chapter 6 - linux administration basics.pdf
TRANSCRIPT
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
1/57
C H A P T E R 6
LINUX ADMINISTRATIONBASICS
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
2/57
A. SETTING THE HOSTNAME
To change your machine hostname, you need to edit twoconfiguration files named hostname and hosts bothlocated in/etc directory:
1. Open a terminal and run the following command:
gksudo gedit /etc/hostname /etc/hosts
2. Change the line on the hostname file to the desiredhostname.
3. Change the second line on the hosts file to the desiredhostname.
4. Save and close both files.
5. Reboot.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
3/57
B. SETTING FILE PERMISSION
Access rights: Linux's first line of defense
On a Linux system, each file has three types of access:read, write and execute for three categories of
users: owner (user), group and others.
Owner is the user who creates the file. Group is thegroup name that the owner belongs to. Others is any
other user (not being the owner and not belonging tothe group having access rights to the file).
For each category of users, read, write and executeaccess rights can be granted or denied.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
4/57
B. SETTING FILE PERMISSION
Permission File Directory
readUser can look at thecontents of the file.
User can list the files in thedirectory.
writeUser can modify thecontents of the file.
User can create new files andremove existing files in thedirectory.
execute
User can run the file
as if it were aprogram.
User can change into thedirectory, but cannot list the files
unless (s)he has read permission.User can read files if (s)he hasread permission on them.
Interpretation of permissions for files and directories
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
5/57
B. SETTING FILE PERMISSION
With the -l option (long list) ofls, you can find outthe access rights (permissions) for any given file ordirectory:
$ ls -ltotal 4drwxrwxr-x 2 prescilla prescilla 4096 Feb 9 23:24 files-rw-rw-r-- 1 prescilla prescilla 0 Feb 9 23:20 permissions
The Linux file permission is divided into three groups:FileType Owner Group Othersd rwx rwx r-x- rw- rw- r--
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
6/57
B. SETTING FILE PERMISSION
When assigning permissions to a file or directory,symbols are used to represent the threecategories of users and their permissions.
Symbol Represent
u user (owner)
g group
o others
a all users (ugo)
Symbol Meaning
r read
w write
x execute
- No permission
Access mode codesUser group codes
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
7/57
B. SETTING FILE PERMISSION
Another method used to set Linux file permission is theoctal system which uses numbers to representpermissions.
0 = No permission1 = Execute permission2 = Write permission3 = Write and execute permissions4 = Read permission
5 = Read and execute permissions6 = Read and write permissions7 = Read, write and execute permissions
Note: The essential numbers are1, 2and4which represent execute, write and readpermissions respectively. Other numbers are just the sum of adding those numbers together.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
8/57
B. SETTING FILE PERMISSION
Code Meaning
0 or - The access right that is supposed to be onthis place is not granted.
4 or rread access is granted to the usercategory defined in this place
2 or wwrite permission is granted to the usercategory defined in this place
1 or xexecute permission is granted to the usercategory defined in this place
The table below summarizes file permission codes(symbols or octal) used in Linux:
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
9/57
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
10/57
SETTING FILE PERMISSION USINGSYMBOLIC MODES
To change file permission using symbolic modes, usethe user group and access mode codes withoperators listed in the table below:
Operator Description
+adds the specified permission to thespecified user group
- removes the specified permission fromthe specified user group
=Assigns the specified permissions to thespecified user group
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
11/57
SETTING FILE PERMISSION USINGSYMBOLIC MODES
Take the example below:
-rw-rw-r-- 1 prescilla prescilla 0 Feb 9 23:20 sample
The sample file has read and write permission forboth user and group while other users can only readit. To add write permission to other users, run the ff.command:
$ chmod o+w sample
Note: The+ and- operators are used tograntordenya given right to agiven group. o represents other users and w for write access.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
12/57
SETTING FILE PERMISSION USINGSYMBOLIC MODES
$ ls l sample-rw-rw-rw- 1 prescilla prescilla 0 Feb 9 23:20 sample
As seen above, other users has now write
permission to the sample file.
