Laboratory 4 - System management (1)
Fourth laboratory, in which you will exercise with user and group management commands and file permissions. You will also find out how to use VIM.

Lab 4 - System Management (1)
In this laboratory you will exercise with user and group management from the command line, file permissions and working with vim editor.
Contents:
-
Lab 4.1 Working with users and groups
- Lab objective 1: Create and manage users and groups from the command line
- Lab objective 2: User account management
- Lab objective 3: Group management
- Lab objective 4: File permissions and ownership
-
Lab 4.2 Using vim
- Lab objective 5: Using vim to enter text in a file
- Lab objective 6: Using vim to edit a text file
Laboratory objective 1: Create and manage users and groups from the command line
Commands used: useradd, passwd, su, userdel
Solution:
In this exercise, you will add and remove a user from the command line by doing:
-
use the useradd command to add a new user account labeled tux for user Tux Penguin
-
look for the new entries in the /etc/passwd and /etc/shadow files
-
use the passwd command to set the password for the tux user
-
use the su command to switch to the new user
-
use the passwd command to change the password to a new one
-
use the userdel command to remove the account of user tux
- open a terminal window, then switch to the root by entering
su
-
enter the password for your root user
-
create a new local user by entering
useradd -c "Tux Penguin" -m tux
- verify that a home directory for tux was created by entering
ls /home
- verify that there is an entry for the tux user in /etc/passwd by entering
cat /etc/passwd | grep 'tux'
- have a look at the password in /etc/passwd by entering
cat /etc/shadow
the output in the tux user line indicates that there is no valid password for tux
- create a password for the new user tux by entering
passwd tux
-
enter your password twice (in my case the password is "linux")
-
log out as root by entering
exit
- log in as the new user tux in order to change your password
su -tux
-
enter the tux password (in my case "linux")
-
change the password of the user tux with the line
passwd
-
enter the old user password ("linux")
-
change the password to "newlinux" - you will receive a warning that the password is too simple
-
enter a more complicated password like "D1g1t@L" twice
-
log out as user tux by entering
exit
- switch to user root by entering
su -
- delete the user tux by entering
userdel -r tux
- verify that the home directory for tux has been removed by entering
ls /home
- verify that there is no entry for tux in /etc/passwd by entering
cat /etc/passwd
- exit the terminal by entering
exit
Laboratory objective 2: User account management
Commands used: grep, useradd, ssh, systemctl, passwd, cat, chage, usermod
Solution:
- examine /etc/passwd and /etc/shadow files and compare the fields in each of them. Examine the normal user accounts especially. For example, if there is a "student" account on the system you are working, search for it in the files, or search for your account or another normal user account:
sudo grep student /etc/passwd /etc/shadow
or, in the particular case on my system:
alexandru@linux-vje9:~> sudo grep alexandru /etc/passwd /etc/shadow [sudo] password for root: /etc/passwd:alexandru:x:1000:100:Alexandru Calcatinge:/home/alexandru:/bin/bash /etc/shadow:alexandru:$6$......tlzV.:17402:0:99999:7:::
- create a "user1" account using the command useradd
sudo useradd user1
- try and connect as user1 using ssh
ssh user1@localhost
you will have to have the sshd service running. If you are not sure, use the following commands:
sudo systemctl status sshd.service
The ssh command will require a password for the user1, which you don't have yet. Exit the command by hitting Ctrl-c
- set a password for user1, for example "user1pass" and then log back in as user1
sudo passwd user1
- look at the new records which were created in the /etc/passwd, /etc/shadow and /etc/group
sudo grep user1 /etc/passwd /etc/shadow /etc/group
- look at the /etc/default/useradd file and see what the current defaults are set to. Take a look at /etc/login.defs
cat /etc/default/useradd alexandru@linux-vje9:~> cat /etc/default/useradd useradd defaults file GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes
for the other file, use the command:
cat /etc/login.defs
the output is quite large, so we will not show it here.
