Linux Accounts

• A Linux account is a unique user identity that grants access to a Linux system.

• It consists of a combination of a username, password, user ID (UID), group ID (GID), and associated permissions that define the user's ability to interact with the system.

• Every user in Linux has an associated account.

• Information about a user is stored in /etc/passwd file.

    [~]$ cat /etc/passwd
  

• Information about groups is stored into /etc/group file.

    [~]$ cat /etc/group
  

Break down of User Accounts

• Each user has a username, a unique ID (UID), group ID (GID) (of the group they are part of) assigned to them.

• A user can be part of multiple groups.

• When the user is created and no group is specified, it assigns the user to a group with the same ID and name as the user ID. That’s the primary GID of the user.

• The user account also stores information about the home directory and the default shell of the user.

• id <username>: It lists the username, UID, GID and the groups user is part of.

    [~]$ id michael
  
    uid=1001(michael) gid=1001(michael)groups=1001(michael),1003(developers)
  

• More details about the user account can be found in /etc/passwd eg. default shell, home directory.

    [~]$ grep -i michael /etc/passwd
  
    michael:x:1001:1001::/home/michael:/bin/sh
  

Types of Linux Accounts

1. User Accounts:

   • These accounts are created for individuals or applications that need access to the Linux system.

   • They have a dedicated home directory created inside /home.

   • Examples: Regular user accounts created by an administrator or through the system’s user management tools.

   • Example: rohit, michael

2. Superuser Accounts:

   • A superuser account is the root which has the UID 0.

   • The superuser has unrestricted access and control over the system.

   • Example: root

3. System Accounts:

   • These accounts are created for running system services or processes during OS installation. They are often not used for logging in directly.

   • UID for system accounts are usually under 100 or between 500-1000.

   • They do not have a dedicated home directory and even if they do, the home directory is not created under /home.

   • Examples: ssh, mail

4. Service Accounts:

   • Service accounts are similar to system accounts and are created when services are installed in Linux.

   • Example: nginx service makes use of a service account called nginx.

Commands

• id <username>: To lists the username, UID, GID and the groups user is part of.

    [~]$ id michael
  
    uid=1001(michael) gid=1001(michael) groups=1001(michael),1003(developers)
  

• who: To see the list of users currently logged.

    [~]$ who
  
    bob pts/2 Apr 28 06:48 (172.16.238.187)
  

• last: Displays the record of all logged-in users along with the date and time when the system was rebooted.

    [~]$ last
  
    michael    :1    :1                      Tue May 12 20:00 still logged in
    sarah      :1    :1                      Tue May 12 12:00 still running
    reboot     system boot 5.3.0-758-gen     Mon May 11 13:00 - 19:00 (06:00)
  

Switching users

• su: To switch to any user.

    [~]$ su –
      Password:
  
    root ~#
  

• su -c <command>: To run a specific command you can use su -c "whoami" (This is not recommended way)

    [michael@ubuntu-server ~]$ su -c "whoami"
      Password:
    root
  

• sudo: To run a command as a root user (recommended).

    [michael@ubuntu-server ~]$ sudo apt-get install nginx
    [sudo] password for michael:
  

SUDO

• Users listed in /etc/sudoers file can make use of sudo command for privilege escalation.

    [~]$ cat /etc/sudoers
  

• To restrict anyone from directly login as root login, this can be done by setting nologin shell.

    [~]$ grep -i ^root /etc/passwd
    /root:x:0:0:root:/root:/usr/sbin/nologin
  

  

---

Access Control Files

• Access Control files are stored under /etc directory.

• It can be read by anyone and can be only edited by root user.

• The access control files are not allowed to modified using a text editor. To add or modify the access, use the built-in commands.

Types of Access Control Files

1. /etc/passwd (password file):

   • Contains detailed information of one’s account i.e. username, UID, GID, home directory, and shell.

   • This file does not save or store any passwords.

       [~]$ grep -i ^bob /etc/passwd
       bob:x:1002:1002::/home/bob:/bin/sh
     
       USERNAME:PASSWORD:UID:GID:GECOS:HOMEDIR:SHELL
     

2. /etc/shadow:

   • Passwords are stored under this file.

   • The contents of this file are hashed.

