Savita Shelar's Blog

Getting started with Linux -Part 2

Getting started with Linux -Part 2

Week 1 #90Days of DevOps challenge

Savita Shelar's photo
Savita Shelar
·

11 min read

Table of contents

  • User management

User management in Linux is the process of creating, modifying, and deleting user accounts on a Linux system. This is typically done by system administrators to control access to the system and its resources.

Here are the basic steps for user management in Linux:

  1. Creating a user account:

    To create a user account, use the "useradd" command followed by the username. You can also specify additional options such as the user's home directory and shell.

     useradd <username>#create a user account:

  2. Setting a password:

    After creating a user account, set a password using the "passwd" command followed by the username. You will be prompted to enter the new password twice.

     passwd <username> #create a user account password

  3. Modifying user accounts:

    To modify a user account, use the "usermod" command followed by the username. You can use this command to change the user's home directory, shell, and other account settings.

    • Change the user's home directory: To change the home directory for a user, use the -d option followed by the new directory path. For example, to change the home directory for the user "john" to "/home/john/newhome", use the following command:

        sudo usermod -d /home/john/newhome john

    • Change the user's login shell: To change the default login shell for a user, use the -s option followed by the path to the new shell. For example, to change the default shell for the user "john" to "/bin/bash", use the following command:

        sudo usermod -s /bin/bash john

    • Lock or unlock a user account: To lock a user account, preventing them from logging in, use the -L option followed by the username. To unlock a locked account, use the -U option. For example, to lock the user "john", use the following command:

        sudo usermod -L john

    • Change the user's group: To change the primary group for a user, use the -g option followed by the name or ID of the new group. For example, to change the primary group for the user "john" to "sales", use the following command:

        sudo usermod -g sales john

    • Add the user to a secondary group: To add a user to a secondary group, use the -aG option followed by the name or ID of the group. For example, to add the user "john" to the group "developers", use the following command:

        sudo usermod -aG developers john

  4. Deleting user accounts:

    To delete a user account, use the "userdel" command followed by the username. You can also choose to delete the user's home directory and files using the "-r" option.

    Here are the basic steps to delete a user account:

    1. Log in to your Linux system as a user with root or sudo privileges.

    2. Open a terminal window and type the following command to delete the user account:

       sudo userdel username #only deletes the user account and its home directory.
 sudo userdel -r username #delete all files owned by the user

    3. Confirm the deletion of the user account by typing "Y" when prompted.

       Do you really want to remove the user? [Y/n] #Confirm the deletion of the user account by typing "Y" when prompted.
 sudo userdel -f username  #If you don't want to be prompted for confirmation, use the -f option

    4. After the user account has been deleted, you can verify that it has been removed by typing the following command:

       id username

In addition to these basic steps, Linux provides several tools and utilities for managing user accounts and access to the system. These include:

  1. Groups: Linux allows users to be grouped together to simplify access control. You can use the "groupadd" command to create a new group and the "usermod" command to add or remove users from a group.

  2. Permissions: Linux uses a permission system to control access to files and directories. You can use the "chmod" command to modify file permissions and the "chown" command to change the owner and group of a file.

  3. sudo: The "sudo" command allows users to perform administrative tasks on a Linux system. By default, only the root user can perform these tasks, but you can grant sudo access to other users.

  • Group Management

    In Linux, you can manage groups using several commands. Here are some of the commonly used commands:

    1. groupadd: This command is used to create a new group. The syntax is as follows:

       sudo groupadd groupname

      Replace "groupname" with the name of the new group.

    2. groupdel: This command is used to delete an existing group. The syntax is as follows:

       sudo groupdel groupname #delete group account

      Replace "groupname" with the name of the group to be deleted.

    3. gpasswd : It is a Linux command that is used to manage group passwords. It can be used to create, modify, and delete groups as well as to add or remove users from a group.

       sudo gpasswd -a username groupname #add single memeber in group
 sudo gpasswd -M username1,username2,username3 groupname #add multiple member in group
 sudo gpasswd -d username groupname #remove member in group
 sudo gpasswd -r groupname #Removes the password for a group
 sudo gpasswd -R groupname # restrict the access to the named group
 sudo gpasswd -R root# Changes the root directory for the group to root
 sudo gpasswd -A username groupname #make member admin

    4. groupmod: This command is used to modify an existing group. Some of the common options are:

      • -n: This option is used to change the name of a group. The syntax is as follows:

          sudo groupmod -n newgroupname oldgroupname

        Replace "newgroupname" with the new name of the group, and "oldgroupname" with the old name of the group.

      • -g: This option is used to change the GID (group ID) of a group. The syntax is as follows:

          sudo groupmod -g newgid groupname

        Replace "newgid" with the new GID, and "groupname" with the name of the group.

    5. groups: This command is used to display the groups a user belongs to. The syntax is as follows:

       groups username

      Replace "username" with the name of the user.

    6. usermod: This command is used to modify the groups a user belongs to. The -a option ensures that the user is added to the group without removing them from any other groups, and the -G option specifies the group to add the user to.

       sudo usermod -a -G groupname username
 sudo usermod -G group1,group2,... username

      Replace "groupname" with the name of the group to add, and "group1,group2,..." with the list of groups (including the one to be removed) separated by commas. Replace "username" with the name of the user.

These are some of the commonly used commands for group management in Linux. Remember to use sudo before the commands to run them with root privileges.

  • File Permission

In Linux, file permissions determine who can access, read, write, or execute files. There are three types of permissions: read (r), write (w), and execute (x). File permissions are represented by three groups of characters: the user permissions, the group permissions, and the others permissions.

