10/22/2019 LAB ASSIGNMENT

Class BCS-4A

Submitted To: Sir Basharat Mehmood

Abdul Samad (SP18-BCS-006)

Abdullah Jan Khan (SP18-BCS-012)
Ahsan Saif (SP18-BCS-020)
Aleena Naveed (SP18-BCS-021)
 Group Member Task Performed
Abdul Samad Group Management
Abdullah Jan Khan User Management
Ahsan Saif Quota Management
Aleena Naveed Password Management

User Configuration Files:

 When a user is created in Linux it maintains some file for each users, like the following:
1. /home: This directory stores the user’s home directory.
2. /etc/skel: This file stores default initialization file for the login shell.
3. /etc/shell: This file contains information of the login shells, like BASH.
4. /etc/passwd: This file contains information about the user passwords.
5. /etc/group: This file contains information about the user’s group.
6. /etc/shadow & /etc/gshadow: This file contains encrypted password file for user (shadow)
and group (gshadow).
7. /etc/login.defs: This file contains information about login defaults for the users.

These files are divided into 2 Parts one parts deal with passwords and the other part deal with User
Environment Management or are called profiling files.

 The Password Files:

1. The passwd (/etc/passwd) file stores the following details:
a. Username
b. Password In an encrypted from as Ubuntu by default applies it to passwords
c. UserID which starts from 1000 and incremented by 1 for every next User. ID 999 is
for the root.
d. GroupID it also starts from 1000 and incremented by 1 for every new group created.
e. Comments which is any details of the user stored.
f. Home directory’s path
g. Login Shell the shell to run when the user logins. By default it is BASH.

e.g. abdullah:x:1000:1000:abdullah,,,,:/home/abdullah:/bin/bash

2. Shadow Files (/etc/shadow and /etc/gshadow):

a. The password (passwd) file was some plain text, hence was venerable to security
breaches. So these shadow file are maintained and they store passwords while
restricting the access only to root, for both User and Groups.
b. In passwd file the password is shown with an x that means that this User has
implemented shadow suite which is applied by default.
These files can be edited by passwd, useradd, adduser, usermod and chage commands (Implementation
done ahead). Where passwd only lets you to edit the password while others can create home directory
and install initialization files.

 The Profile Script Files:

The system profile script is stored in /etc directory. The BASH shell script is called .bashrc, which
also runs /etc/bachrc file to implement any global definitions such as P1 and TREM. As a
superuser you can edit any of these script files.
1. Skeleton Files(/etc/skel):
a. When you create a user you must provide the user with skeleton files. This file
include file for .bash_profile, .bash_rc and .bash_logout. It also contains defaut files
and directories for desktop.
b. As a super user you can also configure .bash_profile or .bash_rc file in the /etc/skel
directory. If one user have his respective file one can redefine variables or add new
commands as they chose.
2. Login Definition File(/etc/login.defs):
a. This holds value for range of possible user and group IDs listed. UID_MIN and
UID_MAX holds values for minimum and maximum number for user id,
create_home is use to inform the useradd command to create a home directory for
the user. Variable for minimum password length is also defined here by the name of
PASS_MIN_LEN.

e.g PASS_MIN_LEN 5
CREATE_HOME yes
 b. There is a file that goes by the name of login.access in the same /etc directory,
where the permissions of each users are defined. By using + and – symbols root can
alter the permissions given to the user, e.g.
+:chris:rabbit.mytrek.com
+:ALL EXCEPT larisa aleina:console

Controlling User Passwords and Applying constrains:

1. passwd command: passwd [-option] [username] [aurgument]

