TIPS & TRICKS
To search the contents of the man pages
# man -k searchterm |
Users, groups and group memberships tasks examples
Create users, groups and group memberships 1
| Create the following users, groups and group memberships:
| - A group named admin.
| - A user harry who belongs to admin as a secondary group.
| - A user natasha who belongs to admin as a secondary group.
| - A user sarah who doesn’t have access to an interactive shell and who’s not a member of admin.
| - The users harry, natasha, sarah should all have a password of “password”.
# groupadd admin |
# useradd -G admin harry // -G= secondary group, -g=primary group |
# useradd --gG admin natasha |
# useradd -s /sbin/nologin sarah // -s=shell |
# passwd --stdin harry |
Note: –stdin is not mandatory, but there’s no need to retype the password and also it shows the password you typed.
Create users, groups and group memberships 2
| Add user Krish such that it’s password not gonna expire.
List Krish;
# chage -l krish |
Add -1 to -M parameter and the password never expire:
# chage -M -1 krish |
Verify:
# chage -l krish |
Create users, groups and group memberships 3
| Change user krish user id from 1200 to 1284.**
List id of Krish:
# id krish |
Change his uid:
# usermod -u 1284 krish |
Create users, groups and group memberships 4
| Create a user named Eric, and the user id should be 1234, and the password should be Eric123
# useradd -u 1234 Eric |
Create users, groups and group memberships 5
| Copy the /etc/fstab file to /var/tmp.
| Create a group named “admin” for sarah and krish.
| krish could read, write and modify it, while sarah without any permission.
# cp /etc/fstab /var/tmp |
# groupadd admin |
# chgrp admin /var/tmp/fstab |
# setfacl -m u:krish:rwx /var/tmp/fstab |
Verify:
# getfacl /var/tmp/fstab |
Create users, groups and group memberships 6
| Add user named john with id 1029. set password expiration date as 2023-05-23.
# useradd -u 1029 john |
# chage -E 2024-11-22 john |
Create users, groups and group memberships 7
| Create two users:
| - john with uid/gid equal to 2000, password 12345678.
| - davis with uid/gid equal to 3000, password 87654321.
| Make davis password validity stopping in one month.
# useradd -u 2000 john |
Make davis password validity stopping in one month:
# chage -E $(date -d +1month +%Y-%m-%d) |
See MAN for example:
For example the following can be used to set an account to expire in 180 days:
chage -E $(date -d +180days +%Y-%m-%d)
During user’s creation with useradd command the structure of home direcotry is taken from /etc/skel folder.
Create users, groups and group memberships 8
| Copy the file /etc/fstab to /var/tmp.
| Configure the permission of /var/tmp/fstab so that:
| - The file /var/tmp/fstab is owned by the root user.
| - The file /var/tmp/fstab belongs to the group root.
| - The file /var/tmp/fstab should not be executable by anyone.
| - The user harry is able to read and write on /var/tmp/fstab.
| - The user natasha can neither read nor write /var/tmp/fstab.
| - All other users (current/future) have the ability to read /var/tmp/fstab
# cp /etc/fstab /var/tmp |
# chown root:root /var/tmp/fstab |
# setfacl -m u:harry:rw- /var/tmp/fstab |
# getfacl /var/tmp/fstab |
Create users, groups and group memberships 9
| All newly created files for user natasha should have -r——– as the default permission.
| All newly created directories for user natasha should have dr-x—— as the default permission.
| The password for all new users should expire after 20 days.
| Assign the sudo privilege for user harry and the admin group to administrate without a password
| Create a script file: if the paramater is “GM” it outputs “good morning” – if it is “GN”, it outputs “good night”
UMASK 0277 in /home/natasha/.bashrc allow natasha to create file with -r-------- and directories with dr-x------ permissions:
# echo "umask 0277" >> /home/natasha/.bashrc |
In /etc/login.defs, the password for all new users should expire after 20 days:
# vim /etc/login.defs |
Assign the sudo privilege for users or groups to administrate without a password:
# vim /etc/sudoers.d/admin // %admin ALL=(ALL) NOPASSWD: ALL |
Create users, groups and group memberships 10
| Create a shared directory /home/admins, make it has the following characteristics:
| - /home/admins belongs to group adminuser
| - This directory can be read and written by members of group adminuser.
| - Any files created in /home/ admin, group automatically set as adminuser.
# mkdir /home/admins |
# chgrp -R adminuser /home/admins |
Create users, groups and group memberships 11
| Create a collaborative directory /common/admin with the following characteristics:
| - Group ownership of /common/admin is admin.
| - The directory should be readable, writable and accessible to members of admin, but not any other user.
| (It is understood that root has access to all files and directories on the system.)
| - Files created in /common/admin will automatically have group ownership set to the admin group.
# mkdir -p /common/admin |
# chgrp admin /common/admin |
# chmod 2770 /common/admin |
Remember that 2 mentioned below is called SGID - which means that when user does something on folder/file with GUID set will be assigned the access rights of the group. This is a special permissions for directories so that its subdirectories inherit the group of the parent directory.
Create users, groups and group memberships 12
| Create a catalog under /home named admins.
| Its respective group is requested to be the {admin} group.
| The group users could read and write, while other users are not allowed to access it.
| The files created by users from the same group, should also have the admin group.
First Part of the question is simple:
# mkdir /home/admins |
Second Part of the question is solved by enabling Sticky bit upon the G “group”:
# chmod -R g+s admins/ |
Create users, groups and group memberships 13
| Create a Shared Directory /home/admins, make it has the following characteristics:
| - /home/admins belongs to group admingrp
| - This directory can be read/write by members of group adminuser. Any files created in /home/ admin, group automatically set as adminuser.
| - And others do not have any other permissions on the directory.
Solution:
# mkdir -p /home/admins |
Create users, groups and group memberships 14
| Créez un répertoire /projects avec des permissions spéciales :
| - seuls les membres du groupe project_team peuvent y accéder et créer des fichiers.”
# mkdir /projects |
Create users, groups and group memberships 15
| Restore the sticky bit on /tmp
# chmod o+t /tmp |
Create users, groups and group memberships 16
| Question: Create two groups: students and teachers
| - Add two users: natasha and harry to students group
| - Add two users: amy and anna to teachers group
| - Create two directories: /data/students and /data/teachers so that:
| - all students have read/write access to /data/students
| - all teachers have read/write access to /data/teachers
| - others have no access to /data/students and /data/teachers
| - files created under /data/students and /data/teachers are owned by respective groups
| - Only the owner of the file can delete the file created under /data/teachers and /data/students
| - User anna is the head master and have full read and write access to both directories /data/students and /data/teachers
| - Also make sure that members of group teachers have read access to /data/students
# groupadd students |
Set the sticky bit: 1, Owned by group: 2 –> Total: 1+2=3
# chmod 3770 students |
# chown anna:students students |
Documentations
Internet
Git
ChatGPT