1.
What is a
user?
2. How many types of users available in Linux?
(i) System user (Admin user who control the whole system nothing but root user).
(ii) Normal user (Created by the Super user. In RHEL - 7 the user id's from 1000 - 60000).
(iii) System user (Created when application or software installed ).
(In RHEL - 7 the System users are
Static system user id's from 1 - 200 and
(ii) Dynamic system user user id'sfrom 201 - 999).
(iv) Network user (Nothing but remote user, ie., who are login to the system trough network created
in Windows Active Directory or in Linux LDAP or NIS).
(v) Sudo user (The normal users who are having admin or Super user privileges)
3. What is user management?
4. What are the important points related to users?
Ø Users can login to the system by supplying username and passwords to the system.
Ø Every file on the system is owned by a user and associated with a group.
Ø Every process has an owner and group affiliation.
Ø Every user in the system is assigned a unique user id (uid) and group id (gid).
Ø User names and user id are stored in /etc/passwd file.
Ø User's passwords are stored in /etc/shadow file in an encrypted form.
Ø Users are assigned a home directory and a shell to work with the O/S.
Ø Users cannot read, write and execute each other's files without permission.
Ø Whenever a user is created a mail box is created automatically in /var/spool/mail location.
Ø And some user environmental files like .bash_logout, .bash_profile, .bashrc , ...etc., are also copied from /etc/skell to his/her home directory (/home/
5. What are fields available in /etc/passwd file?
: x
: :
: :
:
(where 'x'
means link to password file ie., /etc/shadow file)
6. What are fields available in /etc/shadow file?
user name : password : last changed : min. days : max. days : warn days : inactive days : expiry days : reserved for future
7. What are the files that are related to user management?
Ø /etc/passwd -----> Stores user's information like user name, uid, home directory and shell ...etc.,
Ø /etc/shadow ----> Stores user's password in encrypted form and other information.
Ø /etc/group ------> Stores group's information like group name, gid and other information.
Ø /etc/gshadow ---> Stores group's password in encrypted form.
Ø /etc/passwd- ---> Stores the /etc/passwd file backup copy.
Ø /etc/shadow- ---> Stores the /etc/shadow file backup copy.
Ø /etc/default/useradd ----> Whenever the user created user's default settings taken from this file.
Ø /etc/login.defs ----> user's login defaults settings information taken from this file.
Ø /etc/skell ------> Stores user's all environmental variables files and these are copied from this directory to user's home directory.
8. In how many ways can we create the users?
o (i) # useradd -
o (ii) # adduser -
o (iii) # newusers (In this file we have to enter the user
details same as /etc/passwd file)
9. What is the syntax ofuseradd command with full options?
# useradd -u -g
-G
-c -d -s
Example : # useradd
-u 600 -g
600 -G java
-c "oracle user" -d
/home/raju -s /bin/bash
raju
10. What is the syntax of adduser command with full options?
# adduser -u -g -G -c -d -s
Example : # adduser
-u 700 -g
700 -G linux
-c "oracle user" -d
/home/ram -s /bin/bash
ram
11. What is the syntax of newuser command?
# newusers (This command will create multiple users at
a time)
* First we should a file and enter
user's data as fields same as the fields of /etc/passwd file for how many users
do you want to create and mention that file as an argument for newusers
command
* When we execute this command new users will be created but their environmental files like
.bash_logout, .bash_profile, .bashrc and .bash_history files will not be copied from /etc/skell directory. So, we have to copied manually from /etc/skell directory.
12. What is the syntax of userdel command with full options?
# userdel
* The options are,
-f -----> forcefully delete the user even through the user is login. The user's home directory, mail and message directories are also deleted.
-r -----> recursively means files in the user's home directory will be deleted and his home directory also deleted but the other files belongs to that user should be deleted manually.
13. How to check whether user is already created or not?
We can check in different ways.
i) # id (It shows
the user id group id and user name if that is already created) ii) # grep /etc/passwd
14. How to verify or check the integrity of the password file?
# pwck /etc/passwd or # pwck /etc/shadow *
The options are, -q ------>
quiet
-r ------> read only
--s ------> sort the contents by uidin /etc/passwd and /etc/shadow files.
15. How to verify or check the integrity of the group file?
# grpck /etc/group
or
# grpck /etc/gshadow
*
The options are, -r ----->
read only -s
-----> sort the contents
by gidin /etc/group and /etc/gshadow files.
16. What is syntax of the usermod command with full options?
# usermod
* The options are, -L -----> lock the password
-U -----> unlock the password
-o ----->creates duplicate user modify the user's id same as other user
-u ----->modify user id
-g -----> modify group id
-G -----> modify or add the secondary group
-c -----> modify comment
-d -----> modify home directory
-s -----> modify user's login shell
-l -----> modify user's login name
-md ----> modify the users home directory and the old home directory
17. How to create the duplicate root user?
# useradd -o -u 0 -g root
18. How to recover if the user deleted by mistake? # pwunconv (It creates the users according /etc/passwd file and deletes the /etc/shadow file)
19. What are the uses of .bash_logout, .bash_profile and .bashrc files? .bash_logout : is a user's logout ending program file. It will execute first whenever the user is logout.
.bash_profile : is user's login startup program file. It will execute first whenever the user is login. It consists the user's environmental variables.
.bashrc : This file is used to create the user's custom commands and to specify the umask values for that user's only.
20. What is a group? The collection of users is called a group. There are two types of groups.
Primary group : It will be created automatically whenever the user is created. User belongs to on group is called as primary group.
Secondary group : It will not create automatically. The admin user should be created manually and users belongs to more than one group is called secondary group. A user can be assigned to max. 16 groups. ie., 1 primary group and 15 secondary groups.
21. What is the command to check the user belongs to how many groups? # groups
22. What is the syntax to create the group? # groupadd
The options are, -f -----> add the group forcefully
-g -----> group id no.
