0% found this document useful (0 votes)
5 views28 pages

System Administration

Uploaded by

Rouaida Hentati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
5 views28 pages

System Administration

Uploaded by

Rouaida Hentati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

System Administration

Junior TBS

Rouaida Hentati
Chapter 1. Get Started with Red Hat Who Is Red Hat?
Enterprise Linux Red Hat is the world's leading provider of open source
software solutions
LinuxandMicrosoftWindowsarethepredominantoperatingsystems.
Red Hat Enterprise Linux (RHEL) is Red Hat's commercial
What Makes Linux Great?
Opensource software production-grade Linux distribution. Red Hat develops and
Linux is open- source
is software with source integrates open source software into RHEL through a
software.
code that anyone can multistage process.
Linux provides a command-
use, study, modify, and Red Hat participates in supporting individual open-source
line interface (CLI) for easy
share. projects
access and powerful
Users can use the Red Hat sponsors and integrates open-source projects
scripting.
software according to into the community-driven Fedora distribution.
Linux is a modular operating its software license.
Red Hat stabilizes the CentOS Stream software to be
system that is designed to Copyleft licenses
or"share-alike" ready for long-term support and standardization, and
easily replace or remove designedto Permissive licenses
encouragekeeping designedtomaximizecode integrates it into RHEL, the production-ready
components. thecodeopen reusability.
source.
expl: MIT/X11
distribution.
What Is a Linux Distribution? expl:GPLand LGPL
theSimplifiedBSD
theApacheSoftware

Distributions consist of a Fedora


Linux kernel and support user-space programs. Fedora is a community project that produces and releases
Distributions can be small and single-purpose, or can a free, comprehensive Linux-based operating system.
include thousands of open source programs. Fedora prioritizes innovation and excellence above
Distributions provide a means to install and update the long-term stability.
software and its components. packages start out in Fedora and are included into CentOS
The distribution provider supports the software, and Stream only when they are considered mature in stability,
ideally, participates in the development community. security, performance, and customer demand.
CentOS Stream Summary
CentOS Stream is the upstream project for RHEL Open -source software has source code that anyone can
CentOS Stream is a viable replacement for the original freely use, study, modify, and share.
A Linux distribution is an installable operating system that is
downstream RHEL uses a subscription- constructed from a Linux kernel and that supports user
based support model, and
programs and libraries.
does not charge license fees
Red Hat participates in supporting and contributing code to
for open-source software.
open source projects; sponsors and integrates project
software into community-driven distributions; and stabilizes
the software to offer it as supported enterprise-ready
products.
Red Hat Enterprise Linux is the open -source, enterprise-
ready, commercially supported Linux distribution that Red
Hat provides.

A free Red Hat Developer Subscription is a useful method for


obtaining learning resources and information, including
developer subscriptions to Red Hat Enterprise Linux and other
Red Hat products.
APP

Kernel
RHCOS is fundamentally an A Red Hat Universal Base Image (UBI)
image-based RHEL is essentially a freely redistributable
Hardware
container host, which uses derivative of RHEL. UBI is designed to
the Container Runtime be a foundation for cloud-native and
Interface web application use cases that are
developed in containers.
Chapter 2. Access the Command Line Shell basics
Commands that are entered at the shell prompt have three
A command line is a text-based interface that is used to
basic parts:
input instructions to a computer system. The Linux
command line is provided by a program called the shell. the name of the program to run

The shell displays a string when it is waiting for user input, It might be followed by one or more
called the shell prompt. Command to run options

might also be followed by one or


When a regular user more arguments

starts a shell, the


prompt includes an [user@host ~]$
ending dollar ($) To adjust the behavior of the
Options command.
character:
Options normally start with one or
two dashes (-a or --all)
A hash (#) character
when the shell is running [root@host ~]#
as the superuser, root are typically targets of the
Arguments
command.

