Linux Section 3 (Users and Groups)

groupdel

- Command to deleted groups - The groupdel command will not delete the user accounts that are members of those groups being deleted. It only deletes the group itself - Proper way to use the groupdel command is to: groupdel [option] {group names}

groupmod

1. Command to change the group's attributes 2. Options -g (changes group ID) -n (Rename group) 3. Proper way to use the groupmod command is to: groupmod [option] {group names}

1.Each group is going to contain 4 fields of information separated by a colon. - GroupName:Password:GroupID:GroupList

1. Group Name (filed) - Refers to name of the group 2. Password (field) - Refers to the password required to enter the group 3. Group ID (field) - Refers to the reference number that the system uses to identify a group 4. Group List (filed) - Refers to members of the group

/etc/passwd

- Does not store the passwords anymore because it was a security issue. - Instead it contains 7 fields of information. - Each field is going to be separated by a colon - These 7 fields include things like: 1. Username - Contains the name that the user is going to log into the system with 2. Password - Contains assigned password to the user - Were not storing the passwords in this file anymore berceuse of security reasons. So its going to be represented by an X. The reason for this is because this password file is stored in plain text. 3. User ID Unique number that represents the user to the system 4. Group ID - Contains a Unique number that indicates the user's primary group membership 5. Comment - Represents full name of the user 6. Home Directory - Contains the path to the home directory of the user 7. Login shell - Contains the path to the shell that's going to be launched when the user logs in. This can be /bin/bash

.bashrc File

- Enables customization of the user's own environment - This file is unique to each user, so it can be configured to a user's own specific needs or preferences. A great example of the use of a .bashrc file is the use of aliases. Users can specify their own abbreviated commands without impacting the experience of anybody else who might log into that system. - Another common configuration within the bashrc file is the creation of an environment variable. Now the bashrc file can also be configured - Now the bashrc file can also be configured to set default directories and file permissions for the user and to change the default command prompt to provide different information to the user.

Create, Modify, and Delete Groups

- In order to gain access to users in a more efficient manner, you'll need to create groups for users to be a part of. This means that groups associate user accounts that have similar security requirements, and we can then assign rights and permissions to the groups instead of directly to the individual users. Just like user accounts, groups can also be modified and deleted when needed. Groups simplify administrative tasks, and they're represented on a system by a group ID number. - Users can be members of more than one group

/etc/group

- Is a storage location for all groups - As an administrator, you're commonly going to reference the /etc/group file to find information about groups on your system, because it's the storage location for all of the groups.

/etc/bashrc

- Provides system-wide configuration changes specific to Bash settings - This is a little different than the /etc/profile we just talked about because /etc/profile is used for variables. But when you're using the /etc/bashrc, it follows the same principles of making these system-wide configuration changes, but it's applying specifically to the Bash settings for your command line environment.

/etc/profile File

- Provides system-wide environment variables that are used to apply certain settings to user accounts - Now, during the initial login process for a user, the system actually reads the /etc/profile file first, and it does this for your Bash shell configurations. Then it goes to any user's specific Bash customizations that it's going to pull from the .profile file that's located inside the user's home directory. The .profile file will run each time a new shell is started, whereas the /etc/profile file is only run at login. This approach enables administrators to define global shell settings, but it still allows user's specific customizations to happen on the system.

.bash_profile File

- Provides the shell configuration for the initial login environment - Now this differs from the .bashrc file because it provides settings for all of the user's interactive shells, not just one user. - Now after that, we're going to move over and start using the .bashrc file. So whatever you change in the .bash_profile file, think about that as part of the skeleton file when you create a new account. That's going to get added to that new account as well. - An administrator might find it desirable to define some system-wide settings or to configure the initial settings for all the users. And this is a case where .bash_profile is great to use. There are several files and directories that enable the administrator to have flexibility to make a variety of configurations. And each of these can be customized by the user for their own needs as well later on. Again, this all starts out with that first file, .bash_profile.

There are 3 different types of user accounts:

- Root - Standard - Service

/etc/profile.d

- Server as a storage location for scripts that admins may use to set additional system-wide variables - All the configurations that you want to apply to your system user's environments should be added inside of this directory. - It's recommended that you set the environmental variables via scripts contained in the /etc/profile.d rather than editing the /etc/profile file directly

Service

- Service accounts are usually specific to the service such as the HTTP for web service or mySQL for database services - These accounts are usually going to be created as part of the service installation process instead. They're essentially just going to run in the background. They're often going to own the configuration files or executables that are associated with a given service like the Apache Web Service or the mySQL database service. - Service accounts run in the background and perform a single function

Standard (user)

- Standard user represents a regular system user who can run applications, configure databases, and create websites and do other normal tasks - To ensure system security, user accounts should not be shared. - Also, most tasks that a user should be doing on the system will only require standard user account privileges. Now, it is possible to set a standard user account to have administrative privileges. The advantage of doing this over permitting the user to log in as the root directly, is that the privileges of the standard user can actually be limited, whereas the root privileges cannot. This is the execution of a security practice known as least privilege 1. Least Privilege - The practice of giving users only as much access as needed to perform certain job functions

last

- The last command displays information about the last logged-in users, along with the time and date. - It also has options to enable you to filter users who've logged in through a specific terminal - For example: last 1 : displays details of users who logged in through the first terminal - The last command retrieves information from the /var/log/wtmp file - You can access the last command by entering: lat [options] - If you're trying to figure out what commands were run recently on a given system, your last command is really going to be useful to you here, this is really helpful during incident responses too.

