System Administration

Junior TBS

Rouaida Hentati
Chapter 1. Get Started with Red Hat Who Is Red Hat?
Enterprise Linux Red Hat is the world's leading provider of open source
software solutions
LinuxandMicrosoftWindowsarethepredominantoperatingsystems.
Red Hat Enterprise Linux (RHEL) is Red Hat's commercial
What Makes Linux Great?
Opensource software production-grade Linux distribution. Red Hat develops and
Linux is open- source
is software with source integrates open source software into RHEL through a
software.
code that anyone can multistage process.
Linux provides a command-
use, study, modify, and Red Hat participates in supporting individual open-source
line interface (CLI) for easy
share. projects
access and powerful
Users can use the Red Hat sponsors and integrates open-source projects
scripting.
software according to into the community-driven Fedora distribution.
Linux is a modular operating its software license.
Red Hat stabilizes the CentOS Stream software to be
system that is designed to Copyleft licenses
or"share-alike" ready for long-term support and standardization, and
easily replace or remove designedto Permissive licenses
encouragekeeping designedtomaximizecode integrates it into RHEL, the production-ready
components. thecodeopen reusability.
source.
expl: MIT/X11
distribution.
What Is a Linux Distribution? expl:GPLand LGPL
theSimplifiedBSD
theApacheSoftware

Distributions consist of a Fedora

Linux kernel and support user-space programs.
Distributions can be small and single-purpose, or can
include thousands of open source programs.
Distributions provide a means to install and update the
software and its components.
The distribution provider supports the software, and
ideally, participates in the development community.
Fedora is a community project that produces and releases
a free, comprehensive Linux-based operating system.
Fedora prioritizes innovation and excellence above
long-term stability.
packages start out in Fedora and are included into CentOS
Stream only when they are considered mature in stability,
security, performance, and customer demand.
CentOS Stream Summary
CentOS Stream is the upstream project for RHEL Open -source software has source code that anyone can
CentOS Stream is a viable replacement for the original freely use, study, modify, and share.
A Linux distribution is an installable operating system that is
downstream RHEL uses a subscription- constructed from a Linux kernel and that supports user
based support model, and
programs and libraries.
does not charge license fees
Red Hat participates in supporting and contributing code to
for open-source software.
open source projects; sponsors and integrates project
software into community-driven distributions; and stabilizes
the software to offer it as supported enterprise-ready
products.
Red Hat Enterprise Linux is the open -source, enterprise-
ready, commercially supported Linux distribution that Red
Hat provides.

A free Red Hat Developer Subscription is a useful method for

obtaining learning resources and information, including
developer subscriptions to Red Hat Enterprise Linux and other
Red Hat products.
APP

Kernel
RHCOS is fundamentally an A Red Hat Universal Base Image (UBI)
image-based RHEL is essentially a freely redistributable
Hardware
container host, which uses derivative of RHEL. UBI is designed to
the Container Runtime be a foundation for cloud-native and
Interface web application use cases that are
developed in containers.
Chapter 2. Access the Command Line Shell basics
Commands that are entered at the shell prompt have three
A command line is a text-based interface that is used to
basic parts:
input instructions to a computer system. The Linux
command line is provided by a program called the shell. the name of the program to run

The shell displays a string when it is waiting for user input, It might be followed by one or more
called the shell prompt. Command to run options

might also be followed by one or

When a regular user more arguments

starts a shell, the

prompt includes an [user@host ~]$
ending dollar ($) To adjust the behavior of the
Options command.
character:
Options normally start with one or
two dashes (-a or --all)
A hash (#) character
when the shell is running [root@host ~]#
as the superuser, root are typically targets of the
Arguments
command.