The shell has capabilities that can enable or simplify


Expl
operations that are hard to accomplish at scale with
usermod -L user01 string
graphical tools.
Log in to a Local System Log in to a Remote System
A terminal is a text-based interface to enter commands In Linux, the most common way to get a shell prompt on a
into and print output from a computer system. To run the remote system is to use Secure Shell (SSH).
shell, you must log in to the computer on a terminal. Expl

[user@host ~]$ ssh remoteuser@remotehost


remoteuser@remotehost's password: password
[remoteuser@remotehost ~]$
the physical console from the Linux machine
In the next example, a user with a shell prompt on the host
The physical console supports multiple virtual machine logs in to remotehost as remoteuser with ssh, by
consoles, which can run on separate terminals. using the public key authentication method.
Each virtual console supports an independent login Expl

[user@host ~]$ ssh -i mylab.pem remoteuser@remotehost


session. [remoteuser@remotehost ~]$

The computer might provide a graphical login prompt on -i => to specify the user's private key.
one of the virtual consoles. For the connection to work, only the user who owns the file can have access to read
the private key file.

Note Note
In Red Hat Enterprise Linux 6 and 7, the graphical login When you first log in to a new machine, you are prompted
screen runs on the first virtual console, but when you log with a warning from ssh that it cannot establish the
in, your initial graphical environment replaces the login authenticity of the host
screen on the first virtual console instead of starting on a
new virtual console. In Red Hat Enterprise Linux 8, the Log Out from a Remote System
behavior is the same as in Red Hat Enterprise Linux 9. Ctrl+D Or
[remoteuser@remotehost ~]$ exit
logout
Access the Command Line with the Key Components of GNOME Shell:
Desktop 1. Top Bar: Provides access to system controls (volume,
network, calendar) and user account settings.
GNOME Desktop Environment: 2. Activities Overview: Organizes windows and applications;
GNOME 40 serves as the default graphical user accessed via the Activities button or the Super key.
interface for Red Hat Enterprise Linux 9, operating on 3. System Menu: Adjusts screen brightness, manages
Wayland or the legacy X Window System. The GNOME network settings, and allows account adjustments.
Shell offers a customizable user interface with the 4. Dash: Displays favorite and running applications, including
"Standard" theme, which can be switched to a a "Show Applications" button for additional options.
"Classic" theme during login. 5. Windows Overview: Thumbnails of active windows for easy
Keyboard Shortcuts: navigation.
Users can view and customize keyboard shortcuts 6. Workspace Selector: Allows users to switch and manage
through the Settings menu. multiple workspaces.
Workspaces:
Workspaces help users organize their environment by
7. Message Tray: Displays notifications and calendar
separating different tasks. Users can switch between events, accessible by clicking the clock on the top bar.
workspaces using keyboard shortcuts or the Activities
Starting a Terminal:
overview.(press Ctrl+Alt+LeftArrow or
To access the command line, users can open the GNOME
Ctrl+Alt+RightArrow to switch between workspaces
Terminal using various methods, including searching from
sequentially)
the Activities overview or using the Alt+F2 command.
Powering Off or Rebooting the System: Locking the Screen and Logging Out:
Shutting down or restarting the system is done via the Users can lock the screen or log out through the system
system menu, with confirmation prompts for both menu. The screen locks automatically after a period of
actions. inactivity.
Execute Commands with the Bash Shell To type more than one command on a single line, use the
semicolon (;) as a command separator.

[user@host ~]$ whoami


user displays the username
The cat (short for
[user@host ~]$ of the user Viewing the Contents of
"concatenate")
a Single File
command is used to:
$ cat /etc/passwd
1. View the contents
Viewing the Contents of
of files.
[user@host ~]$ date Multiple Files
2. Concatenate
Sun Feb 27 08:32:42 PM $ cat file1 file2
+ : Tells the date multiple files
EST 2022 Redirecting Output
command that you're (combine them).
[user@host ~]$ date +%R $ cat file1 file2 >
providing a custom 3. Redirect output to
20:33 combined_file
format for the output. another file or the
[user@host ~]$ date +%x terminal.
02/27/2022

The passwd command Handling Long Files


with no options with less
[user@host ~]$ passwd $ less /etc/passwd
changes the current Press q to exit the
user's password. command.

