[LINUX] - MANAGING USERS AND GROUPS

[LINUX] - MANAGING USERS AND GROUPS

Topic A: Assume Superuser Privileges

THE su COMMAND

It helps to switch identity by "substitute user" but retains original user's profile and variables. However, you will be challenged for the password of the switched user.  

The SYNTAX of the su command is:

# su [-] [username] 

For example:

# su - root: to elevate your credentials



Enter the password of the root user:




   

The sudo COMMAND

This command enables the server administrator to delegate specific command to specific users, without granting them full privileges on the server. 

The syntax of this command is sudo [options] {command}

Instead of using vim or nano, you should use visudo to edit /etc/sudoers. It will verify the syntax of this critical file before committing changes:

# visudo

# Shift + G: to move directly to the last line of the file

# End: to move to the end of the last line













Then, enter the following commands

# insert to enter the command mode

Add a new line at the bottom of the file:

# student01 ALL=(ALL) NOPASSWD:ALL => This grants the student account to execute all commands without you having to switch to the root every time. It also prevents you from having to input your password 





# Esc to exit insert mode

# :wq to save and close the file

# sudo /sbin/shutdown -r 15 to test your ability to shutdown the machine

# Ctrl+C

# sudo shutdown -c to interrupt the reboot






Creating User Accounts

View the current default settings for new users

To view the default settings for newly created user
# sudo useradd -D







To view the default settings for newly created users:

# less /etc/login.defs






















# q to quit

To view files that will be copied to the home directories of newly created user accounts

# ls -a /etc/skel 



Create a user

# sudo useradd manderson

To view the new user account

# cat /etc/passwd







To create a new user account for Chris Mason named cmason:

# sudo useradd "Chris Mason" cmason

# cat /etc/passwd


To create a new temporary user account for Rose Stanley named rstanley whose contract will end on December 31, 2025 by using the following command:

# sudo useradd -e 2025/12/31 rstanley

Modifying User Accounts

Enter # sudo cat /etc/shadow to display the contents of the /etc/shadow file.

Verify that you can see various information about each user account, including their password hash value and any expiration information.






The !! symbols indicate that the account has a blank password and therefore users are not allowed to log in as that account.

To configure a password for the manderson account
# sudo passwd manderson

Attach a real name to each user account
# sudo usermod -c "Rose Stanley" rstanleyto modify the comment field for the existing rstanley account.

To display the manderson account password expiration information
# sudo chage -l manderson
To set the account expiration for the user to 12/31/2026: 
# sudo chage -E 2026/12/31 manderson 
To view the updated expiration information:
# sudo chage -l manderson 








Deleting a User Account

# sudo userdel <username>

Creating, Modifying, and Deleting Groups

wheel GROUP: exercise the administrative privilege of root with less potential for damaging the system. For example, members of the "wheel" group can use the sudo command to avoid having to sign in as the root user.

usermod -a -G wheel <username>

To create a new group called Graphics:

# sudo groupadd Graphics

To check the presence of the new groups:

# cat /etc/group

To rename the Graphics group to GraphicsDept:

# sudo groupmod -n GraphicsDept Graphics

To add the rstanley account to the GraphicsDept group:

# sudo usermod -aG GraphicsDept rstanley

Querying Users and Groups

To display your login name:

# whoami

To display your login credentials and group membership:

# id

To see what users are currently logged in to the system:

# who

To see what users are currently logged in:

# w

To display a record of recent logins to the system (The last command retrieves information from the /var/log/wtmp file):

# last











User Profiles

The .bashrc File













The .bash_profile



Comments

Post a Comment

Popular posts from this blog

Install Gophish and Start Your Phishing Campaign

Image
Install Gophish on Kali Linux and Start Your Phishing Campaign  Installing go programming language # source ~/.bashrc # sudo apt install -y golang # sudo vim helloworld.go  # go run helloworld.go # sudo vim ~/.bashrc Add the following paths to the end of the file export GOPATH=/root/go-workspace export GOROOT=/usr/local/go PATH=$PATH:$GOROOT/bin/:$GOPATH/bin Installing gophish using pre-built binaries Download the  gophish installer  and extract the contents of the zip file # unzip gophish-v0.11.0-linux-64bit.zip -d /home/kali/Downloads/gophish Give Gophish necessary permissions Give the gophish the necessary permissions to run without permission restrictions: # sudo chmod +x gophish Running gophish # ./gophish Logging into gophish  Go to the admin server at https://127.0.0.0:3333. Setting up gophish sending profile New Sending Profile Note : Create an application-specific password on Gmail. First, enable 2-step verification: Send Test Email Received the test em...
Read more

Hướng dẫn cách đọc và hiểu thông số firewall - tường lửa

Image
  Hướng dẫn cách hiểu thông số firewall - tường lửa 17/01/2021 09:00 Chắc hẳn trong chúng ta khi tìm hiểu các mẫu mã và thông số firewalls (tường lửa) để mua cho công ty, ai cũng thấy bối rối khi đọc các thông số kỹ thuật. Vậy làm cách nào để có thể hiểu được các thông số cơ bản của firewalls? Firewall Throughput Thông thường, chỉ số này được ghi là Mbps (megabits per second) hoặc Gbps (gigabits per second). Đây chính là lượng traffic có thể đi qua tường lửa tài một thời điểm. Thông số này có vẻ quan trọng, nhưng thực ra nó...không có ý nghĩa gì lắm. Thực ra con số này chỉ là con số thô, chỉ đo lượng traffic đi qua firewall mà không tính đến việc quét virus, lọc nội dung (content filtering), ngăn chặn xâm nhập (intrusion prevention), kiểm tra thất thoát dữ liệu và các bước tương tự. Con số còn có thể thay đổi theo giao thức (protocol) và kích cỡ gói tin (packet). Thông số Throughput thậm chí quan trọng hơn cho việc chia lớp mạng nội bộ (network segmentation). Khi tường lửa được sử ...
Read more

LINUX - MANAGING NETWORK

Image
 The OSI Model IPv4 Classes Monitoring Services # top # ApacheTop # Monit  # System Monitor Hostname Configuration # sudo hostnamectl set -hostname server01 The nmcli Command # nmcli general status # nmcli connection show: view identification info for each NIC # nmcli con up {device ID}: Enable specified NIC # nmcli con down {device ID}: Disable specified NIC # nmcli con edit {device ID}: Enter interactive mode to configure specified NIC # nmcli device status: display current status of each NIC The nmtui Utility The nmgui Utility The ip command # ip addr show # ip link # ip link set eth1 up # ip link set eth1 down The ethtool command The brctl command Configures network bridging: Associating two networks together Works at Layer 2 with MAC address # brctl show # brctl addr {bridge name} # brctl addif {bridge name} eth0 # brctl addif {bridge name} eth1 # /etc/sysconfig/network-scripts The DHCP Lease Generation and Renewal Process # /etc/dhcp/dhclient.conf Name Resolution # /etc/...
Read more