GROUP ASSIGNMENT

ON
CREATING TECHNICAL DOCUMENTATIONs
Tittle: Creating User, Group, insert Users to group and sharing files
for users and Management with Secure File Sharing.

GROUP MEMBERS
1,LENSA TAYE
2,MERSHA KIFLE
3,MISGANE BUSA
4,FIREHIWOT BEFIKADU

SUBMITTED TO: NETSENAT (TEACHER)

OCTOBER,2024
SHAGER, ETHIOPIA

0
 Introduction
In modern IT environments, efficient management of users, groups, and file sharing is critical for
maintaining organizational productivity and security. Proper user and group management ensures
that individuals have appropriate access to resources, while secure file sharing protects sensitive
information from unauthorized access or breaches. This documentation provides comprehensive
guidelines for system administrators to create and manage users and groups, assign users to groups,
and implement secure file sharing practices in both Linux and Windows operating systems.
Purpose of Documentation
The primary purpose of this documentation is to equip system administrators and IT professionals
with detailed instructions and best practices for:
Creating and managing user accounts.
Establishing and organizing user groups.
Assigning users to specific groups to streamline permission management.
Sharing files securely among users and groups.
Implementing security measures to safeguard shared files against unauthorized access and
potential threats.
By following this documentation, administrators can ensure a structured and secure approach to
user and file management, thereby enhancing overall system integrity and operational efficiency.
Target Audience
This documentation is intended for:
System Administrators: Professionals responsible for managing and maintaining IT systems within
an organization.
IT Managers: Individuals overseeing IT operations and ensuring best practices are followed.
Network Administrators: Specialists focused on managing network resources and user access.
Technical Support Staff: Personnel providing support and assistance in user and file management
tasks.
IT Students and Trainees: Learners seeking comprehensive knowledge on user and group
management and secure file sharing practices.

1
 Scope of the document
This documentation covers the following areas:
1. User Management:
Creating user accounts in Linux and Windows environments.
Creating and managing user groups.
Assigning users to appropriate groups to manage permissions effectively.
2. File Sharing:
Methods for sharing files with individual users and groups.
Configuring permissions to control access levels.
Implementing security measures to protect shared files, including encryption, authentication, and
auditing.
3. Security Measures:
Best practices for enforcing the principle of least privilege.
Techniques for securing file transfers and storage.
Guidelines for regular audits and monitoring to detect and prevent unauthorized access.

Prerequisites
Before proceeding with user and group management or file sharing tasks, ensure the following:
Administrative Access: You have the necessary administrative privileges on the system to create
and manage users, groups, and file permissions.
Familiarity with CLI and PowerShell: Comfortable using the command-line interface in Linux
and PowerShell in Windows for executing commands.
Backup Configurations: It's essential to backup current system configurations and important data
to prevent data loss during modifications.
Understanding of Security Principles: Basic knowledge of security best practices, including the
principle of least privilege and encryption methods,
User Management
Effective user management is foundational to system security and operational efficiency. Properly
managing user accounts and groups ensures that individuals have appropriate access to the
resources they need while minimizing potential security risks.

2
 Creating Users
Creating user accounts involves defining new users who can access the system. The process varies
slightly between Linux and Windows environments.
Linux
Use the user add command to create a new user. This command allows you to specify various
options such as creating a home directory and setting the default shell.
Steps:
1. Create the User Account:
sudor user add -m -s /bin/bash username
-m: Creates a home directory for the user at /home/username.
-s: Specifies the default shell (e.g., /bin/bash).
2. Set the User Password:
You'll be prompted to enter and confirm the new password for the user.
3. Verify User Creation:
This command displays the user ID, group ID, and group memberships for the newly created user.

Creating Groups
Groups allow you to manage permissions collectively rather than individually assigning
permissions to each user. This simplifies administration and ensures consistency.
Linux
Use the group add command to create a new group.
Steps:
1. Create the Group: Replace group name with the desired name for the group.
2. Verify Group Creation:
Windows
In Windows, groups can be created using PowerShell, allowing for detailed configuration and
management.
Steps:
1. Open PowerShell with Administrative Privileges:
Right-click on the Start menu and select Windows PowerShell (Admin)
2. Create the Group:
New-Local Group -Name "Developers" -Description "Development team members"

3
-Name: Specifies the group name.
-Description: Provides a description for the group.
3. Verify Group Creation:
Get-Local Group -Name "Developers"
Example:
New-Local Group -Name "Developers" -Description "Development team members"
Assigning Users to Groups
Assigning users to groups ensures they inherit the permissions and access levels associated with
those groups. This streamlines permission management and maintains consistency across user
roles.
Linux
Use the user mod command to add a user to an existing group.
Steps:
1. Add User to Group: Appends the user to the specified group without removing them from other
groups.
2. Verify Group Membership:
3. Verify Group Membership:
Note: It's essential to ensure that the user and group names are correctly specified to prevent errors.