Option Details
This options make the respective account
-d / –delete
password less.
Immediately expires the user’s password and
-e / -expire forces him/her to change his password on next
login
-h / -help Displays help related to the passwd command
This option is followed by an integer value
INACTIVE_DAYS, which set the number of day the
-i / -inactive INACTIVE_DAYS
user can go inactive after the password expires
before the account is deactivated
This option is used when you have to change
password if it has expired. If max day for expire
-k / -keep-tokens
password is 9999 (never) it will change the
password.
It used to lock an account, thus making
-l / -lock
impossible to login to the account using normal
 attempts. It appends ‘!’ symbol with the
password to lock it.
It sets the minimum number (MIN_DAYS) of days
-n / -mindays MIN_DAYS the user will wait to change his/her password
again.
This will not print the statement “Changing
-q / -quite
password for $username”.
This is used to change password for repository
-r / -repository REPO
name ‘REPO’
This option is used to change the root directory
-R / -root CHROOT_DIR
for passwd process for once.
This option shows password status for the user in
-S / -status
*7 fields
This options shows password status for all users
-S[, -status] –a[,-all]
(**-all cannot be used alone )
-u / -unlock This options unlocks the password for the user
This option is user to generate a warning
-w / -wrndays WARN_DAYS message for the user WANR_DAYS before the
password expires
This option will set max days a password is set to
-x / -maxdays MAX_DAYS
be valid after changing.

*7 Fields: Username, Account status (L (Locked), NP (No Password), P (Usable password), Date of last
password change, minimum days for password change, maximum days for password change, warning
period before password expires, inactivity period.
Note: while changing the password, make sure you remember it as it is not echoed on the terminal

2. chage command: chage [-option] [aurguments]

Option Details
Minimum number of days [DAYS] to wait after
-m DAYS
setting a new password
Maximum numbers of days [DAYS] for which a
-M DAYS
password can remain unchanged
-d The last day password was changed
Specify the date [DATE] in mm/dd/yyyy format
-E DATE
for expiring the account
Allowable days [DAYS] of inactivity after which
-I DAYS (Capital i)
the password will expire.
Number of days before to warn for expiration of
-W DAYS
password
-l (small L) Display current password expiration controls

User Account Management Controls:

Linux provides certain commands for user account managements like useradd, etc and also provide
similar commands for user’s group management. Other than that if you have a GUI interface you also
use tools like KUser and GNOME User settings they both are tools to manuplate user accounts and
groups.

User Related Commands:

These commands search and make changes in /etc/passwd, /etc/shadow, /etc/login.defs and /etc/skel
directory.

1. useradd command: it is used to add a new user to your system.

e.g. useradd abc

Options Details
-d dir Used to set the directory of the user
 -D Displays defaults for all settings. Can also be used
to reset default settings for the home directory (-
b), group (-g), shell (-s), expiration date (-e), and
password expirations (-f).
-e mm/dd/yyyy Sets an expiration date for the account (none, by
default). Specified as month/day/year.
-f days Sets the number of days an account remains
active after its password expires.
-g group Sets a group.
-m Creates user’s home directory, if it does not exist.
-m -k skl-dir Sets the skeleton directory that holds skeleton
files, such as .profile files, which are copied to the
user’s home directory automatically when it is
created; the default is /etc/skel.

-M Does not create user’s home directory.

-p password Supplies an encrypted password (crypt or MD5).
With no argument, the account is immediately
disabled.
-s shell Sets the login shell of the new user. This is
/bin/bash by default, the BASH shell.
-u userid Sets the user ID of the new user. The default is
the increment of the highest number used so far.

Note: After adding a new user you will have to assign it a password using passwd command.

e.g. passwd abc

 2. usermod command: it is used to set the above discussed commands for the user, it have the
same option as the useradd commands have, it just provides an explicit interface for the user
options if not set while creating the account. You can additionally lock [-L], unlock [-U] and login
name [-l] for the users account.

3. userdel command: Used to remove a user login form your system.

e.g. userdel –r abdullah

Option Details
-f / --force Forcefull removal of the user, enev if the user
is still logged in. or files not owned by user
-h / --help Get help on the userdel topic
-r / --remove Remove users home and mail spool directory
-R / --root CHROOT_DIR Directory to CHROOT into
-Z / --selinux-user Remove any selinux entry for the user

**Selinux is a distributions of linux with a set of kernel modification developed by red hat
software called Security Enhanced Linux.

User Group Management Files:

These commands search and make changes/edits in /etc/group and /etc/gshadow directories.

