Linux system administrator

Linux system administrator

ยท

10 min read

User and Groups

Files and directories which you are working within the system have permission, this permission controls the access of the resources for various uses. In this blog, we are going to discuss all those methods by using which we can manipulate the access rights of the files and folder

Group

The permission management system utilizes groups to organize access rights. Each group comprises users with similar permissions. For instance, there may be separate groups for web developers and DevOps. The system owner can assign permissions based on the specific requirements of each group. Importantly, access to resources and privileges is restricted within individual groups, preventing one group from accessing the resources or privileges of another group.

User

  • When you run a process, its execution and permissions are influenced by the user who initiates the process. You can determine the current user by using the whoami command in the shell. The output will typically display the current user

  • Let's consider a scenario where there are two users in the system: User A and User B. In any situation, User A is restricted from accessing files that are in any way associated with or owned by User B.

  • The system enforces strict file permissions and access controls to maintain user privacy and security. Each user has their own designated home directory, where their personal files and data reside. By default, User A does not have permission to access or modify files within User B's home directory, and vice versa.

  • If you are using your system, it is common to assume that you are the sole user. However, it is important to note that there are multiple users, including system daemons.

  • Each process may have its own associated system daemon, which is responsible for ensuring the proper functioning and operation of that particular process. These system daemons work behind the scenes to perform specific tasks and provide essential services for the system as a whole.

  • But among all the users, there is one user who holds the most power - the superuser or root user. The superuser can access, run, or terminate any process on the system.

  • Fortunately, regular users can gain access to the superuser account by using the sudo command (short for "superuser do"). By utilizing sudo users can temporarily transform into the superuser (similar to Ben 10 transforming) and execute commands with elevated privileges.

  • regular users do not have permission to access some files, for instance

Screenshot_2022-06-22_03_17_49.jpg

Shivansh(which is the current user) cannot access the shadow file.

  • write ls -l /etc/shadow to know who has the priviliges to access that file

1(1).jpg

  • Only root users have access to this file as you can see in the image

  • In this case, you can transform yourself into a superuser using sudo su this will grant you the privileges to access the root file

Screenshot_2022-06-22_03_24_30.jpg

Here you can access the shadow file because you are in superuser mode, However, if you want to get out of the superuser mode use exit command

  • etc/sudoers:- You can see all the users who have access to the superuser/root user by writing sudo cat etc/sudoers

  • /etc/passwd: This file contains the login data of all the users, both active and inactive. It includes the password of each user and specifies the applications that a specific user can run.

    Understanding passwd file

2.jpg

After writing this command you can see the whole mess in your shell. Basically, every line describe different user and their powers and passwds let's understatnd what the line is saying

  • shivansh:x:1000:1000:Shivansh charak,,,:/home/shivansh:/usr/bin/zsh

    let's divide it into 7 parts

  • First field(shivansh)= username

  • Second field(x)-> If the second place is marked with x that means that the password is stored in the /etc/shadow file

  • Third field(1000)-> user-id where user belongs to

  • Fourth field(1000)-> Groupid: Id of the Group which the user belongs to

  • Fifth field(Shivansh charak,,,)-> Userinfo(username)

  • Sixth field(home/shivansh)-> User's home directory

  • Seventh field(/usr/bin/zsh)-> It refers to the shell, command interpreter, or terminal that automatically launches when a user logs into the system. Users utilize this command line interface to communicate with the system, execute commands, and interact with various functionalities.

Understanding Shadow file

As you say before that the shadow file stores all the password

root:!:19416:0:99999:7:::

  • First field(root)-> username

  • Second field(!)-> encrypted password, Here, ! means the account is locked and * means the password is not set, and if you want to grep the specific user's password you can use

sudo cat /etc/shadow | grep "username"
  • If you use this command you can see the encrypted password of the user in the second field

  • Third field(19056)->"The date of last password change" It shows the number of days elapsed since January 1, 1970

  • Fourth field(0)-> The "minimum password change" refers to the number of days a user has to wait before they are allowed to change their password.

  • Fifth field(99999)-> It specifies the maximum number of days a password is valid before it must be changed.

  • Sixth field(7)-> warning period:-The number of days in advance that a user will start receiving warnings about upcoming password expiration.

  • Seventh field(which is empty here): It is typically used to set the password expiry period. If this field is empty, it means that no specific password expiry period has been set for the user.

  • Eighth Field(which is empty here): Amount of days left for the expiry of the user:- if you are using someone else's system and the owner of that system has set some days, after that specific amount of days you cannot access the system

  • Ninth(reserved field)-> Extra field

Understanding group file

  • /etc/group -> This file is responsible to maintain the data of the group "root:x:0:"

  • First field(root)-> Group name

  • Second field(x)->group password

  • Third field(0)-> Group id

  • Fourth field(empty)->In the "/etc/group" file, the fourth field (which is typically empty) represents the list of usernames associated with a specific group. For instance, let's consider a group named "group1" that has two users, "shivansh" and "shivansh2". In this case, both of them should be present in the fourth field, separated by commas.

