deletions and name corrections
This commit is contained in:
parent
e3abb00b08
commit
024ae0ee43
@ -1,4 +1,5 @@
|
|||||||
# Intro
|
# Intro
|
||||||
|
|
||||||
Taken from [this](https://r4nd0m6uy.ch/unpriviledged-containers-in-void-linux.html)
|
Taken from [this](https://r4nd0m6uy.ch/unpriviledged-containers-in-void-linux.html)
|
||||||
Void linux requires additional steps to set up, as Systemd is no present to automatically take care of everything.
|
Void linux requires additional steps to set up, as Systemd is no present to automatically take care of everything.
|
||||||
|
|
||||||
@ -14,7 +15,6 @@ Next, startup services:
|
|||||||
|
|
||||||
> sudo sv start cgmanager
|
> sudo sv start cgmanager
|
||||||
|
|
||||||
|
|
||||||
> sudo sv start dbus
|
> sudo sv start dbus
|
||||||
|
|
||||||
> sudo sv start cgmanager
|
> sudo sv start cgmanager
|
||||||
@ -60,5 +60,3 @@ Next, do this at *every boot* (or script it):
|
|||||||
> cgm movepid all $USER $$
|
> cgm movepid all $USER $$
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,16 +0,0 @@
|
|||||||
The Pluggabble Authentication Module controls minimum security requirements, such as password lengths.
|
|
||||||
|
|
||||||
Configuration rests in `/etc/pam.d/common-password`, or sometimes `system-auth`.
|
|
||||||
|
|
||||||
The file might be edited to contain:
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
password required pam_cracklib.so minlen=12 lcredit=1
|
|
||||||
|
|
||||||
ucredit=1 dcredit=2 ocredit=1
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
This would enforce a minimum length of 12 characters for a password, one lowercase character, one upper case character, two digits, and one other (special) character.
|
|
||||||
|
|
@ -50,7 +50,7 @@ Or continue running a stopped job with:
|
|||||||
|
|
||||||
# Nice
|
# Nice
|
||||||
|
|
||||||
This changes how nice a program is, from -20 (horrid) to 19.
|
This changes how nice a program is, from -20 to 19.
|
||||||
|
|
||||||
Install a program, but nicely, at nice value '10':
|
Install a program, but nicely, at nice value '10':
|
||||||
|
|
||||||
|
@ -1,3 +1,168 @@
|
|||||||
|
# Basic Information
|
||||||
|
|
||||||
|
Let's get some entries with 'getent', e.g. passwd or group.
|
||||||
|
|
||||||
|
> getent passwd
|
||||||
|
|
||||||
|
> getent group
|
||||||
|
|
||||||
|
Obviously:
|
||||||
|
|
||||||
|
> getent shadow
|
||||||
|
|
||||||
|
will require sudo.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
> sudo adduser maestro
|
||||||
|
|
||||||
|
add user 'maestro'
|
||||||
|
|
||||||
|
|
||||||
|
This depends upon the settings in the /etc/default/useradd file and /etc/login.defs
|
||||||
|
|
||||||
|
|
||||||
|
> sudo useradd -m pinkie
|
||||||
|
|
||||||
|
add user 'pinkie' with a home directory
|
||||||
|
|
||||||
|
|
||||||
|
> sudo adduser -m -e 2017-04-25 temp
|
||||||
|
|
||||||
|
add expiry date to user
|
||||||
|
|
||||||
|
> userdel maestro
|
||||||
|
|
||||||
|
delete maestro
|
||||||
|
|
||||||
|
> userdel -r maestro
|
||||||
|
|
||||||
|
delete maestro and hir homefolder
|
||||||
|
|
||||||
|
> groups
|
||||||
|
|
||||||
|
find which group you are in
|
||||||
|
|
||||||
|
|
||||||
|
> id
|
||||||
|
|
||||||
|
same
|
||||||
|
|
||||||
|
> id -Gn maestro
|
||||||
|
|
||||||
|
Find which groups maestro is in
|
||||||
|
|
||||||
|
|
||||||
|
> deluser --remove-home maestro
|
||||||
|
|
||||||
|
delete user maestro
|
||||||
|
|
||||||
|
|
||||||
|
> usermod -aG sudo maestro
|
||||||
|
|
||||||
|
add user maestro to group sudo
|
||||||
|
|
||||||
|
|
||||||
|
> cat /etc/passwd
|
||||||
|
|
||||||
|
list users' passwords (and therefore users)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
> groupadd awesome
|
||||||
|
|
||||||
|
create the group 'awesome'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
passwords are stored in /etc/shadow.