The shell has capabilities that can enable or simplify

Expl
operations that are hard to accomplish at scale with
usermod -L user01 string
graphical tools.
Log in to a Local System Log in to a Remote System
A terminal is a text-based interface to enter commands In Linux, the most common way to get a shell prompt on a
into and print output from a computer system. To run the remote system is to use Secure Shell (SSH).
shell, you must log in to the computer on a terminal. Expl

[user@host ~]$ ssh remoteuser@remotehost

the physical console from the Linux machine
The physical console supports multiple virtual
consoles, which can run on separate terminals.
Each virtual console supports an independent login
remoteuser@remotehost's password: password
[remoteuser@remotehost ~]$
In the next example, a user with a shell prompt on the host
machine logs in to remotehost as remoteuser with ssh, by
using the public key authentication method.
Expl

[user@host ~]$ ssh -i mylab.pem remoteuser@remotehost

session. [remoteuser@remotehost ~]$

The computer might provide a graphical login prompt on -i => to specify the user's private key.
one of the virtual consoles. For the connection to work, only the user who owns the file can have access to read
the private key file.

Note Note
In Red Hat Enterprise Linux 6 and 7, the graphical login When you first log in to a new machine, you are prompted
screen runs on the first virtual console, but when you log with a warning from ssh that it cannot establish the
in, your initial graphical environment replaces the login authenticity of the host
screen on the first virtual console instead of starting on a
new virtual console. In Red Hat Enterprise Linux 8, the Log Out from a Remote System
behavior is the same as in Red Hat Enterprise Linux 9. Ctrl+D Or
[remoteuser@remotehost ~]$ exit
logout
Access the Command Line with the
Desktop
GNOME Desktop Environment:
GNOME 40 serves as the default graphical user
interface for Red Hat Enterprise Linux 9, operating on
Wayland or the legacy X Window System. The GNOME
Shell offers a customizable user interface with the
"Standard" theme, which can be switched to a
"Classic" theme during login.
Keyboard Shortcuts:
Users can view and customize keyboard shortcuts
through the Settings menu.
Workspaces:
Workspaces help users organize their environment by
separating different tasks. Users can switch between
workspaces using keyboard shortcuts or the Activities
overview.(press Ctrl+Alt+LeftArrow or
Ctrl+Alt+RightArrow to switch between workspaces
sequentially)
Powering Off or Rebooting the System:
Shutting down or restarting the system is done via the
system menu, with confirmation prompts for both
actions.
Key Components of GNOME Shell:
1. Top Bar: Provides access to system controls (volume,
network, calendar) and user account settings.
2. Activities Overview: Organizes windows and applications;
accessed via the Activities button or the Super key.
3. System Menu: Adjusts screen brightness, manages
network settings, and allows account adjustments.
4. Dash: Displays favorite and running applications, including
a "Show Applications" button for additional options.
5. Windows Overview: Thumbnails of active windows for easy
navigation.
6. Workspace Selector: Allows users to switch and manage
multiple workspaces.
7. Message Tray: Displays notifications and calendar
events, accessible by clicking the clock on the top bar.
Starting a Terminal:
To access the command line, users can open the GNOME
Terminal using various methods, including searching from
the Activities overview or using the Alt+F2 command.
Locking the Screen and Logging Out:
Users can lock the screen or log out through the system
menu. The screen locks automatically after a period of
inactivity.
Execute Commands with the Bash Shell To type more than one command on a single line, use the
semicolon (;) as a command separator.

[user@host ~]$ whoami

user displays the username
The cat (short for
[user@host ~]$ of the user Viewing the Contents of
"concatenate")
a Single File
command is used to:
$ cat /etc/passwd
1. View the contents
Viewing the Contents of
of files.
[user@host ~]$ date Multiple Files
2. Concatenate
Sun Feb 27 08:32:42 PM $ cat file1 file2
+ : Tells the date multiple files
EST 2022 Redirecting Output
command that you're (combine them).
[user@host ~]$ date +%R $ cat file1 file2 >
providing a custom 3. Redirect output to
20:33 combined_file
format for the output. another file or the
[user@host ~]$ date +%x terminal.
02/27/2022

The passwd command Handling Long Files

with no options with less
[user@host ~]$ passwd $ less /etc/passwd
changes the current Press q to exit the
user's password. command.