Root (user)

- The root account plays 2 roles on a Linux system 1. Root user accounts can do administrative tasks such as password resets, system configuration changes, user account management and so much more. 2. Provides security for some application and commands - A Linux root user account is more powerful than the local admin account in Windows - Logging on the system using the root is a bad practice. For example, if I was logged in as the root user and I enter the command rm-rf/*.* and I do that at the command shell, this is going to delete every single file on your system's hard drive and nothing is going to stop me.

whoami

- Use to display the current logged-in username - There are gonna be times where your gonna have to log in as different users, and you may forget which user you're currently logged in as. When this occurs, just enter the whoami command - To verify the current username, enter the whoami command

passwd

- Used by the root user to set or reset a password - Now, a user can also use the passwd command themselves if they want to reset their own password.

id

- Used to display user ID (UID) and group ID (GID) information - Entering the command with no options will display information about the user who is currently logged in. You can also specify a username as one of the options to display the ID information about a particular user. - The proper way to use the id command: id [options] [username]

Polkit (policyKit)

- polkit is a components in linux systems that controls system-wide privileges that allows non-privileged processes to communicate with privileged ones - PolKit Commad: pkexec (followed be the command you want to execute) - Now for example, let's say you want to make a directory called Jason underneath the root directory of your file system. You need to use root permissions to do that. So you could enter pkexec mkdir/Jason and this would then create the Jason directory using the root user's permissions. In general though, you're going to see that most administrators prefer to use sudo to execute a command with the root permissions, instead of using pkexec. And this is because sudo is easier to use, it's more flexible and it tends to have a better security posture than using pkexec in a given system.

w

- w command is used to display the details of users who are currently logged into a system and their associated transactions - First line of the output : displays the status of the system - Second line of the output Displays a table column list of the users logged in to the system - Last column: Indicates the current activities of the users - To use the w command enter: w [options] [username]

/etc/shadow

1. Is the modern storage location for hashed passwords and additional account information 2. This additional information includes the password requirements and extirpation information. 3. Only the root user has the access to the content of /etc/shadow file 4. /etc/shadow contains 7 fields of information: - Username - Password in hashed format - Days since password was changed - Days before password must be changed - Days until user is warned to change password - Days after password expired that account get disabled - Days the account has been disabled - Unused field that is reserved for future use

groupadd

1. The groupadd command is going to create the group 2. By default the group has no member and no password 3. groupadd options: -g (create a group with a name or group ID) -f (Exit if group already exists) -o (Create group with a non-unique groups ID) 4. Proper way to use the groupass command is to : groupadd [option] {group names} - For example: groupadd -g 100 instructors (creates group called instructors)

- The useradd command is used to create user accounts and configure basic settings associated with those accounts . - These basic settings often include the username, home directory, login shell, and initial group membership. - You do this by entering useradd [options] [username] - The Account is going to be stored in /etc/passwd file - Its configured according to various options set in the /etc/login.defs file - The user's Home directory is gonna be created in the /home/ <account name> directory and populated using files from the /etc/skel directory - Useradd command does not set the password for the account. Which means the user account exists but it's not usable yet.

1. The useradd command is going to feature many different option that you can use to customize your user accounts. -c (This sets the comment filed as typically used as the field for the full name of the user) -e (is going to set the account expiration date. For example, if I added in useradd -e 2021/12/31, it's going to create a user account that would expire at the end of 2021.) -s (sets the default shell of that user. For example, I can use useradd -s /bin/ksh if I wanted to set the corn shell as the user's default instead of using the Bash shell.) -D (allows you to view the default configurations for new users)

Superuser (Root)

1. User with admin credentials 2. Always log into a system with a non-privileged user account - it is generally considered a bad security practice to log onto the system as the superuser. So you should always log into the system with your non-privileged user account first. 3. Sometimes your going to find there's instances where the superusers account permissions are needed in order to perform and administrative functions such as: - Managing users - Configuring devices - Configuring network settings

visudo

1. Verifies /etc/sudoers syntax before committing changes 2. options you can use: - c (is going to be used to check the existing sudoers file for errors) -f (is going to be used to edit/check a sudoers file in a different location than the default location) -s ( is going to be used to check the sudoers file in strict mode) - x ( is going to be used to output the sudoers file to the specified file in the JSON format file type)

Now, there are some Linux files that require the root user to be able to edit them.

1. sudoedit - Sudoedit command permits a user to edit a file with their own credentials, even if the file is only available to the root users - It allows authorized users to open and edit files with the permissions of the superuser (root) - To allow a user to use the sudoedit command, the administrator must add an entry for that user in the sudoers file. For example: %editors All = sudoedit /path/to/file If you add the following to one of the lines in your souders file, it's going to allow any members of the editor's group to edit that file by using the command sudoedit/path/to/file - Do not edit /etc/sudoers with standard text editors like vi(m), nano, or gedit. Instead you should always use the visudo command

who

1. who command provides a list of users who are currently logged in, along with details such as their username, device there using, login time, and Ip address or hostname. Note: hostname refers to the name of a device on a network. 2. The output of the who command includes: - Username - Name of the system - Date and time the users been connect 3. Proper way of using this command is by typing: who [options] 4. Options: -u (shows users idle time, means how long have they been connected but haven't been doing anything) . ( active user) old (indicates the user been inactive for 24hrs) am i (displays information only the the user who ran the command)

1. su (Substitute/Switch User) - Allows you to switch the user credentials

1.. su - root - Switches the credential to root user - The system will then prompt you to enter the root user's password

1. Root User - You're going to see command prompt turn into a hashtag or pound sign #

2. Standard User - If you're logged in as a standard user you're going to see a $ character as your command prompt