       [~]$ grep -i ^bob /etc/shadow
       bob:$6$0h0utOtO$5JcuRxR7y72LLQk4Kdog7u09LsNFS0yZPkIC8pV9tgD0wXCHutY
       cWF/7.eJ3TfGfG0lj4JF63PyuPwKC18tJS.:18188:0:99999:7:::
     
       USERNAME:PASSWORD:LASTCHANGE:MINAGE:MAXAGE:WARN:INACTIVE:EXPDATE
     

3. /etc/group:

   • This file stores information about all user groups on the system, such group name, GID and members.

       [~]$ grep -i ^bob /etc/group
       developer:x:1001:bob,sara
     
       NAME:PASSWORD:GID:MEMBERS
     

---

User Management

• useradd <username>: To create a new user in the system.

    $ sudo useradd bob
  

• passwd <username>: To set the password for the user.

    $ sudo passwd bob
  

• whoami: To check the uid or username of the user logged in.

    $ whoami
    bob
  

• passwd: To change the own password for the user.

    $ passwd
  

• useradd command be used along with many attributes as show below.

    $ useradd -u 1009 -g 1009 -d /home/robert -s /bin/bash -c "Mercury Project member" bob
  
    $ id bob 
    uid=1009(bob) gid=1009(avenger) groups=1009(avenger)
  
    $ grep -i bob /etc/passwd
    bob:x:1009:1009:Mercury Project member:/home/bob:/bin/bash
  

  • -c = custom comments

  • -d = custom home directory

  • -e = expiry data

  • -g specific GID

  • -G = create user with multiple secondary groups

  • -s = specify login shells

  • -u = specific UID

• userdel <username>: To delete a user account.

    $ userdel bob
  

• groupadd –g <custom-GID> <group-name>: To add a new linux group.

    [~]$ groupadd –g 1011 developer
  

• groupdel <group-name>: To delete a group.

    [~]$ groupdel developer
  

---

File Permissions and Ownership

Linux File Permissions

• ls command can be use to determine the type of file.

    $ ls -l bash-script.sh
    -rwxrwxr-x 1 bob bob 89 Mar 17 01:35 bash-script.s
  

  • The first letter of the first column (-) in the listing from ls -l command indicated the file type.

• Other characters such as rwx in the first column describes the file permissions in Linux.

• These characters can be broken down as the owner permissions, group permissions and permissions for others.

• First three characters after the file identifier are the permissions for the owner of the file denoted by the letter u.

• The next three characters are permissions for the group owning the file denoted by g.

• The last three characters are the permissions for all other users, denoted by o.

• With directory, the same set of permissions are applicable as of files.

Note:

• In Linux, the system identifies the user trying to access the file or directory and checks the permission sequentially.

• If the user trying to access is the owner, the owner’s permissions for the file are applied and the rest is ignored.

• Similarly, if the user is not the owner but part of the group, only the group permissions are applied, the others are ignored.

Octal Values

• The rwx permissions can be represented by a three digit numeric value in octal notation and each notation has a corresponding value.

Modifying File Permissions

• chomd <permissions> file: To modify the permissions of a file.

• Permission can be modified in two ways, symbolic mode and numeric mode.

Symbolic mode

• In symbolic mode, the first character following the chmod command specify whose permission we want to alter or change.

  u = user

  g = group

  o = other

  + = grant access

  - = revoke existing access

    $ chmod u+rw test-file        # provide full access to owner
  
    $ chmod ugo+r-x test-file     # provide read access to owner, group and others, remove execute access
  
    $ chmod o-rwx text-file       # remove all access for other 
  
    $ chmod u+rwx,g+r-x,o-rwx test-file    # full access for owner, add read, remove execute for group and no access for others
  

Numeric Mode

• In numeric mode, we have to specify the permission to be updated in three digit octal values.

• The first of the three digit value is the permission for the owner, next is for the group and last digit is for the others.

    $ chmod 777 test-file         # provide full access to owners, group and others
  
    $ chmod 555 test-file         # provide read and execute access to all
  
    $ chmod 660 test-file         # procide read and write access to owner, group and no access to others
  
    $ chmod 750 test-file        # full access to owner, read and execute for group and no access for others
  

Change Ownership and Group

• chown owner:group file: To change the ownership and group of a file.