[user@host ~]$ file

/etc/passwd
The file command cat: Good for short files or when you want to combine
[user@host ~]$ file
inspects the type of file contents. It shows everything at once.
/bin/passwd
files or directories. less: Better for large files
[user@host ~]$ file
/home
 Understand Tab Completion :
The head and tail
commands display the Tab completion helps users auto-complete
beginning and the end
$ head /etc/passwd of a file, respectively.
commands and file names in the terminal. By typing
... By default, these part of a command or file name and pressing the Tab
$ tail -n 3 /etc/passwd commands display 10
lines of the file, but key, the shell completes it for you if it's unique.
they both have a -n
option to specify a
different number of Single Tab: If the partially typed characters
lines.
are unique, pressing Tab completes the
command or file name.
[user@host ~]$ wc
/etc/passwd Double Tab: If multiple commands or files
The wc command
41 98 2338
wc -l: Counts the match, pressing Tab twice lists all possible
/etc/passwd number of lines in a
[user@host ~]$ wc -l file.
options.
/etc/passwd ; wc -l wc -w: Counts the Expl
/etc/group number of words in [user@host ~]$ pasTab+Tab
41 /etc/passwd a file. passwd paste pasuspender
63 /etc/group wc -c: Counts the
[user@host ~]$ wc -c number of
/etc/group /etc/hosts characters (or File Name Completion: Works similarly with file
bytes) in a file.
883 /etc/group paths.
114 /etc/hosts Expl
997 total
[user@host ~]$ ls /etc/passTab
 Command Option Completion: pressing Tab
after typing -- shows all available options.
Expl
[root@host ~]--Tab+Tab
--badnames --gid --no-log-init --shell
Writing Long Commands on Multiple Lines
Backslash (\): Use the backslash at the end
of a line to continue a command on the next line.
(Secondary Prompt: When you use the backslash, the shell
provides a continuation prompt (> by default) on the next
line. It's a visual cue that the command is continuing.)
Arrow Keys: Use the UpArrow and
DownArrow keys to scroll through your
previous commands. This allows you to edit
and re-execute commands without retyping.
Alt+Dot (Alt+.): Inserts the last word of the
previous command at the current cursor
position. Repeated presses cycle through
earlier commands.

Command History
history Command: Lists previously executed
commands, each with a unique number.
Exclamation Point (!): Allows you to quickly rerun
previous commands.
!number: Runs the command corresponding
to the specified history number.
!string: Runs the most recent command
starting with that string.
 Significant Red Hat Enterprise Linux Directories
Chapter 3. Manage Files from the
Command Line
The File-system Hierarchy
The Linux system stores all files on file systems, which
are organized into a single inverted tree known as a file-
system hierarchy. This hierarchy is an inverted tree
because the tree root is at the top, and the branches of
directories and subdirectories stretch below the root.
...
Static content remains unchanged until explicitly
edited or reconfigured.
Dynamic or variable content might be modified or
appended by active processes.
Persistent content remains after a reboot, such as
configuration settings.
Runtime content from a process or from the system is
deleted on reboot.
/boot Files to start the boot process.
/dev
Special device files that the system uses to access
hardware.
/etc System-specific configuration files.
/home
Home directory, where regular users store their data and
configuration files.
/root Home directory for the administrative superuser, root.
Runtime data for processes that started since the last
/run
boot.
/temp A world-writable space for temporary files.
Installed software, shared libraries, including files, and
read-only program data. Significant subdirectories in the
/usr directory include the following commands:
/usr /usr/bin: User commands
/usr/sbin: System administration commands
/usr/local: Locally customized software
/var
System-specific variable data should persist between
boots. Files that dynamically change, such as databases...
Specify Files by Name
Absolute Paths and Relative Paths
=>The path of a file or directory specifies its
unique file-system location
Absolute Paths
the exact location of the file in the file-system
hierarchy
a path name with a forward slash (/) as the first
character is an absolute path name.
The Current Working Directory and Relative
Paths
1-Current Working Directory:
When you open a terminal, you start in your "home
directory" (your personal folder).
The current working directory is wherever you are
at the moment in the file system. As you move
around (change directories), this location
changes.
2-Relative Paths:
A relative path gives directions to a file or folder
based on your current location (current working
directory).
Unlike an absolute path, which starts from the root
(/), a relative path doesn’t start with a forward
slash. It just gives the path from where you are now.
Example: If you're in /var, the path
log/messages points to the /var/log/messages
file.
3-Case Sensitivity:
Linux file systems (like ext4, XFS) are case-
sensitive.
On non-Linux file systems (like Microsoft's NTFS or
Apple's HFS+), the system might preserve the case
(show it how you wrote it), but not be case-sensitive.
On these systems, FileCase.txt and filecase.txt
would point to the same file.
Navigate Paths in the File System

