SM1: Open-source Operating Systems ASIX/DAW/DAM-1 Task A8: User and group management
 18-11-24

Task A8:  User and group Management

1- Deadline: 26-11-2024
2- Send your report as a PDF file attached to an e-mail with the following specifications:
    a) E-mail address: cf(at)collados.org or jordi.binefa(at)fje.edu depending who is your teacher
    b) File Names:
        b.1) ASIX1:
            asix1_surname_name_sm1act08.odt
            asix1_surname_name_sm1act08.pdf           
        b2.) DAW1:
            daw1_surname_name_sm1act08.odt
            daw1_surname_name_sm1act08.pdf                 
     c) Subject:
         c.1) ASIX1:
             asix1_surname_name_sm1act08
         c.2) DAW1:
             daw1_surname_name_sm1act08
3- Make this report individually.
4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font:Arial, b) Size: 10, c) Questions typeface: Bold, d) Answers typeface: Regular.
DOCUMENTATION

1- Introduction

On Linux:
    * A user is a real person or program which can access to some resources of a computer such as folders, files, programs, hardware and so on.
    * A group is a collection of users. Groups are used as a basis for determining file access permissions. It depends on your groups membership that you will be able to access or not to certain folders, files, hardware, databases and so on.

In order to define properly a new user, you must provide to the system some basic information. A system user will need:
 a) A username
 b) Usually, an encrypted password
 c) Most times (but it is not mandatory), a personal home directory where the user can store his/her/its personal data and personal configuration files and enviroment variables.
 d) A numerical value called  User IDentifier or UID associated with the username. The user will be identified by the system thanks to its UID rather than its username.
e) A default group. A user must be member of one or more groups. If a user is member of just one group, that group will be its default group. The group name must exist. Instead of a group name, you can write the unique number that identifies the group.
 f) A default shell, usually /bin/bash.
 g) Another additional characteristics like comments, expiry date, additional groups memberships and so on.
h) User environment variables. This variables are a tool to customize  how the user interacts with the system.  The value of an environment variable can for example be the location of all executable files in the file system, the default editor or browser that should be used, default language, colors used in the terminal,  location of some personal configuration files and folders,.....
i) An entry in files /etc/passwd and /etc/shadow where the vast majority of this information about the user is stored.

In order to define properly a new group, you must provide to the system some basic information. A system group will need:
 a) A group name.
b) A numerical value called  Group IDentifier or GID associated with the group name. The group  will be identified by the system thanks to its GID rather than its group name.
c)  Users which are member of that group.
h) An entry in files /etc/group and /etc/gshadow where all this information about the group is stored.

In order to configure and manage system users and groups, the Linux operating  provides you with a set of command-line utilities: a) useradd adds a new user account to the system, b) userdel deletes a user's account, c) usermod modifies a user's account, d) groupadd adds a new group to the system, e) groupdel removes a group and f) groupmod modifies a group.

The purpose of this exercise is:
     a) Firstly, to learn how to manage (add, delete and modify) user and group account on Linux.
     b) Secondly, we will study the main chararacterisitics  of  system user and groups, and how to modify these characteristics.
     c) Finally, we will study the contents of /etc/passwd, /etc/group and /etc/shadow.

2- mkpasswd

a) Descrition: The command-line utility mkpasswd encrypts a given password. This command is part of a package called whois. You have to install whois in order to install mkpasswd on your system.

b) Synopis: mkpasswd  PASSWORD

c) As a result, a encrypted version of PASSWORD will be displayed on screen

d) Example:
linux:~ #  mkpasswd   FjeClot@20
Ab1VoXikXZ6E2

3- useradd

a) Descrption: The useradd command adds a new user to the system. This command adds a new entry to /etc/passwd and /etc/shadow.

b) Synopsis: useradd   username  <options>

c) Important options:
        -u --> The  User IDentifier or UID. By default, will be the first free ID after the greatest used one.
        -g --> The group name or number of the user's default group (or primary group). The group name or number must refer to an already existing  group. If not specified, the default from /etc/default/useradd is used.
        -d --> This option specifies the user personal directory. If not specified, the default from /etc/default/useradd is used.       
        -m -->  If it does not exist, the home directory for the new user account will be created.
        -s --> Specify user's login shell. The default for normal user accounts is taken from /etc/default/useradd.
        -k --> The skeleton directory, by default /etc/skel, that contains files and directories to be copied in the user's home directory when the home directory is  created by useradd. This option is only valid if the -m option is specified.
        -G --> A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma.
        -p -->   Encrypted password as returned by mkpasswd.
d) Example:
If you want to add to the system a new user called tux,  with  the  following  characteristics: uid=1001, default group=users, personal directory=/home/tux, default shell=/bin/bashskeleton directory=/etc/skel, additional groups=adm,sys and password = Clot8Fje@9 ,  you should run the following single command:

useradd  tux  -u  1001  -g  users  -d  /home/tux  -m  -s  /bin/bash  -k  /etc/skel  -G adm,sys -p  $(mkpasswd  Clot8Fje@9)                         