- create a user account for "user2" which will use the Korn Shell (ksh) as its default shell. Set the password to "user2pass"
sudo useradd -s /bin/ksh user2 sudo passwd user2
in case that Korn Shell is not installed on your system, you could install it
- look at the /etc/shadow and look for the current expiration date for the "user1" account
sudo grep user1 /etc/shadow
there should be no expiration date
- use the command chage to set an account expiration date for "user1" to December 1 2013 and the look at /etc/shadow to see what the new expiration date is
sudo chage -E 2013-12-1 user1 sudo grep user1 /etc/shadow
- use usermod to lock the "user1" account, then look at /etc/shadow and observe what has changed about user1's password. Reset the password to "user1p" on the account
sudo usermod -L user1 sudo passwd user1
- now you can delete "user1" and "user2"
sudo userdel -r user1 sudo userdel -r user2
My output for the entire laboratory:
alexandru@linux-l1h3:~> sudo grep alexandru /etc/passwd /etc/shadow [sudo] password for root: /etc/passwd:alexandru:x:1000:100:alexandru:/home/alexandru:/bin/bash /etc/shadow:alexandru:$6$fUJrTLwIUin2$5Lt7VyFbWSRtAB1CO.HXRbYH560AyKQC3XjG70fsIjdW8v/veHiYhAdUpVs7JKgvGarvFWcX4lnCMpdZJsCG31:17410:0:99999:7::: alexandru@linux-l1h3:~> sudo useradd user1 alexandru@linux-l1h3:~> ssh user1@localhost The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is SHA256:R08Wm3yrwtl6zGmG6fjC7f9jvzOyqN3kTK0cqEW2Gk4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. Password: alexandru@linux-l1h3:~> sudo passwd user1 New password: Retype new password: passwd: password updated successfully alexandru@linux-l1h3:~> sudo grep user1 /etc/passwd /etc/shadow /etc/group /etc/passwd:user1:x:1001:100::/home/user1:/bin/bash /etc/shadow:user1:$6$jp9YAtMoM105laxv$UegTGfBD4TfNCcZDp6TXjahD1jnMUuag.KoAPegXse8x4JgRYfKRH6K3K1tiO15WnOC9yu1vFWf/e5qTCsqja0:17413:0:99999:7::: alexandru@linux-l1h3:~> cat /etc/default/useradd useradd defaults file GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes alexandru@linux-l1h3:~> sudo useradd -s /bin/ksh user2 alexandru@linux-l1h3:~> sudo passwd user2 New password: Retype new password: passwd: password updated successfully alexandru@linux-l1h3:~> sudo grep user1 /etc/shadow user1:$6$jp9YAtMoM105laxv$UegTGfBD4TfNCcZDp6TXjahD1jnMUuag.KoAPegXse8x4JgRYfKRH6K3K1tiO15WnOC9yu1vFWf/e5qTCsqja0:17413:0:99999:7::: alexandru@linux-l1h3:~> sudo chage -E 2013-12-1 user1 alexandru@linux-l1h3:~> sudo grep user1 /etc/shadow user1:$6$jp9YAtMoM105laxv$UegTGfBD4TfNCcZDp6TXjahD1jnMUuag.KoAPegXse8x4JgRYfKRH6K3K1tiO15WnOC9yu1vFWf/e5qTCsqja0:17413:0:99999:7::16040: alexandru@linux-l1h3:~> sudo usermod -L user1 alexandru@linux-l1h3:~> sudo grep user1 /etc/shadow user1:!$6$jp9YAtMoM105laxv$UegTGfBD4TfNCcZDp6TXjahD1jnMUuag.KoAPegXse8x4JgRYfKRH6K3K1tiO15WnOC9yu1vFWf/e5qTCsqja0:17413:0:99999:7::16040: alexandru@linux-l1h3:~> sudo passwd user1 New password: BAD PASSWORD: it is based on a dictionary word BAD PASSWORD: is too simple Retype new password: passwd: password updated successfully alexandru@linux-l1h3:~> sudo userdel -r user1 no crontab for user1 userdel: user1 home directory (/home/user1) not found alexandru@linux-l1h3:~> sudo userdel -r user2 no crontab for user2 userdel: user2 home directory (/home/user2) not found alexandru@linux-l1h3:~> sudo grep user1 /etc/passwd /etc/shadow alexandru@linux-l1h3:~>
Laboratory objective 3: Group management
Commands used: useradd, passwd, grep, groupadd, usermod, chgrp
Solution:
- create two new user accounts (paul and costel) and make sure that they have home directories