$ pwd moves you up one level to the

print working directory $ cd ..
/home/user parent directory.

lists the contents of a directory

$ ls Desktop If you don't specify a directory, it lists switches you back and forth
$ cd -
Documents ... the files and folders in your current between two directories.
directory.

change directory Tilde (~) Special Character:

moves you to a different folder. The tilde (~) represents your home
absolute paths (e.g., directory. You can combine it with
$ cd Videos
/home/user/Documents) or relative $ ls -l ~ commands to interact with files in
[user@host
paths (e.g., Documents). your home directory, no matter
Videos]$ pwd
If you run cd without any arguments, it where you are in the file system.
brings you back to your home
directory (~).

The . represents "the current

The touch command updates the
$ touch
timestamp of a file. If the file doesn’t
Videos/blockb
exist, it creates an empty file, which is
uster1.ogg
useful for practice or testing.
directory" in commands, so you can
cp file.txt
use it as a shortcut instead of typing
./file_backup.txt
out the full path to your current
directory

$ ls -a Files that start with a dot (.) are ls -al:

.bashrc hidden. They don’t show up in normal This command lists files in the current directory in long format (-l)
.bash_profile ls listings. and includes hidden files (-a). Hidden files are those that begin with
.config To view hidden files, use ls -a a dot (.), and the long format provides details like file permissions,
ownership, and timestamps.
Manage Files with Command-line Tools
The mkdir command creates
directories
You can create multiple
directories at once by listing their
names separated by spaces.
mkdir ProjectX
The -p option creates missing
parent directories if needed.
(Be cautious when using -p because
it can unintentionally create
misspelled directories)
Copying Files and Directories
cp file1.txt The cp command copies files, and
file2.txt by default does not copy
target_dir/ directories unless the -r
(recursive) option is used.
cp -r source_dir/
You can copy multiple files to a
target_dir/ directory by specifying the target
directory as the last argument.
mv oldname.txt
The mv command can both move
newname.txt
files to a new location and
rename files.
mv file.txt
path changes, but the content
destination_direc
remains unchanged.
tory/
The rm command deletes
files, but not directories by
default. To remove
directories and their
contents, use the -r option.
rm file.txt
You can use rm -i for
interactive deletion, where it
rm -r directory_name/
asks for confirmation before
deleting.
Important: There is no
undelete feature in the
command line.
-i (interactive): Prompts you for confirmation before
each removal. You will have to type y or n to confirm
whether you want to delete each file.
-f (force): Forces the removal of files without any
confirmation, even if the files are write-protected. This
option also suppresses error messages.
The rmdir command
removes only empty
rmdir EmptyDir directories.
rm -r nonEmptyDir For non-empty directories,
you must use rm -r.
Make Links Between Files
You can create multiple file names that point to the same file. These file names are called links.
Hard Links
When a hard link is created, it acts like the original file
name.
=>Points directly to data. If a hard link is deleted, the data
still exists as long as other hard links reference it.
Use case: Use hard links when you need multiple references
to the same data within the same file system.
Key Properties:
Each file starts with one hard link (its original name).
All hard links share the same inode number,
permissions, ownership, timestamps, and data.
Deleting the original file doesn't delete the data if other
hard links exist.
Hard links can only be created for regular files, not
directories or special files.
Hard links must be on the same file system.
Limitations:
Hard links can’t be created across different file
systems or for directories.
ln originalfile.txt hardlink.txt
ls -il originalfile.txt hardlink.txt # shows same
inode numbers
Symbolic Links (Soft Links)
A special file that points to another file or directory.
=>Points to another file or directory by name. If the target is
deleted, the link becomes a "dangling" link.
Use case:Use symbolic links for cross-file-system links or
when you want to link to directories.
Key Properties:
Symbolic links work across different file systems and can
link to directories.
When the target file is deleted, the symbolic link
remains but points to nothing (dangling link).
Behavior:
Deleting a symbolic link does not affect the original file.
If a new file with the same name as the deleted target is
created, the symbolic link will point to the new file.
ln -s /path/to/originalfile.txt symlink.txt
ls -l symlink.txt # shows the link destination
Match File Names with Shell Expansions ~: Expands to the user's home directory.
Bash Shell Expansions: ~username: Expands to another user's
When a command is typed, Bash performs several Tilde home directory.
expansions to transform it before executing. These Expansion Example:
echo ~user: Outputs /home/user.
include:
Select files by using patterns These patterns
include wildcards Variables store values, which can be accessed
Common wildcards include: using $VARNAME or ${VARNAME}.
Variable
*: Matches any string (including zero Example:
characters).
Expansion USERNAME=operator; echo $USERNAME:
?: Matches any single character. Outputs operator.
Pathname [ABC]: any character inside the brackets.
[!abc] or [^abc]: character not inside the
Expansion Executes a command and replaces it with the
brackets.
(Globbing) [[:alpha:]]: Any alphabetic character output.
[[:alnum:]:Any alphabetic character or digit Done using $(command).
Examples: Command Example:
ls a*: Matches files starting with "a". echo Today is $(date +%A): Outputs Today
Substitution
ls *a*: Matches files containing "a". is Wednesday.
Note:An earlier form of command substitution uses
ls ????: Matches files with exactly four
backticks: `command`. Although the Bash shell still
characters. accepts this format, try to avoid it

