1. Difference between sudo user and root user
1.1 What is Root?
The “root” account on a Linux computer is an account with full permissions. To manipulate commands on Linux, especially those that affect system files, often we need root or privileged access. With great power, unlike normal usage rights, root access should be requested only when necessary. As a result, important system files can be protected from unwanted damage.
1.2 What is Sudo?
Sudo (/ˈsuːduː/ or /ˈsuːdoʊ/) is a program for Unix-like operating systems. Sudo allows a User to run programs with the security privileges of another User in the Linux operating system. That is, sudo allows someone to execute commands in the system under another member’s authority and without special permissions. For Linux distributions, sudo operations are extremely important. Therefore, you should make use of sudo no matter what Linux distribution you are using.
1.3 Command Line Sudo in Linux
Add permit Poweroff
1
2
3
## Allow root to run any commands anywhere
root All=(All) All
user localhost= NOPASSWD: /sbin/poweroff
2. Difference useradd and adduser
In Linux system, useradd and adduser are both commands used to create new users on the system.
2.1 useradd
- Useradd is the basic command line command to create a new user on a Linux system.
- When using useradd, you need to specify specific options and parameters such as username, UID, GID, home directory, default shell, etc.
For example:
1
sudo useradd -m -s /bin/bash hacker
After, set passwd for user john
1
2
3
4
5
passwd hacker
==> enter passwd
New password:
Retype new password:
passwd: password updated successfully
useradd does not automatically create the home directory and copy the template files into it.
2.2 adduser
- adduser is a wrapper around useradd designed to create new users with more default parameters and is easier to use than useradd.
- When using adduser, you do not need to enter parameters such as UID, GID because it will be automatically generated or requested through interactive questions. adduser will automatically create the home directory and copy the template files into it.
For example:
1
2
3
4
5
6
7
8
9
10
11
12
13
sudo adduser hacker
===> enter information
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for user1
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
After create user, i can login with user name hacker@host
2.3 List pass, info of user
1
sudo getent passwd
Beside, can using less /etc/passwd
2.4 Delete User
1
sudo userdel hacker
3. Create Groups
Create 3 groups for department
1
2
3
sudo groupadd devops
sudo groupadd develop
sudo groupadd sysops
3.1 Show groups created
1
2
3
4
5
6
sudo getent groups
===>
...
devops:x:1002:
develop:x:1003:
sysops:x:1004:
3.2 Add user into group
P/s: I want add user hacker to group devops
1
2
For example: sudo usermod -aG [name-groups] [name-user]
Execute: sudo usermod -aG devops hacker
Let’s check user side group?
1
2
id hacker
===> uid=1000(hacker) gid=1000(hacker) groups=1000(hacker),1002(devops)
Or using command line groups to check
1
2
group hacker
===> hacker : hacker devops
3.3 Delete user out of group
1
deluser hacker devops
Check again user side groups?
1
2
3
groups hacker
==>
hacker : hacker
3.4 Delete groups
1
groupdel devops
4. Access permissions
Owners and Ownership Groups
P/s: Create folder data
1
2
3
4
5
6
7
root@hacker:~# mkdir data
root@hacker:~# touch data/data1.txt
root@hacker:~# ls -la data/
total 8
drwxr-xr-x 2 root root 4096 Aug 5 11:16 .
drwx------ 14 root root 4096 Aug 5 11:16 ..
-rw-r--r-- 1 root root 0 Aug 5 11:16 data1.txt
The current data1.txt file is owned and has permissions as root user.
Now, I want the hacker user to have ownership of the data1.txt file.
1
2
3
chown -Rf root:hacker data/
==> ls -la data/
-rw-r--r-- 1 root user1 0 Aug 5 11:16 data1.txt
Ok, now hacker user can edit, create, delete file data1.txt
5. Access rights
Looking above when creating the folder and the data1.txt file, before root:hacker, there will be the access permissions shown as
1
drwxr-xr-x --> |directory|owner|ownership|otherUser|
- Read (
r
): Allows the file to be opened and read. - Write (
w
): Allows modifications to the file, such as editing or deleting it. - Execute (
x
): Allows the file to be executed as a program or script.
6. User update package
1
2
3
hacker@server:~$ sudo apt-get update.
[sudo] password for hacker:
hacker is not in the sudoers file. This incident will be reported
Let’s Add user into Group sudo
1
sudo usermod -aG sudo hacker
In case you don’t want to use passwd every time you type sudo
1
sudo passwd -d $USER
Now, run update again
7. Provide SSH key to User
There are 2 ways to provide accounts for administrators as follows:
7.1 First, Create folder SSH for Server
1
2
3
4
5
su - $USER
mkdir ~/.ssh
chmod 700 ~/.ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
7.2 User provides public key
On Server Use this public code for the specified, created user.
1
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCOOBmVVFNNOWbWAVtuRhd9kUW2iQTe+gy6IVKTqLvqN1mzy6FyhliU4li2ADgB0ng+jWFFPC17ThcF9lnDMDMrxFHdjcI/JiSJUcGHj/zPFECRq9yf6SxdkUqURL8T+IBJA7rSaMTEUXTGq5p0CSB5IeS7XTUh9zfGwsSV+dtTiheHooT6ieLVXuGzKXLmHpPwVK9e2DQmx2EQfbn44poxfX75+XqPcf1kgW1F5yNxYMg+GTXhcRpSusfk3p4DalKFLdhStsl6OO28r+aE4lX+b0mE9SrfdYLOfmPAJlwDDDcMdZl1QKmPLK1W1pne4dzIpYqe+6IXyCpr1kXhu0zHMzeIN/8lJz0tp0CpjrCtBYtZyficThTwZcjgj8rGsv01rovE36TiXAWjsNvVXhGFqF4+BEG8CpJNBvuSq+f6Xxdww263K8h+BR8urf37/5s43Q3jpit5jQ2sx+ZrtCTo+rEwAUJL/0c2vtGB7Nrza5JoQ/c/wrY6etRzyRrby5s= test hacker key" >> ~/.ssh/authorized_keys
7.3 generate a private key for the user
Client will generate a private key for the user
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
root@hacker ~> ssh-keygen -f ~/.ssh/hacker.key -t rsa -C "test hacker key"
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ~/.ssh/hacker.key
Your public key has been saved in ~/.ssh/hacker.key.pub
The key fingerprint is:
SHA256:ULTW/ntzw3ioXojUNMX81egxEbjHlrI8Zqp6gEjqwmA test hacker key
The key's randomart image is:
+---[RSA 3072]----+
| .o ooo+.|
| . o oo+ o|
| . o .o +.+.|
| . o .o + *. |
| o . . S..o = |
|oE. . . . ..B |
|= . . =.o+ |
|.o . . .+o+.|
|. .o...oo..o.|
+----[SHA256]-----+
After doing the same as Step 1
7.4 Test connection
1
2
3
4
5
6
7
8
9
10
root@client ~> ssh -i ~/.ssh/hacker.key hacker@server
===> SUCCESS
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
hacker@server:~$
Comments powered by Disqus.