alexandru@linux-l1h3:~> sudo useradd -m paul Creating mailbox file: File exists alexandru@linux-l1h3:~> sudo useradd -m costel Creating mailbox file: File exists alexandru@linux-l1h3:~> ls -l /home total 0 drwxr-xr-x 1 alexandru users 774 Sep 4 17:45 alexandru drwxr-xr-x 1 costel users 240 Sep 4 19:19 costel drwxr-xr-x 1 paul users 240 Sep 4 19:19 paul alexandru@linux-l1h3:~> alexandru@linux-l1h3:~> sudo passwd costel New password: BAD PASSWORD: it is based on a dictionary word BAD PASSWORD: is too simple Retype new password: passwd: password updated successfully alexandru@linux-l1h3:~> sudo passwd paul New password: BAD PASSWORD: it is too short BAD PASSWORD: is too simple Retype new password: passwd: password updated successfully alexandru@linux-l1h3:~>
- create two new groups, friends and bosses (with GID of 490), then look at the /etc/group file and see which GID was given to each new group created
alexandru@linux-l1h3:~> sudo groupadd friends alexandru@linux-l1h3:~> sudo groupadd -g 490 bosses groupadd: GID '490' already exists alexandru@linux-l1h3:~> grep -e friends -e bosses /etc/group friends:x:1000: alexandru@linux-l1h3:~> grep -e bosses /etc/group alexandru@linux-l1h3:~> sudo groupadd bosses alexandru@linux-l1h3:~> grep -e bosses /etc/group bosses:x:1001: alexandru@linux-l1h3:~>
- add the user costel to both two groups created earlier and paul to group friends. Now look at the /etc/group file to see the changes
alexandru@linux-l1h3:~> sudo usermod -G friends,bosses costel alexandru@linux-l1h3:~> sudo usermod -G friends paul alexandru@linux-l1h3:~> grep -e costel -e paul /etc/group friends:x:1000:costel,paul bosses:x:1001:costel alexandru@linux-l1h3:~> alexandru@linux-l1h3:~> groups costel paul costel : users friends bosses paul : users friends alexandru@linux-l1h3:~>
- Login as costel and create a directory called somedir and set the group ownership to bosses (using chgroup - remember that you will probably need to add execute privileges for all on costel's home directory)
alexandru@linux-vje9:~> ssh -p 2222 costel@127.0.0.1 Password: Have a lot of fun... costel@linux-l1h3:~> cd ~ costel@linux-l1h3:~> ls bin public_html costel@linux-l1h3:~> mkdir somedir costel@linux-l1h3:~> chgrp bosses somedir costel@linux-l1h3:~> ls -l total 0 drwxr-xr-x 1 costel users 0 May 10 02:26 bin drwxr-xr-x 1 costel users 20 Sep 1 14:03 public_html drwxr-xr-x 1 costel bosses 0 Sep 4 19:31 somedir costel@linux-l1h3:~> chmod a+x . costel@linux-l1h3:~>
- Login as paul and try to create a file in /home/costel/somedir called somefile using the touch command. See if you can do this, and if no, find out why (hint: because of the group ownership and the chmod a+x on the directory).
alexandru@linux-vje9:~> ssh -p 2222 paul@127.0.0.1 Password: Have a lot of fun... paul@linux-l1h3:~> touch /home/costel/somedir/somefile touch: cannot touch '/home/costel/somedir/somefile': Permission denied paul@linux-l1h3:~> exit logout Connection to 127.0.0.1 closed.
- Add paul to the bosses group and try again (note that you will have to logout and log back in again for the new group membership to be effective).
alexandru@linux-vje9:~> ssh -p 2222 alexandru@127.0.0.1 Password: Last login: Mon Sep 4 17:35:17 2017 from 10.0.2.2 Have a lot of fun... alexandru@linux-l1h3:~> sudo usermod -a -G bosses paul [sudo] password for root: alexandru@linux-l1h3:~> groups costel costel : users friends bosses alexandru@linux-l1h3:~> exit logout Connection to 127.0.0.1 closed. alexandru@linux-vje9:~> ssh -p 2222 paul@127.0.0.1 Password: Last login: Mon Sep 4 19:38:42 2017 from 10.0.2.2 Have a lot of fun... paul@linux-l1h3:~> touch /home/costel/somedir/somefile touch: cannot touch '/home/costel/somedir/somefile': Permission denied paul@linux-l1h3:~> groups costel costel : users friends bosses paul@linux-l1h3:~> groups paul paul : users friends bosses
You will have the same error, even though paul and costel are both in the bosses group.
