UNIT III

SYSTEM ADMINISTRATION

Linux File Security :

Every Linux system have three types of owner:

1. User: A user is the one who created the file. By default, whosoever, creates the file
becomes the owner of the file. A user can create, delete, or modify the file.

2. Group: A group can contain multiple users. All the users belonging to a group have
same access permission for a file.

3. Other: Any one who has access to the file other than user and group comes in the
category of other. Other has neither created the file nor is a group member.

Users and groups can be locally managed in /etc/psswd or /etc/group.

Syntax:

1. ls -lh
Listing User Accounts

To know the local users account, following command can be used. It list out all the local
users from the system.

Syntax:

1. cut -d: -f1 /etc/passwd | column

Linux chgrp: change group

The chgrp command can be abbreviated as change group. You can change the group owner
of the file using chgrp command.

Syntax:

1. chgrp <newGroup> <fileName>

Example:

1. chgrp php file

Look at the above snapshot, earlier 'file' group was sssit. But after passing the command
"chgrp php file" , we have changed the group to php (we have highlighted php just to show
you).

Linux chown: change owner

Command chown is used to change the owner of the file.

Syntax:

1. chown <newOwner> <fileName>

Example:

1. chown jtp list

Look at the above snapshot, we have changed the owner of the file list from sssit to jtp.

Command chown can also be used to change both user owner and group.

Syntax:

1. chown <newOwner:newGroup> <fileName>

Example:

1. chown jtp:php msg.txt

Look at the above snapshot, both user owner and group are changed to jtp and php
respectively.

List of Special Files

When we type ls -l command, ten characters are displayed before user owner and group. First
character tells us about the type of the file.

Following are the file types:

First Character File Type

- Normal file

d Directory

l Symbolic link

p Named pipe

b Blocked device

c Character device

s Socket

Examples of file type:

Look at the above snapshot, first letter c denotes the character device and b denotes the
blocked device.
Look at the above snapshot, first letter (-) denotes the normal file and d denotes the directory.

Linux chgrp Command | Linux Change Group

Linux chgrp command is used to change the group ownership of a file or directory. In the
Linux file system

, each file is related to corresponding owner and group, and has read, write, and execute
permission.

Syntax:

1. chgrp [OPTION]... GROUP FILE...

2. chgrp [OPTION]... --reference=RFILE FILE...

Options:

The chgrp command supports the following command-line options:

-c, --changes: It is like 'verbose' option but, it is reported only when a change is made.

-f, --silent, --quiet: It is used to suppress most error messages.

-v, --verbose: It is used to display a diagnostic for every file processed.

--dereference: It is used to affect each symbolic link's significance, rather than the symbolic
link itself.
-h, --no-dereference: It is used to alter the symbolic links instead of any referenced file

--no-preserve-root: It is used for not treating the '/' especially.

--preserve-root: It is used when the default command is failed to operate recursively on '/.'

--reference=RFILE: It is used to use RFILE's group rather than a specific group.

-R, --recursive: It is used to operate on files and directories recursively. The option specifies
the traversing of the '-R' option.

-H: It is used to traverse a symbolic link to a directory.

-L: It is used to traverse every symbolic link to a directory encountered.

-P: If this option is specified, it will not traverse any symbolic links (default)

--help: It is used to display the help manual having the brief information of supported
command-line options.

--version: It is used to display version information.

Examples of the chgrp Command

Let's see the following examples of the chgrp command:

● Change the group ownership of a file

● Change the group ownership of a folder

● Recursively change the group ownership of a folder and its contents

● Change group by using the group name of a reference file

Change the Group Ownership of a File

We can change the group of any specific file. To change the group ownership of a file,
execute the command as follows:

1. sudo chgrp javatpoint Demo1.txt

The above command will change the group of file 'Demo1.txt' to Javatpoint. Consider the
below output:

As we can see from the above output, the 'groups' command

is used to list the available groups in the system. And, the 'chgrp' command executed with the
sudo because it needs sudo privilege.

