l [username]
How to change aging information for an user with a single command?
chage [username]
How to change account expiration day?
chage -E [days after 1970.1.1] [username]
With what two commands you can change user/password expiration configuration?
chage, passwd
How to set account expiration to never with a single command?
chage -E -1 [username]
How to expire account immediately
chage -E 0 [username]
What are .rpmnew and .rpmsave files?
When an upgrade includes changes to a default configuration file, instead of overwriting the configuration file on your system — and possibly nuking the changes you have made — the package will write one of these file types. An .rpmnew file contains the new default configuration file and leaves your original configuration file untouched. By contrast, and .rpmsave file is a copy of your original configuration file, which has been replaced by the new default file.
What does everything in this line of sudoers file stand for, and what does command do?
[username] ALL=(ALL) NOPASSWD:ALL
[username] - user
ALL - on all hosts
=(ALL) - as any user
ALL - can run any commands
So bassicaly you give give user root privilages with that line
What visudo is for?
visudo checks the file syntax before actually overwriting the sudoers file
What sign states that “we are talking” about groups in /etc/sudoers file?
%
example:
%wheel ALL=(ALL) NOPASSWD:ALL
How to allow anyone that belongs to an xyz group to run ‘touch’ and ‘mkdir’ command as any host and as any user without prompting for password, and run the pwd command in the same fashion but with prompting for passwd?
By adding this line to /etc/sudoers file:
%xyz ALL=(ALL) NOPASSWD: /bin/touch, /bin/mkdir PASSWD: /bin/pwd
What is the purpose of /etc/sudoers.d/90-cloud-init-user file?
It is used for cloud users configuration
What is the purpose of /etc/sudoers.d/ssm-agent-users file?
It is used for ssm-agent user configuration
How to run a command in a backgroung?
[command] &