Linux CH 6
How can a user log in to a root account that does not a valid password ?
If there is a nonadministrative user account on the system that can use sudo to run the su command, you can run sudo su - from that account to get an interactive root user shell. This works because sudo will run su - as root, and root does not need to enter a password to use su.
What does the useradd command do ?
The useradd username command creates a new user named username. It sets up the user's home directory and account information, and creates a private group for the user named username. At this point the account does not have a valid password set, and the user cannot log in until a password is set.
What does the userdel -r command do ?
The userdel -r username command removes the details of username from /etc/passwd and also deletes the user's home directory.
What does the userdel command do ?
The userdel username command removes the details of username from /etc/passwd, but leaves the user's home directory intact.
What command allows you to caluculate a future date
date -d +45 days +%F
How do you assign sudo access in 1 command ?
echo "%group ALL=(ALL) ALL" >>/etc/sudoers.d/group
What does gorupadd/groupmod -g command do ?
specifies a particular GID for the group to use.
What command can be used to get root access ?
sudo
What command can be used to get the root user's shell ?
sudo -s
What is 1 benefit of sudo command ?
sudo is that all commands executed are logged by default to /var/log/secure.
What happens when you remove a user using the userdel command without the -r option ?
the system will have files that are owned by an unassigned UID. the useradd command assigns new users the first free UID greater than or equal to 1000, unless you explicitly specify one using the -u option, This is how information leakage can occur. If the first free UID had been previously assigned to a user account which has since been removed from the system, the old user's UID will get reassigned to the new user, giving the new user ownership of the old user's remaining files.
WHat special command should be used to edit /etc/sudoers ?
visudo which pervents problems when multiple administrators attempt ot edit it at th same time
What does usermod/useradd -a option do ?
--append, Used with the -G option to add the supplementary groups to the user's current set of group memberships instead of replacing the set of supplementary groups with a new set.
What does usermod/useradd -c option do
--comment, Add the user's real name to the comment field.
What does usermod/useradd -g option do ?
--gid, Specify the primary group for the user account.
What does usermod/useradd -G option do
--groups, Specify a comma-separated list of supplementary groups for the user account.
What does usermod/useradd -d optionn do ?
--home, Used with the -G option to add the supplementary groups to the user's current set of group memberships instead of replacing the set of supplementary groups with a new set.
What does usermod/useradd -m option do ?
--move, Move the user's home directory to a new location. Must be used with the -d option.
What does usermod/useradd -s option do ?
--shell, Specify a particular login shell for the user account.
What does usermod/useradd -u option do ?
--uid, specify uid for user account
What does usermod/useradd -U option do ?
--unlock, unlock usere account
What option cannot be used in useradd but can be used in usermod ?
-a, --append
Where does the system store information about the local groups ?
/etc/group
What is the difference between sudo and su - commmand ?
Unlike su, sudo normally requires users to enter their own password for authentication, not the password of the user account they are trying to access.
What fieds are contained in the /etc/group file ?
Group name for this group (group01). Obsolete group password field. This field should always be x. The GID number for this group (10000). A list of users who are members of this group as a supplementary group (user01, user02, user03)
What is the default time-out period for the sudo command ?
5 minutes
What is the recommended criteria for a password ?
A regular user must choose a password at least eight characters long and is also not based on a dictionary word, the username, or the previous password.
What does a user account provide ?
A user account provides security biundaries between different people and the programs that can run commands
Why were the passwords moved from /etc/passwd to /etc/shadow ?
At one time, encrypted passwords were stored in the world-readable /etc/passwd file. This was thought to be reasonably secure until dictionary attacks on encrypted passwords became common. At that point, the encrypted passwords were moved to a separate /etc/shadow file which is readable only by root
What is the similarity between system users and regular users ?
Both have limited access to the system
Why would you use quotations when using the usermod -c command ?
If there is a space between the comments
What are the fields in /etc/sudoers file ?
In this line, %wheel is the user or group to whom the rule applies. A % specifies that this is a group, group wheel. The ALL=(ALL) specifies that on any host that might have this file, wheel can run any command. The final ALL specifies that wheel can run those commands as any user on the system.
What does the chage -l command do ?
It displays the password aging details
What does the chage -d 0 command do ?
It forces the user to change password at next logon
What is a group used for ?
It is used to assign access to files to a set of user instead of just a single user
What is the no login shell ?
It prevents users from interactively logging into the system. When a user attempts do to so, the no login shell automatically terminates the connection. /sbin/nologin
How can user be assigned sudo access without entering their password ?
NOPASSWD:ALL should be the 3rd argument
What user can control removable files
Regular user, superuser can only control fixed hard drives.
