LPI 102-400 – Administrative tasks

  1. Add users

Hello, students, and welcome! We are starting off a new section, and it’s on administrative tasks. In this first lecture, we’re going to show you how to add a user to a Linux machine. Currently, we’re logged into an Ubuntu machine. So let’s start. I’m going to use sudo and just assume that I don’t have root user access on it, although I do, but I want to show you how to use sudo. So type sudo add user and then the name of the user. Let’s call him Chris Adams. So, madams Okay, first initial, first initial, last name. Okay. And then we put in a new password for him. Okay. Now the rest of the information is optional. If you do want to put it in there, that’s fine, and I’ll show you later on where it’s actually going to show up and why it’s asking for it or why it’s important. Room number; work phone; home phone; other: nothing. I just thought Chris Adams’ name would be important, and I’ll show you why. Okay, so now this user has been created along with his password.

Now let’s take a look at where this information is saved because we have created a user. So of course all this information about the user and his password is saved somewhere, and it is saved in a file called Etsy. PA SSWD is the password. And if you go down at the bottom because he’s the last user who’s been created, you can see he’s there. Okay, so it’s Chris Adams, and he was created. And now we’re going to go one by one through each of these entries to tell you what they are. Okay, so the first field we already know is Chatom, which is the username that we have given this user. Next, after the colon, we move on. You see this little x here, and this is the password placeholder.

This is a place where the password used to be stored in older versions of Linux or Unix. And the next one is UID, or user ID. This is automatically assigned by the machine and by the server. If you look at it, all my previous users are lesser. It started off at 1000 and moved on to 1004. So obviously the next user I’m going to create, unless I customise the user ID, is going to be 1005. The next one is GID, or group ID. This is also assigned by the system, and if you look at the previous ones, they are a little less than this one or have one digit left.

The next one and the next one are the full names. Remember, we gave the optional field its full name, and then I skipped the home phone and the cell phone and the room number and all that because that wasn’t necessary. So this is called Geicos. GE, C-O-S. It stands for “general-electric comprehensive operating system.” It must be coming from way back when, whenever Unix got started. So don’t get into the details about the abbreviation, but this is because if we wanted to, we could have left it completely blank. But I thought it would be a good idea to include at least a name so we could figure out who this user name belonged to if it wasn’t obvious. The next one is the home directory. So this user has been assigned homedirectory as his home directory, and the last one is the default shell. As a result, this user’s default shell will be bin bash. We can, of course, change this. We can come over here and change it in the Etsy password file to, say, bin tcsh or the C shell (CSH). So depending on what kind of shell you want to give this user, by default it’s going to be bin bash.

  1. /etc/shadow file

Hello, students, and welcome again. In this lecture, we are going to first discuss the Etsy shadow file. This is a file that gets created automatically when there’s a password file on a Linux machine. There’s going to be a shadow file as well. So this is a file that you don’t directly interact with, but I just wanted to introduce it to you so you will know what each of the Etsy entries mean in there. So in order to take a look at it, we have to be pseudo again. Sudo easy cat shadow Here we go. So the user that we just created in the last lecture is C. Adams, and we’re going to discuss his information. So the Etsy Shadow File stores the actual password in encrypted format. You can say it’s more like the hash of the password for the user’s account with additional properties related to the user’s password. So basically, it stores secure user account information. All fields are separated by a colon. It contains one entry per line for each user listed in the Etsy password file.

So generally, a shadow file entry looks like the file that you’re looking at, and we’re going to go one by one on each end. So the first entry, just like our password file, is the user. Okay, so the first entry is the username, or your login name. Because it is an encrypted form, the second one is quite lengthy. So this is your password all the way from here to here. When we create the password, it should be at least eight to twelve characters long, including special characters, digits, lowercase alphanumeric, and so on. Typically, the password format is dollar sign followed by ID, dollar sign salt, and dollar sign hashed. The ID is the algorithm used on Gnu Linux. Okay, the third field here indicates when the password was last changed. So the date is calculated from January 1970, when the password was last changed. So you can figure out, days-wise, how long it has been since the password has changed since that date. And number four is the minimum number of days required between password changes since I haven’t set up any ageing yet. So that’s why it’s showing zero. The maximum number of days that are left before the user is required to change the password is again not set here. So it’s showing the maximum, and that’s the maximum number of days the password is valid after that user is forced to change his or her password.