-o ----->non-unique (duplicate group id)
-p -----> group password
-r -----> system group
-R -----> root group
23. What is the syntax to modify the group? # groupmod
The options are, -g ------> group id
-n ------> new name for existing one, ie., rename the group
-o ------> non-unique (duplicate group id)
-p ------> group passwd
-R ------>root group
24. What is syntax to delete the group? # groupdel (to delete the group without options)
#
groupdel -R (to delete the group and apply changes to the root directory)
25. How to assign the password to the group? # gpasswd (to assign a password to the group
without any options)
# gpasswd
The options are, -a ------>add users to the group
-d ------> delete the user from the group
-r ------> remove the group password
-R ------> restrict to access that group
-A ------> set the list of Administrative users
-M ------> set the list of group members
26. How to check the integrity or consistency of the group? # grpck (it will check the integrity or consistency in /etc/gpasswd and /etc/gshadow files)
27. How to restore /etc/gshadow file if deleted by mistake? # grpconv (it creates the /etc/gshadow file from /etc/group file)
28. How to change the password aging policies? we can change the password policies in 2 ways.
(i) First open the /etc/login.defs file and modify the current values.
Example : # vim /etc/login.defs
min - 0 -----> means the user can change the password to any no. of times.
min - 2 -----> means the user can change the password within 2 days. ie., he can change the password after 2 days.
max - 5 -----> means the user should change the password before or after 5 days. Otherwise the
password will be expired after 5 days.
inactive - 2 -----> means after password expiry date the grace period another 2 days will be given to change the password.
warning - 7 -----> means a warning will be given to the user about the password expiry 7 days before expiry date.
(ii) second by executing the # chage command.
Example : # chage
The options are, -d -----> last day
-E -----> expiry date
-I -----> inactive days
-l -----> list all the policies
-m -----> min. days
-M -----> max. days
-w -----> warning days
Note : Whenever we change the password aging policy using # chage command, the information is will be modified in /etc/shadow file.
29. How add 45 days to the current system date? # date -d "+ 45 days"
30. Explain the sudo user?Sudoers (nothing but sudo users) allows particular users to run various root user commands without needing a root password.
/etc/sudoers is the configuration file for sudoers to configure the normal user as privileged user.
It is not recommended to open this file using # vim editor because this editor cannot check the syntax by default and whatever we typed in that file that will blindly save in this file.
So, one editor is specially available for opening this file, i.e., # visudo and all normal users cannot execute this command. Only root user can run this command.
Once this file is opened nobody can open this file again on another terminal because "The file is busy"message is displayed on the terminal for security reasons.
31. How to give different sudo permissions to normal users? Open the /etc/sudoers file by executing
#visudo command and go to line no. 98 and type as
=
root ALL=(ALL) ALL raju All= ALL ----Save
and exit this file.
Note : When we trying to save this file if any syntax errors in this file, those errors are displayed with line no's and What you do ? (will be displayed, here press 'e' to edit this file and modify those errors or mistakes and save this file.
# su - raju (to switch to raju user)
# sudo useradd (The
normal user raju can also add the users to the system)
* We can assign sudo permissions to 'n'
no. of users by specifying names separated by commas ( , ) or line by line.
* Instead of giving all permissions to normal user we can give only some commands.
Example : student ALL=/usr/sbin/useradd, /usr/sbin/usermod
raju ALL=NOPASSWD:/usr/sbin/useradd, /usr/sbin/usermod
* We can also apply to one group or groups as follows.
* First create the users, assign one group to those users and also assign the passwords for that users.
Open /etc/sudoers file by executing the command
# visudo and type as follows.
% ALL=ALL
%oracle ALL=ALL or
individual commands separated by commas,
* We can also create one command alias and add some commands to that alias and mention that alias to users as follows.
Cmnd_Alias NETWORKING=/usr/sbin/route, /usr/sbin/ifconfig
=
raju ALL=NETWORKING
* We can also create one user alias and add the users to that alias and assign some commands to that alias as follows.
User_Alias=, , , .....
Example : User_Alias OURTEAM=raju, shyam, ram, gopal
OURTEAM ALL=ALL (to give all permissions of sudo)
Defaults timestamp_timeout=0 (whenever the sudo user executes any command then it will ask password every command)
* The above will apply to all users including root also. If we want to make it as only for normal users, then
Defaults :, ,
timestamp_timeout=0 (the system will ask passwords for user1, user2,
user3 to execute sudo commands)
32. In which location the sudo user commands history is logged? All the sudo users commands history is logged in /var/log/secure file to make a record of sudo user commands.
# cat /var/log/secure (to see the contents of this file)
# tailf /var/log/secure (to see the updates of this file continuously and press ctrl + c to quit the tailf)
33. How to assign the password to normal user by him whenever first login to the system? Whenever the user is created and that user is trying to login to the system, it will ask the password. If the root user is not assign the password to that user, then that normal user can assign the password by his own using the following commands.
# useradd (to create the user)
# passwd
-S (to see the status of the
password of that user. if root user is not
assigned the password then the password status is locked)
# passwd -d (then
delete the password for that user)
# chage -d
0 (it will change the password age
policy)
# su
- (Try to switch to that
user then it will display the following
message)
Newpassword : (type new password for that user)
Retype password : (retype the password again)
The other useful commands :
information )
# who (to see users who are currently login and on which terminal they login)
# last (see the list of users who are login and logout since the /var/log/wtmp file was
created)
# lastb (to see the list of the users who tried as bad logins)
# lastreboot (to see all reboots since the log file was created)
# uptime (to see the information from how long the system is running, how many users login
and load average)
* The load average is from 1 sec : 5 secs : 15 secs
# du (to see the disk usage of the each file in bytes)
# uname -r (gives the current kernel version)
# last -x (It shows last shutdown date and time)
# last -x grep shutdown (only shutdown time shows ie., grep will filter the 'last -x' command)
* grep: It is used to search a word or sentence in file (ie., inside the file)
* find : It is used to search a command or file inside the system)
# cat /etc/shells or # chsh -l (to see how many shells that are supported by Linux)
/bin/sh -----> default shell for Unix
/bin/bash -----> default shell for Linux
/sbin/nologin -----> users cannot login shell
/bin/tcsh -----> c shell to write 'C++' language programs
/bin/csh -----> c shell to write 'C' language programs
# echo $SHELL (to see the current shell)
# chsh (to change the user's
shell)
Changing shell for :
New shell
:
New shell changed (But it will effect by restarting the server)
# date + %R (to display the time only)
# date + %x (to display the date only)
# history (to see the history of the commands)
#history -c (to clear the history)
# history -r (to recover the history)
* .bash_history is the hidden file to store the history of the user commands. By default history size is 1000.