Change the group ownership of a folder

To change the group ownership of a folder, execute the 'chgrp' command with the folder
name as follows:

1. sudo chgrp javatpoint Newdirectory

The above command will change the group ownership of the 'Newdirectory' folder. Consider
the below output:

If the chgrp command is successfully executed, it will not produce any output. To confirm the
changes, execute the "ls -l" command.

Recursively change the group ownership of a folder and its content

We can change the group ownership of a file or folder recursively by applying some set of
rules. To recursively change the group ownership of a folder and its content, execute the
command as follows:

1. sudo chgrp -R javatpoint Newdirectory

Consider the below output:

Change group by using the group name of a reference file

We can change the group of a file by using the group name of a reference file. To change the
group of another file using the reference of any other file or directory, execute the command
as follows:

1. sudo chgrp -R --reference=ref.txt Newdirectory

The above command will change the group of 'ref.txt' by using the reference of 'Nwdirectory.'
Consider the below output:

File Permissions

All the three owners (user owner, group, others) in the Linux system have three types of
permissions defined. Nine characters denotes the three types of permissions.

1. Read (r) : The read permission allows you to open and read the content of a file. But
you can't do any editing or modification in the file.

2. Write (w) : The write permission allows you to edit, remove or rename a file. For
instance, if a file is present in a directory, and write permission is set on the file but
 not on the directory, then you can edit the content of the file but can't remove, or
rename it.

3. Execute (x): In Unix type system, you can't run or execute a program unless execute
permission is set.But in Windows, there is no such permission available.

Permissions are listed below:

permission on a file on a directory

r (read) read file content (cat) read directory content (ls)

w (write) change file content (vi) create file in directory (touch)

x (execute) execute the file enter the directory (cd)

Permission Set

Look at the above snapshot, there are ten characters (-rw-rw-r--) before the user owner. We'll
describe these ten characters here.

File permissions for (-rw-rw-r--)

position characters ownership

1 - denotes file type

2-4 rw- permission for user

5-7 rw- permission for group

 8-10 r-- permission for other

When you are the User owner, then the user owner permission applies to you. Other
permissions are not relevant to you.

When you are the Group then the group permission applies to you. Other permissions are not
relevant to you.

When you are the Other, then the other permission applies to you. User and group
permissions are not relevant to you.

Permission Example

Now we'll show some examples how permissions can be seen for a file or directory.

Look at the above snapshot, different directories and files have different permissions.

First letter (-) or d represents the files and directories respectively.

Now, from remaining nine letters, first triplet represents the permission for user owner.
Second triplet represents the permission for group owner. Third triplet represents the
permission for other

Setting Permissions With chmod

You can change the permissions with chmod command accordingly to your need. Below are
some examples to change the permissions for different groups.

To add permissions to a group.

Syntax:

1. chmod <groupName>+<permissionName> <fileName>

Example:

1. chmod u+x file

Look at the above snapshot, permission to execute is added to the user owner group.

To remove permissions from a group

Syntax:

1. chmod <groupName>-<permissionName> <fileName>

Example:

1. chmod g-x file

2. chmod u-w file

Look at the above snapshot, permission to execute is removed from the group and permission
to write is removed from the user owner.

To add permission to all the groups together

Syntax:

1. chmod a+<permissionName> <fileName>

Example:

1. chmod a+w file

Look at the above snapshot, we have given permission to write for all the groups.

To add permission to all the groups without typing a

Syntax:

1. chmod +<permissionName> <fileName>

Example:

1. chmod +w file

Look at the above snapshot, this example is same as the earlier one only difference is that we
haven't typed a in this.

To set explicit permission

Syntax:

1. chmod <groupName>=<permissions> <fileName>

Example:

1. chmod o=rw file

Look at the above snapshot, we have set explicit permission to read and write for others.

To set explicit permissions for different groups

Syntax:

1. chmod <groupName>=<permissions> <fileName>

Example:

1. chmod u=rwx,g=rw,o=r file

Look at the above snapshot, we have set permissions for all the three groups.

Setting Octal Permissions

Octal permissions can also be set for the groups.

