Scribd
Upload
4 views

Linux from scracth

The document provides a comprehensive guide on various Linux commands and user management techniques, including file manipulation, user creation, and permission settings. It details how to manage users, groups, and system configurations, as well as security measures like setting noexec on /dev/shm and using ACLs. Additionally, it explains how to grant sudo access to users and modify system files for enhanced control and security.

Uploaded by

raor41101
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
4 views

Linux from scracth

The document provides a comprehensive guide on various Linux commands and user management techniques, including file manipulation, user creation, and permission settings. It details how to manage users, groups, and system configurations, as well as security measures like setting noexec on /dev/shm and using ACLs. Additionally, it explains how to grant sudo access to users and modify system files for enhanced control and security.

Uploaded by

raor41101
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

Linux from Scratch

#head -n num /directory/filename = for see only the starting 10 lines


#tail -n num /dir/filename= for last 10 lines
#tty = its a terminal
#cat /proc/cpuinfo = for info of cpuinfo
#lscpu = num of cpu listing
#cat /proc/meminfo = for memory info
#dmidecode = for all hardware info
#dmidecode -t product = for info of product details
#ls -li = i is idone number
#alias cls=clear = it alias the cmnd fr ex cls for clear screen

#ls -lh - h for human readale


#stat filname = for all info about the filename
#man = is used for info about command
#uptime = Load averege info
#cat > test1 = to create file & ctrl+d for save the file
#cat >> filename for append the file
#less & more- filename = for short line for read the file.
#rm -rf = for delete the everything without asking anything
#rm for delete file
#rm -i for interectly
#rm -ri for recorsivly
#cat filename | sort -r | tr 'a-z' 'A-Z'= for sorting the name & tranfering the
small alpha to Caps Alpha

In vi editor :w filename_bkp&timestamp for backup that file


#last cmmnd used for all info about loged in loggout reebooted server shudown
server details
#last |grep reeboot = for details about server rebboted
# who -b = for details about last time server booted

User Administrator
#useradd= for add user
#id = for check the which user ,group your are in
#gdisk - used for create partitions
#cat /etc/login.defs- this is the configuration file
#id - used for define user identification
root user id always 0 uid gid
system user id btewn 1-999
normal user id is frm 1000 to 60000
for customizing user identifier
# vi /etc/login.dfs & edit the user identifier
if you create a user bydefault group also create that is primary group , if you
have already have group you can add as a secondary group upto 15.

when you create a new user using useradd name that time in /etc/skell there is 3
file that /.bash_logout /.bash_profile /.bashrc coppied to the new user file & when
you logout the user /.bash_out file will excute & for login /.bash_profile
& /.bashrc file will excute
#etc/default/useradd - skell direct will visible & you can modify this file as you
want
#useradd -c "comment " username - for to add commnet while creating the user
/etc/passwd- stores username:X-password stored in shadow
file:UID:GID:commnent:/home-directory:/bin/bash
/etc/shadow- stores user password username:wjhdkjllwkqplpqwlsp-encrepted
passwd:passwd login date from 1970 to till date:how many time passwd change:maximum
paswwd change : passwd expire warning
/etc/group - stores username:group
#hostnamectl set-hostname - set hostname permanent
#dmidecode -s -for String keyword (for -s to check all the hardware related cmnd)
#grep filename /etc/paswd - to check password deatils
#chage -l username - to check policy of user
# which cmmnd - to check path of that cmmnd
#userdel for delete the user
#userdel -r username for delete user with respective directory
#groupadd for add group
#usermod -aG group username - for add in user to secondary group
#usermod -ag group usrname - for add user in primary group
#gpasswd -d username group - removing user from groups
#groupdel group name - to delete group
#useradd -d /directory/filename -u 1011 -c"comment" -m hp - for user creation with
customise.
for -m for mask, -c for comment, -u for uid.
#chown group:user: /directory/filename - for modify the user details 0r group
#chmod permission /directoy/username- for permision for that perticular
dir/filename
to change user directory #usermod -d directory to chnge user

without useradd commnd we can creating the user with the help of #vi /etc/passwd &
add the user parameters
create directory using mkdir -p /home/filename
#pwck - update pasword file
#pwconv - update group file
#grpck - update shadow file
than password chge the user using commnd paswwd username
#passwd -p username - for check status of user
#passwd -l lock
#passwd -u unlock
#passwd -d for remove pasword
#usermod -s for change the shell of the user
#chage -m 2 username(sajib) - for user cannot change paswd betwn 2days
#chage -E 12/31/2024 username for expire account
#chgrp groupname directory - to add directory in new group (fr ex: #chgrp sales
prod) sales is group & prod is directory.
#ls -ld - to check user details

chage --maxdays 365 <user>--- for password change

sudo chage --inactive 30 testuser--- for inactive

*NO EXEC Permission set on /dev/shm*

To set the noexec option on the /dev/shm partition in Suse Linux, edit the
/etc/fstab file, locate the line for /dev/shm, and add noexec to the mount options,
then remount the partition.
Here's a step-by-step guide:
1. Open the /etc/fstab file:
Code

sudo nano /etc/fstab


2. Locate the line for /dev/shm:
You'll likely find a line that looks similar to this (the tmpfs part might vary):
Code
none /dev/shm tmpfs defaults 0 0
3. Modify the mount options:
Change the line to include noexec, nodev, and nosuid:
Code

none /dev/shm tmpfs defaults,noexec,nodev,nosuid 0 0


4. Save the changes:
Press Ctrl + X, then Y to save and exit the editor.
5. Remount /dev/shm:
Code

sudo mount -o remount,noexec,nodev,nosuid /dev/shm


Explanation:
/dev/shm:
This is a special filesystem used for shared memory, which can be vulnerable if
misconfigured.
noexec:
This mount option prevents the execution of programs from files within the /dev/shm
directory, enhancing security.
nodev:
This prevents the creation of special files (like character or block devices)
within the filesystem.
nosuid:
This prevents set-user-ID and set-group-ID bits from being applied to files in the
filesystem.
mount -o remount:
This command remounts the specified filesystem with the new options without
rebooting.