[user@host ~]$ file


/etc/passwd
The file command cat: Good for short files or when you want to combine
[user@host ~]$ file
inspects the type of file contents. It shows everything at once.
/bin/passwd
files or directories. less: Better for large files
[user@host ~]$ file
/home
Understand Tab Completion :
The head and tail
commands display the Tab completion helps users auto-complete
beginning and the end
$ head /etc/passwd of a file, respectively.
commands and file names in the terminal. By typing
... By default, these part of a command or file name and pressing the Tab
$ tail -n 3 /etc/passwd commands display 10
lines of the file, but key, the shell completes it for you if it's unique.
they both have a -n
option to specify a
different number of Single Tab: If the partially typed characters
lines.
are unique, pressing Tab completes the
command or file name.
[user@host ~]$ wc
/etc/passwd Double Tab: If multiple commands or files
The wc command
41 98 2338
wc -l: Counts the match, pressing Tab twice lists all possible
/etc/passwd number of lines in a
[user@host ~]$ wc -l file.
options.
/etc/passwd ; wc -l wc -w: Counts the Expl
/etc/group number of words in [user@host ~]$ pasTab+Tab
41 /etc/passwd a file. passwd paste pasuspender
63 /etc/group wc -c: Counts the
[user@host ~]$ wc -c number of
/etc/group /etc/hosts characters (or File Name Completion: Works similarly with file
bytes) in a file.
883 /etc/group paths.
114 /etc/hosts Expl
997 total
[user@host ~]$ ls /etc/passTab
Command Option Completion: pressing Tab Arrow Keys: Use the UpArrow and
after typing -- shows all available options. DownArrow keys to scroll through your
Expl previous commands. This allows you to edit
[root@host ~]--Tab+Tab
--badnames --gid --no-log-init --shell
and re-execute commands without retyping.
Alt+Dot (Alt+.): Inserts the last word of the
Writing Long Commands on Multiple Lines previous command at the current cursor
Backslash (\): Use the backslash at the end position. Repeated presses cycle through
of a line to continue a command on the next line. earlier commands.
(Secondary Prompt: When you use the backslash, the shell
provides a continuation prompt (> by default) on the next
line. It's a visual cue that the command is continuing.)

Command History
history Command: Lists previously executed
commands, each with a unique number.
Exclamation Point (!): Allows you to quickly rerun
previous commands.
!number: Runs the command corresponding
to the specified history number.
!string: Runs the most recent command
starting with that string.
Significant Red Hat Enterprise Linux Directories
Chapter 3. Manage Files from the
/boot Files to start the boot process.
Command Line
The File-system Hierarchy /dev
Special device files that the system uses to access
hardware.
The Linux system stores all files on file systems, which
are organized into a single inverted tree known as a file- /etc System-specific configuration files.

system hierarchy. This hierarchy is an inverted tree


because the tree root is at the top, and the branches of /home
Home directory, where regular users store their data and
configuration files.
directories and subdirectories stretch below the root.
/root Home directory for the administrative superuser, root.

... Runtime data for processes that started since the last
/run
boot.

/temp A world-writable space for temporary files.

Installed software, shared libraries, including files, and


Static content remains unchanged until explicitly read-only program data. Significant subdirectories in the
/usr directory include the following commands:
edited or reconfigured. /usr /usr/bin: User commands
Dynamic or variable content might be modified or /usr/sbin: System administration commands
appended by active processes. /usr/local: Locally customized software