For example, to set r octal will be 4, to set w octal will be 2, to set x octal will be 1.

Octal Table:

binary octal permissions

000 0 ---

001 1 --x

010 2 -w-
 011 3 -wx

100 4 r--

101 5 r-x

110 6 rw-

111 7 rwx

From this we can conclude that,

1. 777 = rwxrwxrwx
2. 765 = rwxrw-r-x
3. 654 = rw-r-xr--

Look at the above snapshot, we have shown some random octal examples with the numbers
777, 274 and 111.

umask
While creating a file or directory, by default a set of permissions are applied. These default
permissions are viewed by umask command.

For safety reasons all Unix systems doesn't provide execution permission to newly created
files.

Adding execution permission is upto you.

mkdir -m

The 'mkdir -m' command can be used to set the mode.

Syntax:

1. mkdir -m <mode> <fileName>

Example:

1. mkdir -m 777 new1

2. mkdir -m 000 new2

Look at the above snapshot, we have created two files new1 and new2 with mode 777 and
000 respectively.

cp -p

The 'cp -p' command preserves the permissions and time stamps from source files.

Syntax:

1. cp -p <sourceFile> <destinationFile>

Example:

1. cp -p list dupli.txt
COMMUNICATION COMMANDS

Sending messages to other users on the Linux command line can be very easy, but there are a
number of commands that you might want to consider. In this post, we’ll look at four
commands and see how each of them works.

wall

The wall command (as in "write all") allows you to send a message to all users who are
currently logged into the system. This implies that the system is likely a server and that users
are working on the command line. While the wall command is generally used by sysadmins
to send out notices to users to let send out information (e.g., that the server is going down for
maintenance), it can be used by any user.

A sysadmin might send out a message like this:

$ wall The system will be going down in 15 minutes to address a serious problem
Everyone logged into the system will see something like this:

0 seconds of 30 secondsVolume 0

The system is going down in 15 minutes to address a serious problem

If you want to use single quote marks in your message, enclose the message in double quote
marks like this:

$ wall “Don’t forget to save your work before logging off”

The outside quote marks will not show up in the transmitted message, but, without them, the
command sits and waits for a closing single quote.

mesg

If, for some reason, you don’t want to accept messages from another user, you can stop them
from arriving with the mesg command. This command can be used with a “n” argument to
refuse mail from the user or a “y” argument to allow the messages to arrive.

[ Learn how IT can harness the power and promise of 5G in this FREE CIO Roadmap
Report. Download now! ]
$ mesg n doug
$ mesg y doug

The blocked user will not be notified that their messages have been blocked. You can also
block or allow all messages with a mesg command like one of these:

$ mesg y

$ mesg n

write

Another command for sending text without reverting to email is write. This command can be
used to communicate with a specific user.

$ write nemo
Are you still at your desk?
I need to talk with you right away.
^C
Enter your text and use ^C to exit when you’re done. The command allows you to send text,
but doesn’t start a two-way conversation. It just sends the text. If the user is logged in on
more than one terminal, you can specify which terminal you want to send the message to or
you can rely on the system to choose the one with the shortest idle time.
$ write nemo#1
If the user you are trying to write to has messages blocked, you should see something like
this:

$ write nemo
write: nemo has messages disabled

talk/ytalk

The talk or ytalk command gives you a chance to have an interactive chat with one or more
other users. The command will bring up a double-pane (top and bottom) window. Each
individual will type into the top portion of the display on their screen and see the responses in
the bottom section(s). The respondents can respond to a talk request by typing "talk"
followed by the username of the person addressing them.

Message from Talk_Daemon@dragonfly at 10:10 ...

talk: connection requested by [email protected].

talk: respond with: talk [email protected]

$ talk dory

The window can involve more than two participants if ytalk is used. As you can see in the
example below (the result of the "talk dory" command shown above), talk is often ytalk.

----------------------------= YTalk version 3.3.0 =--------------------------

Is the report ready?