# echo $HISTSIZE (to check the current history size)
# export HISTSIZE=500 (to change the current history size to 500 temporarily)
#export HISTTIMEFORMAT=" "%D" "%T" " (to display the date and time of each command temporarily)
# vim /etc/bashrc (open this file go to last line and type as follows to make history i
size date & time formats permanently)
HISTSIZE=1000
HISTTIMEFORMAT=' %D %T '
(save and exit the file and to update the effects by #source /etc/bashrc command)
# ~ (to go to users home directory)
# whatis
34. How many types of the files are there? There are 7 types of files.
1. - -----> regular file
2. d -----> directory
3. c -----> character device file (Ex. console file, open and close terminals, ...etc.,)
4. b -----> block device file (Ex. device blocks like hard disks, CD/DVD disks)
5. s -----> socket file (programmers will deal this file)
6. p -----> pipe file (programmers will deal this file)
7. l -----> linked file (nothing but short cut file)
35. What are permission types available in Linux and their numeric representations? There are mainly three types of permissions available in Linux and those are,
read ----- r ----- 4 null permission ------ 0
write ----- w ----- 2
execute ----- e ----- 1
36. What is syntax of chmod command with full options? # chmod
(to change the owner or permissions of the file/dir) The options are, -c
-----> changes
-v -----> verbose
-R -----> recursive (including sub directories and files)
To change the permissions the syntax is,
# chmod
user
(u) add (+) read (4) or (r) " group(g) remove(-) write (2) or (w) "
other (o) equal (=) execute (1) or (x) "
37. What is the syntax of chown command with full options? # chown (to
change the ownership of the file or directory)
-f -----> silent (forcefully)
-v -----> verbose
-h -----> no difference
-R -----> recursive (including sub directories and files)
-H -----> symbolic link to a directory (command line argument)
-L -----> symbolic link to a directory (all)
-p -----> do not traverse
# chown :
(to change owner and group ownership of the file or
directory)
38. What is syntax of chgrp command with full options? # chgrp (to
change group ownership of the file directory)
-f -----> silent (forcefully)
-v -----> verbose
-h -----> no difference
-R -----> recursive (including sub directories and files)
-H -----> symbolic link to a directory
-L -----> do not traverse-p -----> do not traverse
39. What are the default permissions of a file and directory? The default permissions of a file = 6 6 6
The default permissions of a directory = 7 7 7
40. What is umask in linux?The user file-creation mode mask (umask) is used to determine the file permissions for newly created files or directories. It can be used to control the default file or directory permissions for new files. It is a four-digit octal number. The umask value for normal user is 0002 and the umask value for root user is 0022. So, the effected file permissions for normal users = 6 6 6 - 0 0 2 = 6 6 4.
The effected directory permissions for normal users = 7 7 7 - 0 0 2 = 7 7 5.
The effected file permissions for root user = 6 6 6 - 0 2 2 = 6 4 4
The effected directory permissions for root user = 7 7 7 - 0 2 2 = 7 5 5
# umask (to
change the umask value temporarily)
# vim
/etc/bashrc (open
this file and change the umask value to effect the whole system)
# source /etc/bashrc (to updated the source file)
# vim .bashrc (open this file in user's home directory and at last type as follows)
umask (save and exit the file)
# source .bashrc
or logout and login again (to the system to effect that
umask value)
* If the/etc/login.defs file is corrupted then new users will be added and can be assigned the passwords but users cannot login.
* If the /etc/login.defs file is deleted then new users cannot be added.
41. How change the permissions using numeric representation? The values for read = 4, write = 2, execute = 1 and null = 0. The total value = 4 + 2 + 1 = 7
# chmod
Example : # chmod 7 7 4 file1 (to give read, write and execute to owner and read, write
and execute to group and read permission to others)
# chmod 6 6 0 file2 (to give read and write to owner and read and write to group and null (0) permission to others)
42. Explain about set uid (suid)? If we plan to allow all the users to execute the root users command then we go for set uid (suid).
It can be applied for user level and is applicable for files only.
# chmod u+s (to
set the suid on that file)
# chmod u-s
(to
remove the suid from that file)
# ls
-l (if 'x'
is replaced with 's' in owner's
level permissions that means suid is applied on that
file)
- r w s r w x r w x (here
's' is called set uid or suid)
Example : # chmod
u+s /usr/sbin/init 6 (then any user can restart the system using
this command #init 6)
# chmod u+s /sbin/fdisk (then any user can run the fdisk command)
# strings
43. Explain about set gid (sgid)? If we plan to allow all the users of one group to get the group ownership permissions then we go for
set gid (sgid). It can be applied for group level and is applicable on directories only.
Example: # chmod g+s (to set the sgid on that
directory)
#
chmod g-s (to remove the sgid from that directory)
44. Explain about sticky bit? It protects the data from other users when all the users having full permissions on one directory.
It can be applied on others level and applicable for directories only.
Example : # chmod o+t (to set the sticky bit permission
on that directory)
#
ls -ld
r w x r w x r w t (where 't'
is called the sticky bit)
45. What are the uses of passwd and shadow files? Passwd file : (i) When we create the user one entry is updated in password and shadow files.
(ii) It represents and tell about that user login name , uid, gid, default home directory of the use and
default shell.
(iii) So, using this file we can easily get users information.
Shadow file : (i) This file tells about the login id, user's encrypted password, password when last
changed, min. days the password valid, max. days valid, warning days, inactive days and expiry days.