Persistent content remains after a reboot, such as


configuration settings.
Runtime content from a process or from the system is /var
System-specific variable data should persist between
boots. Files that dynamically change, such as databases...
deleted on reboot.
Specify Files by Name 2-Relative Paths:
Absolute Paths and Relative Paths A relative path gives directions to a file or folder
=>The path of a file or directory specifies its based on your current location (current working
unique file-system location directory).
Absolute Paths Unlike an absolute path, which starts from the root
the exact location of the file in the file-system (/), a relative path doesn’t start with a forward
hierarchy slash. It just gives the path from where you are now.
a path name with a forward slash (/) as the first Example: If you're in /var, the path
character is an absolute path name. log/messages points to the /var/log/messages
file.
3-Case Sensitivity:
The Current Working Directory and Relative
Linux file systems (like ext4, XFS) are case-
Paths
sensitive.
1-Current Working Directory:
On non-Linux file systems (like Microsoft's NTFS or
When you open a terminal, you start in your "home
Apple's HFS+), the system might preserve the case
directory" (your personal folder).
(show it how you wrote it), but not be case-sensitive.
The current working directory is wherever you are
On these systems, FileCase.txt and filecase.txt
at the moment in the file system. As you move
around (change directories), this location would point to the same file.
changes.
Navigate Paths in the File System

$ pwd moves you up one level to the


print working directory $ cd ..
/home/user parent directory.

lists the contents of a directory


$ ls Desktop If you don't specify a directory, it lists switches you back and forth
$ cd -
Documents ... the files and folders in your current between two directories.
directory.

change directory Tilde (~) Special Character:


moves you to a different folder. The tilde (~) represents your home
absolute paths (e.g., directory. You can combine it with
$ cd Videos
/home/user/Documents) or relative $ ls -l ~ commands to interact with files in
[user@host
paths (e.g., Documents). your home directory, no matter
Videos]$ pwd
If you run cd without any arguments, it where you are in the file system.
brings you back to your home
directory (~).

The . represents "the current


The touch command updates the directory" in commands, so you can
$ touch cp file.txt
timestamp of a file. If the file doesn’t use it as a shortcut instead of typing
Videos/blockb ./file_backup.txt
exist, it creates an empty file, which is out the full path to your current
uster1.ogg
useful for practice or testing. directory

$ ls -a Files that start with a dot (.) are ls -al:


.bashrc hidden. They don’t show up in normal This command lists files in the current directory in long format (-l)
.bash_profile ls listings. and includes hidden files (-a). Hidden files are those that begin with
.config To view hidden files, use ls -a a dot (.), and the long format provides details like file permissions,
ownership, and timestamps.
Manage Files with Command-line Tools

The mkdir command creates The rm command deletes


directories files, but not directories by
You can create multiple default. To remove
directories at once by listing their directories and their
names separated by spaces. contents, use the -r option.
mkdir ProjectX rm file.txt
The -p option creates missing You can use rm -i for
parent directories if needed. interactive deletion, where it
rm -r directory_name/
(Be cautious when using -p because asks for confirmation before
it can unintentionally create deleting.
misspelled directories) Important: There is no
undelete feature in the
command line.

Copying Files and Directories


cp file1.txt The cp command copies files, and -i (interactive): Prompts you for confirmation before
file2.txt by default does not copy each removal. You will have to type y or n to confirm
target_dir/ directories unless the -r
whether you want to delete each file.
(recursive) option is used.
cp -r source_dir/ -f (force): Forces the removal of files without any
You can copy multiple files to a
target_dir/ directory by specifying the target confirmation, even if the files are write-protected. This
directory as the last argument. option also suppresses error messages.

mv oldname.txt
The mv command can both move The rmdir command
newname.txt
files to a new location and removes only empty
rename files. rmdir EmptyDir directories.
mv file.txt
path changes, but the content rm -r nonEmptyDir For non-empty directories,
destination_direc
remains unchanged. you must use rm -r.
tory/
Make Links Between Files
You can create multiple file names that point to the same file. These file names are called links.