Protecting Arguments from Expansion

Expands sets of comma-separated strings or
ranges. Backslash (\): Escapes a character to prevent its expansion.
Useful for generating patterns or creating Single quotes (' '): Prevents all expansions.
Brace multiple files. Double quotes (" "): Allows variable and command substitution but
Expansion Examples: blocks pathname expansion.
echo {Sunday,Monday}.log: Expands to Examples:
Sunday.log Monday.log. echo \$HOME: Outputs $HOME without expansion.
mkdir RHEL{7,8,9}: Creates directories RHEL7, echo "***** hostname is ${myhost} *****": Expands myhost inside the
RHEL8, RHEL9. quotes.
 Navigate and Search man Pages
Chapter 4. Get Help in Red Hat Enterprise
Linux
One source of documentation that is generally
available on the local system is system manual pages
or man pages
Common Sections of the Linux Manual

Each section number helps to distinguish topics with similar names, such as
passwd(1) (for the password-changing command) and passwd(5) (for
the password file format).
Search Techniques:
The man -K (uppercase) option searches for the keyword in the
full-text page, not only in the titles and descriptions
man -K keyword performs a full-text search, although it is
resource-intensive and time-consuming.
Man pages usually contain standardized sections

Summary
Use the man command to view man pages and to
display information about components of a Linux
system, such as files, commands, and functions.
By convention, to refer to a man page, the name of a
page is followed by its section number in parentheses.
You can use regular expressions to search content in
man pages.

Note
Comma-separated options on a single line, such as -, -l, and
--login, all result in the same behavior.