(ii) If shadow file is missed or deleted we can recover those entries of shadow file using password file.
(iii) We can change the users encrypted passwords with the permissions of the higher authorities in
case of emergency.
46. What is the use of group? (i) In an organization the whole work is divided into departments for easy maintenance and easy administration.
(ii) For each department is also represented as group and that group having so many users to do
different works.
(iii) So, if we create one group and assign that group to all the users in that department, then we can
easily identify which user belongs to which group.
(iv) We can share files, directories and execute some programs to that group and also give permissions
to that group. So, each user of that group can easily share those directories and also can easily access, execute or even write in those shared files and directories.
47. Can we login to the user without password? Yes, we can login.
48. How to recover the root password if missed or deleted? RHEL - 6 : (i) Restart the system.
(ii) Select 1st option and press 'e'.
(iii) Select 2nd option and press 'e'.
(iv) At the end give one blank space and type 1 and press Enter key.
(v) Then press 'b' to boot the system in single user mode.
(vi) Then prompt appears and type # passwd root command.
New password : XXXXXX
Retype password : XXXXXX
(vii) Exit
(viii) Then system starts as usual.
RHEL - 7 : (i) Restart the system.
(ii) Using arrow keys select 1st line and press 'e' to edit.
(iii) Go to Linux 16 line press End key or Ctrl + e to go to the end of the line and give one space.
(iv) Then type as rd.break console=tty1 selinux=0 (v) Then press Ctrl + x to start the computer in single user mode.
(vi) After starting we get swith_root :/# prompt appears and then type as follows.
(vii) # mount -o remount, rw /sysroot and press Enter and then type as follows.
(viii) # chroot /sysroot press Enter.
(ix) Then sh - 4.2 # prompt appears and type as
(x) sh - 4.2 #passwd root
Retype password : XXXXXX
(xi) sh - 4.2 # exit (xii) switch-root :/# exit (xiii) Then the system starts and the desktop appears.
49. How to restrict the users from login? (i) By removing (deleting) the user we can restrict the user from login.
(ii) Put the user's hostnames as entries in /etc/hosts.deny file (applying TCP wrappers).
(iii) #passwd -l
50. How to put never expiry to a user? # passwd -x -1
51. Which one is the default sticky bit directory? /tmp is the default sticky bit directory.
52. What is the purpose of the profiles? (i) Profile is a file to enter some settings about users working environment. ie., we can set user home directory, login shell, path, ...etc.,
Profiles are two types.
(a) Global profile
(b) Local profile
Global profile : (1) Only root user can set and applicable to all the users.
(2) Only global parameters can entered in this profile.
(3) The location of the global profile is /etc/bashrc
Local profile : (1) Every user has his/her own profile.
(2) The settings entered in this profile are only for that user.
(3) The location of the profile is .bash_profile (hidden file) in that particular user's home directory.
53. Can we mount/unmount the O/S file system? No, we cannot mount or unmount the O/S file system.
54. How to find the users who are login and how to kill them? # fuser -cu (to see who are login)
#fuser -ck (to
kill the specified user)
55. what is Access Control List (ACL)?Define more access rights nothing but permissions to files and directories. Using Access Control list we assign the permissions to some particular users to access the files and directories.
ACL can cab be applied on ACL enabled partition that means you need to enable ACL while mounting
the partition.
56. How to implement ACLs?Create a partition and format it with ext4 file system.
Mount the file system with ACL.
Apply ACL on it.
Create a partition using # fdisk command.
Format the above partition with ext4 file system using # mkfs.ext4
Create the mount point using # mkdir /
Mount that file system on the mount point using # mount -o acl
Mount the partition permanently using # vim /etc/fstab (open this file and make an entry as
below)
defaults, acl 0 0
If the partition is already mounted then just add acl after defaults in /etc/fstab file and execute
the below command # mount -o remount
57. How to check the ACL permissions? # getfacl
The options are, -d -----> Display the default ACLs.
-R -----> Recurses into subdirectories.
58. How to assign ACL permissions? # setfacl :
:
-x -----> Removes an ACL.
-b -----> Remove all the ACL permissions on that directory.
-R -----> Recurses into subdirectories.
The arguments are, u -----> user
g -----> group
o -----> other
59. What is the syntax to assign read and write permissions to particular user, group and other? # setfacl -m u : :
# setfacl -m
g : :
# setfacl -m
o : :
60. What is the syntax to assign read and write permissions to particular user, group and other at a time? # setfacl -m u : :
, g : : , o :
:
Useful
commands :
# setfacl -x u : (to remove
the ACL permissions from the user)
(to remove
the ACL permissions from group)
(to remove
the ACL permissions from other)
(to
remove all the ACL permissions on that file
directory)
61. How will you lock a user, if he enters wrong password 3 times? pam_tally.so module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail. Edit /etc/pam.d/system-auth file, enter:
(i) # vi /etc/pam.d/system-auth Modify as follows: auth required pam_tally.so no_magic_root
account required pam_tally.so deny=3 no_magic_root lock_time=180 account required pam_tally.so deny=3 no_magic_root lock_time=180 account required pam_tally.so deny=3 no_magic_root lock_time=180 account required pam_tally.so deny=3 no_magic_root lock_time=180 Where,deny=3 : Deny access if tally for this user exceeds 3 times.
62. How to see the no. of failed logins of the users?
# faillog -u (to see the specified
users failed login attempt)
# faillog -a (to see failed login attempts of all users)
# faillog -M -u
(to
set Max. login failed attempts to that user
# faillog -M 5 -u raju (to set Max. login failed attempts to 5 for user raju)
63. What is disk quotas and how to enable them?
By configuring the disk quotas we can restrict the user to use unlimited space on the file system andalso to restrict the unlimited files in the file system. We can configure the disk quotas in ways. They are,
(i) user quotas
(ii) group quotas
Steps to enable : First check whether the quota package is installed or not by # rpm -qa |grep quota command. If quota package is not Installed then install the quota package by # yum install quota* -y command. # quotaon (to enable the quota) # quotaoff (to disable the quota) # edquota (to edit or modify the quota) # repquota (to display or report the present quota) # quotacheck (to create a quota database) * quotas cab be applied on file systems only.