Hard Links Symbolic Links (Soft Links)


When a hard link is created, it acts like the original file A special file that points to another file or directory.
name. =>Points to another file or directory by name. If the target is
=>Points directly to data. If a hard link is deleted, the data deleted, the link becomes a "dangling" link.
still exists as long as other hard links reference it. Use case:Use symbolic links for cross-file-system links or
Use case: Use hard links when you need multiple references when you want to link to directories.
to the same data within the same file system. Key Properties:
Key Properties: Symbolic links work across different file systems and can
Each file starts with one hard link (its original name). link to directories.
All hard links share the same inode number, When the target file is deleted, the symbolic link
permissions, ownership, timestamps, and data. remains but points to nothing (dangling link).
Deleting the original file doesn't delete the data if other Behavior:
hard links exist. Deleting a symbolic link does not affect the original file.
Hard links can only be created for regular files, not If a new file with the same name as the deleted target is
directories or special files. created, the symbolic link will point to the new file.
Hard links must be on the same file system.
Limitations:
Hard links can’t be created across different file
systems or for directories.

ln originalfile.txt hardlink.txt
ln -s /path/to/originalfile.txt symlink.txt
ls -il originalfile.txt hardlink.txt # shows same
ls -l symlink.txt # shows the link destination
inode numbers
Match File Names with Shell Expansions ~: Expands to the user's home directory.
Bash Shell Expansions: ~username: Expands to another user's
When a command is typed, Bash performs several Tilde home directory.
expansions to transform it before executing. These Expansion Example:
echo ~user: Outputs /home/user.
include:
Select files by using patterns These patterns
include wildcards Variables store values, which can be accessed
Common wildcards include: using $VARNAME or ${VARNAME}.
Variable
*: Matches any string (including zero Example:
characters).
Expansion USERNAME=operator; echo $USERNAME:
?: Matches any single character. Outputs operator.
Pathname [ABC]: any character inside the brackets.
[!abc] or [^abc]: character not inside the
Expansion Executes a command and replaces it with the
brackets.
(Globbing) [[:alpha:]]: Any alphabetic character output.
[[:alnum:]:Any alphabetic character or digit Done using $(command).
Examples: Command Example:
ls a*: Matches files starting with "a". echo Today is $(date +%A): Outputs Today
Substitution
ls *a*: Matches files containing "a". is Wednesday.
Note:An earlier form of command substitution uses
ls ????: Matches files with exactly four
backticks: `command`. Although the Bash shell still
characters. accepts this format, try to avoid it

Protecting Arguments from Expansion


Expands sets of comma-separated strings or
ranges. Backslash (\): Escapes a character to prevent its expansion.
Useful for generating patterns or creating Single quotes (' '): Prevents all expansions.
Brace multiple files. Double quotes (" "): Allows variable and command substitution but
Expansion Examples: blocks pathname expansion.
echo {Sunday,Monday}.log: Expands to Examples:
Sunday.log Monday.log. echo \$HOME: Outputs $HOME without expansion.
mkdir RHEL{7,8,9}: Creates directories RHEL7, echo "***** hostname is ${myhost} *****": Expands myhost inside the
RHEL8, RHEL9. quotes.
Navigate and Search man Pages
Chapter 4. Get Help in Red Hat Enterprise
Linux
One source of documentation that is generally
available on the local system is system manual pages
or man pages
Common Sections of the Linux Manual

Each section number helps to distinguish topics with similar names, such as
passwd(1) (for the password-changing command) and passwd(5) (for
the password file format).
Search Techniques:
The man -K (uppercase) option searches for the keyword in the
full-text page, not only in the titles and descriptions
man -K keyword performs a full-text search, although it is
resource-intensive and time-consuming.
Man pages usually contain standardized sections

Summary
Use the man command to view man pages and to
display information about components of a Linux
system, such as files, commands, and functions.
By convention, to refer to a man page, the name of a
page is followed by its section number in parentheses.
You can use regular expressions to search content in
man pages.

Note
Comma-separated options on a single line, such as -, -l, and
--login, all result in the same behavior.

