Linux Administration commands. Only a root/sudoer or super user can run these commands.
[root@orcleprod ~]# useradd -c " Sam Smith" -m -s /bin/bash sam
[root@orcleprod ~]# passwd sam
Changing password for user sam.
New password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@orcleprod ~]#
Encrypted passwords are stored in /etc/shadow file. This shadow file is only readable by root preventing other users from trying to crack the password.
[root@orcleprod ~]# id sam
uid=54323(sam) gid=54324(sam) groups=54324(sam)
[root@orcleprod ~]# egrep sam /etc/passwd
sam:x:54323:54324::/home/sam:/bin/bash
Each account has an username or login ID, UID (user ID) which is a unique number. Default group. comments shell and a home directory location. The user account information is stored in /etc/passwd file
username:password:UID:GID:comments:home_dir:shell
On occasion, you may need to remove user's account from the server only. If you need to remove the user's home directory as well then add the option -r to the userdel command
Modify User: usermod [options] username
[root@orcleprod ~]# usermod -c "This is a test comment" sam
[root@orcleprod ~]# cat /etc/passwd | grep sam
sam:x:54323:54325:This is a test comment:/home/sam:/bin/bash
[root@orcleprod ~]# groupadd devops
The file /etc/group stores group information. The format of the /etc/group file:
group_name:password:GID:account1,account
[root@orcleprod ~]# grep devops /etc/group
devops:x:54324:sam,prabin
[root@orcleprod ~]# id sam
uid=54323(sam) gid=54325(sam) groups=54325(sam)
[root@orcleprod ~]# usermod -a -G devops sam
[root@orcleprod ~]# id sam
uid=54323(sam) gid=54325(sam) groups=54325(sam),54324(devops)
Also, you can view all the groups that you are part of using groups using groups command
[sam@orcleprod ~]$ whoami
sam
[sam@orcleprod ~]$ groups
sam devops
owner: It only applies to the owner only
group: This group permission only applies to the member of this group.
all users: This permission applies to all other user.
Permission Types:
Read (r): Read only to a file or directory
Write (w): Write or modify a file or directory
Execute(x): Execute a file or view the contents of the directory
2= Write
4 = Execute
777 = rwx rwx rwx (owner, group, all user)
owner= rwx = 4+2+1=7
group= rwx = 4+2+1=7
other= rwx=4+2+1=7
chmod 777 filename
or
chmod o=rwx filename
chmod g=rwx filename
chmod u=rwx filename
[root@orcleprod u01]# ls -l test*
-rw-r--r--. 1 root root 20 Jul 27 13:06 test.txt
chmod 777 test.txt
[root@orcleprod u01]# ls -l test*
-rwxrwxrwx. 1 root root 20 Jul 27 13:06 test.txt
[root@orcleprod u01]# chmod 770 test.txt
[root@orcleprod u01]# ls -l test*
-rwxrwx---. 1 sam root 20 Jul 27 13:06 test.txt
chown owner:group filename
[root@orcleprod u01]# ls -l test*
-rw-r--r--. 1 root root 20 Jul 27 13:06 test.txt
[root@orcleprod u01]# chown sam:root test.txt
[root@orcleprod u01]# ls -l test*
-rw-r--r--. 1 sam root 20 Jul 27 13:06 test.txt
cat /etc/sudoers ## Holds all the groups for sudoer. If you belong to any of those groups, you have sudoer access or else you will need to request SYS admin for access to certain root commands through sudo.
Adding New User: useradd [options] username
- -c "Comment"
- -m Create home directory
- -s /shell/path
- -g Group Default group
[root@orcleprod ~]# passwd sam
Changing password for user sam.
New password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@orcleprod ~]#
Encrypted passwords are stored in /etc/shadow file. This shadow file is only readable by root preventing other users from trying to crack the password.