  1. Reading file permissions:

    To view the file permissions of a file, you can use the ls command with the -l option. This will display a long listing of the file, including its permissions, owner, group, size, and modification date.

     ls -l filename #check file permission
 ls -l mydir/ #

    The output of this command will look something like this:

     -rw-r--r-- 1 user group 1024 Mar 24 09:30 filename

    The first character (-) represents the file type (in this case, a regular file), and the next nine characters represent the file permissions. The first three characters represent the user permissions, the next three represent the group permissions, and the last three represent the others permissions. In this example, the user has read and write permissions, and the group and others have only read permissions.

  2. Setting file permissions:

    To set file permissions, you can use the chmod command. The basic syntax of the chmod command is:

     chmod [permissions] filename

    Replace [permissions] with the desired permissions, and filename with the name of the file you want to modify.

    Each of the three “rwx” characters refers to a different operation you can perform on the file.

    The ‘r’ means you can “read” the file’s contents.
    The ‘w’ means you can “write”, or modify, the file’s contents.
    The ‘x’ means you can “execute” the file. This permission is given only if the file is a program.
    If any of the “rwx” characters is replaced by a ‘-‘, then that permission has been revoked.

     ---     ---     ---
 rwx     rwx     rwx
 user    group   other

    Here are some of the commonly used commands to manage file permissions in Linux:

    1. chmod: This command is used to change the permissions of a file or directory. The syntax is as follows:

      •     sudo chmod permissions filename/directoryname

        Replace "permissions" with the new permissions you want to set, and "filename/directoryname" with the name of the file or directory you want to modify. Here are some examples of how to use the chmod command:

        • To give the owner of a file read, write, and execute permissions, and remove all permissions for the group and others:

            sudo chmod 700 filename

        • To give the owner of a file read and write permissions, and give the group and others read-only permissions:

            sudo chmod 644 filename

        • To give the owner of a directory read, write, and execute permissions, and give the group and others read and execute permissions:

            sudo chmod 755 directoryname

  1. chown: This command is used to change the owner and group of a file or directory. The syntax is as follows:

     sudo chown newowner:newgroup filename/directoryname

    Replace "newowner" with the name of the new owner, "newgroup" with the name of the new group, and "filename/directoryname" with the name of the file or directory you want to modify.

  2. chgrp: This command is used to change the group of a file or directory. The syntax is as follows:

     sudo chgrp newgroup filename/directoryname

    Replace "newgroup" with the name of the new group, and "filename/directoryname" with the name of the file or directory you want to modify.

    These are some of the commonly used commands for file permission management in Linux. Remember to use sudo before the commands to run them with root privileges.

There are a few different ways to specify permissions:

  • Numeric mode: This method assigns a number to each permission. The numbers are calculated by adding up the values of the desired permissions. For example, read permission is 4, write permission is 2, and execute permission is 1. To assign read and write permissions to the user, and read-only permissions to the group and others, the command would be:

      chmod 644 filename

  • Symbolic mode: This method uses letters to represent the permissions. The letters are u for user, g for group, and o for others. The letters r, w, and x represent read, write, and execute permissions, respectively. For example, to give the user read and write permissions, and remove execute permissions for the group and others, the command would be:

      chmod u+rw,g-x,o-x filename

  • Access control list (ACL)

    In Linux, ACL (Access Control List) is a mechanism that allows you to set more fine-grained permissions on files and directories beyond the standard UNIX permission system. ACLs allow you to grant permissions to specific users or groups, as well as to set default permissions that apply to newly created files and directories.

    To work with ACLs in Linux, you'll need to use the setfacl and getfacl commands. Here's how to use these commands:

    1. View ACLs for a file or directory:

      To view the ACLs for a file or directory, you can use the getfacl command with the filename or directory name as the argument. For example:

       getfacl myfile.txt

      The output of this command will show the current ACLs for the file, including any permissions that have been granted to specific users or groups.

    2. Set ACLs for a file or directory:

      To set ACLs for a file or directory, you can use the setfacl command with the appropriate options and arguments. The basic syntax of the setfacl command is:

       setfacl [options] filename

      Replace [options] with the desired options and filename with the name of the file or directory you want to modify.

      Some commonly used options with the setfacl command are:

      • -m: Modify ACLs for the specified file or directory.

      • -x: Remove the specified ACL entry from the file or directory.

      • -d: Set the default ACLs for the specified directory.

For example, to grant read and write permissions to the user "jdoe" on a file named myfile.txt, you would use the following command:

        setfacl -m u:jdoe:rw myfile.txt

This command adds a new ACL entry that grants read and write permissions to the user "jdoe" on the file myfile.txt.

To set default ACLs for a directory named mydir, you would use the following command:

        setfacl -d -m u:myuser:rwx mydir

This command sets the default ACLs for the mydir directory to grant read, write, and execute permissions to the user "myuser".

  1. Remove ACL permission from a file or directory

    To remove ACL (Access Control List) permission from a file or directory in Linux, you can use the setfacl command with the -x option followed by the user or group for which you want to remove permissions.

     setfacl -x u:user filename

    Replace filename with the name of the file or directory from which you want to remove all ACL permissions.

    For example, if you want to remove the read and write permission for a user named jdoe from a file named myfile.txt, you can use the following command.

     setfacl -x u:jdoe myfile.txt

    This command removes the specified ACL entry for the user jdoe from the myfile.txt file.

  2. Remove all ACL permissions

    To remove all ACL permissions, you can use the -b option with the setfacl command as follows:

     setfacl -b filename   #for file
 setfacl -b /directoryname   #for directory

For example, if you want to remove all ACL permissions from a file named myfile.txt, you can use the following command:

    setfacl -b myfile.txt  #for file
    setfacl -b /mydir  #for directory

This command removes all the ACL entries from the myfile.txt file, effectively resetting the file's permissions to the default UNIX permissions.

To be continue......

DevopsTrainWithShubham#90daysofdevops