4- userdel

a) Description: The useradel command deletes an user account.

b) Synopsis 1: userdel  username  ==> The user will be deleted but not its home folder. Entries in /etc/passwd, /etc/shadow and /etc/group will be deleted. Folder /home/username will not be deleted.

c) Synopsis 2: userdel  -r  username  ==>  The user will be deleted and its home folder as well. Entries in /etc/passwd, /etc/shadow and /etc/group will be deleted. Folder /home/username will be deleted.

d) Example: If you want to completely remove the user tux, you should run the following command: userdel  -r  tux  


5- usermod

a) Description: The usermod command modifies an user account.

b) Synopsis: usermod   <options>   username

c) Important options:
        -d --> This option specifies the new home directory of the user.
        -g --> The group name or number of the user's new default group.
        -p -->  An Encrypted new password.    
        -s --> Specifies an user's new login shell.
        -u --> Changes the  User IDentifier or UID.
        -a  -G  --> Adds a user to one or more groups       
       
d) Example 1: The following command changes the UID. The new UID  will be 590:
        usermod  -u  590  tux

e) Example 2: The following command changes the password. The new password will be ClotFJE@91:
        usermod  -p  $(mkpasswd ClotFJE@91)  tux

f) Example 3: The following command changes the UID and password. The new password will be ClotFJE@91 and the new UID will be 620:
        usermod  -p  $(master2013)  -u  620  tux

g) Example 4: The following command adds a user to a group. A user called tux will be added to a group called teachers if you run:
        usermod  -a  -G  teachers  tux

6- groupadd

a) Description: The groupadd command adds a new group. This command adds a new entry to /etc/groups.

b) Synopsis:    groupadd   <options>   group_name

c) Important options:
        -g --> The  Group IDentifier or GID. By default, will be the first free ID after the greatest used one.
        Remember: Last string is the group name.

d) Example: The following command adds a new group called students. The value assigned to GID will be 120.
        groupadd   -g   120   students

 7- groupdel

a) Description: The groupdel command deletes a group.

b) Synopsis: groupdel  group_name

c) Example: groupdel  students

d) Important: A user's default group (also called primary group) is not removeable. Delete the user or modify its primary group if you want to delete that group.

8- groupmod

a) Description: The groupmod command modifies a group using the values specified on the command line.This command modifies an entry in /etc/groups.

b) Synopsis: groupmod   <options>   group_name

c) Important options:
        -g --> Changes the  Group IDentifier or GID
        -n --> Changes the   group name

d) Example 1: The following command changes the GID. The new GID  will be 190:
        groupmod  -g  190  students

e) Example 2: The following command changes the group_name. The old group name is students.The new group name will be teachers:
        groupmod  -n  teachers students

9- gpasswd: Removing a user from a group. Adding a user to a group

a) If you are working with Debian or Ubuntu, you can remove a user from a group using the next command: gpasswd  -d  username  group_name

b) If you are working with Debian or Ubuntu, you can add a user to a group using the next command: gpasswd  -a  username  group_name

c) Example 1: The following command adds a user to a group. A new user called teacher02 will be added to a group called teachers if you run:
        gpasswd  -a  teacher02  teachers

d) Example 2: The following command deletes a user called teacher02 from a group called teachers:
        gpasswd  -d  teacher02  teachers

NOTE: Read the manual page of gpasswd (run man gpasswd) for any further information about this command.

10- members

a) Description: The members command outputs members of a group.

b) Important: The members command is not installed by default. Run as a root user aptitude  install  members in order to install members on your system.

b) Synopsis: members -a  group_name

c) Example:
        dacomo@debian8:~> members  -a  sudo
        dacomo
        dacomo@debian8:~>
        The only user member of sudo is dacomo
 
11- id

a) Description: The id  command shows the groups names and identifiers  a user is in.

b) Synopsis: id user_name

c) Example:
        dacomo@debian8:~> id dacomo
        uid=1000(dacomo) gid=1000(dacomo) groups=1000(dacomo),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),100(users),106(netdev),112(bluetooth),114(lpadmin),117(scanner),994(vboxsf)
        dacomo@debian8:~>
  
12- User files, groups and user passwords

a) The /etc/passwd file contains information about all system users. Here we find the username, password, UID, home directory, etc.. A typical line in /etc/passwd looks like :
dacomo:x:1000:100::/home/dai1:/bin/bash

Where the system stores a username, a password in plain text or a x if it is encrypted and saved in /etc/shadow special file, the user uid, the gid of the user primary default group, the user home directory and the shell that runs when user connects.


b) The /etc/group file contains information about all system groups. Here we find the group name, group password, GID, and a list of group members. A typical line in /etc/group looks like :
vboxusers:x:122:dacomo,asix,daw

Where the system stores a group name, a password in plain text or a x if it is encrypted and saved in /etc/gshadow special file, the group gid, and a list of group members.

c) For each line of /etc/shadow,  there is a username and the encrypted version of its password (and other items that do not concern us now).  If the password field contains  ! or *, the user will not be able to use a password to log in (but the user may log in the  system by other means).

d) For each line of /etc/gshadow, there is a group name and the encrypted version of the group password. Additionally, a  list of group members is stored for each group. If the password field contains  ! or *, users will not be able to  use a password to access the group (but group members do not need the password).