-------------------------------= nemo@dragonfly =----------------------------

Just finished it

As explained above, on the other side of the conversation, the talk session window panes are
reversed:

----------------------------= YTalk version 3.3.0 =--------------------------

Just finished it

-------------------------------= dory@dragonfly =----------------------------

Is the report ready?
Again, use ^C to exit.

To talk with someone on another system, you just need to add a -h option and the hostname
or IP address with a command like this:

Wrap-Up

There are a number of basic commands for sending messages to other logged-in users on
Linux systems, and they can be especially useful when you need to send out a quick message
to all of the users, prefer a quick exchange to a phone call or want to easily involve more than
two people in a quick messaging session.

Some commands, like wall, allow a message to be broadcast, but are not interactive. Others,
like talk, allow both lengthy and multi-user chats, avoiding the need to set up a conference
call when a fairly quick exchange of information is all that's required.

Linux Introduction To Users

This tutorial will tell you how to identify a system's user account with commands like who,
who am i, etc.

If more than one person use a single system, then everyone may have their own user account.
Here, it will be helpful to know the user account details.

It also tells how to create a second user account and run program on that with the help of su
and sudo command.

whoami

It tells you about the system's username.

Exception Handling in Java - Javatpoint

Syntax:

1. whoami

Look at the above snapshot, 'sssit' is our system's username.

who

The who command gives the information about the users logged on to the system.

Syntax:

1. who

who am i

This command displays the information about the current user only.

Syntax:

1. who am i

Look at the above snapshot, in our system current logged in user is sssit.

This command tells about the users who are logged in and what are they doing.

Syntax:

1. w
id

This command tells about your user id, primary group id, and a list of groups that belongs to
you.

Syntax:

1. id

Linux Create User | Linux Add user | Linux user add command

The Linux server allows us to create more than one user after installation. Linux is a Multi-
user system, which means more than one user can work in the same system at the same time.
We are allowed to do so through the Setup agent.

We must have to create an account in order to work with Linux as we cannot keep working
with the root account. We have one administrative account; a system administrator account is
responsible for managing the user accounts and groups of the system.

Adding or removing a user is one of the most basic tasks of a new Linux server.

Linux su Commands

The su command allows you to run a shell as another user.

Syntax:

1. su <username>

Example:

1. su jtp
su to root

You can change the user to root when you know the root password.

Syntax:

1. su root

su as root

The root user can become any existing user without knowing that user's password. Otherwise,
password is needed.

Example:

1. su - sssit

Look at the above snapshot, it is asking for password while switching from user jtp to sssit.

Now let's look at the following example.

Example:

1. su - jtp
su - $username

By default, the su command maintains the same shell environment. To access the target user's
shell environment use the su command with (-) followed by the target user name.

Example:

1. su - jtp
2. su jtp

Look at the above snapshot, with the command "su - jtp" current shell environment is
/home/jtp and user is also jtp. With the command "su jtp" current shell environment is
/home/sssit and user is sssit.

su -

If any user name is not mentioned then by default, it will assume root as the target user.

Example:

1. su -

Look at the above snapshot, command "su -" has assumed root as the target.
Linux User Management

User management includes everything from creating a user to deleting a user on your system.
User management can be done in three ways on a Linux system.

Graphical tools are easy and suitable for new users, as it makes sure you'll not run into any
trouble.

Command line tools includes commands like useradd, userdel, passwd, etc. These are
mostly used by the server administrators.

root

The root user is the superuser and have all the powers for creating a user, deleting a user and
can even login with the other user's account. The root user always has userid 0.

useradd

With useradd commands you can add a user.

Syntax:

1. useradd -m -d /home/<userName> -c "<userName>" <userName>

Example:

1. useradd -m -d /home/xyz -c "xyz" xyz

Look at the above snapshot, we have created a user xyz along with creating a home directory
(-m), setting the name of home directory (-d), and a description (-c).

The 'xyz' received userid as 1004 and primary group id as 1004.

/etc/default/useradd
File /etc/default/useradd contains some user default options. The command useradd -D can
be used to display this file.

Syntax:

1. useradd -D

userdel

To delete a user account userdel command is used.