|
||||||
|
|
||||||
|
|
||||||
|
there are user accounts for processes such as 'bin' and 'nobody' which are locked, so they're unusable.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
> passwd -l bin
|
||||||
|
|
||||||
|
lock the user 'bin'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
> more /etc/passwd | grep games
|
||||||
|
|
||||||
|
we find the name, password and user id of the user 'games'. I.e. the password is 'x', and the user id is '5'. The password is an impossible hash, so no input password could match.
|
||||||
|
|
||||||
|
|
||||||
|
> groupdel learners | delete the group 'learners'
|
||||||
|
|
||||||
|
> gpasswd -d pi games | remove user 'pi' from the group 'games'
|
||||||
|
|
||||||
|
|
||||||
|
> id games
|
||||||
|
|
||||||
|
find the id number of group 'games' (60)
|
||||||
|
|
||||||
|
|
||||||
|
> usermod -aG sudo maestro
|
||||||
|
|
||||||
|
add user to group 'maestro'
|
||||||
|
|
||||||
|
user info is stored in /etc's passwd, shadow, group and gshadow
|
||||||
|
|
||||||
|
|
||||||
|
# Defaults
|
||||||
|
|
||||||
|
The default new user profiles are under /etc/skel.
|
||||||
|
|
||||||
|
# Shells
|
||||||
|
|
||||||
|
A list of shells is in /etc/shells.
|
||||||
|
|
||||||
|
Only root can run shells not listed in /etc/shells
|
||||||
|
|
||||||
|
To change a user's shell:
|
||||||
|
|
||||||
|
usermod --shell /bin/bash user1
|
||||||
|
|
||||||
|
Alternatively, change the shell in /etc/passwd.
|
||||||
|
|
||||||
|
Usermod also lets you change a user's username:
|
||||||
|
|
||||||
|
> usermod -l henry mark
|
||||||
|
|
||||||
|
However, this will not change the home directory.
|
||||||
|
|
||||||
|
Lock a user out of an account:
|
||||||
|
|
||||||
|
usermod -L henry
|
||||||
|
|
||||||
|
# More Arguments
|
||||||
|
|
||||||
|
-G or -groups adds the user to other groups:
|
||||||
|
|
||||||
|
> usermod -G sudo henry
|
||||||
|
|
||||||
|
-s adds the user to a shell.
|
||||||
|
|
||||||
|
-u let's you manually specifiy a UID.
|
||||||
|
|
||||||
|
|
||||||
|
# Groups
|
||||||
|
|
||||||
|
In /etc/group, a group file may look like this:
|
||||||
|
|
||||||
|
`sudo:x:27:mike,steve`
|
||||||
|
|
||||||
|
We can use groupmod, like like usermod, e.g. to change a name:
|
||||||
|
|
||||||
|
> groupmod -n frontoffice backoffice
|
||||||
|
|
||||||
|
Delte a group:
|
||||||
|
|
||||||
|
> groupdel frontoffice
|
||||||
|
|
||||||
|
# Logins
|
||||||
|
|
||||||
See list of logged on users.
|
See list of logged on users.
|
||||||
|
|
||||||
> w
|
> w
|
||||||
@ -30,7 +195,7 @@ Fuser can also track people loggingin:
|
|||||||
|
|
||||||
> fuser -km /home
|
> fuser -km /home
|
||||||
|
|
||||||
# Looking for dodgy files
|
# Looking for Dodgy Files
|
||||||
|
|
||||||
Some files can be executed by people as if they had super user permissions, and that's okay... sometimes.
|
Some files can be executed by people as if they had super user permissions, and that's okay... sometimes.
|
||||||
|
|
||||||
@ -54,3 +219,4 @@ Then have a look at resource usage per user.
|
|||||||
|
|
||||||
This will modify process.sh to that instead of being simply executable, anyone executing it will have the permissions as if owner while executing it.
|
This will modify process.sh to that instead of being simply executable, anyone executing it will have the permissions as if owner while executing it.
|
||||||
|
|
||||||
|
|
||||||
|
162
system/users.md
162
system/users.md
@ -1,162 +0,0 @@
|
|||||||
#Basic Information
|
|
||||||
|
|
||||||
Let's get some entries with 'getent', e.g. passwd or group.
|
|
||||||
|
|
||||||
> getent passwd
|
|
||||||
|
|
||||||
> getent group
|
|
||||||
|
|
||||||
Obviously:
|
|
||||||
|
|
||||||
> getent shadow
|
|
||||||
|
|
||||||
will require sudo.