To add execute permission to all users, run the ff.:
$ chmod a+x sample
OR$ chmod ugo+x sample
Note: x is for execute permission, a represents all users, butugo canalso be used which indicates user, group & others.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
13/57
SETTING FILE PERMISSION USINGSYMBOLIC MODES
$ ls l sample-rwxrwxrwx 1 prescilla prescilla 0 Feb 9 23:20 sample
As seen above, all users has now execute permission
to the sample file.
To remove the execute permission to all users, runthe ff.:
$ chmod a-x sampleOR
$ chmod ugo-x sample
Note: The- operator is used to deny a given right to a given group.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
14/57
SETTING FILE PERMISSION USINGSYMBOLIC MODES
Combinations separated by commas are allowed whenspecifying options for chmod.
Here's another one, which makes the file from theprevious example a private file to user prescilla:
$ ls l sample-rw-rw-rw- 1 prescilla prescilla 0 Feb 9 23:20 sample
$ chmod u+rwx,go-rwx sample
$ ls -l sample-rwx------ 1 prescilla prescilla 0 Feb 9 23:20 sample
As seen above, all permissions to the sample file wasdenied to group and other users.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
15/57
SETTING FILE PERMISSION USINGSYMBOLIC MODES
You can also remove or deny permission by usingthe assignment (=) operator and setting it to noneor empty. Therefore the previous chmodcommand line can be rewritten as:
$ chmod u+rwx,go= sample$ ls -l sample
-rwx------ 1 prescilla prescilla 0 Feb 9 23:20 sample
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
16/57
SETTING FILE PERMISSION USING OCTALMODES
Octal numbers have been used widely todescribes file or directory permission in Linuxsystem. It is faster using octal numbers to
change Linux file or directory permissions andeasier than the first method.
When using chmod with octal digits as
arguments, the values for each granted accessright have to be counted together per group.Thus we get a 3-digit number, which is the valuefor the settings chmod has to make.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
17/57
SETTING FILE PERMISSION USING OCTALMODES
Lets take the previous example:
$ ls -l sample-rwx------ 1 prescilla prescilla 0 Feb 9 23:20 sample
To set read and write permission for owner, andonly read access for group and others, using theoctal system:
$ chmod 644 sample-rw-r--r-- 1 prescilla prescilla 0 Feb 9 23:20 sample
Note:644 means read and write permission for owner, read for groupand others.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
18/57
SETTING FILE PERMISSION USING OCTALMODES
You can also set permissions to multiple files atonce. For example:
$ ls -l
-rw-r--r-- 1 root root 84669 2008-09-11 01:13 snapshot1.png-rw-r--r-- 1 root root 100439 2008-09-11 01:14 snapshot2.png-rw-r--r-- 1 root root 113450 2008-09-11 01:14 snapshot3.png$ chmod 666 snapshot*.png$ ls -l-rw-rw-rw- 1 root root 84669 2008-09-11 01:13 snapshot1.png
-rw-rw-rw- 1 root root 100439 2008-09-11 01:14 snapshot2.png-rw-rw-rw- 1 root root 113450 2008-09-11 01:14 snapshot3.png
Note: the octal digit 666 grants read (r) and write (w) permissions to allusers.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
19/57
SETTING FILE PERMISSION USING OCTALMODES
chmodcan also be used to set permissions for a
multiple files and directories by using the R(recursive) option. To change all the permissions
of each file and folder under a specified directoryat once:
user@host$ sudo chmod 777 -R /path/to/someDirectoryuser@host$ ls -l
total 3-rwxrwxrwx 1 user user 0 Nov 19 20:13 file1drwxrwxrwx 2 user user 4096 Nov 19 20:13 folder-rwxrwxrwx 1 user user 0 Nov 19 20:13 file2
Note: the octal digit 777 grants read (r), write (w) & execute (x) permissions to all users.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
20/57
UNDERSTANDING UMASK
When a user create a file/directory underLinux, he/she create it with a default set ofpermissions. The user file-creation mode mask(umask) is a four-digit octal number use todetermine/control these default set ofpermissions.