64. How to enable the user quota on a file system?
(i) Open the /etc/fstab
file by # vim /etc/fstab command and goto the mount point entryline and type a /dev/sdb1 /mnt/prod ext4 defaults, usrquota 0 0 (save and exit this file)
(ii) Update the quota on mount point by # mount -o remount, usrquota
(iii) Create the user quota database by # quotacheck -cu
(iv) Check whether the quota is applied or not by # mount command.
(v) Enable the quota by # quotaon
(vi) Apply the user quota for a user by # edquota -u
65. How to enable the quota on block level?
(i) Apply the user quota for a user by # edquota -eu
(to
apply user name 1 quotas to user name 2,
ie., no need to edit the quota editor for
user name 2)
66. How to enable the group quota?
(i) Open the /etc/fstab file by # vim /etc/fstab command and goto the mount point entry line and type as, /dev/sdb1 /mnt/prod ext4 defaults, grpquota 0 0 (save and exit this file)
(ii) Update the quota on mount point by # mount -o remount, usrquota, grpquota
(iii) Create the user quota database by # quotacheck -cug
(iv) Check whether the quota is applied or not by # mount command.
(v) Enable the quota by # quotaon
67. How to change the password for multiple users at a time?
# chpasswd (to change multiple user's passwords) :
:
:
:
: (Ctrl
+ d -----> to save and exit)
* Then
the above 5 user's passwords will be changed at a time. But here the
passwords will not be encrypted while typing passwords. So, anybody can see the
passwords. ie., there is no security.
2. How many types of users available in Linux?
(i) System user (Admin user who control the whole system nothing but root user).
(ii) Normal user (Created by the Super user. In RHEL - 7 the user id's from 1000 - 60000).
(iii) System user (Created when application or software installed ).
(In RHEL - 7 the System users are
Static system user id's from 1 - 200 and
(ii) Dynamic system user user id'sfrom 201 - 999).
(iv) Network user (Nothing but remote user, ie., who are login to the system trough network created
in Windows Active Directory or in Linux LDAP or NIS).
(v) Sudo user (The normal users who are having admin or Super user privileges)
3. What is user management?
4. What are the important points related to users?
Ø Users can login to the system by supplying username and passwords to the system.
Ø Every file on the system is owned by a user and associated with a group.
Ø Every process has an owner and group affiliation.
Ø Every user in the system is assigned a unique user id (uid) and group id (gid).
Ø User names and user id are stored in /etc/passwd file.
Ø User's passwords are stored in /etc/shadow file in an encrypted form.
Ø Users are assigned a home directory and a shell to work with the O/S.
Ø Users cannot read, write and execute each other's files without permission.
Ø Whenever a user is created a mail box is created automatically in /var/spool/mail location.
Ø And some user environmental files like .bash_logout, .bash_profile, .bashrc , ...etc., are also copied from /etc/skell to his/her home directory (/home/
5. What are fields available in /etc/passwd file?
6. What are fields available in /etc/shadow file?
user name : password : last changed : min. days : max. days : warn days : inactive days : expiry days : reserved for future
7. What are the files that are related to user management?
Ø /etc/passwd -----> Stores user's information like user name, uid, home directory and shell ...etc.,
Ø /etc/shadow ----> Stores user's password in encrypted form and other information.
Ø /etc/group ------> Stores group's information like group name, gid and other information.
Ø /etc/gshadow ---> Stores group's password in encrypted form.
Ø /etc/passwd- ---> Stores the /etc/passwd file backup copy.
Ø /etc/shadow- ---> Stores the /etc/shadow file backup copy.
Ø /etc/default/useradd ----> Whenever the user created user's default settings taken from this file.
Ø /etc/login.defs ----> user's login defaults settings information taken from this file.
Ø /etc/skell ------> Stores user's all environmental variables files and these are copied from this directory to user's home directory.
8. In how many ways can we create the users?
o (i) # useradd -
o (ii) # adduser -
o (iii) # newusers
9. What is the syntax ofuseradd command with full options?
# useradd -u
10. What is the syntax of adduser command with full options?
# adduser -u
11. What is the syntax of newuser command?
# newusers
* When we execute this command new users will be created but their environmental files like
.bash_logout, .bash_profile, .bashrc and .bash_history files will not be copied from /etc/skell directory. So, we have to copied manually from /etc/skell directory.
12. What is the syntax of userdel command with full options?
# userdel
* The options are,
-f -----> forcefully delete the user even through the user is login. The user's home directory, mail and message directories are also deleted.
-r -----> recursively means files in the user's home directory will be deleted and his home directory also deleted but the other files belongs to that user should be deleted manually.
13. How to check whether user is already created or not?
We can check in different ways.
i) # id
14. How to verify or check the integrity of the password file?
# pwck
-r ------> read only
--s ------> sort the contents by uidin /etc/passwd and /etc/shadow files.
15. How to verify or check the integrity of the group file?
# grpck
16. What is syntax of the usermod command with full options?
# usermod
* The options are, -L -----> lock the password
-U -----> unlock the password
-o ----->creates duplicate user modify the user's id same as other user
-u ----->modify user id
-g -----> modify group id
-G -----> modify or add the secondary group
-c -----> modify comment
-d -----> modify home directory
-s -----> modify user's login shell
-l -----> modify user's login name
-md ----> modify the users home directory and the old home directory
17. How to create the duplicate root user?
# useradd -o -u 0 -g root
18. How to recover if the user deleted by mistake? # pwunconv (It creates the users according /etc/passwd file and deletes the /etc/shadow file)
19. What are the uses of .bash_logout, .bash_profile and .bashrc files? .bash_logout : is a user's logout ending program file. It will execute first whenever the user is logout.
.bash_profile : is user's login startup program file. It will execute first whenever the user is login. It consists the user's environmental variables.
