Lab 4 - System Management (1)

In this laboratory you will exercise with user and group management from the command line, file permissions and working with vim editor.

Contents:

1. Lab 4.1 Working with users and groups

   • Lab objective 1: Create and manage users and groups from the command line
   • Lab objective 2: User account management
   • Lab objective 3: Group management
   • Lab objective 4: File permissions and ownership

2. Lab 4.2 Using vim

   • Lab objective 5: Using vim to enter text in a file
   • Lab objective 6: Using vim to edit a text file

Laboratory objective 1: Create and manage users and groups from the command line

Commands used: useradd, passwd, su, userdel

Solution:

In this exercise, you will add and remove a user from the command line by doing:

• use the useradd command to add a new user account labeled tux for user Tux Penguin

• look for the new entries in the /etc/passwd and /etc/shadow files

• use the passwd command to set the password for the tux user

• use the su command to switch to the new user

• use the passwd command to change the password to a new one

• use the userdel command to remove the account of user tux

1. open a terminal window, then switch to the root by entering

su

2. enter the password for your root user

3. create a new local user by entering

useradd -c "Tux Penguin" -m tux

4. verify that a home directory for tux was created by entering

ls /home

5. verify that there is an entry for the tux user in /etc/passwd by entering

cat /etc/passwd | grep 'tux'

6. have a look at the password in /etc/passwd by entering

cat /etc/shadow

the output in the tux user line indicates that there is no valid password for tux

7. create a password for the new user tux by entering

passwd tux

8. enter your password twice (in my case the password is "linux")

9. log out as root by entering

exit

10. log in as the new user tux in order to change your password

su -tux

11. enter the tux password (in my case "linux")

12. change the password of the user tux with the line

passwd

13. enter the old user password ("linux")

14. change the password to "newlinux" - you will receive a warning that the password is too simple

15. enter a more complicated password like "D1g1t@L" twice

16. log out as user tux by entering

exit

17. switch to user root by entering

su -

18. delete the user tux by entering

userdel -r tux

19. verify that the home directory for tux has been removed by entering

ls /home

20. verify that there is no entry for tux in /etc/passwd by entering

cat /etc/passwd

21. exit the terminal by entering

exit

Laboratory objective 2: User account management

Commands used: grep, useradd, ssh, systemctl, passwd, cat, chage, usermod

Solution:

1. examine /etc/passwd and /etc/shadow files and compare the fields in each of them. Examine the normal user accounts especially. For example, if there is a "student" account on the system you are working, search for it in the files, or search for your account or another normal user account:

sudo grep student /etc/passwd /etc/shadow

or, in the particular case on my system:

alexandru@linux-vje9:~> sudo grep alexandru /etc/passwd /etc/shadow
[sudo] password for root:
/etc/passwd:alexandru:x:1000:100:Alexandru Calcatinge:/home/alexandru:/bin/bash
/etc/shadow:alexandru:$6$......tlzV.:17402:0:99999:7:::

2. create a "user1" account using the command useradd

sudo useradd user1

3. try and connect as user1 using ssh

ssh user1@localhost

you will have to have the sshd service running. If you are not sure, use the following commands:

sudo systemctl status sshd.service

The ssh command will require a password for the user1, which you don't have yet. Exit the command by hitting Ctrl-c

4. set a password for user1, for example "user1pass" and then log back in as user1

sudo passwd user1

5. look at the new records which were created in the /etc/passwd, /etc/shadow and /etc/group

sudo grep user1 /etc/passwd /etc/shadow /etc/group

6. look at the /etc/default/useradd file and see what the current defaults are set to. Take a look at /etc/login.defs

cat /etc/default/useradd

alexandru@linux-vje9:~> cat /etc/default/useradd
useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

for the other file, use the command:

cat /etc/login.defs

the output is quite large, so we will not show it here.

7. create a user account for "user2" which will use the Korn Shell (ksh) as its default shell. Set the password to "user2pass"

sudo useradd -s /bin/ksh user2

sudo passwd user2

in case that Korn Shell is not installed on your system, you could install it

8. look at the /etc/shadow and look for the current expiration date for the "user1" account

sudo grep user1 /etc/shadow

there should be no expiration date

9. use the command chage to set an account expiration date for "user1" to December 1 2013 and the look at /etc/shadow to see what the new expiration date is

sudo chage -E 2013-12-1 user1

sudo grep user1 /etc/shadow

10. use usermod to lock the "user1" account, then look at /etc/shadow and observe what has changed about user1's password. Reset the password to "user1p" on the account

