Skip to content

Latest commit

 

History

History
345 lines (297 loc) · 10.2 KB

02.users.and.permissions.md

File metadata and controls

345 lines (297 loc) · 10.2 KB

Basic

Who am I

Get your username:

user@ubuntu:/$ whoami
user

Get more detailed informations about your username, like your uid and groups you belong to:

user@ubuntu:/$ id
uid=1000(user) gid=1000(user) groups=1000(user),27(sudo)

Create a new user

user@ubuntu:/$ sudo adduser user2
[sudo] password for user:
Adding user `user2' ...
Adding new group `user2' (1001) ...
Adding new user `user2' (1001) with group `user2' ...
Creating home directory `/home/user2' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for user2
Enter the new value, or press ENTER for the default
        Full Name []: Amine M
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] y

Nothing will be showed while you type the user password, not even *.

Change password

Change your password (the current user password):

user@ubuntu:/$ sudo passwd
[sudo] password for user: 
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

Change another user password:

user@ubuntu:/$ sudo passwd user2
[sudo] password for user: 
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

Nothing will be showed while you type the user password, not even *.

Delete a user

Delete a user:

user@ubuntu:/$ sudo deluser user2
[sudo] password for user:
Removing user `user2' ...
Warning: group `user2' has no more members.
Done.

Delete a user and his home directory:

user@ubuntu:/$ sudo deluser --remove-home user2
[sudo] password for user:
Looking for files to backup/remove ...
Removing files ...
Removing user `user2' ...
Warning: group `user2' has no more members.
Done.

Create a new group

user@ubuntu:/$ sudo addgroup mygroup
[sudo] password for user: 
Adding group `mygroup' (GID 1001) ...
Done.

Delete a group

user@ubuntu:/$ sudo delgroup mygroup
[sudo] password for user: 
Removing group `mygroup' ...
Done.

Add a user to a group

Add a user to single group:

user@ubuntu:/$ sudo usermod -aG mygroup user2

List groups that a user belongs to

user@ubuntu:/$ groups user2
user2 : user2 mygroup

List members of a group

user@ubuntu:/$ grep 'mygroup:' /etc/group
mygroup:x:1001:user,user2

Change file/directory owner

Change a file/directory owner and group:

user@ubuntu:~$ sudo chown user2:user2 Documents/file.txt 
user@ubuntu:~$ ls -l Documents/file.txt 
-rw-r--r-- 1 user2 user2 5 Jun  4 23:25 Documents/file.txt

Change a a directory owner and group recursively:

user@ubuntu:~$ sudo chown -R user2:user2 Pictures/
user@ubuntu:~$ ls -l Pictures/
total 56
-rw-r--r-- 1 user2 user2 28991 Apr 13  2019 2019-04-13.png
-rw-r--r-- 1 user2 user2 24221 May 19  2019 2019-05-19.png

Advanced

Change file/directory permissions

Give the owner of the file read,write,execute permissions ; the group of the file read,write permissions ; the other users read permission only:

user@ubuntu:~$ chmod u=rwx,g=rw,o=r Documents/file.txt
user@ubuntu:~$ ls -l Documents/file.txt 
-rwxrw-r-- 1 user user 5 Jun  4 23:25 Documents/file.txt

Add execute permissions for other users:

user@ubuntu:~$ chmod o+x Documents/file.txt 
user@ubuntu:~$ ls -l Documents/file.txt 
-rwxrw-r-x 1 user user 5 Jun  4 23:25 Documents/file.txt

Remove write permission from the group of the file:

user@ubuntu:~$ chmod g-w Documents/file.txt 
user@ubuntu:~$ ls -l Documents/file.txt 
-rwxr--r-x 1 user user 5 Jun  4 23:25 Documents/file.txt

Remove execute permissions from the owner of the file:

user@ubuntu:~$ chmod u-x Documents/file.txt 
user@ubuntu:~$ ls -l Documents/file.txt 
-rw-r--r-x 1 user user 5 Jun  4 23:25 Documents/file.txt

All previous chmod examples can be used the same with directories.

A good tutorial about chmod usage to manipulate files/dirs permissions: https://www.howtogeek.com/437958/how-to-use-the-chmod-command-on-linux/

Execute commands as superuser

Some actions needs a superuser (root) access to be performed (like changing system sensitive files, create new user ...).