Note
The man command -t option prepares a man page for
printing, using by default PostScript.
Chapter 5. Create, View, and Edit Text Files

Edit Text Files from the Shell Prompt Vim Operating Modes:
Edit Files with Vim
Vim (Vi IMproved) is a powerful text editor, an enhanced highlight and
manipulate
version of the original vi editor, that is often used in these text

environments.
Benefits of Using Vim
Pre-installed and Accessible
Available Across Platforms
No Need for a GUI
Getting Started with Vim The Minimum, Basic Vim Workflow
Vim comes in different variants, most notably: The u key undoes the most recent edit.
vim-minimal: A lightweight version with the basic vi The x key deletes a single character.
The :w command writes (saves) the file and remains in command mode for
editor functionality. more editing.
vim-enhanced: A more feature-rich version that The :wq command writes (saves) the file and quits Vim.
includes an online help system, syntax highlighting, The :q! command quits Vim, and discards all file changes since the last
write.
and various other tools to improve productivity.
On most modern systems, if you type vi filename, you'll
Customizing Vim with Configuration Files
Vim is highly customizable, and its behavior can be altered using configuration files.
likely get the vim editor, especially if vim-enhanced is The two main files are:
installed. However, users can manually invoke vim by 1. /etc/vimrc: This file affects all users on the system.
2. ~/.vimrc: This file affects only the individual user.
typing vim filename. In these files, you can set preferences like:
if vim-minimal is installed If vim-enhanced is installed
Default tab spacing (for example, set ts=4 for a tab width of 4 spaces).
vi filename vim filename
Syntax highlighting.
Line numbering.
Change the Shell Environment: If you have a file path stored in a variable, you can use the
In the Bash shell, variables are used to store values that variable in commands like ls or rm:
Expl
can be used in commands and scripts. These variables can file1=/tmp/tmp.z9pXW0HqcC
be set for a particular shell session, modified, exported ls -l $file1 # Shows file details
rm $file1 # Removes the file
as environment variables, and used by other programs.
1. Shell Variables Curly Braces:
A shell variable holds a value and can be used to simplify If you need to use a variable next to other characters (e.g., a
command execution or configure the shell's behavior. string with additional characters), it's a good idea to enclose the
Setting a variable: To assign a value to a shell variable, use the variable name in curly braces . This avoids ambiguity.
following syntax: [user@host ~]$ VARIABLENAME=value Expl

Variable names: They cannot start with a digit.
2. Listing Shell Variables
To list all variables currently set in the shell, use the set
command. This lists both shell variables and functions. You can
use less to view the output one page at a time: [user@host ~]$ set |
3. Variable Expansion
To retrieve the value of a variable, use variable expansion, which
involves preceding the variable name with a dollar sign ($). This is
typically done with commands like echo.
Expl
echo Repeat ${COUNT}x # Prints: Repeat 40x
4. Shell Behavior and Built-in Variables
Some shell variables are pre-set by Bash and control
less
the shell's behavior. For example:
HISTFILE: Specifies where the shell history is
saved.
HISTFILESIZE: Defines how many commands to
keep in history.