Adding user

  • sudo useradd Kunal:- it will automatically create /home/Kunal in my system which contains all the script which contain the processes with specific permission

  • sudo passwd kunal:- to set password for the user

  • run this command to see the user who has been currently added to the system

      sudo tail -1 /etc/passwd
    
  • sudo userdel kunal:- to delete a user

  • sudo groupadd "groupname":- Used to create a group

  • usermod -aG groupname username : to add the user to the group

  • In the image shown above we have created a group DevOps first, and then added ansible in it using the usermod command, after that, you can check the user which is added to the group using the command sudo cat /etc/group

  • Fourth field shows the user who belongs to the group. In this case its ansible which we just have added using usermod command

  • sudo passwd "New password": it creates a new password

  • sudo hostname "hostname":- to change the hostname

  • If we want to switch to a different user I can write su username then the system will ask for the target user password

Permission

ls -l

to see all the files with permissions

6.jpg

drwxr-xr-x 28 shivansh shivansh 4096 Apr 30 04:56 anaconda3

let's divide the first output into parts

First part:

1(drwxr-xr-x)-> permissions bits(10bits). Let's divide the permissions bit.

  • The first bit(d) shows whether the specified thing is a file or not if it is marked with d the thing is a directory, if hyphen then it is a file and if l the thing is a link

  • 2(rwx)-> The Owner's permission. the user can read this file write on the file and execute the file.

  • 3(r-x)-> Group permissions means all the users coming under that group can read and execute but cannot write indicated by(-)

  • 4(r-x)-> Indicates the permission for other users which does not comes under owner or group, That means user A is the owner of the application and user b who is working on some project and user c who is surfing

Second part:

shivansh:shivansh

  • The name before : shows the user who has access to the particular resource and after : shows the group that has access to the resource

Third part:

  • Apr 30 04:56-> The date on which the file was created

Fourth part :

  • Application name

What does rwx indicate

  • r->read

  • w->write

  • x->executable

  • s-> file with permission lets only file owner to execute it

  • S-> This bit only gives the user as owner permission you still cannot execute the file

Let's take a look at how you can modify these permissions. Linux have marked different end user with a different keyword

  • g for group

  • u for user

  • o for others for example let's create a file new.txt

7.jpg

Users can read and write a file but cannot access it. You can modify the permissions using the chmod command. For example, to change the file permissions to the executable for the user, you can run chmod u+x test.txt. By using "u" for the user and "+x" to add the execute permission, the user can now execute the file.

If you want to change the permissions for the group, you can use chmod g+x test.txt. Here, "g" represents the group, and "+x" adds the execute permission to the group.

To remove permissions, you can use "-" instead of "+". For example, chmod ugo-rwx test.txt removes all permissions (read, write, and execute) for the user, group, and others.

You can modify these permissions as needed using chmod ugo+rwx to add permissions or chmod ugo-rwx to remove permissions for the user, group, and others.

Numerical representation of permissions

as we know the write permissions are defined by w read permissions is defined by r and the executable file is defined by e like uid, Permissions is also defined by some number

  • Read is represented by 4

  • Write is represented by 2

  • the executable is represented by 1

If you want to grant read, write, and execute permissions to the user, group, and others, you can use the command chmod +777 test.txt. The number 777 represents the permissions for the file. Each digit in the number corresponds to a set of permissions: the first digit is for the user, the second digit is for the group, and the third digit is for others.

In this case, since each digit is 7, it means that all permissions (read, write, and execute) are granted to the user, group, and others. The number 7 is the sum of the permission values: 1 for execute, 2 for write, and 4 for read. By adding these values together, you get 7, indicating all permissions.

So, chmod +777 test.txt sets the file permissions to read, write, and execute for the user, group, and others. This command grants full access to the file for all types of users.

  • sudo chown user_name file_name:- If you want to change the owner of any file you can change it with this command

  • sudo chgrp group_name file_name:- If you want to change the group of people who can access the file using this command

Stickybit permission

  • if a file has sticky bit permission that means that every other user can access the file but only the owner can delete the file sudo chmod +t directory

Can we change the password of any other user in the system?

No, we cannot do that because all the processes running in Linux are associated with three user IDs:

  1. Effective UID: It represents the user ID of the owner, which is typically the root (ID 0).

  2. Real UID: This is the user ID of the user who launched the process. For example, if user B has a UID of 700 and launches a process, the real UID of that process will be 700. The real UID is used to determine the actual user who initiated the process.

  3. Saved UID: The saved UID helps in switching between the effective UID and the real UID. It allows a process to temporarily assume different privileges or permissions while executing specific tasks.

These user IDs play a crucial role in determining the permissions and access rights of processes in Linux. The effective UID is often used to enforce security measures and restrict access to certain operations for non-privileged users.

Some more basic commands

  • last:- It will show the users who were logged into the system

  • lsof -u username:- It will list all the open files by this user

  • netstat -tulpn: it will show all the services and the port on which they are hosted or using

ย