useradd <user> -->adds a user and updates below files
passwd <user> -->add password for a user
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
uid gid
root 0 0
systemuser 1-499 1-499
normaluser 500+ 500+
FILEDS OF /ETC/PASSWD
1. User
2. password pointer
3. uid
4. gid
5. comments
6. home dir
7. shell
To edit fields of user, or to create user with option
useradd -u <uid> <user> ->Add user with specified uid
useradd -g <gid> <user> ->changes users primary group
useradd -G <gid> <user> ->changes users secondary group
useradd -c <comments> <user> ->Add comments to user
useradd -d <homedir> <user> ->Add specified home dir
useradd -s <shell> <user> ->Add specified shell to user OR
chsh <user> -->change shell of user
finger <user> -->shows shell of user
id <user> -->shows users uid,gid info
usermod -option <user> -->modify existing info of user
userdel <user> -->Delete user, but leave home dir
userdel -r <user> -->Delete user and home dir both
when we add user it copies hidden file from /etc/skel dir.
and password aging policy are read from /etc/login.defs
2. FIELDS OF /ETC/SHADOW
1. user
2. password
3. num of days since jan 1970 passwd is changed
4. min num of days to wait for user to change his password
5. max num of days after which user is forced to change password
6. Once password is above to expire start giving warnign message
7. If pasword is expired, also disable a/c aftr this many days
chage -l <user> --->show password aging policy of user
chage <user> --->Change password aging policy of user
3. FIELDS OF /ETC/GROUP
1. group
2. group password
3. gid
4. members of group
4. FIELDS OF /ETC/GSHADOW
1. group
2. group password
3. admin of group
4. members of group
groupadd <grp> --> Add a group
groupdel <grp> --> Delete a group
gpasswd <grp> --> Set password for a group
AS ROOT
gpasswd -M <u1,u2> <grp1>-->Add u1,u2 as members to group grp1
gpasswd -A <u1> <grp1> -->Make u1 as Admin to group grp1
gpasswd -d <u2> <grp1> -->Delete u2 from group grp1
AS ADMIN (Login as admin and try below commands)
gpasswd -a <u3> <grp1> -->Add u3 to group grp1
gpasswd -d <u3> <grp1> -->Delete u3 from group grp1
newgrp <grp> -->when you know grouppassword of other group
you can change your group temporarily
ACL -ACCESS CONTROL LIST
getfacl <file> ->shows acl of file
setfacl -m u:u1:rw <file> ->set acl for user
setfacl -m g:g1:r <file> ->set acl for othergroup
setfacl -m o::-- <file> ->set acl for other users leftout
setfacl -x u:u1 <file> ->Delete acl set for user u1
setfacl -x g:g1 <file> ->Delete acl set for group g1
setfacl -b <file> ->Delete all acls been set.
setfacl -Rm u:u1:rw <dir> ->Acls set for dir is inherited by
files under that dir
VISUDO
VISUDO->Give privilege of root user to a induvidual user without
giving him root password.
Permissions can be given to user
Permissions can be given to existing group
Permissions can be given to virutal group
To give to user
copy line 76 and edit tht copied line
ex: t1 ALL=SERVICES
To give to existing group
copy line 83 and edit tht copied line
ex: %india ALL=SERVICES
To give to Virtual group
copy line 20 and edit tht copied line
+ copy line 76 and edit tht copied line
ex: User_Alias ABC = i2, t2 //line 20 exp +
ABC ALL=SERVICES
Once visudo is set, when user who got privilege of visudo tries to
execute the command, he has to include sudo + full path of command
ex: sudo /sbin/service network restart
LOG MESSAGES OF VISUDO
1. tailf /var/log/secure
SGID
Group owner of the directory should be inherited by the
file under that group.
1.groupadd admin //Add a group
2.mkdir /share //Create dir under /
3.ll -d /share //See permission of dir created
4.chgrp admin /share //Change groupowner of dir
5.ll -d /share //See permission of dir created
6.touch /share/a //Create file under dir
7.ll -d /share //Permission of file dir
8.ll /share/a //permission of file
9.chmod 2770 /share //Add special permission 2 to dir
10.ll -d /share //permission of dir
11.touch /share/b //create file under dir
12.ll /share/b // permission of dir
If you found this post useful, I would really love it, if you can Like the Page, or share it with your Facebook/Google+/Twitter Friends... It will keep me motivated. Thank you!
No comments:
Post a Comment