By default most Linux distribution has set it to0022 (022) for root and 0002 (002) for normaluser.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
21/57
UNDERSTANDING UMASK
To check the default umask value, runumask from a terminal:
user@linux:~$ umask0002
root@linux:~# umask0022
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
22/57
UNDERSTANDING UMASK
The base permission for newly created filesare 0666 (rw-rw-rw) while directories hasa base permission of
0777(rwxrwxrwx
).
To compute for the final permission ofnewly created files/directories, the umask
value is subtracted from the basepermission.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
23/57
UNDERSTANDING UMASK
Normal user:777 002 = 775 (directories)
666 - 002 = 664 (files)
Root user:
777 022 = 755 (directories)666 022 = 644 (files)
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
24/57
UNDERSTANDING UMASK
Therefore, a normal user will have thefollowing default permissions:
775 (rwxrwxr-x) for directories
664 (rw-rw-r--) for files
While a root user will have the following
default permissions:755 (rwxr-xr-x) for directories
644 (rw-r--r--) for files
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
25/57
C. SETTING FILE OWNERSHIP
Linux has a very special file ownership andpermission system. Each files/directorieshas 2 owners which is user and group. Thatmeans, a certain file or a directory has itsowner and group responsible for it.
Changing user or group ownership of a fileis done with the chown (change owner)and chgrp (change group) commands.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
26/57
C. SETTING FILE OWNERSHIP
The chown command can be applied to changeboth user and group ownership of a file, whilechgrp only changes group ownership.
In order to only change the user ownership ofa file, use this syntax:
chown newuser file
If you use a colon after the user name, groupownership will be changed as well, to theprimary group of the user issuing thecommand.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
27/57
C. SETTING FILE OWNERSHIP
In order to change the user and groupownership of a file, use this syntax:
chown newuser:newgroup file
To only change group ownership, you caneither use chgrp or chown with a different
syntax:chown :newgroup file
chgrp newgroup file
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
28/57
C. SETTING FILE OWNERSHIP
For example, p1 is owned by root and adm group,to change its ownership, use chown:
$ ls l p1-rw-rw-r-- 1 root adm 0 Feb 24 15:28 p1$ chown prescilla p1$ ls l-rw-rw-r-- 1 prescilla adm 0 Feb 24 15:28 p1
To change its owner and group at the same time,use chown and add a colon (:) after the user name:
$ chown prescilla: p1$ ls l p1-rw-rw-r-- 1 prescilla prescilla 0 Feb 24 15:28 p1
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
29/57
C. SETTING FILE OWNERSHIP
Using the same file, if you only want to changegroup ownership, use chgrp:
$ ls l p1-rw-rw-r-- 1 root adm 0 Feb 24 15:28 p1$ chgrp prescilla p1$ ls l-rw-rw-r-- 1 root prescilla 0 Feb 24 15:28 p1
You can still use chown to change groupownership:
$ chown :prescilla p1$ ls l p1-rw-rw-r-- 1 root prescilla 0 Feb 24 15:28 p1
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
30/57
D. LOGGING ON TO ANOTHER GROUP
When you type idon the command line, youget a list of all the groups that you canpossibly belong to, preceded by your user
name and ID and the group name and ID thatyou are currently connected with.
However, on many Linux systems you can only
be actively logged in to one group at the time.By default, this active or primary group is theone that you get assigned from the/etc/passwdfile.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
31/57
D. LOGGING ON TO ANOTHER GROUP
For example, prescilla is currently connectedto its primary group prescilla:
$ id
uid=1000(prescilla) gid=1000(prescilla)groups=1000(prescilla),4(adm),6(disk),24(cdrom),27(sudo),30(dip),46(plugdev),107(lpadmin),124(sambashare),126(vboxusers)
As seen above, prescilla can also belong toseveral other secondary groups i.e. adm, disk,dip, etc.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
32/57
D. LOGGING ON TO ANOTHER GROUP
For a user to logon to a secondary group, he/shemust use the newgrp command. This is useful if a
user needs to create a file that should be ownedby another group.