The /etc/group contains following information:

i. Group Name: The name of group that must be unique.

ii. Password: The password with shadow implemented indicated by an x in the file.
iii. Group ID: The ID assigned by the OS.
iv. Users: The user names of the group members.

e.g. abdullah:x:1000:

Private Groups: These are special groups that are specially set up of the user. When the user is created a
private group is assigned to him/her by default from OS by the same name of the user. This process is
also called User Private Grouping (UPG).
Group Directories: They are similar to the user files defined in home directory. To create them just
create a directory by the name of the group in /home and then change the group’s home to that
directory.

e.g. mkdir /home/engine

chgrp engine /home/engine

chmod g+rwx /home/engine: //this will allow the group members to perform the read, write and
execute on the group files/directories. By the same procedure you can add shared file and directories in
the group.

Group Management Commands:

Linux provides group management commands like groupadd, groupmod and groupdel.

1. groupadd command: this command is used to add a new group to the system.
groupadd [-option] GROUP

Option Details
-f / --force Exit if group is already created. If used with
–g / --gid GID the it will do the same action
-g / --gid GID If you want to specify the group a specific
group id
-h / --help To view help
-K / --key KEY=value To override the defaults in /etc/login.defs
-o / --non-unique To create a duplicate group with non-unique
GID
-p / --password PASSWORD Use this password for the new group
-r / --system To create a system account

//commands screenshots to be added

2. groupmod command: To change some attribute if the group. groupmod [-option] GROUP

Option Details
-g / --gid GID To change group id of group
-h / --help To get help
-n / --new-name NEW_GROUP_NAME Change the group name to
NEW_GROUP_NAME
-o / --non-unique Allow to use non-unique GID (duplicate)
-p / --password PASSWORD To set the group password to PASSWORD

//command screenshot to be inserted

3. groupdel command: to delete a group. groupdel –r group_name. This will remove the group
group_name.
File Permissions: As we have already studied chmod, chown, umask. Here we will user chgrp command.

chgrp gourp_name filename[s].

//add screenshot of commands here

You can also use a nested command for chown and chgrp. By using the following syntax:

chown user_name:group_name file[s]

//this is the group file as metioned above

//the updated file of groups

Disk Quotas:

The literal meaning of quota is the reserved part that a person or is group is entitled to receive.

In a computer system, we have a disk space that is a primary resource that all the users of the system
will share. There is a probability that one users will consume all the space while the other user won’t be
able to use any of it and even run any application. This happens as the user crate more and more files.
The terminology Disk Quota refers to the shares each user will get the primary storage resource. By
using this art the admin could restrict the disk usage for each registered user. Do perform this we use
Quota Tools.

Quota Tools:

Quota checks can be implemented on file system of a hard disk partition mounted on the system. To
unable quota quotacheck and quotaon commands. They are executed in /etc/rc.d/rc.sysinit script.

Each partition is to be mounted with quota options usrquota (User) and grpquota (Group). These
options usually mount entry in /etc/fstab.

/dev/hda6 /home ext2 defaults, usrquota, grpquota 1 1

This command will mount /dev/hda6 to disk partition to /home directory with support for groups and
users quota.

You also need to create quota.user and quota.group for each partition for quota. You can do this by
running the following statement:

quotacheck –a /dev/hda1: this will create hda1 disk partition on the hard disk partition.

1. edquota command: This command is used to access quota record for a particular user or group.

edquota [-option] User_Name

Option Details
-u Edits the user quota. This is by default
-g Edits group quota
-p Duplicates a quota for user or group
-t Edits soft time limits for each system file

Note: Hard limit deny the user to the ability to exceed the allotted limit while soft limit produces
a warning for the user so that he can edit the quota.
//this is the quota file for groups and users
 2. quota command: this command helps user to view there memory and disk space usage.

Option Details
-u Prints user quota
-g Print user’s group quota details
-v Displays quotas on file system where no
storage is allocated
-q Prints info. on file systems where usage is
over quota

Note: To get a summary of quotas user can use repquota command. E.g. repqouta /dev/hda1. With –a
option we can check all file systems.