Syntax:

1. userdel -r <userName>

Example:

1. userdel -r xyz

Look at the above snapshot, first we have shown the xyz user account with 'tail' command.
To delete it, command "userdel -r xyz" is passed.

To recheck, again 'tail' command is passed and as you can see no xyz user account is
displayed.

Hence, it is deleted.

usermod

The command usermod is used to modify the properties of an existing user.

Syntax:

1. usermod -c <'newName'> <oldName>

Example:

1. usermod -c 'jhonny' john

Look at the above snapshot, user name john is replaced by the new user name jhonny

/etc/skel/

The /etc/skel/ contains some hidden files which have profile settings and default values for
applications. Hence, it serves as a default home directory and user profile. While using
useradd -m option, the /etc/skel/ is copied to the newly created directory.

Look at the above snapshot, files of /etc/skel/ is listed.

Deleting Home Directories

By using userdel -r option, you can delete home directory along with user account.

Syntax:
 1. userdel -r <userName>

Example:

1. userdel -r john

Look at the above snapshot, both home directory as well as user account john is deleted.

Login Shell

The /etc/passwd file also tells about the login shell for the user.

Look at the above snapshot, user guest will log in with /bin/bash shell and user jtp will log in
with /bin/ksh shell.

You can change the shell mode with usermod command for a user.

Syntax:

1. usermod -s <newShell> <userName>

Example:

1. usermod -s /bin/bash jtp

Look at the above snapshot, shell of jtp is changed to /bin/bash from /bin/ksh.
chsh

Users can change their login shell with chsh command.

Both the command chsh and chsh -s will work to change the shell.

Syntax:

1. chsh

Look at the above snapshot, command chsh has changed the sssit login shell from /bin/sh to
/bin/bash.

Syntax:

1. chsh -s <newShell>

Example:

1. chsh -s /bin/sh

Look at the above snapshot, login shell is changed into /bin/s.

Linux User Password

This chapter tells you about the local users password. You will learn here to change the
password, set the password using different methods.

First method is by using passwd command.

Second method is with openssel passwd command.

Using passwd command

passwd

A user can set the password with the command passwd. Old password has to be typed twice
before entering the new one.

Syntax:

1. passwd

Look at the above snapshot, shell warns the user from creating a simple password.
Ultimately, after two or three attempts if password is not changed then the command passwd
fails and you have to pass the command again.

Although, these rules are not applied on the root user neither they need to type the old
password. They can change the password directly.

Syntax:

1. passwd <userName>

Example:

1. passwd jtp
Look at the above snapshot, password is changed successfully without any warning.

Shadow File

Shadow files are the encrypted user passwords which are kept in /etc/shadow. This file is
read-only directory and can be read only by root.

Syntax:

1. /etc/shadow

Look at the above snapshot, the /etc/shadow file contains nine columns separeted by colons.

Starting from left to right, these nine columns contain username, encrypted password, last
changed password day, number of days password must be left unchanged, password expiry
day, warning number of days before password expiry, number of days after expiry before
disabling the account, and the day account was disabled. Last column has no meaning yet.

Encryption With passwd

Passwords are always stored in encrypted format. Encryption is done with crypt function. The
simplest way to add a user with a password is to add the user with the command useradd -m
and then set the user's password with command passwd.
Syntax:

1. useradd -m <userName>

Example:

1. useradd -m akki

Syntax:

1. passwd <typePassword>

Example:

1. passwd ****

Look at the above snapshot, user name akki is created with a password successfully.

Using openssl Passwd

Encryption With openssl

To create a user with a password -p option is also used, but that requires an encrypted
password.

Thid encrypted password can be generated with openssl passwd command.

openssl passwd command can genereate several distinct hashes for the same pssword. To do
this, it uses salt.
This salt can be chosen and is visible as the first two characters of the hash as shown below.

Look at the above snapshot, the first two characters start from the defined sale '32'.

To create a user with password using openssl command, following syntax is used.

Syntax:

1. useradd -m -p $(openssl paeewd hunter2) <userName>

Example:

1. useradd -m -p $(openssl paeewd hunter2) aaa

Look at the above snapshot, user aaa is created and its password is kept into command
history.