sudo usermod -L user1

sudo passwd user1

11. now you can delete "user1" and "user2"

sudo userdel -r user1

sudo userdel -r user2

My output for the entire laboratory:

alexandru@linux-l1h3:~> sudo grep alexandru /etc/passwd /etc/shadow
[sudo] password for root:
/etc/passwd:alexandru:x:1000:100:alexandru:/home/alexandru:/bin/bash
/etc/shadow:alexandru:$6$fUJrTLwIUin2$5Lt7VyFbWSRtAB1CO.HXRbYH560AyKQC3XjG70fsIjdW8v/veHiYhAdUpVs7JKgvGarvFWcX4lnCMpdZJsCG31:17410:0:99999:7:::
alexandru@linux-l1h3:~> sudo useradd user1
alexandru@linux-l1h3:~> ssh user1@localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:R08Wm3yrwtl6zGmG6fjC7f9jvzOyqN3kTK0cqEW2Gk4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Password:
alexandru@linux-l1h3:~> sudo passwd user1
New password:
Retype new password:
passwd: password updated successfully
alexandru@linux-l1h3:~> sudo grep user1 /etc/passwd /etc/shadow /etc/group
/etc/passwd:user1:x:1001:100::/home/user1:/bin/bash
/etc/shadow:user1:$6$jp9YAtMoM105laxv$UegTGfBD4TfNCcZDp6TXjahD1jnMUuag.KoAPegXse8x4JgRYfKRH6K3K1tiO15WnOC9yu1vFWf/e5qTCsqja0:17413:0:99999:7:::
alexandru@linux-l1h3:~> cat /etc/default/useradd
useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
alexandru@linux-l1h3:~> sudo useradd -s /bin/ksh user2
alexandru@linux-l1h3:~> sudo passwd user2
New password:
Retype new password:
passwd: password updated successfully
alexandru@linux-l1h3:~> sudo grep user1 /etc/shadow
user1:$6$jp9YAtMoM105laxv$UegTGfBD4TfNCcZDp6TXjahD1jnMUuag.KoAPegXse8x4JgRYfKRH6K3K1tiO15WnOC9yu1vFWf/e5qTCsqja0:17413:0:99999:7:::
alexandru@linux-l1h3:~> sudo chage -E 2013-12-1 user1
alexandru@linux-l1h3:~> sudo grep user1 /etc/shadow
user1:$6$jp9YAtMoM105laxv$UegTGfBD4TfNCcZDp6TXjahD1jnMUuag.KoAPegXse8x4JgRYfKRH6K3K1tiO15WnOC9yu1vFWf/e5qTCsqja0:17413:0:99999:7::16040:
alexandru@linux-l1h3:~> sudo usermod -L user1
alexandru@linux-l1h3:~> sudo grep user1 /etc/shadow
user1:!$6$jp9YAtMoM105laxv$UegTGfBD4TfNCcZDp6TXjahD1jnMUuag.KoAPegXse8x4JgRYfKRH6K3K1tiO15WnOC9yu1vFWf/e5qTCsqja0:17413:0:99999:7::16040:
alexandru@linux-l1h3:~> sudo passwd user1
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: password updated successfully
alexandru@linux-l1h3:~> sudo userdel -r user1
no crontab for user1
userdel: user1 home directory (/home/user1) not found
alexandru@linux-l1h3:~> sudo userdel -r user2
no crontab for user2
userdel: user2 home directory (/home/user2) not found
alexandru@linux-l1h3:~> sudo grep user1 /etc/passwd /etc/shadow
alexandru@linux-l1h3:~>

Laboratory objective 3: Group management

Commands used: useradd, passwd, grep, groupadd, usermod, chgrp

Solution:

1. create two new user accounts (paul and costel) and make sure that they have home directories

alexandru@linux-l1h3:~> sudo useradd -m paul
Creating mailbox file: File exists
alexandru@linux-l1h3:~> sudo useradd -m costel
Creating mailbox file: File exists
alexandru@linux-l1h3:~> ls -l /home
total 0
drwxr-xr-x 1 alexandru users 774 Sep 4 17:45 alexandru
drwxr-xr-x 1 costel users 240 Sep 4 19:19 costel
drwxr-xr-x 1 paul users 240 Sep 4 19:19 paul
alexandru@linux-l1h3:~>
alexandru@linux-l1h3:~> sudo passwd costel
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: password updated successfully
alexandru@linux-l1h3:~> sudo passwd paul
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: password updated successfully
alexandru@linux-l1h3:~>