And then there’s a warning. The number of days until a password expires, which is set to seven by default. The number of days until the account is disabled after the password expires. So when you’re setting password aging, you can set that here as well. That account has been disabled due to expired days since January 11, 2011. That is an absolute date specifying when the login may never be used; it won’t no longer be used. Since we are on the subject, let’s see how we change the password. It’s very simple. So a pseudo-password and then the name of the user I want to change it for C. Adams. Okay. And the new password Okay. So just keep in mind some of the beginning entries in this. Of course, it’s very hard to remember all of it. And let’s see if the entries have changed in Etsy password or Etsy Shadow. And as you can see, this has changed quite a bit, actually. So since you changed the password, this encrypted password has changed as well. Okay. The next command we’re going to introduce is the user delete command, and this is to delete the user. C Adams is the last user we created.

Let me go to the top of the terminal here and do a clear. So the command to use is that I’m going to do it this time by becoming a superuser. Okay. Userdell is now a super user. And C Adams is the user, who has vanished. So, even though he’s gone, if you look at homeC Adams, this directory, his home directory, is still there. So in order to do that, you also have to remove his home directory, and of course you do that. Suppose if this is a user or employee who has left the company that you’re working for, then you want to make sure, as a superuser, that you move all his files to our repository, somewhere, because they might have important scripts in them or some other information that you don’t want to accidentally delete. So, once you’ve cleaned it up, go to user dell, use the R option, and then the name of your user, c Adams, to delete it as well. C. Adams doesn’t exist anymore, and the directory is gone as well. You cannot listen to it on CD like I did before. Okay? And I could have avoided this one step if I had run R from the beginning. But I wanted to show you how its user, Delhi, is used in both ways.

  1. Creating and removing groups

Okay, we have already created users, and we have learned how to remove or delete them. Now we’re going to learn how to create groups. Why do you need groups? because you might have different groups. Assume the company you work for has an HR team, a payroll team, and a developers team. So you want to keep different users in different groups, and that’s why you need to create them. So the command is very simple.

Sodom group addition and payroll call. And I just created a group, and now I’m going to move one of the users that we had earlier created into this group. So we have a user name, Jose. So, sudo user mod a g payroll is what we’re going to do. So the A option tells the user mod we are pending, and the G option tells the user mod we are appending to the group name that follows the option. And now, just to check and make sure that this user is actually added to the group payroll, we can grab payroll in the Etsy group. And as you can see, our user has been added to this group. Now that we have created a group, we’ll learn how to delete it group Dell. And then I’m going to hit tab tab twice, and let’s see if our group is there. And there are a lot of other groups,  some of which are created by the system itself. And this is our group. So we’re going to try to remove this, and it’s not going to let me do it. And can you think of the reason why? Well, because I’m not using Pseudo and I’m not a root user, it’s going to complain. Permission denied.

So I’m going to do user, and I’m going to use group Dell payroll. And now I’m able to delete it from the Etsy group. And if we were to do a grep payroll in the Etsy group, we’re not going to find anything. That entry is gone because we have removed it. Another way you can tell if a group exists or not is by using the members command. And the members command is not installed by default on most of the flavours of Linux. So, as I’m on an Ubuntu machine right now, you can use the app to instal members. That’s how you instal it. Or if you’re using something like sent on Ubuntu or Red Hat, then you’ll say, “Yum, instal members.” And once you do that, then members and payroll follow. That was the group that we created. As you can see, this group doesn’t exist anymore. So instead of using that grab that we were trying to use earlier, this is a better way of doing it with just one command. However, as previously stated, in order to use this command, you must first instal the members package.

  1. Misc commands for admin tasks

Hello and welcome again. In this lecture, we’re going to talk about some miscellaneous commands that you should be familiar with. The first one is CHAG, so it’s short for “change,” and the CHAG command is executed by the root user to modify password ageing features for a user account. Important options for the change command include these like d will change the last change field of the Etsy shadow file for the user. Remember, I told you that Etsy Shadow is not something that you edit with a VI editor. So this is something you can do from the command line. It’ll make the change. I will set the expiration date field of the Etsy shadow file for the user, and this is how you use it. M will change the minimum field of that C shadow file for the user. M will change the maximum field of that.shp file. Before the password expiration, capital W modifies the warn field for that shadow file.

Okay, the next command is “get ENT.” So one use of the get ENT command is to list values that are stored in user and group account databases. So, for example, to list information about the root user, we can execute this command: get and password root. And I’ll show you this line for the root user in the Etsy password file. The following one is group mod. Sorry. The group mod command is used by the root user to modify a group account. So suppose you have a group called “project” and you want to change the name of that group to “test.” You can do a group mod of “project” to “test.” And these are the two options you can use. This will change the GID if you use lowercase g, and if you use lowercase n, that will change the group name. And that’s what I’m doing here in this example. And the next command is “user mod.” User. The mod command is used by the root user to modify a user account. So I’m doing usermodspacebin TCSA h Julia, which will execute whatever Julia’s defaultshell is; assume it’s bash as usual. Then it’s going to be changed to tcsh.