M01: Introduction to Operating Systems
TU1: Installing, configuring and exploiting a computer system
ASIX1
Practical Exercise 8a: Managing users and groups accounts 24-01-17

Practical Exercise 8a:  Managing users and groups accounts

GENERAL CONDITIONS
1- Deadline:
    a)
ASIX1(Catalan): 31
-01-2017 at 9:30PM.No answers sent after the deadline will be accepted.
    b) DAW1 (English): 2-2-2017 at 6:00PM.
No answers sent after the deadline will be accepted.
 2- Send your report as a PDF file attached to an e-mail with the following specifications:
   
  a) E-mail address: cf(at)collados.org or jordi.binefa(at)fje.edu depending who is your teacher
     b) File Name:

        b.1)
ASIX1 (Catalan): asix1_surname_name_m01tu01pr8.pdf
        b2.) DAW1 (English): daw1_surname_name_m01tu01pr8.pdf     
     c)
Subject:
        
c.1) ASIX1 (Catalan): asix1_surname_name_m01tu01pr8
         c.2)
DAW1 (English): daw1_surname_name_m01tu01pr8
3- Make this report individually.
4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font:Times New Roman (or Liberation Serif), b) Size: 10, c) Questions typeface: Bold, d) Answers typeface: Regular.

CONFIGURING USER AND GROUP ACCOUNTS

1- Introduction
A user is a real person, or process,  or device which uses or access to some resources of a computer such as folders, files, programs, hardware and so on. A group is a collection of users. Groups are used as a basis for determining file access permissions. It depends on your groups membership that you will be able to access or not to certain folders, files, hardware, databases and so on.

In order to define properly a new user, you must provide to the system some basic information. A system user will need:
a) A username
b) Usually, an encrypted password
c) A set of necessary files directories, and permissions. For instance, its home directory.
d) A numerical value called  User IDentifier or UID associated with the username. The user will be identified by the system thanks to its UID rather than its username.
e) A default group. A user must be member of one or more groups. If a user is member of just one group, that group will be its default group. The group name must exist. Instead of a group name, you can write the unique number that identifies the group.
f) A default shell, usually /bin/bash.
g) Another characteristics like comments, expiry date, additional groups memberships and so on.
h) An entry in files /etc/passwd and /etc/shadow.

In order to define properly a new group, you must provide to the system some basic information. A system group will need:
a) A group name.
b) A numerical value called  Group IDentifier or GID associated with the group name. The group  will be identified by the system thanks to its GID rather than its group name.
c)  Users which are member of that group.

The purpose of this exercise is to learn how to manage user and group account on Linux and particularly, with the Ubuntu distribution. We will learn how to add and delete system users and grups. Additionally, we will study the main chararacterisitics  of  system user and groups, and how to modify these characteristics. In order to configure and manage system users and groups, the Linux operating  provides you with a poerful set of command-line utilities: a) useradd adds a new user account to the system, b) userdel deletes a user's account, c) usermod modifies a user's account, d) groupadd adds a new group to the system, e) groupdel removes a group and f) groupmod modifies a group. If your computer runs Ubuntu Linux,  a  GUI utility called user-admin will help to configure and manage easily your system users and groups.

2- mkpasswd
a) Descrition: The command-line utility mkpasswd encrypts a given password.
b) Synopis: mkpasswd  PASSWORD
c)
As a result, a encrypted version of PASSWORD will be displayed on screen
d) Example:
linux:~ #  mkpasswd   mst1298

NvwgZmyymrgZQ
e) When  you run the useradd command (read section 3),  you should use the result of this command with the -p option.