.bashrc : This file is used to create the user's custom commands and to specify the umask values for that user's only.
20. What is a group? The collection of users is called a group. There are two types of groups.
Primary group : It will be created automatically whenever the user is created. User belongs to on group is called as primary group.
Secondary group : It will not create automatically. The admin user should be created manually and users belongs to more than one group is called secondary group. A user can be assigned to max. 16 groups. ie., 1 primary group and 15 secondary groups.
21. What is the command to check the user belongs to how many groups? # groups
22. What is the syntax to create the group? # groupadd
The options are, -f -----> add the group forcefully
-g -----> group id no.
-o ----->non-unique (duplicate group id)
-p -----> group password
-r -----> system group
-R -----> root group
23. What is the syntax to modify the group? # groupmod
The options are, -g ------> group id
-n ------> new name for existing one, ie., rename the group
-o ------> non-unique (duplicate group id)
-p ------> group passwd
-R ------>root group
24. What is syntax to delete the group? # groupdel
25. How to assign the password to the group? # gpasswd
The options are, -a ------>add users to the group
-d ------> delete the user from the group
-r ------> remove the group password
-R ------> restrict to access that group
-A ------> set the list of Administrative users
-M ------> set the list of group members
26. How to check the integrity or consistency of the group? # grpck (it will check the integrity or consistency in /etc/gpasswd and /etc/gshadow files)
27. How to restore /etc/gshadow file if deleted by mistake? # grpconv (it creates the /etc/gshadow file from /etc/group file)
28. How to change the password aging policies? we can change the password policies in 2 ways.
(i) First open the /etc/login.defs file and modify the current values.
Example : # vim /etc/login.defs
min - 0 -----> means the user can change the password to any no. of times.
min - 2 -----> means the user can change the password within 2 days. ie., he can change the password after 2 days.
max - 5 -----> means the user should change the password before or after 5 days. Otherwise the
password will be expired after 5 days.
inactive - 2 -----> means after password expiry date the grace period another 2 days will be given to change the password.
warning - 7 -----> means a warning will be given to the user about the password expiry 7 days before expiry date.
(ii) second by executing the # chage command.
Example : # chage
The options are, -d -----> last day
-E -----> expiry date
-I -----> inactive days
-l -----> list all the policies
-m -----> min. days
-M -----> max. days
-w -----> warning days
Note : Whenever we change the password aging policy using # chage command, the information is will be modified in /etc/shadow file.
29. How add 45 days to the current system date? # date -d "+ 45 days"
30. Explain the sudo user?Sudoers (nothing but sudo users) allows particular users to run various root user commands without needing a root password.
/etc/sudoers is the configuration file for sudoers to configure the normal user as privileged user.
It is not recommended to open this file using # vim editor because this editor cannot check the syntax by default and whatever we typed in that file that will blindly save in this file.
So, one editor is specially available for opening this file, i.e., # visudo and all normal users cannot execute this command. Only root user can run this command.
Once this file is opened nobody can open this file again on another terminal because "The file is busy"message is displayed on the terminal for security reasons.
31. How to give different sudo permissions to normal users? Open the /etc/sudoers file by executing
#visudo command and go to line no. 98 and type as
Note : When we trying to save this file if any syntax errors in this file, those errors are displayed with line no's and What you do ? (will be displayed, here press 'e' to edit this file and modify those errors or mistakes and save this file.
# su - raju (to switch to raju user)
# sudo useradd
* Instead of giving all permissions to normal user we can give only some commands.
Example : student ALL=/usr/sbin/useradd, /usr/sbin/usermod
raju ALL=NOPASSWD:/usr/sbin/useradd, /usr/sbin/usermod
* We can also apply to one group or groups as follows.
* First create the users, assign one group to those users and also assign the passwords for that users.
Open /etc/sudoers file by executing the command
# visudo and type as follows.
%
* We can also create one command alias and add some commands to that alias and mention that alias to users as follows.
Cmnd_Alias NETWORKING=/usr/sbin/route, /usr/sbin/ifconfig
* We can also create one user alias and add the users to that alias and assign some commands to that alias as follows.
User_Alias
OURTEAM ALL=ALL (to give all permissions of sudo)
Defaults timestamp_timeout=0 (whenever the sudo user executes any command then it will ask password every command)
* The above will apply to all users including root also. If we want to make it as only for normal users, then
Defaults :
32. In which location the sudo user commands history is logged? All the sudo users commands history is logged in /var/log/secure file to make a record of sudo user commands.
# cat /var/log/secure (to see the contents of this file)
# tailf /var/log/secure (to see the updates of this file continuously and press ctrl + c to quit the tailf)
33. How to assign the password to normal user by him whenever first login to the system? Whenever the user is created and that user is trying to login to the system, it will ask the password. If the root user is not assign the password to that user, then that normal user can assign the password by his own using the following commands.
# useradd
# passwd -d
Newpassword : (type new password for that user)
Retype password : (retype the password again)
The other useful commands :
information )
# who (to see users who are currently login and on which terminal they login)
# last (see the list of users who are login and logout since the /var/log/wtmp file was
created)
# lastb (to see the list of the users who tried as bad logins)
# lastreboot (to see all reboots since the log file was created)
# uptime (to see the information from how long the system is running, how many users login
and load average)
* The load average is from 1 sec : 5 secs : 15 secs
# du (to see the disk usage of the each file in bytes)
# uname -r (gives the current kernel version)
# last -x (It shows last shutdown date and time)
# last -x grep shutdown (only shutdown time shows ie., grep will filter the 'last -x' command)
* grep: It is used to search a word or sentence in file (ie., inside the file)
* find : It is used to search a command or file inside the system)
# cat /etc/shells or # chsh -l (to see how many shells that are supported by Linux)
/bin/sh -----> default shell for Unix
/bin/bash -----> default shell for Linux
/sbin/nologin -----> users cannot login shell
/bin/tcsh -----> c shell to write 'C++' language programs
/bin/csh -----> c shell to write 'C' language programs
# echo $SHELL (to see the current shell)
# chsh
New shell changed (But it will effect by restarting the server)
# date + %R (to display the time only)
# date + %x (to display the date only)
# history (to see the history of the commands)
#history -c (to clear the history)
# history -r (to recover the history)
* .bash_history is the hidden file to store the history of the user commands. By default history size is 1000.