Laboratory objective 4: File permissions and ownership
Commands used: chmod, touch, ls, umask
Solution:
The command chmod can be used with octal digits and symbolic methods to change permissions. Let us exercise with a file called "afile" inside your home directory.
alexandru@linux-l1h3:~> ls bin Documents Music Public Templates Desktop Downloads Pictures public_html Videos alexandru@linux-l1h3:~> touch afile alexandru@linux-l1h3:~> ls afile Desktop Downloads Pictures public_html Videos bin Documents Music Public Templates alexandru@linux-l1h3:~> chmod u=r,g=w,o=x afile alexandru@linux-l1h3:~> ls -l afile -r---w---x 1 alexandru users 0 Sep 4 21:33 afile alexandru@linux-l1h3:~> chmod u=+w,g=-w,o=+rw afile alexandru@linux-l1h3:~> ls -l afile --w----rw- 1 alexandru users 0 Sep 4 21:33 afile alexandru@linux-l1h3:~> chmod ug=rwx,o=-rw afile alexandru@linux-l1h3:~> ls -l afile -rwxrwx--- 1 alexandru users 0 Sep 4 21:33 afile alexandru@linux-l1h3:~>
Using umask, you must create a file with the touch command and analyze the default permissions and see the umask value:
alexandru@linux-l1h3:~> touch bfile alexandru@linux-l1h3:~> ls -l bfile -rw-r--r-- 1 alexandru users 0 Sep 4 21:37 bfile alexandru@linux-l1h3:~> umask 0022 alexandru@linux-l1h3:~>
You can see that the default umask value is 0022. It could be different for you, for example 0002.
At the operating system level, the default permissions given when a file or directory is created are 0666 that are read/write for owner, group and world (other). This value of umask is combined with the file creation permissions and thus it gives the following result:
0666 - 0022 = 0644 or, -rw-r--r--
Let us now modify the umask and then create a new file.
alexandru@linux-l1h3:~> umask 0022 alexandru@linux-l1h3:~> umask 0002 alexandru@linux-l1h3:~> touch cfile alexandru@linux-l1h3:~> ls -l cfile -rw-rw-r-- 1 alexandru users 0 Sep 4 21:42 cfile alexandru@linux-l1h3:~> umask 0666 alexandru@linux-l1h3:~> touch dfile alexandru@linux-l1h3:~> ls -l dfile ---------- 1 alexandru users 0 Sep 4 21:43 dfile alexandru@linux-l1h3:~> umask 0022 alexandru@linux-l1h3:~> ls -l total 0 -rwxrwx--- 1 alexandru users 0 Sep 4 21:33 afile -rw-r--r-- 1 alexandru users 0 Sep 4 21:37 bfile drwxr-xr-x 1 alexandru users 0 Sep 1 14:12 bin -rw-rw-r-- 1 alexandru users 0 Sep 4 21:42 cfile drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Desktop ---------- 1 alexandru users 0 Sep 4 21:43 dfile drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Documents drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Downloads drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Music drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Pictures drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Public drwxr-xr-x 1 alexandru users 20 Sep 1 14:12 public_html drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Templates drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Videos alexandru@linux-l1h3:~>
Laboratory objective 5: Using vim to enter text in a file
Commands used: vim
Solution:
Depending on what Linux distribution you use, vim will or will not be installed by default. In the case of Ubuntu, for example, vim is not installed by default, but in the case of openSUSE, it is. I am using openSUSE for the purpose of this exercise.
- create a new file called vi_test into your directory of choice, then start entering text inside your file with the command and insert modes of vim.
alexandru@linux-vje9:~> touch vi_test alexandru@linux-vje9:~> ls backup Desktop Dropbox Public Videos backup_restore Documents Music public_html VirtualBox VMs bin Downloads Pictures Templates vi_test alexandru@linux-vje9:~> vim vi_test
- after you open the file, type "i" to enter Insert Mode. Start typing text as you wish. In our case, the text input was:
The Linux Basic training course will be held in the training room in our offices
in Luncsoara street, next week.
Make sure you bring your homework and your own laptop for some extra exercises.
There will be wireless internet access available in the training room.
We appreciate that you like our Linux Basic course.
Thank you.
- now press "Esc" to exist Insert mode and enter Command Mode. Type ":wq" to write the changes to the file and quit the editor. Thus the file will be saved and you will return to the command line prompt.
Laboratory objective 6: Using vim to edit a text file
Solution:
- open the same file into the vim editor with the command
vim vi_test
- now do the following, using the shortcuts you learned from your lectures:
-
move the cursor to the middle of the second line of the first paragraph
-
delete text to the right of the cursor by pressing D (uppercase d)
-
undo the deletion by typing u
-
delete the character directly under the cursor by pressing Delete
-
copy the current line to the buffer by typing yy
-
move the cursor to the beginning of the first line of the second paragraph
-
insert the contents of the buffer (paste) after the current line by typing p
-
save and exit the file by using :wq