2. create two new groups, friends and bosses (with GID of 490), then look at the /etc/group file and see which GID was given to each new group created

alexandru@linux-l1h3:~> sudo groupadd friends
alexandru@linux-l1h3:~> sudo groupadd -g 490 bosses
groupadd: GID '490' already exists
alexandru@linux-l1h3:~> grep -e friends -e bosses /etc/group
friends:x:1000:
alexandru@linux-l1h3:~> grep -e bosses /etc/group
alexandru@linux-l1h3:~> sudo groupadd bosses
alexandru@linux-l1h3:~> grep -e bosses /etc/group
bosses:x:1001:
alexandru@linux-l1h3:~>

3. add the user costel to both two groups created earlier and paul to group friends. Now look at the /etc/group file to see the changes

alexandru@linux-l1h3:~> sudo usermod -G friends,bosses costel
alexandru@linux-l1h3:~> sudo usermod -G friends paul
alexandru@linux-l1h3:~> grep -e costel -e paul /etc/group
friends:x:1000:costel,paul
bosses:x:1001:costel
alexandru@linux-l1h3:~>
alexandru@linux-l1h3:~> groups costel paul
costel : users friends bosses
paul : users friends
alexandru@linux-l1h3:~>

4. Login as costel and create a directory called somedir and set the group ownership to bosses (using chgroup - remember that you will probably need to add execute privileges for all on costel's home directory)

alexandru@linux-vje9:~> ssh -p 2222 costel@127.0.0.1
Password:
Have a lot of fun...
costel@linux-l1h3:~> cd ~
costel@linux-l1h3:~> ls
bin public_html
costel@linux-l1h3:~> mkdir somedir
costel@linux-l1h3:~> chgrp bosses somedir
costel@linux-l1h3:~> ls -l
total 0
drwxr-xr-x 1 costel users 0 May 10 02:26 bin
drwxr-xr-x 1 costel users 20 Sep 1 14:03 public_html
drwxr-xr-x 1 costel bosses 0 Sep 4 19:31 somedir
costel@linux-l1h3:~> chmod a+x .
costel@linux-l1h3:~>

5. Login as paul and try to create a file in /home/costel/somedir called somefile using the touch command. See if you can do this, and if no, find out why (hint: because of the group ownership and the chmod a+x on the directory).

alexandru@linux-vje9:~> ssh -p 2222 paul@127.0.0.1
Password:
Have a lot of fun...
paul@linux-l1h3:~> touch /home/costel/somedir/somefile
touch: cannot touch '/home/costel/somedir/somefile': Permission denied
paul@linux-l1h3:~> exit
logout
Connection to 127.0.0.1 closed.

6. Add paul to the bosses group and try again (note that you will have to logout and log back in again for the new group membership to be effective).

alexandru@linux-vje9:~> ssh -p 2222 alexandru@127.0.0.1
Password:
Last login: Mon Sep 4 17:35:17 2017 from 10.0.2.2
Have a lot of fun...
alexandru@linux-l1h3:~> sudo usermod -a -G bosses paul
[sudo] password for root:
alexandru@linux-l1h3:~> groups costel
costel : users friends bosses
alexandru@linux-l1h3:~> exit
logout
Connection to 127.0.0.1 closed.
alexandru@linux-vje9:~> ssh -p 2222 paul@127.0.0.1
Password:
Last login: Mon Sep 4 19:38:42 2017 from 10.0.2.2
Have a lot of fun...
paul@linux-l1h3:~> touch /home/costel/somedir/somefile
touch: cannot touch '/home/costel/somedir/somefile': Permission denied
paul@linux-l1h3:~> groups costel
costel : users friends bosses
paul@linux-l1h3:~> groups paul
paul : users friends bosses

You will have the same error, even though paul and costel are both in the bosses group.

