Saturday, 21 September 2013


Linux user, group, permissions part 2


Hi Today, I am gona Talk about Group’s in Linux and Unix Like Operating System. As i have mentioned in my previous post about User in Linux User Group Permission article So let’s continue in this article about Groups

GROUPs

# User are assigned to a group.
# Each group is assigned to uniqe group ID number (gid).
# Group ID are stored in /etc/group. 
# Each user us given their own private group.
# User can be added to other groups for additional access.
# All users in a group can share files that belongs to the group.
# In the right side figure you can see some reserved number partial listing of the default groups.
/etc/group or /etc/shadow files,
All the groups in you system are located in /etc/group file which is very important file,it is shown in this picture :) 

Creating a group in Linux

groupadd — Create a new group in you linux or unixl like Operating system.
# groupadd vipullinux.wordpress
This shows that i have created a group name call “vipullinux.wordpress” in my linux O/S which has gid = 1004 as i can see it in /etc/group file.
Modify a group in linux
#groupmod — Modify a group
# groupmod -n vipullinux vipullinux.wordpress

Here i have changed by group name from “vipullinux.wordpress” to “vipullinux” :)
Add a user in group
usermod
usermod -g to modify user
usermod -g vipullinux root
Here you can see, i have assigned root user to “vipullinux” group :)

For removing group from user

Here in the above picture, I have “root”,”vipullinux”,”hacker” as a group name. And i want to remove “hacker” and “vipullinux” group from my root user account.what i need to do here is,
# usermod -G root root
(i have reassigned group name “root” to my root user. :) in this way i have removed “hacker”and “vipullinux” from the above group list :) .

Delete group in Linux

groupdel — This will delete the secondary groups but not primary.
Here i have deleted the secondary group call “vipullinux” from this command
# groupdel vipullinux
That’s for today next will be file permission so get prepare for Mathematical class :P :) bye
My main objectives of this Topics is to..
1. Explain the purpose of user and group accounts.
2. Read and set Files permissions.
3. Explain the Linux security model.
So let’s explain each of them.

Introduction to User and Group
Type in a shell # id you will get detils regading user and groups. Root is having 0 (user ID) and having 1002 group ID of bipul and bipul having (user ID) 1002 and group ID 1002.

Here uid –User ID
Here gid –Group ID

Explanation of root:x:0:1002:root:/root:/bin/bash which is in /etc/passwd

This “root” tells us that we are loggin as root
X signify encrupted password
0 is “uid”, 1002 is “gid”
:root: it is a comment,
/root/ is a directory assigned it,
/bin/bash is shell name which this account has.

Same here vipul,hacker,cracker is a account name
X it’s encrupted password
1005,1003,1004 is a “uid”
0,1004,1005 is a gid
:: It is a comment part which is empty here,
/home/vipul,cracker,hacker is a home directory assigned to it,
/bin/bsh,/bin/sh is shell type which it has.
1. USER
# Every user is assigned a unique user ID number that is called “uid” (user ID). And it is stored in file called passwd in # cat /etc/passwd
# If UID(User ID) is “0″ identifies root.
# In ubuntu user account is normally start at UID 1000 and in Fedora or red hat UID start at 500. 
# User are assigned to home directory (you can find the Home directory here. # cat /etc/passwd | grep “/home” ) and a program that is run when they log in (usually a shell).
# User can’t read write or execute each other files without permission.

In Debian/Ubuntu/ Backtrack
In Backtrack or Ubuntu 10.04 Lucid version. It has user ID “uid” start with 1000+.You can see i have user name with bipul(1002) vipul(1005) hacker(1003) cracker(1004) all starting with 1000 + numbers. And on top you can see 0 for root account.And rest all below 1000 are system user ID Which is in # cat /etc/passwd

How to create New User in you Linux
The root user is responsible for creating account. So Login as root user (or use sudo command) There is Two command which is used to create new user in Linux.
1. useradd
2. adduser
Depending on command line options, the useradd command will update system files (/etc/passwd and /etc/shadow file with passwordand may also create the new user’s home directory and copy initial files.for example
1.useradd
This is a fundamental low level tool for user creation. To create user with default configurations use useradd as shown below. To view the default options which i am going to get in the following command with the option -D
# useradd -D
GROUP:
This is the only option which will not be taken as default. Because if you don’t specify -n option a group with same name as the user will be created and the user will be added to that group. To avoid that and to make the user as the member of the default group you need to give the option -n.
HOME
This is the default path for the home directory. Now the home directory will be created as/home/USERNAME.
INACTIVE 
-1 by default disables the feature of disabling the account once the user password has expired. To change this behavior you need to give a positive number which means if the password gets expired after the given number of days the user account will be disabled.
EXPIRE
The date on which the user account will be disabled.
SHELL
Users login shell.That is /bin/sh which i call jail :) 
SKEL
Contents of the skel directory will be copied to the users home directory.
CREATE_MAIL_SPOOL
According to the value creates or does not create the mail spool.
Now i have created user name call hacker with command
# useradd hacker
# passwd hacker
You can see in figure it has shell /bin/sh and home directory /home/hacker assigned to it.
Set account disable date
useradd -e {yyyy-mm-dd} {username}
# useradd -e 2012-12-31 hacker1
Through this option account hacker1 is going to disable on coming 2012 december 31 :(
Set default password expiry
The -f {days} option set number of days after the password expires until the account is disabled. (If 0 is specified, the account is disabled immediately after the password expires. If -1 is specified, the account is not be disabled after the password expires.)
# useradd -e 2012-12-31 -f 30 hacker1

2.adduser

In this command it will ask automatically for password and also for comment. as you can see in figure.

To delete a user account
# userdel hacker
it will delete the account :)
NEXT WILL BE OF GROUP “HOW TO MAKE GROUP , HOW TO ADD A GROUP AND ASSIGN USER IN GROUP :)

No comments:

Post a Comment