[root@orcleprod ~]# id sam
uid=54323(sam) gid=54324(sam) groups=54324(sam)
[root@orcleprod ~]# egrep sam /etc/passwd
sam:x:54323:54324::/home/sam:/bin/bash
Each account has an username or login ID, UID (user ID) which is a unique number. Default group. comments shell and a home directory location. The user account information is stored in /etc/passwd file
username:password:UID:GID:comments:home_dir:shell
oracle:x:54321:54321:Oracle Software Owner:/home/oracle:/bin/bash
prabin:x:54322:54323::/home/prabin:/bin/bash
Deleting User: userdel [-r] username
[root@orcleprod ~]# userdel sam
[root@orcleprod ~]# id sam
id: sam: No such user
[root@orcleprod ~]#
Deleting User: userdel [-r] username
[root@orcleprod ~]# userdel sam
[root@orcleprod ~]# id sam
id: sam: No such user
[root@orcleprod ~]#
Modify User: usermod [options] username
[root@orcleprod ~]# usermod -c "This is a test comment" sam
[root@orcleprod ~]# cat /etc/passwd | grep sam
sam:x:54323:54325:This is a test comment:/home/sam:/bin/bash
Create Group
[root@orcleprod ~]# groupadd group_name[root@orcleprod ~]# groupadd devops
The file /etc/group stores group information. The format of the /etc/group file:
group_name:password:GID:account1,account
[root@orcleprod ~]# grep devops /etc/group
devops:x:54324:sam,prabin
Linux users sam and prabin both belong to devops group. To display all the groups that a user belong to simply type groups [username]
[root@orcleprod ~]# groups sam
sam : sam devops
Delete Group: groupdel group_name
Change the property of Group: groupmod
Assigning Group
usermod -a -G <groupname> username[root@orcleprod ~]# id sam
uid=54323(sam) gid=54325(sam) groups=54325(sam)
[root@orcleprod ~]# usermod -a -G devops sam
[root@orcleprod ~]# id sam
uid=54323(sam) gid=54325(sam) groups=54325(sam),54324(devops)
Also, you can view all the groups that you are part of using groups using groups command
[sam@orcleprod ~]$ whoami
sam
[sam@orcleprod ~]$ groups
sam devops
Note: Sometime the user may need to logout and log back in for the new group to take into effect.
Revoking Group
usermod -R <group name> <username>
usermod -R root sam
File & Directory Permission:
Each file and directory has three users (owner, group, all other users) based permission groups.owner: It only applies to the owner only
group: This group permission only applies to the member of this group.
all users: This permission applies to all other user.
Permission Types:
Read (r): Read only to a file or directory
Write (w): Write or modify a file or directory
Execute(x): Execute a file or view the contents of the directory
Changing Permission
1 = Read2= Write
4 = Execute
777 = rwx rwx rwx (owner, group, all user)
owner= rwx = 4+2+1=7
group= rwx = 4+2+1=7
other= rwx=4+2+1=7
chmod 777 filename
or
chmod o=rwx filename
chmod g=rwx filename
chmod u=rwx filename
[root@orcleprod u01]# ls -l test*
-rw-r--r--. 1 root root 20 Jul 27 13:06 test.txt
chmod 777 test.txt
[root@orcleprod u01]# ls -l test*
-rwxrwxrwx. 1 root root 20 Jul 27 13:06 test.txt
[root@orcleprod u01]# chmod 770 test.txt
[root@orcleprod u01]# ls -l test*
-rwxrwx---. 1 sam root 20 Jul 27 13:06 test.txt
Source: http://linuxcommand.org/lts0070.php
Ownership Change:
chown - change file owner and groupchown owner:group filename
[root@orcleprod u01]# ls -l test*
-rw-r--r--. 1 root root 20 Jul 27 13:06 test.txt
[root@orcleprod u01]# chown sam:root test.txt
[root@orcleprod u01]# ls -l test*
-rw-r--r--. 1 sam root 20 Jul 27 13:06 test.txt
Sudoer
Sudo (substitute user do) allows a SYS admin to delegate authority to give certain users or a group of users the ability to run some or all commands as root or another users while providing an audit trail of the commands arguments.cat /etc/sudoers ## Holds all the groups for sudoer. If you belong to any of those groups, you have sudoer access or else you will need to request SYS admin for access to certain root commands through sudo.
Interested in working with me? I can be reached at pbaniya04[at]gmail.com for any questions, consulting opportunities or you may drop a line to say HELLO. Thank your again for visiting my blog and looking forward to serving you more.
Have a Database-ious Day!
Have a Database-ious Day!
No comments