Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

RHCSA 7 C > Manage users and groups > Flashcards

Manage users and groups Flashcards

1
Q

create a new user

A 
#useradd user1    by default a home directory is created under /home
#useradd -c "Full name" user1
# useradd -s /bin/tcsh user2  change user's shell
# useradd -c "full name" -d /home/location user   change user's home directory location
#useradd -G wheel bob   add bob the wheel's group as the account is created
#useradd -u 504 -g 505 bob   add user bob with uid 504 and GID 505, the gid must already exist
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

delete a user

A 
# userdel user1    by default userdel doesn't remove the home directory, nor delete mailbox
#userdel -r user1   removes user's home directory & mailbox
# userdel -f bob   also remove home directory & mail spool even if the user is logged on
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

modify user’s account using usermod

A 
usermod uses some of the same commands as useradd
#usermod -c "full name" user2
#usermod -s /bin/bash bob  change bob's shell to bash
#usermod -a -G sales bob  modify bob to be in the sales group
#usermod -l usr user  change the name of a user account(from usr-user)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

change user’s password

A 
#useradd -p test123 newUser    create user with a password
#passwd user   change user's password
account is disabled if no password is provided
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

locking and unlocking a local user’s account

A 
#passwd -l user   to lock a user's account
#passwd -u user  to unlock a user's account
#usermod -L username   locks an account
#usermod -U username  unlocks an account
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Setting user’s password expiration

A 
By default there is no expiration set for a user's password, but you can set that using the chage command
#chage -M 90 user1    set password expiration to 90 days(user must change in 90 days)
#change -E 2012-5-25 user   set expiration for a user on a specific dayYou can also use the passwd command to set expiration for a user's password
#passwd -x 30 user  set password to expire in 30 days
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Other chage commands

A 
#chage -l user   check a user's policy
Also this command will let you see the status of an account     #passwd -S user
#chage -w 2 user   set warning to 2 days prior to password expiration
#change -m 10 user  allow a user to change their password every 10 days and no more. 
#chage -d 0 user  apply immediate expiration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

chage command line options and meanings

A
  • m -> specifies the minimum number of days between which the user must change password. if the value is 0, the password does not expire
  • M -> specifies the maximum number of days for which the password is valid
  • d -> specifies the number of days since Jan 1 1970 the password was changed
  • I -> specifies the number of inactive days after the password expiration before locking the account. If set to 0, the account is not locked after the password expires
  • E -> specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of says since Jan 1 1970 can also be used
  • W -> specifies the number of days before the password expiration date to warn the user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

To create a group

A 
#groupadd research
for new group memebership to take effect after adding a user to a group, a user must log out, then log back in or run
#newgrp groupname
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

to check which groups user belongs to

A 
#groups   as the user
#groups user   as root
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

to modify group’s attribute

A

groupmod -n group1 group2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Change group id

A

groupmod -g 1000 group2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

granting non-root user right to add users to a group

A 
#gpasswd -A user groups2   user acting as group administrator
now as the group administrator
#gpaswd -a user5 group2
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

to delete a group

A 
#groupdel group2
you can also use the user & group gui tool to add/delete groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

adding and removing a user from a group

A 
#groupmems -g sales -a bob   add user bob to the sales group
#groupmems -g sales -d tom  remove user tom from the sales group
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

terminal LDAP configuration

A 
# yum install -y openldap-clients nss-pam-ldapdrun 
the authentication menu from the terminal
# authconfig-tui
choose the following options
- Cache Information
- Use LDAP
- Use MD5 Passwords
- Use Shadow Passwords
- Use LDAP Authentication
- Local authorization is sufficient
in the LDAP settings, type:Use TLSldap://instructor.example.comdc=example,dc=com
test the connection to the ldap server
# getent passwd ldapuser02
17
Q

LDAP client configuration

A

LDAP Server configuration

In order to test a LDAP client configuration, you will need to configure a LDAP directory service.
The LDAP server is called instructor.example.com in this procedure.