Note
The man command -t option prepares a man page for
printing, using by default PostScript.
Chapter 5. Create, View, and Edit Text Files

Edit Text Files from the Shell Prompt Vim Operating Modes:
Edit Files with Vim
Vim (Vi IMproved) is a powerful text editor, an enhanced highlight and
manipulate
version of the original vi editor, that is often used in these text

environments.
Benefits of Using Vim
Pre-installed and Accessible
Available Across Platforms
No Need for a GUI
Getting Started with Vim The Minimum, Basic Vim Workflow
Vim comes in different variants, most notably: The u key undoes the most recent edit.
vim-minimal: A lightweight version with the basic vi The x key deletes a single character.
The :w command writes (saves) the file and remains in command mode for
editor functionality. more editing.
vim-enhanced: A more feature-rich version that The :wq command writes (saves) the file and quits Vim.
includes an online help system, syntax highlighting, The :q! command quits Vim, and discards all file changes since the last
write.
and various other tools to improve productivity.
On most modern systems, if you type vi filename, you'll
Customizing Vim with Configuration Files
Vim is highly customizable, and its behavior can be altered using configuration files.
likely get the vim editor, especially if vim-enhanced is The two main files are:
installed. However, users can manually invoke vim by 1. /etc/vimrc: This file affects all users on the system.
2. ~/.vimrc: This file affects only the individual user.
typing vim filename. In these files, you can set preferences like:
if vim-minimal is installed If vim-enhanced is installed
Default tab spacing (for example, set ts=4 for a tab width of 4 spaces).
vi filename vim filename
Syntax highlighting.
Line numbering.
Change the Shell Environment: If you have a file path stored in a variable, you can use the
In the Bash shell, variables are used to store values that variable in commands like ls or rm:
Expl
can be used in commands and scripts. These variables can file1=/tmp/tmp.z9pXW0HqcC
be set for a particular shell session, modified, exported ls -l $file1 # Shows file details
rm $file1 # Removes the file
as environment variables, and used by other programs.
1. Shell Variables Curly Braces:
A shell variable holds a value and can be used to simplify If you need to use a variable next to other characters (e.g., a
command execution or configure the shell's behavior. string with additional characters), it's a good idea to enclose the
Setting a variable: To assign a value to a shell variable, use the variable name in curly braces . This avoids ambiguity.
following syntax: [user@host ~]$ VARIABLENAME=value Expl

Variable names: They cannot start with a digit. echo Repeat ${COUNT}x # Prints: Repeat 40x
2. Listing Shell Variables
To list all variables currently set in the shell, use the set 4. Shell Behavior and Built-in Variables
command. This lists both shell variables and functions. You can Some shell variables are pre-set by Bash and control
use less to view the output one page at a time: [user@host ~]$ set | less
the shell's behavior. For example:
3. Variable Expansion HISTFILE: Specifies where the shell history is
To retrieve the value of a variable, use variable expansion, which
saved.
involves preceding the variable name with a dollar sign ($). This is
HISTFILESIZE: Defines how many commands to
typically done with commands like echo.
keep in history.
Expl

COUNT=40
PS1: Defines the shell prompt appearance.
echo $COUNT # Prints: 40
5. Environment Variables 6. Making Variables Permanent
An environment variable is a special type of variable To set variables permanently, you can modify shell
that is inherited by programs run from the shell, initialization files (such as .bashrc or .bash_profile)
allowing you to configure their behavior. You can set Interactive Shells:
environment variables using the export command. These are shells where you interact with the system (e.g.,
Setting an environment variable: when you open a terminal). For interactive shells,
Expl variables are usually set in the ~/.bashrc file.
export EDITOR=vim # Sets the default text editor Login Shells:
These are shells that are started when you log in (locally
Some common environment variables: or via SSH). You can modify the ~/.bash_profile file to set
LANG: Sets the system language and locale (e.g., variables that should only be applied after login.
en_US.UTF-8 for US English). For system-wide settings, you might use
PATH: Lists directories where executables are /etc/profile or /etc/bashrc.
located. When you run a command, the shell looks for 7. Shell Aliases
the command in each of these directories. An alias is a shortcut for a command. If you regularly use
HOME: Points to the current user's home directory. a long command, you can create an alias to simplify it.
Expl To make aliases permanent, add them to the ~/.bashrc f.
export PATH=$PATH:/home/user/sbin
# Adds /home/user/sbin to the PATH
8. Unsetting Variables and Aliases