# echo $HISTSIZE (to check the current history size)
# export HISTSIZE=500 (to change the current history size to 500 temporarily)
#export HISTTIMEFORMAT=" "%D" "%T" " (to display the date and time of each command temporarily)
# vim /etc/bashrc (open this file go to last line and type as follows to make history i
size date & time formats permanently)
HISTSIZE=1000
HISTTIMEFORMAT=' %D %T '
(save and exit the file and to update the effects by #source /etc/bashrc command)
# ~
34. How many types of the files are there? There are 7 types of files.
1. - -----> regular file
2. d -----> directory
3. c -----> character device file (Ex. console file, open and close terminals, ...etc.,)
4. b -----> block device file (Ex. device blocks like hard disks, CD/DVD disks)
5. s -----> socket file (programmers will deal this file)
6. p -----> pipe file (programmers will deal this file)
7. l -----> linked file (nothing but short cut file)
35. What are permission types available in Linux and their numeric representations? There are mainly three types of permissions available in Linux and those are,
read ----- r ----- 4 null permission ------ 0
write ----- w ----- 2
execute ----- e ----- 1
Permissions
|
File
|
Directory
|
r
|
Read a file Ex. # cat
|
Read a directory contents Ex.
ls /dir
|
w
|
Create, delete or modify the file contents
|
Create, delete or modify the files in a directory
|
x
|
Not required for file. It is required only for scripting files
|
Go to inside the directory
Ex. # cd /dir
|
36. What is syntax of chmod command with full options? # chmod
-v -----> verbose
-R -----> recursive (including sub directories and files)
To change the permissions the syntax is,
# chmod
other (o) equal (=) execute (1) or (x) "
37. What is the syntax of chown command with full options? # chown
-f -----> silent (forcefully)
-v -----> verbose
-h -----> no difference
-R -----> recursive (including sub directories and files)
-H -----> symbolic link to a directory (command line argument)
-L -----> symbolic link to a directory (all)
-p -----> do not traverse
# chown
38. What is syntax of chgrp command with full options? # chgrp
-f -----> silent (forcefully)
-v -----> verbose
-h -----> no difference
-R -----> recursive (including sub directories and files)
-H -----> symbolic link to a directory
-L -----> do not traverse-p -----> do not traverse
39. What are the default permissions of a file and directory? The default permissions of a file = 6 6 6
The default permissions of a directory = 7 7 7
40. What is umask in linux?The user file-creation mode mask (umask) is used to determine the file permissions for newly created files or directories. It can be used to control the default file or directory permissions for new files. It is a four-digit octal number. The umask value for normal user is 0002 and the umask value for root user is 0022. So, the effected file permissions for normal users = 6 6 6 - 0 0 2 = 6 6 4.
The effected directory permissions for normal users = 7 7 7 - 0 0 2 = 7 7 5.
The effected file permissions for root user = 6 6 6 - 0 2 2 = 6 4 4
The effected directory permissions for root user = 7 7 7 - 0 2 2 = 7 5 5
# umask
# source /etc/bashrc (to updated the source file)
# vim .bashrc (open this file in user's home directory and at last type as follows)
umask
* If the/etc/login.defs file is corrupted then new users will be added and can be assigned the passwords but users cannot login.
* If the /etc/login.defs file is deleted then new users cannot be added.
41. How change the permissions using numeric representation? The values for read = 4, write = 2, execute = 1 and null = 0. The total value = 4 + 2 + 1 = 7
# chmod
Example : # chmod 7 7 4 file1 (to give read, write and execute to owner and read, write
and execute to group and read permission to others)
# chmod 6 6 0 file2 (to give read and write to owner and read and write to group and null (0) permission to others)
42. Explain about set uid (suid)? If we plan to allow all the users to execute the root users command then we go for set uid (suid).
It can be applied for user level and is applicable for files only.
# chmod u+s
file)
- r w s r w x r w x
# chmod u+s /sbin/fdisk (then any user can run the fdisk command)
# strings
43. Explain about set gid (sgid)? If we plan to allow all the users of one group to get the group ownership permissions then we go for
set gid (sgid). It can be applied for group level and is applicable on directories only.
Example: # chmod g+s
44. Explain about sticky bit? It protects the data from other users when all the users having full permissions on one directory.
It can be applied on others level and applicable for directories only.
Example : # chmod o+t
r w x r w x r w t
45. What are the uses of passwd and shadow files? Passwd file : (i) When we create the user one entry is updated in password and shadow files.
(ii) It represents and tell about that user login name , uid, gid, default home directory of the use and
default shell.
(iii) So, using this file we can easily get users information.
Shadow file : (i) This file tells about the login id, user's encrypted password, password when last
changed, min. days the password valid, max. days valid, warning days, inactive days and expiry days.
(ii) If shadow file is missed or deleted we can recover those entries of shadow file using password file.
(iii) We can change the users encrypted passwords with the permissions of the higher authorities in
case of emergency.
46. What is the use of group? (i) In an organization the whole work is divided into departments for easy maintenance and easy administration.
(ii) For each department is also represented as group and that group having so many users to do
different works.
(iii) So, if we create one group and assign that group to all the users in that department, then we can
easily identify which user belongs to which group.
(iv) We can share files, directories and execute some programs to that group and also give permissions
to that group. So, each user of that group can easily share those directories and also can easily access, execute or even write in those shared files and directories.
47. Can we login to the user without password? Yes, we can login.
48. How to recover the root password if missed or deleted? RHEL - 6 : (i) Restart the system.
(ii) Select 1st option and press 'e'.
(iii) Select 2nd option and press 'e'.
(iv) At the end give one blank space and type 1 and press Enter key.
(v) Then press 'b' to boot the system in single user mode.
