Posts

Showing posts with the label etc/passwd

LPI E - skel default

Take Control of Your User Creation Process with useradd's -k Option The -k option on the useradd command allows you to specify a different SKEL directory than the default one when creating a new user account. The SKEL directory is the skeleton directory that contains default files and directories that will be copied to the new user's home directory when the user account is created. By default, the SKEL directory is usually set to /etc/skel/, but if you use the -k option, you can specify a different directory that contains the default files and directories that are appropriate for the new user's job function. For example, if you have users with different roles, such as developers, designers, and managers, each group may require different default files and directories. By using the -k option with a different SKEL directory for each group, you can create new user accounts with the appropriate default files and directories for their job function. Scenarios Scenario: A company h...

LPI E - useradd cmds

The Linux Accountant Useradd is a powerful command-line tool that allows system administrators to create new user accounts and set up their user environment. In this blog post, we will also cover some of the other useful commands that system administrators can use to manage user accounts on a Linux system.   To create a new user account with a specific username and home directory: useradd -m -d /home/newuser -s /bin/bash newuser To create a new user account with a specific UID and GID: useradd -u 1001 -g 1001 newuser To create a system user account without a home directory: useradd -r -s /bin/false daemon To create a new user account with a specific expiration date: useradd -e 2023-12-31 newuser To create a new user account with a specific password: useradd -m -p $(openssl passwd -1 password) newuser To create a user with a username that contains characters that are not allowed by default, you can use the --badname option useradd --badname joe_schmoe! The following comman...

getent commands

getent The Key to Advanced Linux Security Management and Protection Scenario for a system administrators The getent command in Linux is used to retrieve information from various sources like /etc/passwd, /etc/group, or LDAP servers. It can be very helpful in situations where system administrators need to quickly access information about users, groups, or other network entities. To list all users and their home directories: $ getent passwd | awk -F: '{print $1 ":" $6}' To list all groups and their members: $ getent group | awk -F: '{print $1 ":" $4}' To list all hosts and their IP addresses: $ getent hosts List all users and their encrypted passwords stored in /etc/shadow: $ sudo getent shadow Check if a specific user exists in the system: $ getent passwd username Check if a specific group exists in the system: $ getent group groupname List all the hosts in /etc/hosts: $ getent hosts List all network protocols supported by the system:...

Beyond Root Access

User Group Security Showdown A Deep Dive into User Group Security for Linux Network Administrators Introduction Brief overview of the three group methods (UPGs, Wheel, and users) Mention of the importance of security in a networked environment User Private Groups (UPGs) Benefits of UPGs in terms of security (e.g. each user has their own private group) Specific examples of Linux distributions that use UPGs by default (e.g. Ubuntu) Potential vulnerabilities with UPGs, such as if the root user is added to the same group as a regular user, giving that user access to sensitive files and commands How an attacker may view UPGs as a potential vulnerability if they can exploit a user with elevated privileges in their own UPG to gain access to other parts of the system Wheel Explanation of the Wheel group and its purpose as a way to grant administrative access to certain users Potential vulnerabilities with Wheel, such as if too many users are added to the group or if the group is not properly c...

LPI E - Security Test 4

LPI Linux Essentials Knowledge Domain Topic 5:  Security and File Permissions Practice Test Questions #4: 1. What is the purpose of having separate user accounts for each individual who uses a computer in a Linux networked environment?     a) To create unnecessary complexity     b) To grant selective access to files or services     c) To increase system performance     d) To reduce storage requirements /* --------------------- */ -------------------------- 1 Answer Below:  -------------------------- /* --------------------- */ Explanation: Having separate user accounts for each individual who uses a computer allows for greater control over which files and services are accessible to each user. This can improve security and prevent accidental changes to critical files or services. It also allows for better accountability, as it is easier to track who made changes to the system if each user has their own account. Incor...

LPI E - Security Test 3

LPI Linux Essentials Knowledge Domain Topic 5:  Security and File Permissions Practice Test Questions #3: 1. Which command is used to escalate privileges to root?     a) sudo     b) su     c) ssh     d) scp /* --------------------- */ -------------------------- 1 Answer Below:  -------------------------- /* --------------------- */ Explanation: The su command is used to escalate privileges to root in most Linux systems. 1. Answer: b) su 2. What is the recommended way to switch to another user?     a) Using su command     b) Logging in from another system     c) Logging in over the network     d) All of the above /* --------------------- */ -------------------------- 2 Answer Below:  -------------------------- /* --------------------- */ Explanation: While the su command can be used to switch to another user, it is not the recommended way. It is reco...

LPI E - Security Test 2

LPI Linux Essentials Knowledge Domain Topic 5:  Security and File Permissions Practice Test Questions #2: 1. Which of the following shells is the default login shell on most Linux distributions? a) C shell b) Korn shell c) Bourne Again Shell d) Z shell /* --------------------- */ -------------------------- 1 Answer Below:  -------------------------- /* --------------------- */ Explanation: While other shells like the C shell, Korn shell, and Z shell may be available on Linux, the default login shell is bash. 1. Answer: c) Bourne Again Shell. The default login shell on most Linux distributions is the Bourne Again Shell, or bash. 2. Which command is used to change the login shell for a user account? a) chlogin b) chsh c) chshl d) chshell /* --------------------- */ -------------------------- 2 Answer Below:  -------------------------- /* --------------------- */ Explanation: The chsh command is used to change the login shell for a...