Users and Permissions Flashcards
Which file stores passwords in a salted hash
/etc/shadow
What is UID
User id
What is GID
Group id
What are the contents of the /etc/shadow file
- Username
- Password as a salted hash (* or ! on the password could denote that the account has been locked possibly because of invalid login attempts)
- Date of last password change
- Days until a change is allowed
- Days before a change is required
- Days of warning before expiration
- Days between expiration and deactivation
- Expiration date
- Special flag
What is the difference between an expired and deactivated account
An expired account will force you to change your password on the next login before you can complete the login.
A deactivated account will require an admin to reactivate the account before you can login again.
Create a new group
newgroup
How to show current user
whoami
How to show all ids for the current user (user id, group ids)
id
How to show all ids for the current user (user id, group ids) or a specific user
id
when entered alone it will display info for the current user
id username will show info for the specified user account
Create a new user
sudo adduser username
Create a new user
sudo adduser username
this works like a wizard and allows to enter more info
OR
sudo useradd -s /bin/bash -d /home/jason -m -G groupName userName
sudo passwd userName
Search for users on the system
grep ‘^username’ -ne /etc/passwd
will find a line in the passwd file that starts with username
Change/Set password for a user
sudo passwd username
See password info for a user
sudo passwd -S username
or
sudo chage -l username
Which command is used to set password policies for a user
sudo chage username
use man chage to see details
change username
sudo usermod -l userNewName userOldName
change group
sudo groupmod -n groupNewName groupOldName
remove user
sudo deluser –remove-home username
sudo userdel -r username
check log of users deleted
cat /var/log/auth.log | tail -15 OR tail -15 /var/log/auth.log OR grep 'userdel' /var/log/auth.log
tail -15 just limits the output to the most recent items
how to add groups
sudo groupadd groupName
how to add user
sudo useradd -m tim -p password
- m makes home directory match username
- p is for password
add user to group
sudo usermod -a -G groupname username
search for a group
grep groupName /etc/group
rename a group
sudo groupmod -n newGroupName oldGroupName
how to disable user
sudo passwd -l userName
how to enable user
sudo passwd userName
command to change owner of file or directory
sudo chown userName tim
must use root because you must have access to the current owner and the new owner
command to change group of file or directory
sudo chown userName:groupName fileOrDirName
sudo chown :groupName fileOrDirName
Need more info for this below
sudo chgrp
can do it without sudo (root) if you are in both groups
change the default permissions of created files and directories for a user
umask
default files are created with 666 permissions
default directories are created with 777 permissions
Which command option tells Linux to run the program with the permissions of whoever owns the file rather than with the permissions of the user who runs the program.
suid
What are two special permission bits exist, similar to the sticky bit?
SUID and GUID
The SUID and SGID are special permission bits. SUID (Set owner User ID up on execution) is a special type of file permissions given to a file. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SUID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file owner rather that the user who runs it. SGID permission is similar to the SUID permission, the only difference is – when the script or command with SGID on is run, it runs as if it were a member of the same group in which the file is a member.