(vi) Then prompt appears and type # passwd root command.
New password : XXXXXX
Retype password : XXXXXX
(vii) Exit
(viii) Then system starts as usual.
RHEL - 7 : (i) Restart the system.
(ii) Using arrow keys select 1st line and press 'e' to edit.
(iii) Go to Linux 16 line press End key or Ctrl + e to go to the end of the line and give one space.
(iv) Then type as rd.break console=tty1 selinux=0 (v) Then press Ctrl + x to start the computer in single user mode.
(vi) After starting we get swith_root :/# prompt appears and then type as follows.
(vii) # mount -o remount, rw /sysroot and press Enter and then type as follows.
(viii) # chroot /sysroot press Enter.
(ix) Then sh - 4.2 # prompt appears and type as
(x) sh - 4.2 #passwd root
Retype password : XXXXXX
(xi) sh - 4.2 # exit (xii) switch-root :/# exit (xiii) Then the system starts and the desktop appears.
49. How to restrict the users from login? (i) By removing (deleting) the user we can restrict the user from login.
(ii) Put the user's hostnames as entries in /etc/hosts.deny file (applying TCP wrappers).
(iii) #passwd -l
50. How to put never expiry to a user? # passwd -x -1
51. Which one is the default sticky bit directory? /tmp is the default sticky bit directory.
52. What is the purpose of the profiles? (i) Profile is a file to enter some settings about users working environment. ie., we can set user home directory, login shell, path, ...etc.,
Profiles are two types.
(a) Global profile
(b) Local profile
Global profile : (1) Only root user can set and applicable to all the users.
(2) Only global parameters can entered in this profile.
(3) The location of the global profile is /etc/bashrc
Local profile : (1) Every user has his/her own profile.
(2) The settings entered in this profile are only for that user.
(3) The location of the profile is .bash_profile (hidden file) in that particular user's home directory.
53. Can we mount/unmount the O/S file system? No, we cannot mount or unmount the O/S file system.
54. How to find the users who are login and how to kill them? # fuser -cu (to see who are login)
#fuser -ck
55. what is Access Control List (ACL)?Define more access rights nothing but permissions to files and directories. Using Access Control list we assign the permissions to some particular users to access the files and directories.
ACL can cab be applied on ACL enabled partition that means you need to enable ACL while mounting
the partition.
56. How to implement ACLs?Create a partition and format it with ext4 file system.
Mount the file system with ACL.
Apply ACL on it.
Create a partition using # fdisk command.
Format the above partition with ext4 file system using # mkfs.ext4
Create the mount point using # mkdir /
Mount that file system on the mount point using # mount -o acl
Mount the partition permanently using # vim /etc/fstab (open this file and make an entry as
below)
If the partition is already mounted then just add acl after defaults in /etc/fstab file and execute
the below command # mount -o remount
57. How to check the ACL permissions? # getfacl
The options are, -d -----> Display the default ACLs.
-R -----> Recurses into subdirectories.
58. How to assign ACL permissions? # setfacl
-x -----> Removes an ACL.
-b -----> Remove all the ACL permissions on that directory.
-R -----> Recurses into subdirectories.
The arguments are, u -----> user
g -----> group
o -----> other
59. What is the syntax to assign read and write permissions to particular user, group and other? # setfacl -m u :
60. What is the syntax to assign read and write permissions to particular user, group and other at a time? # setfacl -m u :
# setfacl -x u :
61. How will you lock a user, if he enters wrong password 3 times? pam_tally.so module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail. Edit /etc/pam.d/system-auth file, enter:
(i) # vi /etc/pam.d/system-auth Modify as follows: auth required pam_tally.so no_magic_root
account required pam_tally.so deny=3 no_magic_root lock_time=180 account required pam_tally.so deny=3 no_magic_root lock_time=180 account required pam_tally.so deny=3 no_magic_root lock_time=180 account required pam_tally.so deny=3 no_magic_root lock_time=180 Where,deny=3 : Deny access if tally for this user exceeds 3 times.
62. How to see the no. of failed logins of the users?
# faillog -u
# faillog -a (to see failed login attempts of all users)
# faillog -M
# faillog -M 5 -u raju (to set Max. login failed attempts to 5 for user raju)
63. What is disk quotas and how to enable them?
By configuring the disk quotas we can restrict the user to use unlimited space on the file system andalso to restrict the unlimited files in the file system. We can configure the disk quotas in ways. They are,
(i) user quotas
(ii) group quotas
Steps to enable : First check whether the quota package is installed or not by # rpm -qa |grep quota command. If quota package is not Installed then install the quota package by # yum install quota* -y command. # quotaon (to enable the quota) # quotaoff (to disable the quota) # edquota (to edit or modify the quota) # repquota (to display or report the present quota) # quotacheck (to create a quota database) * quotas cab be applied on file systems only.
64. How to enable the user quota on a file system?
(i) Open the /etc/fstab
file by # vim /etc/fstab command and goto the mount point entryline and type a /dev/sdb1 /mnt/prod ext4 defaults, usrquota 0 0 (save and exit this file)
(ii) Update the quota on mount point by # mount -o remount, usrquota
(iii) Create the user quota database by # quotacheck -cu
(iv) Check whether the quota is applied or not by # mount command.
(v) Enable the quota by # quotaon
(vi) Apply the user quota for a user by # edquota -u
65. How to enable the quota on block level?
(i) Apply the user quota for a user by # edquota -eu
66. How to enable the group quota?
(i) Open the /etc/fstab file by # vim /etc/fstab command and goto the mount point entry line and type as, /dev/sdb1 /mnt/prod ext4 defaults, grpquota 0 0 (save and exit this file)
(ii) Update the quota on mount point by # mount -o remount, usrquota, grpquota
(iii) Create the user quota database by # quotacheck -cug
(iv) Check whether the quota is applied or not by # mount command.
(v) Enable the quota by # quotaon
67. How to change the password for multiple users at a time?
# chpasswd (to change multiple user's passwords)
No comments:
Post a Comment