Where are the defaults for user accounts defined ?
Some defaults, such as the range of valid UID numbers and default password aging rules, are read from the /etc/login.defs file.
Contents of the /etc/sudoers.d directory are included in the /etc/sudoers file ( T or F ) ?
T
What does gorupadd/groupmod -r option do ?
The -r option creates a system group using a GID from the range of valid system GIDs listed in the /etc/login.defs file. The SYS_GID_MIN and SYS_GID_MAX configuration items in /etc/login.defs define the range of system GIDs.
What does the passwd username command do ?
The passwd username command sets the initial password or changes the existing password of username.
WHat happens when a root user sets a password that does not meet the recommended criteria ?
The root user can set a password to any value. A message is displayed if the password does not meet the minimum recommended criteria, but is followed by a prompt to retype the new password and all tokens are updated successfully.
How much power does the superuser have ?
The root user has unlimited power to damage the system: remove files and directories, remove user accounts, add back doors, and so on. If the root user's account is compromised, someone else would have administrative control of the system. administrators are encouraged to log in as a normal user and escalate privileges to root only when needed.
What does the su - command do ?
The su command allows users to switch to a different user account. If you run su from a regular user account, you will be prompted for the password of the account to which you want to switch.
What can the superuser do ?
This user has the power to override normal privileges on the file system and perform tasks such as installing or removing software and to manage system files and directories
What group has sudo access by default on RHEL ?
all members of the wheel group can use sudo to run commands as any user, including root
What does usermod/useradd -L option do ?
--lock, lock user account
How do users gain access to files ?
. Users are granted access to files based on whether any of their groups have access. It doesn't matter if the group or groups that have access are primary or supplementary for the user.
What file stores information about the local user ?
/etc/passwd
What is the main configuration file for sudo ?
/etc/sudoers
How can make sudo -i command behave more like sudo su - command ?
By ediitng the /etc/sudoers file with visudo command
WHat are the 3 fields in an encrypted password ?
Each piece of information is delimited by the $ sign The hashing algorithm used for this password. The number 6 indicates it is a SHA-512 hash, which is the default in Red Hat Enterprise Linux 8 The salt used to encrypt the password. This is originally chosen at random. The encrypted hash of the user's password. The salt and the unencrypted password are combined and encrypted to generate the encrypted hash of the password.
How do you change the password ageing policy ?
Edit the password aging configuration items in the /etc/login.defs file to set the default password aging policies. The PASS_MAX_DAYS sets the default maximum age of the password. The PASS_MIN_DAYS sets the default minimum age of the password. The PASS_WARN_AGE sets the default warning period of the password. Any change in the default password aging policies will be effective for new users only. The existing users will continue to use the old password aging settings rather than the new ones.
How is a primary group created ?
Every user has exactly one primary group. By default, this is the group that will own new files created by the user.Normally, when you create a new regular user, a new group with the same name as that user is created. That group is used as the primary group for the new user, and that user is the only member of this User Private Group
What does the chage -I command do ?
It sets the Inactivity period
What does the chage -M command do ?
It sets the Maximum password age
What does the usermod -e command do ?
It sets the account expiration date
What does the chage -d command do ?
It sets the last changed dates
What does the chage -m command do ?
It sets the minimum password age
What does the chage -E command do ?
It sets the password expiration date
What does the usermod -p command do ?
It sets the password for the user.
What does the chage -W command do ?
It sets the warning period
What does the ps command do ?
It show the proccesses running on the shell
What does the ls -ld command do ?
It show the user that owns the directory and the primary group that owns the directory
What does the ls -l command do ?
It show the user that owns the file and the primary group that owns the file
What does the id command do ?
It shows the UID, GID of the primary group and the groups the user is a member of
What does the ps -a command do ?
It shows the all proccesses running on the terminal
What does the ps -au command do ?
It shows the all the processes running on the terminal and the user assosciated with it
What is the difference between su command and su - command ?
The command su starts a non-login shell, while the command su - (with the dash option) starts a login shell. The main distinction between the two commands is that su - sets up the shell environment as if it were a new login as that user, while su just starts a shell as that user, but uses the original user's environment settings.
WHat does groupadd command do ?
The groupadd command creates groups. Without options the groupadd command uses the next available GID from the range specified in the /etc/login.defs file while creating the groups.
What does the groupdel command do ?
The groupdel command removes groups.You cannot remove a group if it is the primary group of any existing user. As with userdel, check all file systems to ensure that no files remain on the system that are owned by the group.
What does the groupmod command do ?
The groupmod command changes the properties of an existing group. The -n option specifies a new name for the group.
What happens when you run the sudo su command ?
