0

LFCS Local system administration part 1

Welcome to post 26 of my 100 day challenge. Checkout my introduction for some background.

This is post ten of my LFCS series. This post is the first part of local system administration. In it we will discuss creating backups, restoring backups and user and group management.

You can go back to the overview post for a brief introduction or take a look at post one for instructions on setting up the exam practice system which I will be using throughout this series.

This post is quite long so you might want to set a side some time to go through it properly.

Local system administration part 1

Creating backups

Creating backups using either gzip or bz2. For more details of this please take a look at my article on file compression for more information regarding gzip and bz2.

Backup the /root/archive_test directory using gzip:

[root@Centosexamtest ~]# tar -czvf ~/archive_test.tgz archive_test/
archive_test/
archive_test/text2.txt
archive_test/text3.txt
archive_test/text1.txt

[root@Centosexamtest ~]# file archive_test.tgz
archive_test.tgz: gzip compressed data, from Unix, last modified: Wed Apr 29 17:03:36 2015

Backup the /root/archive_test directory using bz2:

[root@Centosexamtest ~]# tar -cjvf ~/archive_test.tbz2 archive_test/
archive_test/
archive_test/text2.txt
archive_test/text3.txt
archive_test/text1.txt

[root@Centosexamtest ~]# file archive_test.tbz2
archive_test.tbz2: gzip compressed data, from Unix, last modified: Wed Apr 29 17:21:53 2015

Restoring backups

Restore /root/archive_test using gzip:

[root@Centosexamtest ~]# tar -xzvf archive_test.tgz
archive_test/
archive_test/text2.txt
archive_test/text3.txt
archive_test/text1.txt

Restore /root/archive_test using bz2:

[root@Centosexamtest ~]# tar -xjvf archive_test.tgz
archive_test/
archive_test/text2.txt
archive_test/text3.txt
archive_test/text1.txt

Creating local user groups

Create a local user group called centostest:

[root@Centosexamtest ~]# groupadd centostest
[root@Centosexamtest ~]# cat /etc/group |grep centostest
centostest:x:505:

Give the group a password:

[root@Centosexamtest ~]# gpasswd centostest
Changing the password for group centostest
New Password: <strong>centostest</strong>
Re-enter new password: <strong>centostest
</strong>

Realistically assigning a password to a group is not useful. It is only really useful for someone with no access to a certain group as then they can be added to the group with the newgrp command.

Managing file permissions

Permissions have to be applied to every file and directory on a Linux system. Therefore each file and directory has a user and group assigned to it. For example lets take a look at the /root/archive_test directory for example. It is owned by user root and group root. But we can change the group to another:

[root@Centosexamtest ~]# ls -la |grep archive_test
drwxr-xr-x. 2 root root 4096 Apr 29 17:02 archive_test
-rw-r--r--. 1 root root 174 Apr 29 17:03 archive_test.tgz

[root@Centosexamtest ~]# chgrp centostest ./archive_test

[root@Centosexamtest ~]# ls -la |grep archive_test
drwxr-xr-x. 2 root centostest 4096 Apr 29 17:02 archive_test
-rw-r--r--. 1 root root 174 Apr 29 17:03 archive_test.tgz

We can also give the group centostest read, write and execute permissions to the archive_test directory:

[root@Centosexamtest ~]# chmod 755 archive_test
[root@Centosexamtest ~]# ls -la |grep archive_test
drwxr-xr-x. 2 root centostest 4096 Apr 29 17:02 archive_test
-rw-r–r–. 1 root root 174 Apr 29 17:03 archive_test.tgz

We can now create files with the root user or any user who is a member of the centostest group:

[root@Centosexamtest ~]# cd archive_test
[root@Centosexamtest archive_test]# echo "This is a test file by root." > root_text.txt
root@Centosexamtest /]# su centostest
[centostest@Centosexamtest archive_test]$ echo "This is a test file by centostest." > centos_test.txt
root@Centosexamtest archive_test]# ls -la
total 16
drwxrwx---. 2 root centostest 4096 Apr 29 17:54 .
dr-xr-xr-x. 23 root root 4096 Apr 29 17:52 ..
-rw-rw-r--. 1 centostest centostest 35 Apr 29 17:54 centos_test.txt
-rw-r--r--. 1 root root 29 Apr 29 17:44 root_text.txt
-rw-r--r--. 1 root root 0 Apr 29 17:02 text1.txt
-rw-r--r--. 1 root root 0 Apr 29 17:02 text2.txt
-rw-r--r--. 1 root root 0 Apr 29 17:02 text3.txt

Managing local users accounts

If you want to add users locally you can do it with the useradd command. Below is a table containing some of the most common switches:

Switch Explanation
-c or –comment Add a comment when creating the user.
-m or –create-home Specify the users home directory.
-s or –shell Specify the login shell the account should use. Default to /bin/bash if not specified.
-U or –user-group Tell the useradd command to create a group the same name as the user.