unset export -n unalias


9. Example of Setting Up a Default Editor
If you want to set the default text editor to nano whenever you log in, add the following to your
~/.bash_profile => export EDITOR=nano
a => to see all
Chapter 6. Manage Local Users and all processes with
the first column shows the
username.
a terminal.
Groups
Users are individual accounts for humans or programs to The output of the preceding command displays users by
interact with a system securely.
name, but internally the operating system uses UIDs to
Each user has a username and a UID (User ID) for
track users.
identification.
The mapping of usernames to UIDs is defined in databases
Types of users:
Superuser (root): UID = 0; has unrestricted system of account information.
access. By default, systems use the /etc/passwd file to store
System Users: Used by services (daemons) to run information about local users.
securely without root privileges. User Information Storage:
Regular Users: Created for individuals; have limited [user01@host ~]$ cat /etc/passwd
permissions. ...output omitted...
user01:x:1000:1000:User One:/home/user01:/bin/bash
Commands:
Consider each part of the code block, separated by a colon:
id View user and group details.
The username for this user.
The user's encrypted password was historically stored here; it is now a
placeholder.
id user02 View information about another user
The UID number for this user account.
The GID number for this user account's primary group. Groups are
ls -l file.txt View the owner of a file discussed later in this section.
A brief comment, description, or the real name for this user.
The user's home directory, and the initial working directory when the
ls -ld Documents View the owner of a directory login shell starts.
The default shell program for this user that runs at login. Some
accounts use the /sbin/nologin shell to disallow interactive logins with
Display processes associated with that account.
ps -au
specific users.
Groups organize users to manage shared access to files Primary Groups and Supplementary Groups
and resources. 1. Primary Group:
Each group has: Every user has one primary group.
The primary group is identified by its GID in the /etc/passwd
A group name and a GID (Group ID).
file.
Users can belong to:
Files created by the user are owned by their primary group.
A Primary Group: Defines ownership of files. 2. User Private Group:
Supplementary Groups: Grant additional When a regular user is created, a group with the same name as
permissions. the user is also created as their primary group.
The user is the sole member of this "User Private Group."
User Information Storage:
This design simplifies file permission management by keeping
[user01@host ~]$ cat /etc/group
user groups separated by default.
...output omitted...
group01:x:10000:user01,user02,user03 3. Supplementary Groups:
Users can belong to additional groups, called supplementary
Consider each part of the code block, separated by a colon: groups.
Name for this group. Membership in supplementary groups is stored in the
Obsolete group password field; it is now a placeholder. /etc/group file.
The GID number for this group (10000).
A list of users that are members of this group as a supplementary
Access to files is granted if any of the user's groups (primary
group. or supplementary) have the required permissions.
4. Viewing Group Membership:
Use the id command to display a user's primary and
supplementary groups.
Example output for user01:
Primary group: user01 (GID = 1003).
Supplementary groups: wheel, group01.
Gain Superuser Access 2.Running Commands with sudo superuser do
The sudo command allows authorized users to run commands as
The superuser in Linux is typically the root account, which has full
another user (often root) without knowing the target account's
system control, including:
password.
Managing system files and directories.
Installing/removing software.
Authentication:
Overriding file system privileges.
Uses the current user’s password for verification.
Logging:
Security Risks:
Logs every sudo command to /var/log/secure, enhancing
Directly logging in as root can lead to vulnerabilities.
accountability.
It is recommended to log in as a normal user and temporarily
Configuration:
escalate privileges only when needed.
The /etc/sudoers file defines who can use sudo and under what
conditions.
Comparison with Windows:
Use visudo to safely edit /etc/sudoers, preventing syntax errors.
The Linux root account is similar to the local Administrator
%wheel ALL=(ALL:ALL) ALL
account in Windows. sudoers file name
Modern systems discourage direct root login, promoting 3. Interactive Root Shell with sudo -i
mechanisms like sudo for privilege escalation. sudo -i provides a shell with root privileges, loading the root
1.Switching User Accounts with su user's login scripts.
switch user sudo -s provides a shell without loading the login scripts.
4.Configuring sudo Access (Granting Access)
Switch to user_name with a login shell and
su - user_name
the user's environment. To a user: Add a file Passwordless
user01 ALL=(ALL) ALL
in /etc/sudoers.d/ Access:

Defaults to switching to root without


su
changing the environment. To a group %group01 ALL=(ALL) ALL
ansible
ALL=(ALL)
NOPASSWD:
su: Retains the current user's environment settings. To a command %games ALL=(operator) /bin/id ALL

su -: Initializes the target user's environment settings.