File Sharing
Sharing files among users and groups facilitates collaboration and data distribution within an
organization. However, it's crucial to implement proper permission settings and security measures
to protect shared resources.
Sharing Files with Users
The method for sharing files differs between Linux and Windows environments. Below are
detailed instructions for each.
Linux
In Linux, file sharing can be managed using traditional Unix permissions or Access Control Lists
(ACLs) for more granular control.
Using Unix Permissions
Steps:
1. Change Group Ownership of the File or Directory:

4
2. Set Appropriate Permissions:
Using Access Control Lists (ACLs)
ACLs provide more flexibility by allowing specific permissions for individual users or groups.
Steps:
1. Ensure ACL Support is Enabled:
Most modern Linux distributions have ACL support enabled by default. Verify by checking the
filesystem mount options. Mount If ACL is not enabled, modify the /etc/fstab file to include the
acl option and remount the filesystem.
2. Set ACL for a Specific User: Grants read and write permissions to the specified user.
3. Set ACL for a Specific Group: Grants read and execute permissions to the specified group.
4. Verify ACL Settings: getfacl /path/to/file_or directory.
Security Measures for File Sharing
Ensuring the security of shared files is paramount to protect sensitive data and maintain
organizational integrity. Implementing robust security measures mitigates risks associated with
unauthorized access, data breaches, and other security threats.
1. Principle of Least Privilege
Definition: Grant users only the minimum levels of access—or permissions—needed to perform
their job functions.
Implementation:
Assess User Roles: Clearly define roles and responsibilities to determine necessary access levels.
Assign Permissions Accordingly: Use groups to manage permissions efficiently, ensuring users
inherit permissions based on their group memberships.
Regularly Review Access: Periodically audit user permissions to revoke unnecessary access.
Example: A junior developer may require read and write access to the development repository but
should not have administrative privileges on the server.
2. Strong Authentication
Definition: Implement robust authentication mechanisms to verify user identities before granting
access to resources.
Implementation:
Enforce Strong Password Policies: Require complex passwords (mix of letters, numbers, and
special characters) and regular password changes.

5
Multi-Factor Authentication (MFA): Add an extra layer of security by requiring additional
verification methods (e.g., SMS codes, authenticator apps).
Account Lockout Policies: Temporarily lock accounts after a certain number of failed login
attempts to prevent brute-force attacks.
Example:
Configure Windows systems to require MFA for remote access to sensitive file shares.
3. Encryption
Definition: Protect data by converting it into a secure format that is unreadable without the
appropriate decryption key.
Types of Encryptions:
At Rest: Encrypt data stored on disk to prevent unauthorized access in case of physical theft or
compromise.
Linux: Utilize tools like gpg for file encryption or LUKS for full-disk encryption.
Windows: Use BitLocker for full-drive encryption or EFS (Encrypting File System) for individual
files and folders.
In Transit: Encrypt data during transfer to protect against interception.
4. Regular Audits
Definition: Continuously monitor and review file access and user activities to identify and address
unauthorized access or anomalies.
5. Backup and Recovery
Definition: Implement robust backup solutions to ensure data can be restored in the event of data
loss, corruption, or security incidents.
6. Firewall and Network Security: Protect file-sharing services by restricting access to trusted
networks and devices.
7. Update and Patch Systems: Keep operating systems and file-sharing software up to date to
protect against known vulnerabilities.
8. Use Group Policies (Windows): Leverage Group Policy Objects (GPOs) to enforce security
settings and configurations across multiple users and groups.
9. Limit Sharing Links (For Cloud Services): If utilizing cloud-based file-sharing services,
manage sharing links to minimize unauthorized access. Set Expiration Dates, Restrict Access by
IP or Device and Monitor Link Usage.