LDAP Client configuration

Install the following packages:

# yum install -y openldap-clients nss-pam-ldapd
Run the authentication menu:
# authconfig-tui
Choose the following options:
  • Cache Information
  • Use LDAP
  • Use MD5 Passwords
  • Use Shadow Passwords
  • Use LDAP Authentication
  • Local authorization is sufficient
    In the LDAP Settings, type:

Use TLS
ldap://instructor.example.com
dc=example,dc=com
Note: Don’t use TLS if you specify ldaps.

Put the LDAP server certificate into the /etc/openldap/cacerts directory when asked.

Test the connection to the LDAP server (the ldapuser02‘s line of the /etc/passwd file should be displayed):

# getent passwd ldapuser02
ldapuser02:x:1001:1001:ldapuser02:/home/guests/ldapuser02:/bin/bash
18
Q

Automounter Client configuration

A

Install the following packages:

# yum install -y autofs nfs-utils
Create a new indirect /etc/auto.guests map and paste the following line:
  • -rw,nfs4 instructor.example.com:/home/guests/&
    Add the following line at the beginning of the /etc/auto.master file:

/home/guests /etc/auto.guests
Start the Automounter daemon and enable it at boot:

# systemctl start autofs && systemctl enable autofs
Test the configuration:

su - ldapuser02

19
Q

Configure NFS Server side

A

Server side configuration

Install the file-server package group:

# yum groupinstall -y file-server
Add a new service to the firewall:

firewall-cmd –permanent –add-service=nfs
success
Reload the firewall configuration:

firewall-cmd –reload
success
Activate the NFS services at boot:

# systemctl enable rpcbind
# systemctl enable nfs-server
# systemctl enable nfs-lock
# systemctl enable nfs-idmap
Note: The nfs-idmap service is required by NFSv4 but doesn’t allow you any UID/GID mismatches between clients and server. It is only used when setting ACL by names or to display user/group names.
All permission checks are still done with the UID/GID used by the server (see this thread about nfs-idmap for more details).
Start the NFS services:
# systemctl start rpcbind
# systemctl start nfs-server
# systemctl start nfs-lock
# systemctl start nfs-idmap
Note: By default, 8 NFS threads are used (RPCNFSDCOUNT=8 in the /etc/sysconfig/nfs file). This should be increased in a production environment to at least 32 (source: http://initrd.org/wiki/NFS_Setup).

Create directories to export and assign access rights:

# mkdir -p /home/tools
# chmod 777 /home/tools
# mkdir -p /home/guests
# chmod 777 /home/guests
Assign the correct SELinux contexts to the new directories:
# yum install -y setroubleshoot-server
# semanage fcontext -a -t public_content_rw_t "/home/tools(/.*)?"
# semanage fcontext -a -t public_content_rw_t "/home/guests(/.*)?"
# restorecon -R /home/tools
# restorecon -R /home/guests

Note: The public_content_rw_t context is not the only available, you can also use the public_content_ro_t (only read-only) or nfs_t (more limited) contexts according to your needs.

Check the SELinux booleans used for NFS:

semanage boolean -l | egrep “nfs|SELinux”

Note1: The State column respectively shows the current boolean configuration and the Default column the permanent boolean configuration.
Note2: Here we are interested in the nfs_export_all_rw, nfs_export_all_ro and potentially use_nfs_home_dirs booleans.
Note3: The nfs_export_all_ro boolean allows files to be shared through NFS in read-only mode but doesn’t restrict them from being used in read-write mode. It’s the role of the nfs_export_all_rw boolean to allow read-write mode.

If necessary, assign the correct setting to the SELinux booleans:

# setsebool -P nfs_export_all_rw on
# setsebool -P nfs_export_all_ro on
# setsebool -P use_nfs_home_dirs on
Edit the /etc/exports file and add the following lines with the name (or IP address) of the client(s):

/home/tools client1(rw,no_root_squash)
/home/guests client2(rw,no_root_squash)
Note: Please, don’t put any space before the opening parenthesis, this would completely change the meaning of the line!

Export the directories:

# exportfs -avr
# systemctl restart nfs-server
Note: This last command shouldn’t be necessary in the future. But, for the time being, it avoids rebooting.

Check your configuration:# showmount -e localhost
Export list for localhost:
/home/guests *
/home/tools *

Client side configuration

On the client side, the commands are:

# yum install -y nfs-utils
# mount -t nfs nfsserver:/home/tools /mnt

RHCSA 7 C (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions