M01: Introduction to Operating Systems
 		TU1: Installing, configuring and exploiting a computer system
 		ASIX1- DAW1
 		Practical Exercise 6: Managing users and groups accounts 09-01-23

Practical Exercise 6:  Managing users and groups accounts

1- Deadline: 22-01-2023
2- Send your report as a PDF file attached to an e-mail with the following specifications:
    a) E-mail address: cf(at)collados.org or jordi.binefa(at)fje.edu depending who is your teacher
    b) File Name:
        b.1) ASIX1:
            asix1_surname_name_m01tu01pr06.odt
            asix1_surname_name_m01tu01pr06.pdf           
        b2.) DAW1:
            daw1_surname_name_m01tu01pr06.odt
            daw1_surname_name_m01tu01pr06.pdf                 
     c) Subject:
         c.1) ASIX1: asix1_surname_name_m01tu01pr06
         c.2) DAW1: daw1_surname_name_m01tu01pr06
3- Make this report individually.
4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font:Arial, b) Size: 10, c) Questions typeface: Bold, d) Answers typeface: Regular.
DOCUMENTATION

1- Introduction

On Linux:
    * A user is a real person or program which can access to some resources of a computer such as folders, files, programs, hardware and so on.
    * A group is a collection of users. Groups are used as a basis for determining file access permissions. It depends on your groups membership that you will be able to access or not to certain folders, files, hardware, databases and so on.

In order to define properly a new user, you must provide to the system some basic information. A system user will need:
 a) A username
 b) Usually, an encrypted password
 c) Most times (but it is not mandatory), a personal home directory where the user can store his/her/its personal data and personal configuration files and enviroment variables.
 d) A numerical value called  User IDentifier or UID associated with the username. The user will be identified by the system thanks to its UID rather than its username.
e) A default group. A user must be member of one or more groups. If a user is member of just one group, that group will be its default group. The group name must exist. Instead of a group name, you can write the unique number that identifies the group.
 f) A default shell, usually /bin/bash.
 g) Another additional characteristics like comments, expiry date, additional groups memberships and so on.
h) User environment variables. This variables are a tool to customize  how the user interacts with the system.  The value of an environment variable can for example be the location of all executable files in the file system, the default editor or browser that should be used, default language, colors used in the terminal,  location of some personal configuration files and folders,.....
i) An entry in files /etc/passwd and /etc/shadow where the vast majority of this information about the user is stored.

In order to define properly a new group, you must provide to the system some basic information. A system group will need:
 a) A group name.
b) A numerical value called  Group IDentifier or GID associated with the group name. The group  will be identified by the system thanks to its GID rather than its group name.
c)  Users which are member of that group.
h) An entry in files /etc/group and /etc/gshadow where all this information about the group is stored.

In order to configure and manage system users and groups, the Linux operating  provides you with a set of command-line utilities: a) useradd adds a new user account to the system, b) userdel deletes a user's account, c) usermod modifies a user's account, d) groupadd adds a new group to the system, e) groupdel removes a group and f) groupmod modifies a group.

The purpose of this exercise is:
     a) Firstly, to learn how to manage (add, delete and modify) user and group account on Linux.
     b) Secondly, we will study the main chararacterisitics  of  system user and groups, and how to modify these characteristics.
     c) Finally, we will study the contents of /etc/passwd, /etc/group and /etc/shadow.

2- mkpasswd

a) Descrition: The command-line utility mkpasswd encrypts a given password. This command is part of a package called whois. You have to install whois in order to install mkpasswd on your system.

b) Synopis: mkpasswd  PASSWORD

c) As a result, a encrypted version of PASSWORD will be displayed on screen

d) Example:
linux:~ #  mkpasswd   FjeClot@20
Ab1VoXikXZ6E2

3- useradd

a) Descrption: The useradd command adds a new user to the system. This command adds a new entry to /etc/passwd and /etc/shadow.

b) Synopsis: useradd   username  <options>

c) Important options:
        -u --> The  User IDentifier or UID. By default, will be the first free ID after the greatest used one.
        -g --> The group name or number of the user's default group (or primary group). The group name or number must refer to an already existing  group. If not specified, the default from /etc/default/useradd is used.
        -d --> This option specifies the user personal directory. If not specified, the default from /etc/default/useradd is used.       
        -m -->  If it does not exist, the home directory for the new user account will be created.
        -s --> Specify user's login shell. The default for normal user accounts is taken from /etc/default/useradd.
        -k --> The skeleton directory, by default /etc/skel, that contains files and directories to be copied in the user's home directory when the home directory is  created by useradd. This option is only valid if the -m option is specified.
        -G --> A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma.
        -p -->   Encrypted password as returned by mkpasswd.
d) Example:
If you want to add to the system a new user called tux,  with  the  following  characteristics: uid=1001, default group=users, personal directory=/home/tux, default shell=/bin/bashskeleton directory=/etc/skel, additional groups=adm,sys and password = Clot8Fje@9 ,  you should run the following single command:

useradd  tux  -u  1001  -g  users  -d  /home/tux  -m  -s  /bin/bash  -k  /etc/skel  -G adm,sys -p  $(mkpasswd  Clot8Fje@9)                         

4- userdel

a) Description: The useradel command deletes an user account.

b) Synopsis 1: userdel  username  ==> The user will be deleted but not its home folder. Entries in /etc/passwd, /etc/shadow and /etc/group will be deleted. Folder /home/username will not be deleted.

c) Synopsis 2: userdel  -r  username  ==>  The user will be deleted and its home folder as well. Entries in /etc/passwd, /etc/shadow and /etc/group will be deleted. Folder /home/username will be deleted.

d) Example: If you want to completely remove the user tux, you should run the following command: userdel  -r  tux  


5- usermod

a) Description: The usermod command modifies an user account.

b) Synopsis: usermod   <options>   username

c) Important options:
        -d --> This option specifies the new home directory of the user.
        -g --> The group name or number of the user's new default group.
        -p -->  An Encrypted new password.    
        -s --> Specifies an user's new login shell.
        -u --> Changes the  User IDentifier or UID.
        -a  -G  --> Adds a user to one or more groups       
       
d) Example 1: The following command changes the UID. The new UID  will be 590:
        usermod  -u  590  tux

e) Example 2: The following command changes the password. The new password will be ClotFJE@91:
        usermod  -p  $(mkpasswd ClotFJE@91)  tux

f) Example 3: The following command changes the UID and password. The new password will be ClotFJE@91 and the new UID will be 620:
        usermod  -p  $(master2013)  -u  620  tux

g) Example 4: The following command adds a user to a group. A user called tux will be added to a group called teachers if you run:
        usermod  -a  -G  teachers  tux


6- groupadd

a) Description: The groupadd command adds a new group. This command adds a new entry to /etc/groups.

b) Synopsis:    groupadd   <options>   group_name

c) Important options:
        -g --> The  Group IDentifier or GID. By default, will be the first free ID after the greatest used one.
        Remember: Last string is the group name.

d) Example: The following command adds a new group called students. The value assigned to GID will be 120.
        groupadd   -g   120   students

 7- groupdel

a) Description: The groupdel command deletes a group.

b) Synopsis: groupdel  group_name

c) Example: groupdel  students

d) Important: A user's default group (also called primary group) is not removeable. Delete the user or modify its primary group if you want to delete that group.

8- groupmod

a) Description: The groupmod command modifies a group using the values specified on the command line.This command modifies an entry in /etc/groups.

b) Synopsis: groupmod   <options>   group_name

c) Important options:
        -g --> Changes the  Group IDentifier or GID
        -n --> Changes the   group name

d) Example 1: The following command changes the GID. The new GID  will be 190:
        groupmod  -g  190  students

e) Example 2: The following command changes the group_name. The old group name is students.The new group name will be teachers:
        groupmod  -n  teachers students

9- gpasswd: Removing a user from a group. Adding a user to a group

a) If you are working with Debian or Ubuntu, you can remove a user from a group using the next command: gpasswd  -d  username  group_name

b) If you are working with Debian or Ubuntu, you can add a user to a group using the next command: gpasswd  -a  username  group_name

c) Example 1: The following command adds a user to a group. A new user called teacher02 will be added to a group called teachers if you run:
        gpasswd  -a  teacher02  teachers

d) Example 2: The following command deletes a user called teacher02 from a group called teachers:
        gpasswd  -d  teacher02  teachers

NOTE: Read the manual page of gpasswd (run man gpasswd) for any further information about this command.

10- groups

a) Description: The groups command prints the groups a user is in. Command groups only shown groups name but not GID numbers.

b) Synopsis: groups  username

c) Example:
    dacomo@debian8:~> groups  dacomo
    dacomo: dacomo cdrom floppy sudo audio dip video plugdev netdev lpadmin scanner bluettoth vboxsf 
    dacomo@debian8:~>
    User dacomo is member of: dacomo cdrom floppy sudo audio dip video plugdev netdev lpadmin scanner bluettoth vboxsf   

11- members

a) Description: The members command outputs members of a group.

b) Important: The members command is not installed by default. Run as a root user aptitude  install  members in order to install members on your system.

b) Synopsis: members -a  group_name

c) Example:
        dacomo@debian8:~> members  -a  sudo
        dacomo
        dacomo@debian8:~>
        The only user member of sudo is dacomo
 
12- User files, groups and user passwords

a) The /etc/passwd file contains information about all system users. Here we find the username, password, UID, home directory, etc.. A typical line in /etc/passwd looks like :
dacomo:x:1000:100::/home/dai1:/bin/bash

Where the system stores a username, a password in plain text or a x if it is encrypted and saved in /etc/shadow special file, the user uid, the gid of the user primary default group, the user home directory and the shell that runs when user connects.


b) The /etc/group file contains information about all system groups. Here we find the group name, group password, GID, and a list of group members. A typical line in /etc/group looks like :
vboxusers:x:122:dacomo,asix,daw

Where the system stores a group name, a password in plain text or a x if it is encrypted and saved in /etc/gshadow special file, the group gid, and a list of group members.

c) For each line of /etc/shadow,  there is a username and the encrypted version of its password (and other items that do not concern us now).  If the password field contains  ! or *, the user will not be able to use a password to log in (but the user may log in the  system by other means).

d) For each line of /etc/gshadow, there is a group name and the encrypted version of the group password. Additionally, a  list of group members is stored for each group. If the password field contains  ! or *, users will not be able to  use a password to access the group (but group members do not need the password).

13- How to disable and lock users. How to enable and unlock users

a)  You need to use the usermod command to lock and disable a user account.
Exemple: usermod  -L  -e  1  fje   (After running this command, check the state of  the entry fje in /etc/shadow)

b) You need to use the usermod command to unlock and enable a user account.
Exemple: usermod  -U  -e  99999  fje  (After running this command, check the state of  the entry fje in /etc/shadow)

14- Environment variables. Command env.

a) You can view all user environment variables values by running the command env.

b) You can specifically check a custom environment variable value running  env | grep $VARIABLE_NAME where you have to change $VARIABLE_NAME with the real variable name.

PRACTICAL EXERCISE


1- Install a package called whois on your system. This package contains mkpasswd, a command that provides encrypted versions of any given password.

2- Create a group called clot2023 with GID = 2023. Look at changes at /etc/group. Check and show clearly that a new group called clot2023 has been added to your system.

3- Add to the skeleton  the following directories: Desktop, Documents, Downloads, Public and Temporal.
4- Create a new user called clot2023, with the following characteristics: 
a) User identifier will be 2023
b) By default is member of the clot2023 group
c) Home directory will be /home/clot2023
d) The default shell will be the bash program
e) The password (the version with no encryption  for the user) will be FjeClot23#
f) Additionally, the new user will be member of vboxsf and sudo groups
g) /etc/skel will be the skeleton directory for the new user

5- Create a new user called fje, with the following characteristics: 
a) User identifier will be 1023,
b) By default is member of the users group
c) The Home directory will be /home/fje
d) The default shell will be the bash program,
e) The password (the version with no encryption  for the user) will be Clot2023$
f) Additionally, the new user will be member of the vboxsf group.
g) /etc/skel will be the skeleton directory for the new user.

6- Do the following tasks:
    a) Look at changes at /etc/passwd and /etc/shadow. Check and show clearly that a new user called clot2023 has been added to your system.
    b) Check that a new directory called /home/clot2023 has been created on your system. Check the contents of /home/clot2023.

7- Working on terminal: Become clot2022. Check your environment:
     a) Run env and check your $HOME environment variable. What is the meaning of data stored in variable $HOME?
     b) Run env and check your $PATH environment variable. What is the meaning of data stored in variable $PATH?. Why is so important?
     c) Run env and check your $SHELL environment variable. What is the meaning of data stored in variable $SHELL?.
     d) Run env and check your $USER environment variable. What is the meaning of data stored in variable $USER?.

8- Create a new group called students23 with GID = 223. Look at changes at /etc/group. Check and show clearly that a new group called students23 has been added to your system.

9- Modify clot2023's UID and change it to 3023. Look at changes at /etc/passwd. Check and show clearly that  user clot2023 has been modified.

10- Add clot2023 and fje users to students23 group. Look at changes at /etc/group. Check and show clearly that  users clot2023 and fje have been added to students23.

11- Swap clot2023 default group to adm group. Look at changes at /etc/passwd. Check and show clearly that  user clot2023 has been modified. 

12- Modify students23 GID and change it to 323. Look at changes at /etc/group. Check and show clearly that  group students23 has been modified.

13- Show the groups  user clot2023 is in.

14- Show members of group students23.

15- Modify clot2023's password. The new password will be FJEclot23@.

16- Remove clot2023 and fje from students23 group. Look at changes at /etc/group. Check and show clearly that  users clot2023 and fje have been removed from students23.

17- Remove clot2023 and his/her home directory. Check and show clearly that:
    a) User clot2023 has been removed from /etc/passwd and /etc/shadow.
     b) Directory /home/clot2023 has been removed from your system.

18- Remove students23. Look at changes at /etc/group. Check and show clearly that  students23 has been removed from your system.

19- Disable and lock the fje user account. Try to gain access to the fje account. What happens?.

20- Enable and unlock the fje user account again. Try to gain access to the fje account. What happens?.