    $ chown rohit:developer test-file        # changes owner to rohit and group to developer
  
    $ chown rohit android.apk                # changes just the owner of the file to rohit and group is unchanged
  
    $ chgrp android test-file                # change the group for the test-file to the group called android
  

---

SSH and SCP

SSH

• SSH is used for logging into and executing commands on a remote computer.

• ssh <hostname OR IP address>: To login to the remote server with hostname of IP address.

    $ ssh <hostname OR IP address>
  

• sh <user>@<hostname OR IP address>: To login to the remote server with specific username and password.

  -l attribute can also be used.

    $ ssh <user>@<hostname OR IP address>
  
    $ ssh –l <user> <hostname OR IP Address>
  

Password-Less Authentication

• Password-less authentication is an authentication method via SSH Keys / key-pair (private key + public key) in order to login to the remote server without password.

  

• How Password-less Authentication Works

  1. Create a key-pair on the client:

     • Use ssh-keygen command to generate key-pair:

         $ ssh-keygen –t rsa
       

     • Public and Private key are stored at below location.

       • Public key: /home/rohit/.ssh/id_rsa.pub , extension .pub.

       • Private key: /home/rohit/.ssh/id_rsa, no extension.

  2. Copy public key to the remote server:

     • For this, make use of ssh-copy-id <user>@<hostname OR IP address> command, and after running this command it asks for the password:

     • This command copies the public key on a remote server in a special file called as authorized_keys at /home/rohit/.ssh/authorized_keys location on remote server.

         $ ssh-copy-id username@server_ip_or_hostname
       

     • Now, we can login to remote server without password.

  3. Test the SSH Connection:

     • Now, we can login to remote server without password., log in to the server to verify password-less authentication:

         $ ssh username@server_ip_or_hostname
       

SCP

• SCP stands for Secure Copy Protocol is a command-line tool that allows to copy or transfer data over SSH between a local system and a remote system, or between two remote systems.

• The basic syntax of the SCP command is:

    $ scp [options] source destination
  

  • source: The path of the file or directory to copy.

  • destination: The target location where the file or directory will be copied.

Common SCP Options

Examples

• To copy a compressed file to a remote server

  • devapp01 = hostname of remote server

    $ scp /home/rohit/caleston-code.tar.gz devapp01:/home/rohit

• To copy a directory to a remote server:

  • -r = to copy directory

  • -p = to preserve the ownership and permission of the source file

    $ scp –pr /home/rohit/media/ devapp01:/home/rohit

---

IPTables

---

Cronjobs

• A cron job is a scheduled task in Linux that is executed automatically at specified intervals without any human intervention (uses crond service or cron daemon).

• It is widely used for automating repetitive tasks, such as system maintenance, backups, monitoring, and updates.

Components of Cron Jobs

1. Cron Daemon (crond service):

   • The background process that manages and executes scheduled tasks.

   • It starts automatically on system boot.

2. Cron Table (crontab):

   • A configuration file where you define the tasks and their schedules.

   • Each user can have their own crontab file.

   • System-wide cron jobs are stored in /etc/crontab or /etc/cron.d/.

Crontab Syntax

* * * * * command_to_execute
- - - - -
| | | | |
| | | | +---- Day of the week (0 - 7, where both 0 and 7 mean Sunday)
| | | +------ Month (1 - 12)
| | +-------- Day of the month (1 - 31)
| +---------- Hour (0 - 23)
+------------ Minute (0 - 59)

Setting Up Cron Jobs

1. Edit the Crontab File: To edit the crontab file for the current user

    $ crontab -e
   

   • This opens the crontab file in the default editor (e.g., vi or vim).

2. View Existing Cron Jobs: To list all cron jobs for the current user

    $ crontab -l
   

3. Remove Cron Jobs: To remove all cron jobs for the current user:

    $ crontab -r
   

4. Display last time edited the crontab file:

    $ crontab -v
   

5. Check if the job executed successfully: Inspect the log file

    $ tail /var/log/syslog
   

Examples of Cron Job Scheduling

Note:

• Do not use sudo in the crontab command, it will run the job as a root user and not the current user.