COUNT=40
PS1: Defines the shell prompt appearance.
echo $COUNT # Prints: 40
 5. Environment Variables
An environment variable is a special type of variable
that is inherited by programs run from the shell,
allowing you to configure their behavior. You can set
environment variables using the export command.
Setting an environment variable:
Expl
export EDITOR=vim # Sets the default text editor
Some common environment variables:
LANG: Sets the system language and locale (e.g.,
en_US.UTF-8 for US English).
PATH: Lists directories where executables are
located. When you run a command, the shell looks for
the command in each of these directories.
HOME: Points to the current user's home directory.
Expl
export PATH=$PATH:/home/user/sbin
# Adds /home/user/sbin to the PATH
9. Example of Setting Up a Default Editor
If you want to set the default text editor to nano whenever you log in, add the following to your
~/.bash_profile => export EDITOR=nano
6. Making Variables Permanent
To set variables permanently, you can modify shell
initialization files (such as .bashrc or .bash_profile)
Interactive Shells:
These are shells where you interact with the system (e.g.,
when you open a terminal). For interactive shells,
variables are usually set in the ~/.bashrc file.
Login Shells:
These are shells that are started when you log in (locally
or via SSH). You can modify the ~/.bash_profile file to set
variables that should only be applied after login.
For system-wide settings, you might use
/etc/profile or /etc/bashrc.
7. Shell Aliases
An alias is a shortcut for a command. If you regularly use
a long command, you can create an alias to simplify it.
To make aliases permanent, add them to the ~/.bashrc f.
8. Unsetting Variables and Aliases
unset export -n unalias
 a => to see all
Chapter 6. Manage Local Users and all processes with
the first column shows the
username.
a terminal.
Groups
Users are individual accounts for humans or programs to The output of the preceding command displays users by
interact with a system securely.
name, but internally the operating system uses UIDs to
Each user has a username and a UID (User ID) for
track users.
identification.
The mapping of usernames to UIDs is defined in databases
Types of users:
Superuser (root): UID = 0; has unrestricted system of account information.
access. By default, systems use the /etc/passwd file to store
System Users: Used by services (daemons) to run information about local users.
securely without root privileges. User Information Storage:
Regular Users: Created for individuals; have limited [user01@host ~]$ cat /etc/passwd
permissions. ...output omitted...
user01:x:1000:1000:User One:/home/user01:/bin/bash
Commands:
Consider each part of the code block, separated by a colon:
id View user and group details.
The username for this user.
The user's encrypted password was historically stored here; it is now a
placeholder.
id user02 View information about another user
The UID number for this user account.
The GID number for this user account's primary group. Groups are
ls -l file.txt View the owner of a file discussed later in this section.
A brief comment, description, or the real name for this user.
The user's home directory, and the initial working directory when the
ls -ld Documents View the owner of a directory login shell starts.
The default shell program for this user that runs at login. Some
accounts use the /sbin/nologin shell to disallow interactive logins with
Display processes associated with that account.
ps -au
specific users.
Groups organize users to manage shared access to files Primary Groups and Supplementary Groups
and resources. 1. Primary Group:
Each group has: Every user has one primary group.
The primary group is identified by its GID in the /etc/passwd
A group name and a GID (Group ID).
file.
Users can belong to:
Files created by the user are owned by their primary group.
A Primary Group: Defines ownership of files. 2. User Private Group:
Supplementary Groups: Grant additional When a regular user is created, a group with the same name as
permissions. the user is also created as their primary group.
The user is the sole member of this "User Private Group."
User Information Storage:
This design simplifies file permission management by keeping
[user01@host ~]$ cat /etc/group
user groups separated by default.
...output omitted...
group01:x:10000:user01,user02,user03 3. Supplementary Groups:
Users can belong to additional groups, called supplementary
Consider each part of the code block, separated by a colon: groups.
Name for this group. Membership in supplementary groups is stored in the
Obsolete group password field; it is now a placeholder. /etc/group file.
The GID number for this group (10000).
A list of users that are members of this group as a supplementary
Access to files is granted if any of the user's groups (primary
group. or supplementary) have the required permissions.
4. Viewing Group Membership:
Use the id command to display a user's primary and
supplementary groups.
Example output for user01:
Primary group: user01 (GID = 1003).
Supplementary groups: wheel, group01.
Gain Superuser Access 2.Running Commands with sudo superuser do
The sudo command allows authorized users to run commands as
The superuser in Linux is typically the root account, which has full
another user (often root) without knowing the target account's
system control, including:
password.
Managing system files and directories.
Installing/removing software.
Authentication:
Overriding file system privileges.
Uses the current user’s password for verification.
Logging:
Security Risks:
Logs every sudo command to /var/log/secure, enhancing
Directly logging in as root can lead to vulnerabilities.
accountability.
It is recommended to log in as a normal user and temporarily
Configuration:
escalate privileges only when needed.
The /etc/sudoers file defines who can use sudo and under what
conditions.
Comparison with Windows:
Use visudo to safely edit /etc/sudoers, preventing syntax errors.
The Linux root account is similar to the local Administrator
%wheel ALL=(ALL:ALL) ALL
account in Windows. sudoers file name
Modern systems discourage direct root login, promoting 3. Interactive Root Shell with sudo -i
mechanisms like sudo for privilege escalation. sudo -i provides a shell with root privileges, loading the root
1.Switching User Accounts with su user's login scripts.
switch user sudo -s provides a shell without loading the login scripts.
4.Configuring sudo Access (Granting Access)
Switch to user_name with a login shell and
su - user_name
the user's environment. To a user: Add a file Passwordless
user01 ALL=(ALL) ALL
in /etc/sudoers.d/ Access:

Defaults to switching to root without

su
changing the environment. To a group %group01 ALL=(ALL) ALL
ansible
ALL=(ALL)
NOPASSWD:
su: Retains the current user's environment settings. To a command %games ALL=(operator) /bin/id ALL

su -: Initializes the target user's environment settings.