To execute a command as superuser (root), we need to precede the command with sudo:

user@ubuntu:~$ sudo id 
[sudo] password for user: 
uid=0(root) gid=0(root) groups=0(root)

To switch to a superuser (root) shell:

user@ubuntu:/$ sudo -s
[sudo] password for user: 
root@ubuntu:/# id
uid=0(root) gid=0(root) groups=0(root)
root@ubuntu:/# whoami
root

To go back to normal user, we use the command exit:

root@ubuntu:/# exit
exit
user@ubuntu:/$

Nothing will be showed while you type your password, not even *.

Allow a user to execute commands as superuser

Not all users can execute commands as superuser. When a user doesn't have the right, try to use sudo, he will face the following message:

user2@ubuntu:/$ sudo id
[sudo] password for user2: 
user2 is not in the sudoers file.  This incident will be reported.

To allow a user to execute commands as superuser using sudo, we need to add that user to the group sudo in Ubuntu :

user@ubuntu:~$ sudo usermod -aG sudo user2
[sudo] password for user:

If you're using a RedHat based distribution (like Fedora or CentOS), you need to add that user to the group wheel instead of the group sudo.

Execute commands as another user

To execute commands as user2 :

user@ubuntu:/$ sudo -u user2 id
[sudo] password for user: 
uid=1001(user2) gid=1002(user2) groups=1002(user2),27(sudo),1001(mygroup)
user@ubuntu:/$ sudo -u user2 whoami
user2

The password you need to provide here is your password, not user2 password.

Login as another user

To login as user user2 :

user@ubuntu:~$ su --login user2
Password:
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

user2@ubuntu:~$ 

The password you need to provide here is user2 password.

File /etc/passwd

The file /etc/passwd is an important Linux file that contains a list of users in the system, plus some users attributes (like user id, user home, login shell ...).

user@ubuntu:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
user:x:1000:1000:,,,:/home/user:/bin/bash
user2:x:1001:1002:,,,:/home/user2:/bin/bash

A good tutorial to understand /etc/passwd file format : https://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/

File /etc/group

The file /etc/group contains a list of groups, and the members of these groups.

user@ubuntu:~$ cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
...[SNIP]...
sudo:x:27:user,user2
...[SNIP]...
nogroup:x:65534:
user:x:1000:
mygroup:x:1001:user,user2
user2:x:1002:

We can manipulate this file directly to add users to groups.

A good tutorial to understand /etc/group file format : https://www.cyberciti.biz/faq/understanding-etcgroup-file/

File /etc/shadow

The file /etc/shadow contains hashed users' passwords:

user@ubuntu:~$ sudo cat /etc/shadow
[sudo] password for user: 
root:$6$Qn39Fj4O$12vYOMOs4Qjr8YsTZHBaukdFmFyFHNGUeuUGFq.wpIjYaUY0OwqDaHRnA0uR8xAEXXyt/Hedc1PrXokdvlKsQ1:18415:0:99999:7:::
daemon:*:18355:0:99999:7:::
bin:*:18355:0:99999:7:::
sys:*:18355:0:99999:7:::
sync:*:18355:0:99999:7:::
games:*:18355:0:99999:7:::
man:*:18355:0:99999:7:::
lp:*:18355:0:99999:7:::
mail:*:18355:0:99999:7:::
news:*:18355:0:99999:7:::
uucp:*:18355:0:99999:7:::
proxy:*:18355:0:99999:7:::
www-data:*:18355:0:99999:7:::
backup:*:18355:0:99999:7:::
list:*:18355:0:99999:7:::
irc:*:18355:0:99999:7:::
gnats:*:18355:0:99999:7:::
nobody:*:18355:0:99999:7:::
_apt:*:18355:0:99999:7:::
user:$6$1Ia1asvI$ltEXnJBxJS1lZ0.Z/hema0GxbsGUQIW8sdKvBpA/SbYdO.bPbjecAHvCSHNWKXiD2tgYddD45jBiZ000I7SqP0:18407:0:99999:7:::
user2:$6$pACc3L9I$9lXHUUaBzLBPFq.QMlErQhqI4V5/TmdHs/rw146KoNylmInOuiIMj9OQMMzQzw1kWVtgmFM6TZqxfZ5T/Fe5f1:18499:0:99999:7:::

If you try to bruteforce my hashed password, you will find it's haha, so don't loose your time lol.