|
|
||||||
|
|
||||||
## Examples
|
|
||||||
|
|
||||||
> sudo adduser maestro
|
|
||||||
|
|
||||||
add user 'maestro'
|
|
||||||
|
|
||||||
|
|
||||||
This depends upon the settings in the /etc/default/useradd file and /etc/login.defs
|
|
||||||
|
|
||||||
|
|
||||||
> sudo useradd -m pinkie
|
|
||||||
|
|
||||||
add user 'pinkie' with a home directory
|
|
||||||
|
|
||||||
|
|
||||||
> sudo adduser -m -e 2017-04-25 temp
|
|
||||||
|
|
||||||
add expiry date to user
|
|
||||||
|
|
||||||
> userdel maestro
|
|
||||||
|
|
||||||
delete maestro
|
|
||||||
|
|
||||||
> userdel -r maestro
|
|
||||||
|
|
||||||
delete maestro and hir homefolder
|
|
||||||
|
|
||||||
> groups
|
|
||||||
|
|
||||||
find which group you are in
|
|
||||||
|
|
||||||
|
|
||||||
> id
|
|
||||||
|
|
||||||
same
|
|
||||||
|
|
||||||
> id -Gn maestro
|
|
||||||
|
|
||||||
Find which groups maestro is in
|
|
||||||
|
|
||||||
|
|
||||||
> deluser --remove-home maestro
|
|
||||||
|
|
||||||
delete user maestro
|
|
||||||
|
|
||||||
|
|
||||||
> usermod -aG sudo maestro
|
|
||||||
|
|
||||||
add user maestro to group sudo
|
|
||||||
|
|
||||||
|
|
||||||
> cat /etc/passwd
|
|
||||||
|
|
||||||
list users' passwords (and therefore users)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
> groupadd awesome
|
|
||||||
|
|
||||||
create the group 'awesome'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
passwords are stored in /etc/shadow.
|
|
||||||
|
|
||||||
|
|
||||||
there are user accounts for processes such as 'bin' and 'nobody' which are locked, so they're unusable.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
> passwd -l bin
|
|
||||||
|
|
||||||
lock the user 'bin'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
> more /etc/passwd | grep games
|
|
||||||
|
|
||||||
we find the name, password and user id of the user 'games'. I.e. the password is 'x', and the user id is '5'. The password is an impossible hash, so no input password could match.
|
|
||||||
|
|
||||||
|
|
||||||
> groupdel learners | delete the group 'learners'
|
|
||||||
|
|
||||||
> gpasswd -d pi games | remove user 'pi' from the group 'games'
|
|
||||||
|
|
||||||
|
|
||||||
> id games
|
|
||||||
|
|
||||||
find the id number of group 'games' (60)
|
|
||||||
|
|
||||||
|
|
||||||
> usermod -aG sudo maestro
|
|
||||||
|
|
||||||
add user to group 'maestro'
|
|
||||||
|
|
||||||
user info is stored in /etc's passwd, shadow, group and gshadow
|
|
||||||
|
|
||||||
|
|
||||||
# Defaults
|
|
||||||
The default new user profiles are under /etc/skel.
|
|
||||||
|
|
||||||
# Shells
|
|
||||||
A list of shells is in /etc/shells.
|
|
||||||
|
|
||||||
Only root can run shells not listed in /etc/shells
|
|
||||||
|
|
||||||
To change a user's shell:
|
|
||||||
|
|
||||||
usermod --shell /bin/bash user1
|
|
||||||
|
|
||||||
Alternatively, change the shell in /etc/passwd.
|
|
||||||
|
|
||||||
Usermod also lets you change a user's username:
|
|
||||||
|
|
||||||
> usermod -l henry mark
|
|
||||||
|
|
||||||
However, this will not change the home directory.
|
|
||||||
|
|
||||||
Lock a user out of an account:
|
|
||||||
|
|
||||||
usermod -L henry
|
|
||||||
|
|
||||||
# More Arguments
|
|
||||||
|
|
||||||
-G or -groups adds the user to other groups:
|
|
||||||
|
|
||||||
> usermod -G sudo henry
|
|
||||||
|
|
||||||
-s adds the user to a shell.
|
|
||||||
|
|
||||||
-u let's you manually specifiy a UID.
|
|
||||||
|
|
||||||
|
|
||||||
# Groups
|
|
||||||
|
|
||||||
In /etc/group, a group file may look like this:
|
|
||||||
|
|
||||||
`sudo:x:27:mike,steve`
|
|
||||||
|
|
||||||
We can use groupmod, like like usermod, e.g. to change a name:
|
|
||||||
|
|
||||||
> groupmod -n frontoffice backoffice
|
|
||||||
|
|
||||||
Delte a group:
|
|
||||||
|
|
||||||
> groupdel frontoffice
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user