Permissions
chmod for change permission

ACL(Access control list)


#setfacl -m u:username:permision(rwx)/directory/filename - to only allow to
perticular user to access the particular file or directory without adding to that
group or without providing the rwx permission to others .
#getfacl username - to check permission of that user
#setfacl -R -m u:username:permision(rwx)/directory/filename - -R for recorsivly
means all apply to all
#setfacl -x u:username:permision(rwx)/directory/filename - to remove the special
permission
Stickybit - if i used stickybit i cannot remove or delete the others file but i
can access the file & i can remove my own file not for others
for applying stickybit 1 for apply or +t
for remove -t or 0
for ex #chmod 1777 /directory/filename

chattr filename - if you apply the chattr coomnd to the file even root also not
can remove that file
#chattr +i filename to apply chattr
#chattr -i- to remove

USID is used for normal user can access the Sbin Commnd (special cmmnd)
#chmod u+s sbin commnd for normal user or #chmod 4770 /usr/sbin/fdisk (chmod u+s
/usr/sbin/fdisk - u is normal user, s is suid, /usr/sbin/fdisk is sbin cmmnd path)-
for apply usid

SETGUID
#chmod u-s sbin cmmd or chmod 0775 /usr/sbin/fdisk for remove usid
#chmod g+s , or chmod 277 directory/file- used to if sales is a group & 4to5 users
are there, if anyone can create the file the automatically the file of the group
become sales thats y we use cmmnd #chmod g+s /tmp/prod(g for group, s for guid,
dirctory )

continue 4th video 55826 : 1:18:00

for provide sudo permission for perticular sbin cmmnd for normal user we need to
add permission in the sudoers file - #vi /etc/sudoers
than in allow root to run any cmmnd - add user & ALL= commnd path (for ex.
/usr/sbin/fdi

https://knowledge.broadcom.com/external/article/322249 - for vCenter certification


renew process

ADDING SUDO USER ACCESS:


1. Add the user to the wheel group:
Open a terminal and log in as root or a user with sudo privileges.
Use the following command, replacing username with the actual username:
Code

sudo usermod -a -G wheel username

sudo: Executes the command with root privileges.


usermod: Modifies user account information.
-a: Appends the user to the specified group.
-G wheel: Specifies the group to add the user to (in this case, wheel).
username: The name of the user to add to the group.
2. Verify the sudo configuration:
Open the /etc/sudoers file using visudo (a secure editor for sudo configuration).
Code

sudo visudo

Comment out the line: # ALL ALL=(ALL) ALL. This line allows anyone to use sudo with
any command as any user, which is generally not desired. Add a # at the beginning
of the line to comment it out.
Uncomment the line: # %wheel ALL=(ALL) ALL. This line allows users in the wheel
group to use sudo with any command as any user. Remove the # at the beginning of
the line to uncomment it.
Save the file: Press Ctrl+X, then Y to save and exit.
3. Test sudo access:
Log out and log back in as the user you added to the wheel group.
Try running a command with sudo, for example: sudo ls -l /root.
You should be prompted for the user's password, not the root password.
To grant a user sudo privileges in Linux, add them to the sudo group using the
usermod command: sudo usermod -aG sudo <username>.
Here's a more detailed explanation:
Understanding sudo:
The sudo command allows users to execute commands with elevated privileges,
effectively acting as the root user for specific tasks.
The sudo group:
Most Linux distributions use a group called sudo to manage users who have sudo
privileges.
Adding a user to the sudo group:
Log in as a user with sudo privileges: You'll need to be logged in as a user who
already has sudo access to perform this action.
Use the usermod command:
Open a terminal.
Type the following command, replacing <username> with the actual username of the
user you want to grant sudo access to:
Code

sudo usermod -aG sudo <username>


sudo: Executes the command with root privileges.
usermod: Modifies user account information.
-aG: Appends the user to the specified group (in this case, the sudo group).
sudo: The name of the group to which the user will be added.
<username>: The name of the user to be added to the sudo group.
Verify the user's group membership: You can verify that the user has been added to
the sudo group by using the groups command: groups <username>.
Testing sudo access:
Switch to the new user: Use the su command to switch to the user you just granted
sudo privileges: su - <username>.
Try a command that requires sudo: For example, try listing the contents of the root
directory: sudo ls /root.
If prompted for a password and the command executes successfully, the user now has
sudo access .
Example:
Let's say you want to grant sudo privileges to a user named "alex".
Log in as a user with sudo privileges.
Open a terminal.
Run the following command:
Code

sudo usermod -aG sudo alex


Verify that "alex" is in the sudo group:
Code

groups alex
Switch to the user "alex" and try a sudo command:
Code

su - alex
sudo ls /root

You might also like