User and Groups Flashcards
Show all processes in the current session by the current user
ps -au
switch to the user02 account
su - user02
Switch to root
su -
Diff between su and su -
su: non-login shell (reads .bashrc)
su -: login shells, (reads .bash_profile)
su 4 properties
1) become new user
2) env vars from current user
3) New user password required
4) Privileges of new user
su - sudo recap
1) su -, sudo -i: root env, root login shell
2) su, sudo su: initiating user env, root non login shell
3) sudo -s: initiating user env, initiating user non-login shell
sudo
1) Simply execute command
2) env vars from initiating user
3) password of initiating user
4) Must be configured
configure the sudo command to allow the user01 user to run the usermod command as root
show information about the currently logged-in user
id
Diff between sudo -i and for su -
sudo -i requires initiating user password
su - requires target user password
Diff between sudo -i and sudo -s
First includes target user env variables. Second includes initiating user env variables.
How do you edit /etc/suroders
visudo
What are the benefits of visudo
1) Ensures there is no conflicts in multiuser environments
2) Parses the file before saving
In /etc/sudoers, how do you differentiate normal user from group
Groups start with %
General syntax of an sudoers entry
principal X=(Y:Z) T
X: hosts where this is applicable
Y: Users that X may assume
Z: Group that X may assume
T: Commands that X is permitted to execute when acting as X or Y
Enable full sudo access for user01
user01 ALL=(ALL:ALL) ALL
enable full sudo access for the group01 group
%group01 ALL=(ALL:ALL) ALL
enable users in the games group to run the id command as the operator user,
%games ALL=(operator) /bin/id
allow a user to run commands as another user without entering their password
ansible ALL=(ALL) NOPASSWD: ALL
sudo su
start a root non-login shell .
User must be sudoer
No root password required
Similarity between su and sudo su
Both result in non-login shells
sudo su vs sudo s
sudo s: 1) user env vars, 2) SHELL from user,
sudo su: 1) user env VARS, 2) SHELL from root
Where do you set range of valid UID numbers and default password aging rules
/etc/login.defs
usermod -aG user1 group3
add group3 to user1 list of supplementary groups
usermod -c
change the comment in the user profile
usermod -L
locka user’s password. preventing him from loggin in.
usermod -G
add a comma separated list of groups as supplementary groups to a user
usermod -d
change user home dir
usermod -s
change user shell
usermod -U
unlock a user
Delete user user01 without deleting hom dir
userdel user01
Delete user user01 along with home dir
userdel -r user01
find all unowned files and directories
find / -nouser -o -nogroup
Create user with specified uid
useradd -u 1000 user02
Add group with specific id
groupadd -g 10000 group01
Create a system group
groupadd -r group02
Change the name of group
groupmod -n group0022 group02
Change the group id of a group
groupmod -g 20000 group0022
Where are password stored
/etc/shadow
What does chage stand for?
change age
What are password aging parameters?
-d: last change date
-m: min days
-M: max days
-W: warn days
-I: inactive days
-E: expiration day
-l: display aging policy
Every moon day, Max warns Isaac: End laziness.
Print date in format 2022-03-10
date +%F
You want a user to change password immediately. what do you do?
chage -d 0 cloudadmin10
set the default maximum and minimum age of the password respectively.
PASS_MAX_DAYS and PASS_MIN_DAYS
sets the default warning period of the password
PASS_WARN_AGE
lock and expire the account from a certain date
usermod -L -e 2022-08-14 cloudadmin10
How do you prevent a user with valid account to log in
usermod -s /sbin/nologin newapp
Used for service accounts
What is typical content of .bashrc
alias
functions
shell prompt appearance,
settings for command-line tools
What is typical content of .bashrc_profile
user’s environment (PATH, EDITOR, etc.)
.bash_profile sometimes sources .bashrc