6. Key Differences Between su and sudo
usermod username Modify an existing user

Common options with usermod:

Manage Local User Accounts

Creates a new user named username.
Sets up:
Home directory.
Account information.
useradd username A private group named after the user.
No password is set initially. The account
is inactive until a password is added with
the passwd command. Removes the user account from
/etc/passwd.
userdel username
Home directory remains intact.

useradd username us2 us2 is the password

Removes the user account and
userdel -r username
deletes the home directory.
The /etc/login.defs file sets some default options for user accounts,
such as the range of valid UID numbers and default password aging
rules. The values in this file affect only newly created user accounts. A Sets or updates the password for
passwd username
change to this file does not affect existing users. a user.

Default UID Assignment: UID Ranges

New users are assigned the first available UID ≥ 1000. UID 0: Root (superuser).
Use the -u option with useradd to assign a specific UID.
UID 1-200: Static system processes.
UID 201-999: Dynamic system processes.
UID 1000+: Regular users.
Managing Groups
Managing Local Groups Managing Group Membership

Creates a group with The next

available GID from the range defined
groupadd group_name
in /etc/login.defs
usermod -g
groupadd -g 10000 Change a user's primary group
pecifying GID: Use the -g option. group_name username
group01
System Groups: Use the -r option for
system groups.

groupmod group_name Add a user to a supplementary group

groupmod -n new_name Modify group properties. with
usermod -aG
old_name Rename Group: Use the -n option.
group_name username
groupmod -g new_gid Change GID: Use the -g option. -a => append : to retain existing
group_name supplementary group memberships.

newgrp group01 Switch primary groups temporarily

Deletes the specified group.

Restrictions:
Primary Group Supplementary Groups
Cannot delete a group if it is
the primary group of an
groupdel group_name
existing user.
Ensure no files are owned by Defines group ownership for Provide additional access to
the group before deletion. new files created by the user. files and resources.
Only one primary group per No difference in access
user at any time. permissions between primary
and supplementary groups.
Manage User Passwords
encrypted passwords were stored in /etc/shadow Default Password Aging Policies
Each entry in /etc/shadow has nine colon-separated fields. For Defined in /etc/login.defs:
example: PASS_MAX_DAYS: Maximum days a password is valid.
user03:$6$CSsXsd3rwghsdfarf:17933:0:99999:7:2:18113:
PASS_MIN_DAYS: Minimum days before a password change.
PASS_WARN_AGE: Warning period before expiration.
$6$CSsXcYG1L/4ZfHr/$2W6evvJahUfzfHpc9X.45Jc6H30E
Hashing algorithm: $6$ .
Salt: Adds randomness to the hash to prevent pre-computed attacks.
encrypted password. Cryptographical hash: The actual hash value of the password. Restrict Access
Days since 1970-01-01 when the password was last changed.
Minimum days between password changes.
Maximum days before the password expires # usermod -L Lock accounts: Prevent user login
Days of warning before password expiration sysadmin03
Days after password expiration before the account is locked.
Account expiration date in days since 1970-01-01.
(empty): Reserved for future use. # usermod -L -e
2022-08-14 Lock and expire accounts
cloudadmin10
Configure Password Aging
The chage command manages password aging policies:
Set minimum age (-m): Minimum days between password changes. # usermod -U Unlock accounts: Enable user login
sysadmin03 again
Set maximum age (-M): Maximum days before expiration.
Set warning period (-W): Days to warn users before expiration.
Set inactivity period (-I): Days after expiration before account Prevents interactive logins for
accounts that should not log in
lock # usermod -s
directly.
/sbin/nologin
but does not block all access. Users
newapp
might still authenticate using other
applications