User Management and Other command on Linux

#Creating a new system local user account:

The three most common methods of defining a Linux user and authenticating their logins are:

1. Local user authenticated locally with the password files /etc/passwd and /etc/shadow
2. Network authentication using an LDAP authentication server
3. NIS authentication server. To specify an NIS authentication server, use /etc/ypconf which contains the line: ypserver ip.address.of.server. Find with ypwhich

The following describes creating a local user:

Command Line Method: 

• useradd user_name : Add a user to the system. System uses configuration and security defaults set in /etc/default/useradd and /etc/login.defs
• useradd -m user_name : Add a user to the system and create a home directory populated with default files from /etc/skel/
• useradd -m user_name -G floppy : Will grant the user read/write privileges to the floppy (/dev/fd0) upon creation of user by adding user to group floppy in addition to the default group specified in /etc/default/useradd.
• useradd options:

  Option	Description
  -c	Adds a comment or description to the password record.
  -d HOME_DIR	Specify but don't create the user's home directory.
  -m	Create (if it does not already exist by appending username to "/home/") and specify this as the users home directory. Default files from /etc/skel/ will be placed in the users home directory. eg. ~/.bashrc
  -g	Initial (default) group
  -G grp1, grp2	Specify additional supplementary groups to which the user belongs.
  s	Specify default shell. Default is /bin/bash in most Linux distributions.

  See the useradd man page for a full list of options.

• userdel user_name : Delete user from system. Purges user from /etc/passwd, group and shadow files
• userdel -r user_name : Delete user and remove his home directory from the system. Other files will remain.
  [Potential Pitfall]: Use the command "df" to see if there are any mount points to the user's directory. If there are any, they will get wiped out with the recursive delete. Thus as a policy it is best to NEVER generate a mount point within a user's directory. It is best to mount to /mnt/mount-dir and use a sym-link (ln -s /mnt/mount-dir /home/user-name/mount-dir-local) to the user's directory. The default is to not follow symlinks during the delete.
• passwd user_name : Assign a password to the user. (Also see pwgen, a password generator)

//////////////////////// Restrict User/////////////////////

User limitations are set in the following files:

• File: /etc/security/limits.conf :
  • core - limits the core file size (KB)
  • data - max data size (KB)
  • fsize - maximum filesize (KB)
  • memlock - max locked-in-memory address space (KB)
  • nofile - max number of open files
  • rss - max resident set size (KB)
  • stack - max stack size (KB)
  • cpu - max CPU time (MIN)
  • nproc - max number of processes
  • as - address space limit
  • maxlogins - max number of logins for this user
  • priority - the priority to run user process with
  • locks - max number of file locks the user can hold
• File: /etc/security/access.conf :
  Limit access by network or local console logins.
• File: /etc/security/group.conf :
  Grant/restrict group device access.
  
  
• File: /etc/security/time.conf :
  Restrict user access by time, day.

#Operating as root: (System Administrator)

If you are planning to administer the system, one would login as root to perform the tasks. In many instances one would be logged in as a user and wish to perform some "root" sys-admin tasks. Here is how:

• Switch user account to root: Shell/command mode:
  su -
  and then you will be prompted to enter the root password.

#RDIST: Remotely distributing and installing software/filesThe command rdist helps the system administrator install software or update files across many machines. The process is launched from one computer.

• Command: rdist -f instruction-file

//////////Using the find command/////////////////

Find man page

• Search and list all files from current directory and down for the string ABC:
  find ./ -name "*" -exec grep -H ABC {} \;
  find ./ -type f -print | xargs grep -H "ABC" /dev/null
  egrep -r ABC *
• Find all files of a given type from current directory on down:
  find ./ -name "*.conf" -print
• Find all user files larger than 5Mb:
  find /home -size +5000000c -print
• Find all files owned by a user (defined by user id number. see /etc/passwd) on the system: (could take a very long time)
  find / -user 501 -print
• Find all files created or updated in the last five minutes: (Great for finding effects of make install)
  find / -cmin -5
• Find all users in group 20 and change them to group 102: (execute as root)
  find / -group 20 -exec chown :102 {} \;
• Find all suid and setgid executables:
  find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -ldb {} \; 
  find / -type f -perm +6000 -lsNote: suid executable binaries are programs which switch to root privileges to perform their tasks. These are created by applying a "sticky" bit: chmod +s. These programs should be watched as they are often the first point of entry for hackers. Thus it is prudent to run this command and remove the "sticky" bits from executables which either won't be used or are not required by users. chmod -s filename
• Find all world writable directories:
  find / -perm -0002 -type d -print
• Find all world writable files:
  find / -perm -0002 -type f -print
  find / -perm -2 ! -type l -ls
• Find files with no user:
  find / -nouser -o -nogroup -print
• Find files modified in the last two days:
  find / -mtime 2 -o -ctime 2
• Compare two drives to see if all files are identical:
  find / -path /proc -prune -o -path /new-disk -prune -o -xtype f -exec cmp {} /new-disk{} \;

////////////Finding/Locating files///////////////

locate/slocate	Find location/list of files which contain a given partial name
which	Find executable file location of command given. Command must be in path.
whereis	Find executable file location of command given and related files
rpm -qf file	Display name of RPM package from which the file was installed.

#File Information/Status/Ownership/Security:

ls	List directory contents. List file information
chmod	Change file access permissions chmod ugo+rwx file-name :Change file security so that the user, group and all others have read, write and execute privileges. chmod go-wx file-name :Remove file access so that the group and all others have write and execute privileges revoked/removed.
chown	Change file owner and group chown root.root file-name :Make file owned by root. Group assignment is also root.
fuser	Identify processes using files or sockets If you ever get the message: error: cannot get exclusive lock then you may need to kill a process that has the file locked. Either terminate the process through the application interface or using the fuser command: fuser -k file-name
file	Identify file type. file file-name

#Managing Time:

The BIOS computer clock stores hardware time while the OS keeps track of system time. The system time is initialized during boot by syncing OS time to the hardware time. It is common for web servers to set their clocks to GMT0 time as their audience is worldwide and GMT is the only true standard time. Your local office server would most likely be set to local time.

Read time:

• Read system time (Linux OS time):
  • date
• Read hardware clock (BIOS clock):
  • /sbin/hwclock
    (Same as /sbin/hwclock --show)
  • /sbin/hwclock --utc

//////////////You have new mail////////////////////

When you login, this message may greet you. The system will often send a mail message to the "root" user after the completion of some cron jobs, software installation or as an error message meant to alert the system administrator. Type the console command "mail". The following simple commands will help you navigate through this simple mail client.

Mail command	Description
?	List commands (Help)
h	Print mail headers
h 1	Print mail headers starting with message number 1
q	Quit and delete mail which has been viewed (typed)
x	Quit but save mail viewed.
t	Type (view) current message
t 4	Type out message 4 to the console
n	Type out next message
d	Delete the active message
d 4	Delete message number 4
d 1-4	Delete messages number 1 to 4

The "mail" command is included with the package "mailx". This is included with the default Fedora and Red Hat installations. Ubuntu users must include the "universe" repository to get access to the package "mailx".