Scribd
Upload
7 views

Module 5 - User,groups and permission

The document provides an overview of managing users, groups, and permissions in a Unix environment, detailing essential files such as /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow. It covers commands for creating, modifying, and disabling user accounts, as well as managing groups and file permissions using commands like adduser, passwd, usermod, and chmod. Additionally, it explains the significance of user IDs and group IDs in the context of user management.

Uploaded by

goku
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

Module 5 - User,groups and permission

The document provides an overview of managing users, groups, and permissions in a Unix environment, detailing essential files such as /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow. It covers commands for creating, modifying, and disabling user accounts, as well as managing groups and file permissions using commands like adduser, passwd, usermod, and chmod. Additionally, it explains the significance of user IDs and group IDs in the context of user management.

Uploaded by

goku
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

11/2/2024

Module 5
Managing users, groups and
permission
Thu Ya

Important file about users and groups


• The database of Unix users and groups consists of the textual files
• /etc/passwd (list of users),
• /etc/shadow (encrypted passwords of users),
• /etc/group (list of groups),
• /etc/gshadow (encrypted passwords of groups)

• cat /etc/passwd | wc –l
• Uid above 1000 are user account, below 1000 are system
accounts.

Creating user account


• Although Kali is most often run while authenticated as the root user,
you may often need to create non-privileged user accounts for
various reasons, particularly if you are using Kali as a primary
operating system. The most typical way to add a user is with the
adduser command, which takes a required argument: the username
for the new user that you would like to create.
• The adduser command asks a few questions before creating the
account but its usage is fairly straightforward. Its configuration file,
/etc/adduser.conf, includes many interesting settings. You can, for
example, define the range of user identifiers (UIDs) that can be used,
dictate whethe or not users share a common group or not, define
default shells, and more.

1
11/2/2024

Modifying an Existing Account or Password


• passwd—permits a regular user to change their password, which in turn, updates the /etc/shadow file.
• chfn—(CHange Full Name), reserved for the super-user (root), modifies the 􀀨􀀨􀀨􀀨􀀨, or ”general information”
field.
• chsh—(CHange SHell) changes the user’s login shell. However, available choices will be limited to those listed
in /etc/shells; the administrator, on the other hand, is not bound by this restriction and can set the shell to
any program chosen.
• chage—(CHange AGE) allows the administrator to change the password expiration settings by passing the
user name as an argument or list current settings using the –l user option.
• Alternatively, you can also force the expiration of a password using the passwd -e user command, which
forces the user to change their password the next time they log in.

Disabling an Account
• You may find yourself needing to disable an account (lock out a user) as a disciplinary measure, for the
purposes of an investigation, or simply in the event of a prolonged or definitive absence of a user. A disabled
account means the user cannot login or gain access to the machine. The account remains intact on the
machine and no files or data are deleted; it is simply inaccessible. This is accomplished by using the
command passwd -l user (lock). Re-enabling the account is done in similar fashion, with the -uoption
(unlock).

Some commands to know


• Base on Linux distro, there will be home folder after account creation
(or not).
• Cat /etc/adduser.conf
• Userdel (is not deleting the folder under home directory)
• Useradd –m (create home directory immediately)
• Userdel –r (delete Home directory also)
• Passwd (set the password for user , if not it is empty)
• Passwd –other username- (will not ask current password)

2
11/2/2024

Some commands to know


• Useradd –r (create system user)
• In login screen, most distro will not show the user with UID under
1000.
• After Uid, there is group ID
• man useradd (useradd manual)
• cat /etc/passwd
• ECHO $SHELL (which shell I’m using)

/etc/passwd

/etc/shadow
• Password hash are store in the file

3
11/2/2024

Groups are to manage multiple user at one


shot
• groups (which group I’m in)
• groups “username” (to check other user group)
• cat /etc/group (like /etc/passwd for group)
• In Linux, if you create user, it will auto create for the group for the
user.
• Group gid is after the hash in /etc/group
• In /etc/group, the last part is which user is inside that group.

Create a group
• groupadd group1
• groupdel group1
• Two type of group, primary and secondary
• Primary group is group for the user when first assign
• Secondary group are extra group which use have been assigned to

• Usermod –a -G group1 “username” {to add user}


• Usermod –g group1 “username” {add as primary group} – not
recommend

Group commands
• gpasswd –a “username” “groupname”

• Use case example :


• SSH AllowUsers , AllowGroups “group name”

• Remove user from a group


• gpasswd –d “username” “groupname”

4
11/2/2024

Linux permission
• Ls –l
• D mean directory , - mean it is a file
• D rwx r-x r-x
• 2nd group is user that own the folder
• 3rd group is group that own the folder

• chmod u-x “filename” | chmod u+x “filename”


• chmod +x file name {to change the file permission to execute}
• chmod g-w “filename” {remove permission for a group}

Chmod numerical setting


• r=4 w=2 x=1
• chmod 770 “filename”

• chmod –r 600 “foldername” {change all permission inside file}

You might also like