Monday, August 29, 2011

USER & GROUP MANAGEMENT

User Management
#useradd username (OR) #useradd username used to create a new user.
#passwd username It changes password for the corresponding user.
User add can also be done by specifying a no: of attributes like
#useradd –u uid –s shell –c command –d home_directory –g group –G groups username
uid user identification no, 0-99 for system purpose, 0 reserved for root,
100-60,000used for general purpose.
gid group identification no, 0-99 for system purpose, 100-600 for general purpose
pid process identification no, to identify all the processes running on your system
groups - maximum of 15 groups is only possible as secondary group for a user.

#usermod attributes username helps to modify already given attributes.
#userdel username only deletes an existing account, not user directory.
#userdel –r username deletes a user account along with home directory.


GROUP
#groupadd groupname adds a new group
#groupadd attributes groupname adds a new group along with its attributes.
#groupmod groupname modifies the attributes of a group
#groupdel groupname deletes an existing group

#id –u username displays the userid no of the user specified
#id username displays uid,gid and all secondary groups that user
#groups displays the default groups in your machine

Switch User
#su username to change from current user to user specified
#su – username change to the specified user along with his home directory.


/etc/profile
Contains several information regarding the history size, the umask value etc, which is applicable to all the users.

#vi /etc/profile
:
HISTSIZE =1010 [this entry helps to change the history size]
:
echo [this entry will help display what ever written after it]
echo Welcome $USER [helps display “Welcome root” if u have logged as root]

echo
sleep 2 [waits for a period of 2 seconds]
clear [helps to obtain a clear window]

After editing this file quit from vi. All this will become applicable if u login again.

#vi /home/nas/.bash_profile helps to change the login contents if u login as a normal user (here the user is nas)

#vi /home/nas/.bash_logout helps to create log out contents for a user(here it is nas)

#vi /etc/issue helps to change the appearance of the log in screen

#vi /etc/issue.net for networking ie, when u log in using network(ie like telnet etc) then the screen appearance for them can be set using this.

#vi /etc/syslog.conf all the log files generated during boot time are kept here

#vi /etc/motd displays the message of the day.

/etc/passwd user id information resides here.
#vi /etc/passwd

nas:x:509:509: :/home/nas:/bin/bash

GID home dir Login shell
UID comment
password
user name

Here the ‘:’ is called the delimiter. Here ‘x’ represents the password, which resides in another file /etc/shadow
#vi /etc/shadow

nas:$1$Dn……………..
This contains 9 fields, which are
Loginid:password:lastchange:min:max:warning:inctive:expiry:


/etc/group  the group id information resides here.
#vi /etc/group

groupname:passwd:gid:users list


FILE PERMISSIONS
We can change the permissions of a file in either using the Symbolic Mode or by using the Absolute Mode.
1.Symbolic Mode :-here we use r for read, w for write , x for execute and
‘+’ to append a permission,’-‘ to remove a permission.
chmod is the command used to change permission bits.
#chmod u=rwx,g=rx,o=r filename
#chattr change the attributes of file ie, who all can delete or add files
’+’ is used to add and ‘-‘ is used to remove permissions.
Eg:- #chattr +i filename - now none will be able to change the file contents.
#chattr –i filename - then it is removed & all functions can be performed

2.Absolute Mode:-here we use nos from 0 to 7.

Value Indications Permissions
0 - - - No permission
1 - - x Only execute
2 - w - Write only
3 - w x Write and execute
4 r - - Read only
5 r – x Read and execute
6 r w - Read and write
7 r w x Full permission

Eg:-#chmod 765 filename full permission for owner, read & write for group members, read & execute permission for others.

Sticky bit
#chmod 1000+file_permission filename here the value 1000 implies it’s a sticky bit
#chmod 1766 f1 implies it is a sticky bit.
#ls –l -rwxrw-rwT
#chmod 1767 f2 I implies it is a sticky bit.
#ls –l -rwxrw-rwt
here T  sticky bit is enabled and executable bit for others is OFF
and t  sticky bit is enabled and executable bit for others is ON
i. When sticky bit is set on a dir,files in that dir may be unlinked or renamed only by the root user or by its owner.
ii. Commonly found in dir like /tmp, that are world –writable.

Set UID & GID :- is applicable to an executable file & is used for project sharing.
#chmod 4000+file_permissions filename  here 4000 implies enable UserID

#chmod 2000+file_permissions filename  here 2000 implies enable GroupID
Eg:- #chmod 4777 file4
#chmod 2777 file5
#ls –l
-rwsrwxrwx ……………… file4
-rwxrwsrwx ……………… file5

#umask whenever a user creates a file, the OS assigns default permissions to the file with out the intermission of the user. It is defined by the umask value specified in /etc/profile. the default umask value os 022, but the value 027 is more effective. So the default file permission is 666 & that of a directory is 777.

Change ownership:-
Root is the only user who has the permission to change ownership of a file. So in case, if u have logged in as a normal user, u have to log in as root to do this. The cmnd used for this purpose is ‘chown’

#chown nas f3 to change the ownership of the file f3 from current owner to nas
Posted by RamkumarSelvam at 12:47 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)