logo © 1996 Phil Waclawski
Felitaur Site
Offerings
About Me
Crafts
Services
ftp files
Help Files
What's New?
Home Page
Other Links
Anatomy &
Physiology
Arthropods
Biology
Computers
Ferrets
Fun Links
Internet
Linux
S.C.A.
Win 95/NT
Comments or
Suggestions
webmaster@ felitaur.com
   
USER/GROUP Assignment
Lecture Overview Index | Linux SysAdmin Homepage

NOTE: Most of the commands you will need, along with information resources for this assignment are on Managing Users and Groups

Purpose:
To gain an understanding of the commands, directories and configuration files that are used when creating new users and controlling their access on the server.

Commands you will use:
vi
mkdir
cd
cp
ls
ln -s
chmod
chgrp
groupadd
useradd
userdel -r (if you goof)
passwd
visudo
sudo

Requirements:

  1. Remember to add the line:
    CREATE_MAIL_SPOOL=yes
    to the file /etc/default/useradd
  2. Create the following groups using groupadd -r (so that they are system level groups)
    • account
    • adm (already exists)
    • backup
  3. When you create new users, you can use a different "template" directory to create each one.
    • For the accountants (group account), use the default /etc/skel which should have
      • a symbolic link to the directory /opt/acctsrecv
        (NOTE: Before you can put the link in /etc/skel you need to go to /opt and create the directory,then have the group changed to account, and then set so the owner and group have rwx access, but no access for anyone else, then go BACK to /etc/skel and make the link)
      • a file called ethics.txt (with some sage advice inside)
      • a directory called "work"
      • a directory called "audits"
    • For the administrators (group adm) create a directory in /etc called "adm" which should contain
      • a file called "badusers.txt"
      • a directory called "www"
      • In that directory www place a file called "bofh.html"
    • For the backup group, create a directory in /etc called "backup" which contains:
      • a file called backuprules.txt
    • NOTE: You should also copy the .bashrc and .bash_profile and .bash_logout files in /etc/skel to the other two "skeleton" directories you have just made, and, for the adm group, go into /etc/adm and edit the .bash_profile file to add /sbin and /usr/sbin to their path.
  4. Now create two users each for the adm, account and backup groups, using the appropriate skeleton directory.
    For example: useradd -g groupname username (For accountants use account)
    For others use useradd -m -k /etc/backup(or adm) -g groupname username
    (Please replace groupname and username with the appropriate value, and make sure /etc/whatever matches the proper skel directory (backup for backup users, adm for administrators and skel for accountants)
  5. Now use the passwd command to give each user a passwd.
  6. Now add the users to the appropriate groups in the /etc/group file
  7. Using visudo, give the different groups permissions to run commands as follows
    • account group: None, we don't want accountants messing with the system ;)
    • backup group:
      • mount /dev/cdrom /mnt
      • umount /mnt
      • systemctl poweroff and systemctl reboot
      • tar
    • adm (administrator) group:
      • systemctl poweroff, systemctl reboot
      • useradd, userdel, usermod
      • groupadd, groupmod, gpasswd
      • passwd (but NOT the root password)
        /usr/bin/passwd [!-]*,!/usr/bin/passwd root
        or better /usr/bin/passwd [A-z0-9]*, !/usr/bin/passwd root*
      • systemctl restart cups, ,lpq,lprm

Advice:

  1. Create the groups
  2. Create the three "Skel" directories and files first (including the /opt/acctsrecv directory)
  3. You will need to use userdel -r if you make a mistake. Just deleting the users home directories will cause a mess.