User
Linux is a multi-user (and multi-task) system
There are two type of users
1. System user
They are
created automatically by system
It is used
to run some specific applications
Normally,
we can not use it to login
2. Regular user
Super User?
Like window system administrator, there is an root user in
Linux. It can access anything on its own server
By default, the root user account password is locked in
Ubuntu Linux for security reasons. As a result, you can not login using root
user or use a command such as ‘su -‘ to become a SuperUser. (Refer: this article)
None-root users with 'superuser right' has the sudo
privileges for syste administrator tasks. For example: If the user is the first user created when
installing the system, then it is a normal user with superuser right. Then this
user account can use 'sudo' to perform system administration tasks.
How to know your login account type?
Check the bash prompt symbol:
$ is a normal user
(for example such as 'frank@VirtualBox:~$').
# means it is an
root account
How to use 'sudo' to evaluate privilege to run commands
'sudo' allows a permitted user (with superuser right) to
execute a command as the superuser.
Ex:
1. Login as a normal user with superuser right
(frank is the first account created when installing system)
2. Go to to 'root' permission folder
$ cd /var/log
log is root and syslog permission
3. Create a file called test.txt
$ touch test.txt
touch: cannot touch 'test.txt': Permission denied
NOTE:
We cannot perform this command by frank since this folder need root user permission
4. Using superuser privilege to run this command again
$ sudo touch test.txt
5. Check the owner and group info of the created file
$ ls -l
-rw-r--r-- 1 root root 0 Jan 31 16:39 test.txt
Ex:
1. Login as normal user without superuser right (demo)
2. Move to 'root' permission folder
$ cd /var/log
3. Using 'sudo' to create a file called test.txt
$ sudo touch text.txt
demo is not in the sudoers file. This incident will be reproted.
Switch account through Terminal
'su' - run a command with substitute user and group ID
For example, we can use 'su demo' to switch to demo account, and run 'exit' to go back to login account.
If root is enabled to your system, you can run 'su root' or 'su' to switch to root.
How to check whether a new account was created successfully?
1. Check the /etc/passwd file
$ cat /etc/passwd
frank:x:1000:1000:frank,,,:/home/frank:/bin/bash
Note:
frank : username
x : password (hidden)
1000 : user id
1000 : primary group id
frank,,, : description
/home/frank : user home directory
/bin/bash : default shell
2. Using 'su' command to check if you can switch account successfully
3. Using 'id' command to check the user information
$ id frank
uid=1000(frank) gid=1000(frank) groups=1000(frank),4(admin),24(cdrom),27(sudo),30(dip),
46(plugdev),120(lpadmin), 131(lxd),132(sambashare)
$ id demo
uid=1001(demo) gid=1001(demo) groups=1001(demo)
Groups
Groups are collections of zero or more users.
An user belongs to a default group, and can be a member of
another group on a server.
Creating a group
groupadd <name>
Ex:
1. Using 'groupadd' command
$ sudo groupadd student
2. Check all groups information
$ cat /etc/group
student:x:1002
Deleting a group
groupdel <name>
Modify existing user to bind to a new group
usermod - Change
user's configuration, like group, shell, etc.
1. Check the user information first
$ id demo
uid=1001(demo) gid=1001(demo) groups=1001(demo)
2. Add student group to demo user's supplementary groups
$ sudo usermod -G student demo
3. Check the user information again
$ id demo
uid=1001(demo) gid=1001(demo) groups=1001(demo), 1002(student)
Create a user with specific user group
1. Using 'useradd' with '-G' option to assign supplementary groups
$ sudo useradd -G student demo2
2. Checking user info
$ id demo2
uid=1002(demo2) gid-1003(demo2) groups=1003(demo2),1002(student)
Ownership and Permissions
When executing the below command, we can see the detail file
information.
$ ls -l
-rw-rw-r-- 1 frank frank 0 Jan 28 22:46 test.txt
NOTE:
-rw-rw-r-- : mode
frank : who create this file
frank : the primary group belongs to who create this file
0 : file size
Jan 28 22:46 : last modified
test.txt : filename
mode
Format - file type
+ permission classes. For example: d + rwxrwxrwx
Permission
Classes:
rwx (first) :
the permission for the file owner
rwx (second) :
the permission for the group belongs to the group of the file owner
rwx (third) :
other
rwx:
r : read (4)
w : write (2)
x : execute (1)
Ex:
1. Create a demo user first
$ sudo adduser demo
$ id demo
uid=1001(demo) gid=1001(demo) groups=1001(demo)
2. Create another user called demo2
$ sudo adduser demo2
$ id demo2
uid=1002(demo2) gid=1002(demo2) groups=1002(demo2)
3. Create another user called demo3 with 'demo' ad primary group
$ sudo adduser demo3
$ id demo3
uid=1003(demo3) gid=1001(demo) groups=1001(demo)
4. Switch to demo account to create a new file
$ su demo
$ cd /home/demo
$ touch test.txt
$ ls -l
-rw-rw-r-- 1 demo demo 0 Feb 2 01:34 test.txt
5. Switch to demo2 to edit 'test.txt' file
$ vi test.txt
"test.txt" E212: Can't open file for writing
Failure
6. Switch to demo3 to edit 'test.txt' file
$ vi test.txt
Succeeded.
7. Edit demo2 to add 'demo' group to its supplementary gorups
$ sudo usermod -G demo demo2
$ id demo2
uid=1002(demo2) gid=1002(demo2) groups=1002(demo2),1001(demo)
8. Switch to demo2 to edit 'test.txt' file
$ vi test.txt
Succeeded.
No comments:
Post a Comment