3- useradd
a)
Descrption: The useradd command adds a new user to the system. This command adds a new entry to /etc/passwd and /etc/shadow.
b) Synopsis: useradd   username  <options>
c) Important options:
        -d -->
This option specifies the users home directory. If not specified, the default from /etc/default/useradd is used.
        -g -->
The group name or number of the user's default group (or primary group). The group name or number must refer to an already existing  group. If not specified, the default from /etc/default/useradd                   is used.
        -m --> 
If it does not exist, the home directory for the new user account will be created.
        -p -->  
Encrypted password as returned by mkpasswd.
        -s -->
Specify user's login shell. The default for normal user accounts is taken from /etc/default/useradd.
        -u -->
The  User IDentifier or UID. By default, will be the first free ID after the greatest used one.
        -G
--> A list of supplementary groups. Each group is  separated  from  the  next  one  only by  a  comma,  without  whitespace.
d) Example 1: If you want to add to the system a new user called master,  with  the  following  characteristics: UID = 1000, Default group = users, Home directory = /home/master, Default shell = /bin/bash, and password = mst2012, you could run the following commands:
            1st)     mkpasswd  mst2012
  ==> The result is: LlbjokSlEjavI
            2nd)   
useradd  master  -u  1000  -g  users  -d  /home/master  -m  -s  /bin/bash  -p  LlbjokSlEjavI
e)
Example 2: If you want to add to the system a new user called master,  with  the  following  characteristics: UID = 1000, Default group = users, Home directory = /home/master, Default shell =/bin/bash,  password = mst2012 and additional groups crontab and syslog, you could run the following single command:
                            useradd  master  -u  1000  -g  users -G crontab,syslog  -d  /home/master  -m  -s  /bin/bash  -p  $(mkpasswd  mst2012)
                           
(Pay attention to the command substitution $(mkpasswd mst2012), which means that mkpasswd mst2012 will be replaced with the result of that command) 

4- userdel
a) Description:
The useradel command deletes an user account.
b) Synopsis 1: userdel  username  ==> The user will be deleted but not its home folder. Entries in /etc/passwd, /etc/shadow and /etc/group will be deleted. Folder /home/username will not be deleted.
c)
Synopsis 2: userdel  -r  username  ==>  The user will be deleted and its home folder as well. Entries in /etc/passwd, /etc/shadow and /etc/group will be deleted. Folder /home/username will be deleted.
d)
Example: If you want to completely remove the user master, you should run the following command: userdel  -r  master  

5- usermod
a)
Description: The usermod command modifies an user account.
b) Synopsis: usermod   <options>   username
c) Important options:
        -d -->
This option specifies the new home directory of the user.
        -g -->
The group name or number of the user's new default group.
     
   -p -->  An Encrypted new password.    
        -s -->
Specifies an user's new login shell.
        -u --> Changes the  User IDentifier or UID.
        -G
--> A list of supplementary groups. Each group is  separated  from  the  next  one  only by  a  comma,  without  whitespace. The user is removed  from  all  other  groups  not specified
        -a -G --> A list of supplementary groups. Each group is  separated  from  the  next  one  only by  a  comma,  without  whitespace. The user is added to specified groups. The user is not removed                  from not specified groups.
       
d) Example 1: The following command changes the UID. The new UID  will be 590:
        usermod  -u  590  master

e) Example 2: The following command changes the password. The new password will be master2013:
        usermod  -p  $(mkpasswd  2013)  master

f)
Example 3: The following command changes the UID and password. The new password will be master2013 and the new UID will be 620:
        usermod  -p  $(master2013)  -u  620  master
g) Example 4: The following command adds a user to a group. A new user called teacher02 will be added to a group called teachers if you run:
        usermod  -a  -G  teachers  teacher02

6- groupadd

a)
Description: The groupadd command adds a new group. This command adds a new entry to /etc/groups.
b)
Synopsis:    groupadd   <options>   group_name
c)
Important options:
        -g -->
The  Group IDentifier or GID. By default, will be the first free ID after the greatest used one.
        Remember: Last string is the group name.
d)
Example: The following command adds a new group called students. The value assigned to GID will be 120.
        groupadd   -g   120   students

7- groupdel
a) Description: The groupdel command deletes a group.
b)
Synopsis: groupdel  group_name
c)
Example: groupdel  students
d)
Important: A user's default group (also called primary group) is not removeable. Delete the user or modify its primary group if you want to delete that group.

8- groupmod

a) Description: The groupmod command modifies a group using the values specified on the command line.This command modifies an entry in /etc/groups.
b) Synopsis: groupmod   <options>   group_name
c) Important options:
       
-g --> Changes the  Group IDentifier or GID
     
   -n --> Changes the   group name
d) Example 1: The following command changes the GID. The new GID  will be 180:
        groupmod  -g  180  students

e) Example 2: The following command changes the group_name. The old group name is students.The new group name will be teachers:
        groupmod  -n  teachers students

9- gpasswd: Removing a user from a group. Adding a user to a group
a) If you are working with Debian or Ubuntu, you can remove a user from a group using the next command: gpasswd  -d  username  group_name
b)
If you are working with Debian or Ubuntu, you can add a user to a group using the next command: gpasswd  -a  username  group_name
c) Example 1: The following command adds a user to a group. A new user called teacher02 will be added to a group called teachers if you run:
        gpasswd  -a  teacher02  teachers
d) Example 2: The following command deletes a user called teacher02 from a group called teachers:
        gpasswd  -d  teacher02  teachers

NOTE: Read the manual page of gpasswd (run man gpasswd) for any further information about this command.

10- groups

a) Description: The groups command prints the groups a user is in. Command groups only shown groups name but not GID numbers.
b)
Synopsis: groups  username
c) Example:
    dacomo@debian8:~> groups  dacomo
    dacomo: dacomo cdrom floppy sudo audio dip video plugdev netdev lpadmin scanner bluettoth vboxsf 
    dacomo@debian8:~>
    User dacomo is member of:
dacomo cdrom floppy sudo audio dip video plugdev netdev lpadmin scanner bluettoth vboxsf   

11- members

a) Description: The members command outputs members of a group.
b) Important: The members command is not installed by default. Run as a root user aptitude  install  members in order to install members on your system.
b)
Synopsis: members -a  group_name
c) Example:
        dacomo@debian8:~> members  -a  sudo
        dacomo
        dacomo@debian8:~>
        The only user member of sudo is dacomo
 
12- User files, groups and user passwords
a) The /etc/passwd file contains information about all system users. Here we find the username, password, UID, home directory, etc.. A typical line in /etc/passwd looks like :

dacomo:x:1000:100::/home/dai1:/bin/bash

Where the system stores a username, a password in plain text or a x if it is encrypted and saved in /etc/shadow special file, the user uid, the gid of the user primary default group, the user home directory and the shell that runs when user connects.


b) The /etc/group file contains information about all system groups. Here we find the group name, group password, GID, and a list of group members. A typical line in /etc/group looks like :

vboxusers:x:122:dacomo,asix,daw

Where the system stores a group name, a password in plain text or a x if it is encrypted and saved in /etc/gshadow special file, the group gid, and a list of group members.

c)
For each line of /etc/shadow,  there is a username and the encrypted version of its password (and other items that do not concern us now).  If the password field contains
  ! or *, the user will not be able to use a password to log in (but the user may log in the  system by other means).

d) For each line of /etc/gshadow, there is a group name and the encrypted version of the group password. Additionally, a  list of group members is stored for each group. If the password field contains  ! or *, users will not be able to  use a password to access the group (but group members do not need the password).

13- How to disable and enable users
a) 
You need to use the usermod command to lock and disable a user account. The -L option lock the userís password. To lock the user account set expire date to one.
Exemple: usermod  -L  fje  -e  1  -->  This command lock the password and account of fje.

b) You need to use the usermod command to unlock and enable a user account. The -U option unlock the user's password. To unlock the user account set expire date to 99999.
Exemple: usermod  -U  fje  -e  99999  -->  This command unlock the password and account of fje.


14 - Graphical tool for working with users and groups
a) Install gnome-system-tools running, as a root user,  the following command: aptitude   install   gnome-system-tools . Due to the fact that gnome-system-tools requires a lot of extra packages to be installed in your system,  is highly advisable to run this command in your home.
b) When gnome-system -tools is installed in your system you,  the Users and  Groups GUI utility  is accessible via Applications --> System Tools --> Administration > Users and Groups.


15- Interesting Links

http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
http://www.binefa.cat/isol/p11/www.cyberciti.biz/faq/understanding-etcshadow-file/

PRACTICAL EXERCISE

PART ONE: WORKING ON TERMINAL
1-
Working on terminal: Create a new user called clot2017, which is part of the users group, whose home directory is /home/clot2017, whose shell is the bash program, and whose encrypted password is PWDclot2017. UID will be 2017. Look at changes at /etc/passwd and /etc/shadow.
2- Working on terminal: Create alumnes17 group with GID = 217. Look at changes at /etc/group.
3-
Working on
terminal: Modify clot2017's UID and change it to 3017. Look at changes at /etc/passwd.
4-
Working on
terminal: Add clot2017 and fje users to alumnes17 group. Look at changes at /etc/group.
5-
Working on
terminal: Swap clot2017's default group to adm group. Look at changes at /etc/passwd.
6-
Working on
terminal: Modify alumnes17's GID and change it to 317 . Look at changes at /etc/group.
7-
Working on terminal: Show the groups  user clot2017 is in.
8-
Working on terminal: Show members of group alumnes17.
9
-
Working on terminal: Remove clot2017 and fje from alumnes17 group. Look at changes at /etc/group.
10
-
Working on terminal: Remove clot2017. Look at changes at /etc/passwd and /etc/shadow.
11-
Working on terminal: Remove alumnes17's group. Look at changes at /etc/group.
12- Working on terminal: Disable the fje002 user account. Try to gain access to the fje002 account. What happens?.
13- Working on
terminal: Enable the fje002 user account again. Try to gain access to the fje002 account. What happens?.


PART TWO: WORKING WITH USERS AND GROUPS GUI UTILITY
14- Working  with Users and  Groups GUI utility: Create a new user called clot2017, which is part of the users group, whose home directory is /home/clot2017, whose shell is the bash program, and whose encrypted password is PWDclot2017. UID will be 2017. Look at changes at /etc/passwd and /etc/shadow.
15- Working with Users and  Groups GUI utility: Create alumnes17 group with GID = 217. Look at changes at /etc/group.
16
Working
with Users and  Groups GUI utility: Modify clot2017's UID and change it to 3017. Look at changes at /etc/passwd.
17-
Working
with Users and  Groups GUI utility: Add clot2017 and fje users to alumnes17 group. Look at changes at /etc/group.
18-
Working
with Users and  Groups GUI utility: Swap clot2016's default group to adm group. Look at changes at /etc/passwd.
19-
Working
with Users and  Groups GUI utility: Modify alumnes17's GID and change it to 317 . Look at changes at /etc/group.
20-
Working with Users and  Groups GUI utility: Show the groups  user clot2017 is in.
21-
Working with Users and  Groups GUI utility: Show members of group alumnes17.
22
-
Working with Users and  Groups GUI utility: Remove clot2017 and fje from alumnes17 group. Look at changes at /etc/group.
23
-
Working with Users and  Groups GUI utility: Remove clot2017. Look at changes at /etc/passwd and /etc/shadow.
24-
Working with Users and  Groups GUI utility: Remove alumnes17's group. Look at changes at /etc/group.
25- Working with Users and  Groups GUI utility. Disable the fje002 user account. Try to gain access to the fje002 account. What's is happennig?.
26-
Working with Users and  Groups GUI utility. Enable the fje002 user account again. Try to gain access to the fje002 account. What's is happennig now?.