$ newgrp adm$ iduid=1000(prescilla) gid=4(adm)$ touch test
$ ls l-rw-rw-r-- 1 prescilla prescilla 0 Feb 24 15:28 p1-rw-rw-r-- 1 prescilla adm 0 Feb 24 18:34 test
Note: Logging in to a new group prevents you from having to usechown to change ownerships for you.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
33/57
E. CREATING USER ACCOUNTS
Creating users in Linux system is a routinetask for system administrators.
Sometimes you may create a single userwith default configuration or with customconfiguration, or create several users at
same time using some bulk user creationmethod.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
34/57
E. CREATING USER ACCOUNTS
Method 1: Create user with defaultconfigurations using useraddcommand
To create user with default configurations:
useraddm
By default, useradd will not create a home
directory for the new user, unless you add the moption. If you need to set a different path for theusers home directory, use the doption.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
35/57
E. CREATING USER ACCOUNTS
Example 1:Create a new user named ayeshawith default configuration:
$ sudo useraddm ayesha
If you dont specify a password for the accountthe system will lock it and the user will not beable to login to the system this is easilyaccomplished with the following command:
$ passwd
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
36/57
E. CREATING USER ACCOUNTS
You can create a user and set its passwordin one command line:
$ useraddm username p password
The previous example can be rewritten as:
$ sudo useraddm ayesha p 1234
Note:This method will print the password in the terminalscreen.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
37/57
E. CREATING USER ACCOUNTS
Method 2: Add user with custom configurations
To create user with custom configurations:
useradd [options]
Options are listed on the next slide. To see a fulllist of
useraddoptions, see the man pages, by
running:
$ man useradd
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
38/57
USERADD OPTIONS
Options Meaning-d Specifies the users home directory
-m Create the user's home directory if it does not exist.
-s Specifies the name of the user's login shell
-g Specifies the users primary group-G Specifies the users secondary groups
-eSpecifies the date on which the user account will be disabled.
The date is specified in the format YYYY-MM-DD.
-cAny text string. It is generally a short description of the login,
and is currently used as the field for the user's full name.
-f
Specifies the number of days after a password expires until the
account is permanently disabled. A value of 0 disables the
account as soon as the password has expired, and a value of -1
disables the feature.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
39/57
E. CREATING USER ACCOUNTS
Example 2:Create a new user with customconfigurations:
$ sudo useraddmg prescilla e 2013-
03-01 c Linus Torvalds linus
$ cat /etc/passwd | grep linuslinus:x:1003:1000:Linus
Torvalds:/home/linus:/bin/shNote:The new user linus has a group id of 1000 which isthe group id of prescilla.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
40/57
E. CREATING USER ACCOUNTS
To check the account and password expiry ofan account, use the chagecommand:
$ chage l linus
Last password change : Feb 24, 2013Password expires : neverPassword inactive : never
Account expires : Mar 01, 2013Minimum number of days between password change: 0
Maximum number of days between password change: 99999Number of days of warning before password expires: 7
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
41/57
E. CREATING USER ACCOUNTS
To disable password aging / expiration for a user,run chage command and set the following:
Minimum Password Age to 0
Maximum Password Age to 99999Password Inactive to -1Account Expiration Date to -1
Interactive mode command:
$ chage username
OR
$ chage -I -1 -m 0 -M 99999 -E -1 username
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
42/57
E. CREATING USER ACCOUNTS
Method 3: Create users interactively withadduser command
A very simple way of creating a user in thecommand line interactively is using adduser
command.
adduser
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
43/57
E. CREATING USER ACCOUNTS
Example 3:Create a new user with adduser:
$ sudo adduser spideyAdding user `spidey' ...Adding new group `spidey' (1007) ...
Adding new user `spidey' (1007) with group `spidey' ...Creating home directory `/home/spidey' ...Copying files from `/etc/skel' ...Enter new UNIX password:Retype new UNIX password:passwd: password updated successfullyChanging the user information for spidey
Enter the new value, or press ENTER for the defaultFull Name []: Peter ParkerRoom Number []:Work Phone []:Home Phone []:Other []:Is the information correct? [y/N] y
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
44/57
E. CREATING USER ACCOUNTS
Method 4: Add multiple users at oncewith newusers command
Sometimes you may want to to create multiple
users at the same time. Fortunately, Linux offers away to create users using newusers command.This can also be executed in batch mode as it
cannot ask for any input.$ newusers FILENAME
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
45/57
E. CREATING USER ACCOUNTS
First step is to create a text file that willcontain the user account information.
