Labs‎ > ‎Linux Labs‎ > ‎

Linux Lab 04 - Managing Users and Groups

Introduction

In this lab you're going to practice creating user accounts using multiple methods.  You will change settings on the user accounts, and create groups to organize the accounts.  Then you will use the accounts and groups to manage permissions to data.

Creating User Accounts

First we're going to create a user account using the useradd command.  Open the terminal and create a user account for Crystal Clear. Type sudo useradd -d /home/cclear/ -m cclear and hit enter. Look at the end of /etc/passwd and /etc/shadow to make sure the account was created.  Type tail -n 1 /etc/passwd and hit enter to see the last line of /etc/passwd.  Type sudo tail -n 1 /etc/shadow and hit enter to see the last line of /etc/shadow.  Adding the -d and -m will tell the useradd command to create the user's home directory.

Before we can use Crystal's account we need to set a password, type sudo passwd cclear and hit enter.  Enter P@ssw0rd for the password.  Switch to Crystal's account using the su command.  Type in su cclear and hit enter and use P@ssw0rd to sign in.  Notice when you're signed in with Crystal's account the working directory didn't change, but the way it's displayed does.  The tilde is no longer used since the working directory isn't Crystal's home directory.

Type in exit and press enter to log out of Crystal's account, Ctrl + D will do the same thing.  Now we're going to use the adduser script to add an account for Robin Graves.  Type in sudo adduser rgraves and hit enter.
  • Enter new UNIX password: P@ssw0rd
  • Retype new UNIX password: P@ssw0rd
  • Full Name []: Robin Graves
  • Room Number []: Do not enter anything
  • Work Phone []: Do not enter anything
  • Home Phone []: Do not enter anything
  • Other[]: Do not enter anything
  • Is the information correct? [Y/n] y

Next we're going to use the finger command to check settings on Robin's account.  Before we can use the finger command we need to install it, type in sudo apt-get install finger and press enter.  Use the finger command on Robin's account and check the accounts properties.  Type in finger rgraves and hit enter.  Notice you can see her home directory information as well as her default shell.

Managing Users and Groups

We created two accounts using different methods.  When we did this there are some differences in the way the accounts were created. Let's look at the last two lines of the /etc/passwd file, type in tail -n 2 /etc/passwd and hit enter.  Notice Crystal's account doesn't have a default shell set.

Let's set Crystal's account to use the bash shell by default.  Type in sudo usermod -s /bin/bash cclear and hit enter.  Then finger Crystal's account to make sure it worked.  Type in finger cclear and hit enter.

Crystal works in the HR department.  We need to create a group for the HR department and add her to it.  Type in sudo groupadd HR and hit enter.  Then add Crystal to the HR group by typing sudo usermod -G HR cclear and hit enter.  Finally make sure Crystal is a member of the group.  Type in groups cclear and hit enter. 

Modifying Permission and Ownership

Note: Information from this section is needed to answer lab question 3.
We're going to start off by creating a shell script, type in echo \#\!\/bin\/bash > HelloWorld.sh; echo echo Hello World >> HelloWorld.sh and hit enter.  Once the script is created try and execute it, type in ./HelloWorld.sh and hit enter. You'll receive an error message telling you permissions denied.  This is because we don't have the permission to execute it.  Type in ls -l HelloWorld.sh and hit enter.  You will see the permissions are rw-r--r--, we need to change the permissions to rwxr--r-- to add the execute permission.  Type in chmod u+x HelloWorld.sh and hit enter, this will add the execute permission to the user account.  Type in ls -l HelloWorld.sh and hit enter to verify the permissions changed, they should be rwxr--r--.  Try and run the script by typing ./HelloWorld.sh and hitting enter.  If everything was done right you should see a "Hello World" message.  

Now we're going to log into Crystal's account and try to run the script, type in su cclear and hit enter.  Login using P@ssword as the password.  Try to run the HelloWorld script by typing ./HelloWorld.sh and hit enter.  You will find out Crystal doesn't have permission to run it.  Logout of Crystal's account by typing exit and hitting enter, or press Ctrl + D.  We want to change the permissions so other can execute the script.  Currently the permissions are rwxr--r-- or 744.  (rwx = 4+2+1; r-- = 4+0+0)  We want to change the permissions to rwxr--r-x or 745 (r-x = 4+0+1), type in chmod 745 ./HelloWorld.sh and hit enter.  Now log back into Crystals account and try to run the script.  Type in su cclear and hit enter, then type ./HelloWorld.sh and hit enter.   If everything was done right you should see a "Hello World" message. Before you continue with the lab you will need to test something out here to answer question 4.  Once you have gathered the information you need to answer question 4 log out of Crystal's account by typing exit and hitting enter, or press Ctrl+D.

We're going to copy the script we created to Robin's home directory, type in sudo cp HelloWorld.sh ../rgraves and press enter.  Log in as Robin and switch to her home directory.  Type su rgraves and hit enter, then type cd and hit enter.  We want to see who owns the file, type in ls -l and hit enter.  Notice Robin does not own the file, we need to fix this.  Log out of Robin's account by typing exit and hitting enter or pressing Ctrl+D.  Change the owner of the file to Robin by typing in sudo chown rgraves /home/rgraves/HelloWorld.sh and hit enter.  Log back in as Robin and switch to her home directory.  Type su rgraves and hit enter, then type cd and hit enter.  Let's verify Robin owns the file, type in ls -l and hit enter.  You should see Robin's account listed as the owner of the file.

Now we want to lock down that file so only Robin can access it.  If you type in ls -l and hit enter you'll see the current permissions are rwxr--r--, we want to change that to rwx------ or 700.  Type in chmod 700 HelloWorld.sh and hit enter.  Type in ls -l and hit enter to verify the permissions were change to rwx------.  Make sure you can run the script by typing ./HelloWorld.sh and hit enter.  If everything was done right you should see a "Hello World" message.

Questions

Answer the lab questions

1 | 2 | 3 | 4 | 5