Monday, August 29, 2011

USER & GROUP MANAGEMENT

User Management

#useradd username (OR) #useradd username used to create a new user.

#passwd username It changes password for the corresponding user.

User add can also be done by specifying a no: of attributes like

#useradd –u uid –s shell –c command –d home_directory –g group –G groups username

uid user identification no, 0-99 for system purpose, 0 reserved for root,

100-60,000used for general purpose.

gid group identification no, 0-99 for system purpose, 100-600 for general purpose

pid process identification no, to identify all the processes running on your system

groups - maximum of 15 groups is only possible as secondary group for a user.

#usermod attributes username helps to modify already given attributes.

#userdel username only deletes an existing account, not user directory.

#userdel –r username deletes a user account along with home directory.

GROUP

#groupadd groupname adds a new group

#groupadd attributes groupname adds a new group along with its attributes.

#groupmod groupname modifies the attributes of a group

#groupdel groupname deletes an existing group

#id –u username displays the userid no of the user specified

#id username displays uid,gid and all secondary groups that user

#groups displays the default groups in your machine

Switch User

#su username to change from current user to user specified

#su – username change to the specified user along with his home directory.

/etc/profile

Contains several information regarding the history size, the umask value etc, which is applicable to all the users.

#vi /etc/profile

:

HISTSIZE =1010 [this entry helps to change the history size]

:

echo [this entry will help display what ever written after it]

echo Welcome $USER [helps display “Welcome root” if u have logged as root]

echo

sleep 2 [waits for a period of 2 seconds]

clear [helps to obtain a clear window]

After editing this file quit from vi. All this will become applicable if u login again.

#vi /home/nas/.bash_profile helps to change the login contents if u login as a normal user (here the user is nas)

#vi /home/nas/.bash_logout helps to create log out contents for a user(here it is nas)

#vi /etc/issue helps to change the appearance of the log in screen

#vi /etc/issue.net for networking ie, when u log in using network(ie like telnet etc) then the screen appearance for them can be set using this.

#vi /etc/syslog.conf all the log files generated during boot time are kept here

#vi /etc/motd displays the message of the day.

/etc/passwd user id information resides here.

#vi /etc/passwd

nas:x:509:509: :/home/nas:/bin/bash

GID home dir Login shell

UID comment

password

user name

Here the ‘:’ is called the delimiter. Here ‘x’ represents the password, which resides in another file /etc/shadow

#vi /etc/shadow

nas:$1$Dn……………..

This contains 9 fields, which are

Loginid:password:lastchange:min:max:warning:inctive:expiry:

/etc/group  the group id information resides here.

#vi /etc/group

groupname:passwd:gid:users list

FILE PERMISSIONS

We can change the permissions of a file in either using the Symbolic Mode or by using the Absolute Mode.

1.Symbolic Mode :-here we use r for read, w for write , x for execute and

‘+’ to append a permission,’-‘ to remove a permission.

chmod is the command used to change permission bits.

#chmod u=rwx,g=rx,o=r filename

#chattr change the attributes of file ie, who all can delete or add files

’+’ is used to add and ‘-‘ is used to remove permissions.

Eg:- #chattr +i filename - now none will be able to change the file contents.

#chattr –i filename - then it is removed & all functions can be performed

2.Absolute Mode:-here we use nos from 0 to 7.

Value Indications Permissions

0 - - - No permission

1 - - x Only execute

2 - w - Write only

3 - w x Write and execute

4 r - - Read only

5 r – x Read and execute

6 r w - Read and write

7 r w x Full permission

Eg:-#chmod 765 filename full permission for owner, read & write for group members, read & execute permission for others.

Sticky bit

#chmod 1000+file_permission filename here the value 1000 implies it’s a sticky bit

#chmod 1766 f1 implies it is a sticky bit.

#ls –l -rwxrw-rwT

#chmod 1767 f2 I implies it is a sticky bit.

#ls –l -rwxrw-rwt

here T  sticky bit is enabled and executable bit for others is OFF

and t  sticky bit is enabled and executable bit for others is ON

i. When sticky bit is set on a dir,files in that dir may be unlinked or renamed only by the root user or by its owner.

ii. Commonly found in dir like /tmp, that are world –writable.

Set UID & GID :- is applicable to an executable file & is used for project sharing.

#chmod 4000+file_permissions filename  here 4000 implies enable UserID

#chmod 2000+file_permissions filename  here 2000 implies enable GroupID

Eg:- #chmod 4777 file4

#chmod 2777 file5

#ls –l

-rwsrwxrwx ……………… file4

-rwxrwsrwx ……………… file5

#umask whenever a user creates a file, the OS assigns default permissions to the file with out the intermission of the user. It is defined by the umask value specified in /etc/profile. the default umask value os 022, but the value 027 is more effective. So the default file permission is 666 & that of a directory is 777.

Change ownership:-

Root is the only user who has the permission to change ownership of a file. So in case, if u have logged in as a normal user, u have to log in as root to do this. The cmnd used for this purpose is ‘chown’

#chown nas f3 to change the ownership of the file f3 from current owner to nas

No comments:

Post a Comment