Laboratory objective 4: File permissions and ownership

Commands used: chmod, touch, ls, umask

Solution:

The command chmod can be used with octal digits and symbolic methods to change permissions. Let us exercise with a file called "afile" inside your home directory.

alexandru@linux-l1h3:~> ls
bin Documents Music Public Templates
Desktop Downloads Pictures public_html Videos
alexandru@linux-l1h3:~> touch afile
alexandru@linux-l1h3:~> ls
afile Desktop Downloads Pictures public_html Videos
bin Documents Music Public Templates
alexandru@linux-l1h3:~> chmod u=r,g=w,o=x afile
alexandru@linux-l1h3:~> ls -l afile
-r---w---x 1 alexandru users 0 Sep 4 21:33 afile
alexandru@linux-l1h3:~> chmod u=+w,g=-w,o=+rw afile
alexandru@linux-l1h3:~> ls -l afile
--w----rw- 1 alexandru users 0 Sep 4 21:33 afile
alexandru@linux-l1h3:~> chmod ug=rwx,o=-rw afile
alexandru@linux-l1h3:~> ls -l afile
-rwxrwx--- 1 alexandru users 0 Sep 4 21:33 afile
alexandru@linux-l1h3:~>

Using umask, you must create a file with the touch command and analyze the default permissions and see the umask value:

alexandru@linux-l1h3:~> touch bfile
alexandru@linux-l1h3:~> ls -l bfile
-rw-r--r-- 1 alexandru users 0 Sep 4 21:37 bfile
alexandru@linux-l1h3:~> umask
0022
alexandru@linux-l1h3:~>

You can see that the default umask value is 0022. It could be different for you, for example 0002.

At the operating system level, the default permissions given when a file or directory is created are 0666 that are read/write for owner, group and world (other). This value of umask is combined with the file creation permissions and thus it gives the following result:

0666 - 0022 = 0644 or, -rw-r--r--

Let us now modify the umask and then create a new file.

alexandru@linux-l1h3:~> umask
0022
alexandru@linux-l1h3:~> umask 0002
alexandru@linux-l1h3:~> touch cfile
alexandru@linux-l1h3:~> ls -l cfile
-rw-rw-r-- 1 alexandru users 0 Sep 4 21:42 cfile
alexandru@linux-l1h3:~> umask 0666
alexandru@linux-l1h3:~> touch dfile
alexandru@linux-l1h3:~> ls -l dfile
---------- 1 alexandru users 0 Sep 4 21:43 dfile
alexandru@linux-l1h3:~> umask 0022
alexandru@linux-l1h3:~> ls -l
total 0
-rwxrwx--- 1 alexandru users 0 Sep 4 21:33 afile
-rw-r--r-- 1 alexandru users 0 Sep 4 21:37 bfile
drwxr-xr-x 1 alexandru users 0 Sep 1 14:12 bin
-rw-rw-r-- 1 alexandru users 0 Sep 4 21:42 cfile
drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Desktop
---------- 1 alexandru users 0 Sep 4 21:43 dfile
drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Documents
drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Downloads
drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Music
drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Pictures
drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Public
drwxr-xr-x 1 alexandru users 20 Sep 1 14:12 public_html
drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Templates
drwxr-xr-x 1 alexandru users 0 Sep 1 14:18 Videos
alexandru@linux-l1h3:~>

Laboratory objective 5: Using vim to enter text in a file

Commands used: vim

Solution:

Depending on what Linux distribution you use, vim will or will not be installed by default. In the case of Ubuntu, for example, vim is not installed by default, but in the case of openSUSE, it is. I am using openSUSE for the purpose of this exercise.

1. create a new file called vi_test into your directory of choice, then start entering text inside your file with the command and insert modes of vim.

alexandru@linux-vje9:~> touch vi_test
alexandru@linux-vje9:~> ls
backup Desktop Dropbox Public Videos
backup_restore Documents Music public_html VirtualBox VMs
bin Downloads Pictures Templates vi_test
alexandru@linux-vje9:~> vim vi_test

2. after you open the file, type "i" to enter Insert Mode. Start typing text as you wish. In our case, the text input was:

The Linux Basic training course will be held in the training room in our offices
in Luncsoara street, next week.

Make sure you bring your homework and your own laptop for some extra exercises.
There will be wireless internet access available in the training room.

We appreciate that you like our Linux Basic course.

Thank you.

3. now press "Esc" to exist Insert mode and enter Command Mode. Type ":wq" to write the changes to the file and quit the editor. Thus the file will be saved and you will return to the command line prompt.

Laboratory objective 6: Using vim to edit a text file

Solution:

1. open the same file into the vim editor with the command

vim vi_test

2. now do the following, using the shortcuts you learned from your lectures:

• move the cursor to the middle of the second line of the first paragraph

• delete text to the right of the cursor by pressing D (uppercase d)

• undo the deletion by typing u

• delete the character directly under the cursor by pressing Delete

• copy the current line to the buffer by typing yy

• move the cursor to the beginning of the first line of the second paragraph

• insert the contents of the buffer (paste) after the current line by typing p

• save and exit the file by using :wq