The sudo command initially overrides the PATH variable from the initial environment for security reasons.
What is the difference between sudo su - command and sudo su command ?
The sudo su - command will overide the sudo command's PATH variable with the root user's shell environment variables whereas sudo su command does not overide the environment settings, the PATH variable remains as the sudo command's PATH variable
What is a superuser account
The superuser account is for administration of the system. The name of the superuser is root and the account has UID 0. The superuser has full access to the system.
What is a system user account
The system has system user accounts which are used by processes that provide supporting services. These processes, or daemons, usually do not need to run as the superuser. They are assiged non-privileged accounts that allow them to secure their files and other resources from each other and from regular users on the system. Users do not interactively log in using a system user account.
Why is salt used in an encryptedd password ?
The use of a salt prevents two users with the same password from having identical entries in the /etc/shadow file. For example, even if user01 and user02 both use redhat as their passwords, their encrypted passwords in /etc/shadow will be different if their salts are different.
WHat does the useradd --help and usermod --help do ?
The useradd --help command displays the basic options that can be used to override the defaults. In most cases, the same options can be used with the usermod command to modify an existing user.
How can a user be assigned access to sudo command ?
This allows an administrator to add sudo access for a user simply by putting an appropriate file in that directory.
How cna a user be removed access from the sudo command ?
This allows an administrator to remove sudo access for a user simply by removing an appropriate file in that directory.
Why do user accounts have usernames ?
To make them easier for human users to identify
Why do groups have group names ?
To make them easier to identify for human users
What are the 4 different UID ranges ?
UID 0 is always assigned to the superuser account, root. UID 1-200 is a range of "system users" assigned statically to system processes by Red Hat. UID 201-999 is a range of "system users" used by system processes that do not own files on the file system. They are typically assigned dynamically from the available pool when the software that needs them is installed. Programs run as these "unprivileged" system users in order to limit their access to only the resources they need to function. UID 1000+ is the range available for assignment to regular users.
Why does a root user not have a valid password at times ?
for security reasons. In this case, users cannot log in to the system as root directly with a password, and su cannot be used to get an interactive shell.
What happens if a user does not have access to the sudo command but still runs it ?
the command will be blocked, the attempt will be logged, and by default an email will be sent to the root user.
What do user accounts used by human users assigned ?
A secret password used by the user to proof that they are the authorised user when logging in
What is a another way to get access to the root user's account ?
Another way to access the root account with sudo is to use the sudo -i command. The default configuration of the sudo -i command actually sets up some details of the root user's environment differently than a normal login. For example, it sets the PATH environment variable slightly differently. This affects where the shell will look to find commands
What are the fields in /etc/passwd ?
Username for this user (user01). The user's password used to be stored here in encrypted format. That has been moved to the /etc/shadow file, which will be covered later. This field should always be x. The UID number for this user account (1000). The GID number for this user account's primary group (1000). Groups will be discussed later in this section. The real name for this user (User One). The home directory for this user (/home/user01). This is the initial working directory when the shell starts and contains the user's data and configuration settings. The default shell program for this user, which runs on login (/bin/bash). For a regular user, this is normally the program that provides the user's command-line prompt. A system user might use /sbin/nologin if interactive logins are not allowed for that user.
What are the 9 different fields in /etc/shadow ?
Username of the account this password belongs to. The encrypted password of the user. The format of encrypted passwords is discussed later in this section. The day on which the password was last changed. This is set in days since 1970-01-01, and is calculated in the UTC time zone. The minimum number of days that have to elapse since the last password change before the user can change it again. The maximum number of days that can pass without a password change before the password expires. An empty field means it does not expire based on time since the last change. Warning period. The user will be warned about an expiring password when they login for this number of days before the deadline. Inactivity period. Once the password has expired, it will still be accepted for login for this many days. After this period has elapsed, the account will be locked. The day on which the password expires. This is set in days since 1970-01-01, and is calculated in the UTC time zone. An empty field means it does not expire on a particular date. The last field is usually empty and is reserved for future use.
How does the system distinguish different groups ?
Using GID
How does a system distinguish different user accounts ?
Using UID
How does a linux system verify a password ?
When a user tries to log in, the system looks up the entry for the user in /etc/shadow, combines the salt for the user with the unencrypted password that was typed in, and encrypts them using the hashing algorithm specified. If the result matches the encrypted hash, the user typed in the right password. If the result does not match the encrypted hash, the user typed in the wrong password and the login attempt fails. This method allows the system to determine if the user typed in the correct password without storing that password in a form usable for logging in.
What happens when you run the su commmand without an argument ?
When root runs su, you do not need to enter the user's password.If you omit the user name, the su or su - command attempts to switch to root by default.