/etc/login.defs

The /etc/login.defs file contains some default settings like password aging and length
settings.,

Syntax:
 1. grep PASS /etc/login.defs

chage

The chage command can be used by a user to know the information about their password.
The -l option is used to list the information.

Syntax:

1. chage -l <userName>

Example:

1. chage -l abc

Disabling A Password

Passwords in /etc/shadow are not saved starting with exclamation mark (!). If exclamation
mark is present in starting then password can not be used.

This feature can be used to disable a password and the process is called locking, disabling
and suspending a user account. It can be done in vi or with usermod command.
Here, we'll disable the password of akki with usermod command.

Syntax:

1. usermod -L <userName>

Example:

1. usermod -L akki

Look at the above snapshot, first command shows hashed password of akki, and command
"usermod -L akki" disables the password of akki. Now user akki can't authenticate using
this password.

Look at the above snapshot, hashed password is preceded with !, which means it is disabled.

Please note that root user will be able to open the akki account as password is not needed
here. And if user akki wouldn't have set password, then akki can also login.

You can unlock your account with usermod -U.

Syntax:

1. usermod -U <userName>

Example:

1. usermod -U akki
Look at the above snapshot, hashed password of akki is unlocked now as there is no (!) mark
in starting.

Linux Groups

Users can be listed in different groups. Group allow us to set permission on the group level
instead of setting the permission on individual level.

Every Linux distribution have a graphical tool to manage groups. Groups can be managed by
graphical tools, command line tools and by vi or vigr depending upon the user's experience.
Only experienced users should use vi or vigr to manage groups, since it will do proper
locking or changes in the file.

groupadd

The groupadd command creates or add a group in our system.

HTML Tutorial

Syntax:

1. groupadd <groupName>

Example:

1. groupadd php
2. groupadd java
3. groupadd android
4. groupadd spring
Look at the above snapshot, groups php, java, android and spring are created with groupadd
command.

Group File

The /etc/group file defines the group membership. A user can be a member of more than one
group.

Syntax:

1. /etc/group

Look at the above snapshot, first column indicates group name, second is the group's
encrypted password which may remain empty also, third is group identification (GID) and
fourth is the list of members. Fourth list is empty as these groups do not have members.

Groups

The group command tells about the group where current user belongs to.

Syntax:

1. groups

Look at the above snapshot, user jtp and sssit belongs to the different groups.

usermod
The group members can be edited with usermod or useradd command. If a group is not
listed then by default, usermod command will remove the user from every group of which he
is a member. Here, -a (append) option is used to prevent this from happening.

Syntax:

1. usermod -a -G <group> <userName>

Example:

1. usermod -a -G php akki

2. usermod -a -G php abc
3. usermod -a -G java jtp

Look at the above snapshot, we have displayed the list of /etc/group. User akki and abc are
added into the group php, user jtp is added into java.

groupmod

With the help of groupmod command you can change the name of an already existing group.

Syntax:

1. groupmod -n <oldGroup> <newGroup>

Example:

1. groupmod -n sql spring

Look at the above snapshot, group spring is changed into sql.

gruopdel

The command groupdel will delete a group permanently from the system.

Syntax:

1. groupdel <group>

Example:

1. groupdel sql

Look at the above snapshot, group sql is deleted from the system.

gpasswd

Control of group membership can be passed on to another user with gpasswd command.

Syntax:

1. gpsswd -A <user> <group>

Example:

1. gpasswd -A jtp java

Look at the above snapshot, we have passed the membership of java to the user with
command "gpasswd -A jtp java". Then we su to jtp and add aaa to java.

Group administrators need not to be a member of the group. They can add or remove a
member without being a member of that group.

File /etc/gshadow keeps the information about the group administrators as shown in below
snapshot.

To remove all the administrators from a group, set an empty administrator list.

Syntax:

1. gpasswd -A "" <group>

Example:

1. gpasswd -A "" java

Look at the above snapshot, administrator jtp is removed from the group java.