13- How to disable and lock users. How to enable and unlock users

a)  You need to use the usermod command to lock and disable a user account.
Exemple: usermod  -L  -e  1  fje   (After running this command, check the state of  the entry fje in /etc/shadow)

b) You need to use the usermod command to unlock and enable a user account.
Exemple: usermod  -U  -e  99999  fje  (After running this command, check the state of  the entry fje in /etc/shadow)

PRACTICAL EXERCISE


PART I - Working with commands
1- Install a package called whois on your system. This package contains mkpasswd, a command that provides encrypted versions of any given password.

2- Create a group called clot with GID = 3000. Look at changes at /etc/group. Check and show clearly that a new group called clot has been added to your system.

3- Add to the skeleton  the following directories: Desktop, Documents, Downloads, Public and Temporal.
4- Create a new user called clot, with the following characteristics: 
a) User identifier will be 3000
b) By default is member of the clot group
c) Home directory will be /home/clot
d) The default shell will be the bash program
e) The password (the version with no encryption  for the user) will be t4pMn#b@
f) Additionally, the new user will be member of vboxsf and cdrom  groups
g) /etc/skel will be the skeleton directory for the new user

5- Create a new user called fje, with the following characteristics: 
a) User identifier will be 3001
b) By default is member of the users group
c) The Home directory will be /home/fje
d) The default shell will be the bash program,
e) The password (the version with no encryption  for the user) will be  Bp4H#sKt
f) Additionally, the new user will be member of the vboxsf and audio groups.
g) /etc/skel will be the skeleton directory for the new user.

6- Do the following tasks:
    a) Look at changes at /etc/passwd and /etc/shadow. Check and show clearly that a new user called clot has been added to your system.
    b) Check that a new directory called /home/clot has been created on your system.
    c) Check the contents of /home/clot.

7- Working on terminal: Become clot and check now:
a) Show clearly your personal home folder now that you have become the clot user. Has it changed?. Why?
b) Show the groups  user clot is in. Is clot member of sudo?. Can run clot commands as a user with root privileges with the help of sudo?. Why?
c) Can create clot a new user?. Why?.

8- Create a new group called costumers with GID = 300. Look at changes at /etc/group. Check and show clearly that a new group called costumers has been added to your system.

9- Modify clot UID and change it to 2000. Look at changes at /etc/passwd. Check and show clearly that  user clot has been modified.

10- Add clot and fje users to the costumers. Look at changes at /etc/group. Check and show clearly that  users clot and fje have been added to the grup costumers.

11- Change clot default group to adm. Look at changes at /etc/passwd. Check and show clearly that  user clot has been modified. 

12- Change costumers GID to 300. Look at changes at /etc/group. Check and show clearly that  group costumers has been modified.

13- Show members of group costumers.

14- Modify clot's password. The new password will be tJEpcRom47@

15- Remove clot and fje from costumers. Look at changes at /etc/group. Check and show clearly that  users clot and fje have been removed from costumers.

16- Remove clot and his/her home directory. Check and show clearly that:
    a) User clot has been removed from /etc/passwd and /etc/shadow.
     b) Directory /home/clot has been removed from your system.

17- Remove costumers. Look at changes at /etc/group. Check and show clearly that  costumers has been removed from your system.

18- Disable and lock the fje user account. Try to gain access to the fje account. What happens?.

19- Enable and unlock the fje user account again. Try to gain access to the fje account. What happens?.

PART II - Checking the effects of being member of a group or not

a) Mount your 10GiB (11GB Volume) hard drive. We learned how to mount a hard drive in sm1act05.
b) Run the following commands with root privileges:
    sudo chmod -R 770 /media
    sudo chgrp -R users /media
c) Check that your user is member of a group called users with the help of the command id.
d) Gain access to the 11GB Volume and create a new file called test. Have you experienced any problem. Why? (Write the appropiate sentence according to the question asked)
e) Remove your user from the group users wit the help of gpasswd. Afterwards logout and login again on the system. Check that your user is no member of users any longer.
f) Can you gain access to the 11GB Volume. Why? (Write the appropiate sentence according to the question asked)
g) Add  your user to the group users wit the help of gpasswd. Afterwards logout and login on the system. Check that your user is member of users again.
h) Gain access to the volume and create a new file called test01. Have you experienced any problem?.Why? (Write the appropiate sentence according to the question asked)
i) What is the effect of adding users to/deleting user from a group?