6. Key Differences Between su and sudo
usermod username Modify an existing user

Common options with usermod:

Manage Local User Accounts


Creates a new user named username.
Sets up:
Home directory.
Account information.
useradd username A private group named after the user.
No password is set initially. The account
is inactive until a password is added with
the passwd command. Removes the user account from
/etc/passwd.
userdel username
Home directory remains intact.

useradd username us2 us2 is the password


Removes the user account and
userdel -r username
deletes the home directory.
The /etc/login.defs file sets some default options for user accounts,
such as the range of valid UID numbers and default password aging
rules. The values in this file affect only newly created user accounts. A Sets or updates the password for
passwd username
change to this file does not affect existing users. a user.

Default UID Assignment: UID Ranges


New users are assigned the first available UID ≥ 1000. UID 0: Root (superuser).
Use the -u option with useradd to assign a specific UID.
UID 1-200: Static system processes.
UID 201-999: Dynamic system processes.
UID 1000+: Regular users.
Managing Groups
Managing Local Groups Managing Group Membership

Creates a group with The next


available GID from the range defined
groupadd group_name
in /etc/login.defs
usermod -g
groupadd -g 10000 Change a user's primary group
pecifying GID: Use the -g option. group_name username
group01
System Groups: Use the -r option for
system groups.

groupmod group_name Add a user to a supplementary group


groupmod -n new_name Modify group properties. with
usermod -aG
old_name Rename Group: Use the -n option.
group_name username
groupmod -g new_gid Change GID: Use the -g option. -a => append : to retain existing
group_name supplementary group memberships.

newgrp group01 Switch primary groups temporarily

Deletes the specified group.


Restrictions:
Primary Group Supplementary Groups
Cannot delete a group if it is
the primary group of an
groupdel group_name
existing user.
Ensure no files are owned by Defines group ownership for Provide additional access to
the group before deletion. new files created by the user. files and resources.
Only one primary group per No difference in access
user at any time. permissions between primary
and supplementary groups.
Manage User Passwords
encrypted passwords were stored in /etc/shadow Default Password Aging Policies
Each entry in /etc/shadow has nine colon-separated fields. For Defined in /etc/login.defs:
example: PASS_MAX_DAYS: Maximum days a password is valid.
user03:$6$CSsXsd3rwghsdfarf:17933:0:99999:7:2:18113:
PASS_MIN_DAYS: Minimum days before a password change.
PASS_WARN_AGE: Warning period before expiration.
$6$CSsXcYG1L/4ZfHr/$2W6evvJahUfzfHpc9X.45Jc6H30E
Hashing algorithm: $6$ .
Salt: Adds randomness to the hash to prevent pre-computed attacks.
encrypted password. Cryptographical hash: The actual hash value of the password. Restrict Access
Days since 1970-01-01 when the password was last changed.
Minimum days between password changes.
Maximum days before the password expires # usermod -L Lock accounts: Prevent user login
Days of warning before password expiration sysadmin03
Days after password expiration before the account is locked.
Account expiration date in days since 1970-01-01.
(empty): Reserved for future use. # usermod -L -e
2022-08-14 Lock and expire accounts
cloudadmin10
Configure Password Aging
The chage command manages password aging policies:
Set minimum age (-m): Minimum days between password changes. # usermod -U Unlock accounts: Enable user login
sysadmin03 again
Set maximum age (-M): Maximum days before expiration.
Set warning period (-W): Days to warn users before expiration.
Set inactivity period (-I): Days after expiration before account Prevents interactive logins for
accounts that should not log in
lock # usermod -s
directly.
/sbin/nologin
but does not block all access. Users
newapp
might still authenticate using other
applications

You might also like