Users, groups and group memberships tasks examples
Create users, groups and group memberships 1
| Create the following users, groups and group memberships: | - A group named admin. | - A user harry who belongs to admin as a secondary group. | - A user natasha who belongs to admin as a secondary group. | - A user sarah who doesn’t have access to an interactive shell and who’s not a member of admin. | - The users harry, natasha, sarah should all have a password of “password”.
# groupadd admin
# useradd -G admin harry // -G= secondary group, -g=primary group
# useradd --gG admin natasha
# useradd -s /sbin/nologin sarah // -s=shell
# passwd --stdin harry # passwd --stdin natasha # passwd --stdin sarah
Note: –stdin is not mandatory, but there’s no need to retype the password and also it shows the password you typed.
Create users, groups and group memberships 2
| Add user Krish such that it’s password not gonna expire.
List Krish;
# chage -l krish Last password change : Nov 16, 2024 Password expires : Nov 18, 2024
Add -1 to -M parameter and the password never expire:
# chage -M -1 krish
Verify:
# chage -l krish Last password change : Nov 16, 2024 Password expires : never
Create users, groups and group memberships 3
| Change user krish user id from 1200 to 1284.**
List id of Krish:
# id krish uid=1200(krish) gid=1201(krish) groups=1201(krish)
| Create a user named Eric, and the user id should be 1234, and the password should be Eric123
# useradd -u 1234 Eric # passwd --stdin Eric
Create users, groups and group memberships 5
| Copy the /etc/fstab file to /var/tmp. | Create a group named “admin” for sarah and krish. | krish could read, write and modify it, while sarah without any permission.
| Add user named john with id 1029. set password expiration date as 2023-05-23.
# useradd -u 1029 john # passwd --stind john
# chage -E 2024-11-22 john
Create users, groups and group memberships 7
| Create two users: | - john with uid/gid equal to 2000, password 12345678. | - davis with uid/gid equal to 3000, password 87654321. | Make davis password validity stopping in one month.
# useradd -u 2000 john # passwd --stdin john # useradd -u 3000 davis # passwd --stdin davis
Make davis password validity stopping in one month:
# chage -E $(date -d +1month +%Y-%m-%d)
See MAN for example:
For example the following can be used to set an account to expire in 180 days: chage -E $(date -d +180days +%Y-%m-%d)
During user’s creation with useradd command the structure of home direcotry is taken from /etc/skel folder.
Create users, groups and group memberships 8
| Copy the file /etc/fstab to /var/tmp. | Configure the permission of /var/tmp/fstab so that: | - The file /var/tmp/fstab is owned by the root user. | - The file /var/tmp/fstab belongs to the group root. | - The file /var/tmp/fstab should not be executable by anyone. | - The user harry is able to read and write on /var/tmp/fstab. | - The user natasha can neither read nor write /var/tmp/fstab. | - All other users (current/future) have the ability to read /var/tmp/fstab
| All newly created files for user natasha should have -r——– as the default permission. | All newly created directories for user natasha should have dr-x—— as the default permission. | The password for all new users should expire after 20 days. | Assign the sudo privilege for user harry and the admin group to administrate without a password | Create a script file: if the paramater is “GM” it outputs “good morning” – if it is “GN”, it outputs “good night”
UMASK 0277 in /home/natasha/.bashrc allow natasha to create file with -r-------- and directories with dr-x------ permissions:
# echo "umask 0277" >> /home/natasha/.bashrc
In /etc/login.defs, the password for all new users should expire after 20 days:
# vim /etc/login.defs PASS_MAX_DAYS 20 PASS_MIN_DAYS 0 PASS_WARN_AGE 7
Assign the sudo privilege for users or groups to administrate without a password:
# vim /etc/sudoers.d/admin // %admin ALL=(ALL) NOPASSWD: ALL # vim /etc/sudoers.d/harry // harry ALL=(ALL) NOPASSWD: ALL
Create users, groups and group memberships 10
| Create a shared directory /home/admins, make it has the following characteristics: | - /home/admins belongs to group adminuser | - This directory can be read and written by members of group adminuser. | - Any files created in /home/ admin, group automatically set as adminuser.
| Create a collaborative directory /common/admin with the following characteristics: | - Group ownership of /common/admin is admin. | - The directory should be readable, writable and accessible to members of admin, but not any other user. | (It is understood that root has access to all files and directories on the system.) | - Files created in /common/admin will automatically have group ownership set to the admin group.
# mkdir -p /common/admin
# chgrp admin /common/admin
# chmod 2770 /common/admin
Remember that 2 mentioned below is called SGID - which means that when user does something on folder/file with GUID set will be assigned the access rights of the group. This is a special permissions for directories so that its subdirectories inherit the group of the parent directory.
Create users, groups and group memberships 12
| Create a catalog under /home named admins. | Its respective group is requested to be the {admin} group. | The group users could read and write, while other users are not allowed to access it. | The files created by users from the same group, should also have the admin group.
Second Part of the question is solved by enabling Sticky bit upon the G “group”:
# chmod -R g+s admins/
Create users, groups and group memberships 13
| Create a Shared Directory /home/admins, make it has the following characteristics: | - /home/admins belongs to group admingrp | - This directory can be read/write by members of group adminuser. Any files created in /home/ admin, group automatically set as adminuser. | - And others do not have any other permissions on the directory.
| Créez un répertoire /projects avec des permissions spéciales : | - seuls les membres du groupe project_team peuvent y accéder et créer des fichiers.”
| Question: Create two groups: students and teachers | - Add two users: natasha and harry to students group | - Add two users: amy and anna to teachers group | - Create two directories: /data/students and /data/teachers so that: | - all students have read/write access to /data/students | - all teachers have read/write access to /data/teachers | - others have no access to /data/students and /data/teachers | - files created under /data/students and /data/teachers are owned by respective groups | - Only the owner of the file can delete the file created under /data/teachers and /data/students | - User anna is the head master and have full read and write access to both directories /data/students and /data/teachers | - Also make sure that members of group teachers have read access to /data/students
# groupadd students # groupadd teachers # useradd natasha # useradd harry # useradd amy # useradd anna # usermod -aG students natasha # usermod -aG students harry # usermod -aG teachers anna # usermod -aG teachers amy
Set the sticky bit: 1, Owned by group: 2 –> Total: 1+2=3
# chmod 3770 students # chmod 3770 teachers
# chown anna:students students # chown anna:teachers teachers # setfacl -m d:g:teachers:rx students # setfacl -m g:teachers:rx students