Add a user called mytest to the system:

[root@Centosexamtest archive_test]# useradd -c "my test" -s /bin/bash -m mytest
[root@Centosexamtest archive_test]# cat /etc/passwd |grep mytest
mytest:x:504:506:my test:/home/mytest:/bin/bash

Give the user a password:

[root@Centosexamtest archive_test]# passwd mytest
Changing password for user mytest.
New password: <strong>mytest</strong>
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password: <strong>mytest</strong>
passwd: all authentication tokens updated successfully.

Login with the user to test that it is working:

[root@Centosexamtest ~]# su mytest
[mytest@Centosexamtest root]$ id
uid=504(mytest) gid=506(mytest) groups=506(mytest) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Managing user accounts

Add user mytest to the centostest group:

[root@Centosexamtest ~]# usermod -g centostest mytest

Managing user account attributes

Get the available shells on your linux system with the chsh command:

[root@Centosexamtest ~]# chsh -l
/bin/sh
/bin/bash
/sbin/nologin
/bin/dash

Change the shell that mytest is using from bash  to dash:

[root@Centosexamtest ~]# usermod -s /bin/dash mytest
[root@Centosexamtest ~]# cat /etc/passwd |grep mytest
mytest:x:504:505:my test:/home/mytest:/bin/dash

Add user mytest to multiple groups

[root@Centosexamtest ~]# usermod -a -G mytest,centostest mytest
[root@Centosexamtest ~]# cat /etc/group |grep centostest
centostest:x:505:centostest,mytest

Password management

You can use the chage command to change the timeframe between password changes.

For example output the password information for the mytest  user:

[root@Centosexamtest ~]# chage -l mytest
Last password change : Apr 29, 2015
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

Lets change the expiry date of the mytest account to the 1st of May 2015 with a min days before change set to 15 and the max before change set to 25:

[root@Centosexamtest ~]# chage -E 2015-05-01 -m 15 -M 25 mytest
[root@Centosexamtest ~]# chage -l mytest
Last password change : Apr 29, 2015
Password expires : May 24, 2015
Password inactive : never
Account expires : May 01, 2015
Minimum number of days between password change : 15
Maximum number of days between password change : 25
Number of days of warning before password expires : 7

If we set the date of the last password change to 0 then the user mytest will be forced to change their password the next time that they login to this system.

[root@Centosexamtest ~]# chage -d 0 mytest
[root@Centosexamtest ~]# chage -l mytest
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : May 01, 2015
Minimum number of days between password change : 15
Maximum number of days between password change : 25
Number of days of warning before password expires : 7

Setting file permissions and ownership

Lets create a simple script in the home directory of mytest:

[mytest@Centosexamtest ~]$ cat &lt;&lt; MYSCRIPT &gt; myscript.sh
> #!/bin/bash
> whoami
> MYSCRIPT

Make the script executable and run it to see what the output is:

[mytest@Centosexamtest ~]$ chmod +x myscript.sh
[mytest@Centosexamtest ~]$ ll
total 4
-rwxr-xr-x. 1 mytest centostest 19 Apr 29 18:34 myscript.sh
[mytest@Centosexamtest ~]$ ./myscript.sh
mytest

Remove execution rights so the user cannot run it and assign execution rights to group centostest instead:

[mytest@Centosexamtest ~]$ chmod -x myscript.sh
[mytest@Centosexamtest ~]$ ll
total 4
-rw-r--r--. 1 mytest centostest 19 Apr 29 18:34 myscript.sh

[mytest@Centosexamtest ~]$ chgrp centostest myscript.sh
[mytest@Centosexamtest ~]$ ll
total 4
-rw-r--r--. 1 mytest centostest 19 Apr 29 18:34 myscript.sh

[mytest@Centosexamtest ~]$ chmod g+x myscript.sh
[mytest@Centosexamtest ~]$ ll
total 4
-rw-r-xr--. 1 mytest centostest 19 Apr 29 18:34 myscript.sh

Now anyone in the centostest group can execute the script but those not in the group cannot, except for the root user.

Checkout part 2 of LFCS local system administration tomorrow where we will discuss managing fstab entries, managing the startup process and related services, and managing user processes.

Subscribe to my feed either by E-mail or by RSS to receive updates as they happen.

Can you improve on any of the tips I’ve discussed here? If you can let me know in the comments.

Jason Edwards