The file format is same as the password file:loginname:password:uid:gid:comment:home_dir:shell
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
46/57
E. CREATING USER ACCOUNTS
$ cat users.txtuser1:password:1005:513:Student Account:/home/user1:/bin/bashuser2:password:1006:513:Sales user:/home/user2:/bin/bashuser100:password:1007:513:Sales user:/home/user100:/bin/bashtom:password:1008:501:Guest Account:/home/guest:/bin/menujerry:password:1009:501:Guest Account:/home/guest:/bin/menu
Since username and passwords are stored inclear text format make sure only you canread/write the file. Use chmodcommand:
$ chmod 600 users.txt
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
47/57
E. CREATING USER ACCOUNTS
Now, create the users in batch:
$ newusers users.txt
Verify that your /etc/group, /etc/passwdand /etc/shadow files are updated:
less /etc/group
less /etc/passwd
less /etc/shadow
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
48/57
F. SWITCHING BETWEEN USER ACCOUNTS
When you know the password of anotheruser's account, you can present yourself to thesystem with that user's permissions using the
su command (switch user).
su - username
You will be prompted to enter the password.After the authentication process, you areworking on the system using the permissionsof that user .
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
49/57
F. SWITCHING BETWEEN USER ACCOUNTS
To make sure you are logged in as anotheruser, check with the idcommand:
$ su - linus$ iduid=10032(linus)gid=1000(prescilla)
groups=1000(prescilla)
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
50/57
F. SWITCHING BETWEEN USER ACCOUNTS
By default, the Root account password is lockedin Ubuntu. This means that you cannot login asRoot directly or use the su command to become
the Root user. However, since the Root accountphysically exists it is still possible to run programswith root-level privileges. This is where sudo
comes in - it allows authorized users to run certain
programs as Root without having to know theroot password. To switch to root environment:
$ sudo i
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
51/57
F. SWITCHING BETWEEN USER ACCOUNTS
Allowing other users to run sudo
To add a new user to sudo:
$ sudo adduser sudo
where you replace with the name
of the user (without the ).
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
52/57
G. DELETING USER ACCOUNTS
You need to use the userdel command to
delete a user account and related files fromuser account.
The userdel command must be run as
root user. The syntax is as follows:
userdel userName
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
53/57
G. DELETING USER ACCOUNTS
Example:
To remove the user aye from the system:
$ userdel ayeTo remove the user's home directory pass the-r option to userdel, enter:
$ userdel -r ayeNote:The above command will remove all files along with the homedirectory itself and the user's mail spool. Please note that files locatedin other file systems will have to be searched for and deletedmanually.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
54/57
G. DISABLING USER ACCOUNTS
Sometimes is it recommend to disable anaccount instead of removing it right away,especially if you are working with a
corporate server with lots of users.You need to use the usermodcommand tolock and disable user account. The -L
option lock user's password by putting a (!)in front of the encrypted password. Todisable user account, set expire date to 1.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
55/57
G. DISABLING USER ACCOUNTS
In this example, user account aya is disabled:
$ usermod -L -e 1 aya
When aya tries to login either graphically orvia text console, she will be greeted with thefollowing messages:
Your account has expired; please
contact your systemadministrator.
Invalid password.
Permission denied.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
56/57
G. DISABLING USER ACCOUNTS
To re-enable an account with a lockedpassword, simply remove the (!) from the/etc/shadow file which stores the encrypted
password for all users.
$ gedit /etc/shadow
To remove an account expiry date, run:$ usermode -1 user-account
Note:You can also use chage command to set expiry date to -1.
-
7/28/2019 Chapter 6 - Linux Administration Basics.pdf
57/57
E N D O F C H A P T E R 6
LINUX ADMINISTRATIONBASICS