User management is a fundamental concept in any operating system and information systems in general. Linux operating system keeps a specific user hierarchy divided in groups and permissions. Those permissions can be divided in two categories. The first is the file permissions , this is quite obvious because Linux is a "file-centric" operating system. The second is the sudo permission which will be analyzed further. On top of this hierarchy we find the user named "root". root user is the absolute administrator of the operating system with read write and execute permissions on every single file and control permissions on every single service/process. But don't forget that great power always comes with great responsibility, so basic security guidelines recommend to restrict root user as much as possible usually by preventing ssh access, avoiding running potentially insecure services as root or working in command line as a root user.
Users and Groups
Starting with the basics lets see the add/remove users procedures and the groups. You can add the user named penguin by giving the following command:
#useradd penguin
Of course we'll need a password for this user as well so:
#passwd penguin
This command will prompt you to give desired password twice for confirmation.
Then we may like to add this user on a specific group named operators:
#usermod -a -G operators penguin
Now you can open the file /etc/passwd and observe that there's a line appended at the end containing the username we've just created followed by a couple of numbers representing the user id and the group id of this user. By default when you create a user a group with the same name is created as well, and you can confirm this by observing the file /etc/group where respectively you'll find a line containing the group name and the group id.
Another interesting file to observe is at /etc/shadow. Here you'll find all the usernames of the system followed by a specific string. This string contains a cryptographic hash of the password of the respective username.
To know thyself
A phrase that puzzled a lot of philosophers and thinkers dating back in ancient Greece. But in our case in a Linux OS environment things are much simpler, where the commands
#whoami
returns the name of the user we're currently logged in
#who
returns all the names of the currently logged in users
The magic word
The magic word was mentioned earlier in the prologue and is SUDO. "sudo" command allows a non-root user to perform privileged operations such as restarting system services or reading files owned by root. You can do this by simply giving sudo before any command eg:
#sudo systemctl restart sshd
Of course this command alone can not have any results if the user is not declared as a privileged user, commonly known as sudoer. So how you give the power to a user to be a sudoer ? Most systems have a sudo group by default. So if you have root privileges you can simply add this user to sudo group as described above. However if you're on a distro or a system that does not have a sudoer group, you can simply create a group as described above and configure it as a sudo group. To make a simple group a sudoer group you can give:
#visudo
This command will open the /etc/sudoers file which keeps information about sudo access. There you can append the following line:
%operators ALL=(ALL) ALL
and in that way you transform the operator group we created before, to a sudoer group.
Navigating between users.
At last if you own more than one user you can change between them by giving
#su - username
of course you'll be asked for the targeted user's password.
No comments:
Post a Comment