change formatting

input examples are now given as ```bash input $ARG1 ``` While outputs use md's '> ' sign as a quote.
2023-06-17 21:28:20 +02:00
parent 1ba3010b81
commit ba8026e0c3
102 changed files with 2388 additions and 3211 deletions
--- a/basics/users.md
+++ b/basics/users.md
@@ -6,91 +6,133 @@ tags: [ "Documentation", "Basics" ]

 Let's get some entries with 'getent', e.g. passwd or group.

-> getent passwd
+```bash
+getent passwd
+```

-> getent group
+```bash
+getent group
+```

 Obviously:

-> getent shadow
+```bash
+getent shadow
+```

 ## Examples

-> sudo adduser maestro 
+```bash
+sudo adduser maestro 
+```

 add user 'maestro'

 This depends upon the settings in the /etc/default/useradd file and /etc/login.defs

-> sudo useradd -m pinkie 
+```bash
+sudo useradd -m pinkie 
+```

 add user 'pinkie' with a home directory

-> sudo adduser -m -e 2017-04-25 temp 
+```bash
+sudo adduser -m -e 2017-04-25 temp 
+```

 add expiry date to user

-> userdel maestro 
+```bash
+userdel maestro 
+```

 delete maestro

-> userdel -r maestro 
+```bash
+userdel -r maestro 
+```

 delete maestro and hir homefolder

-> groups 
+```bash
+groups 
+```

 find which group you are in


-> id 
+```bash
+id 
+```

 same

-> id -Gn maestro 
+```bash
+id -Gn maestro 
+```

 Find which groups maestro is in


-> deluser --remove-home maestro 
+```bash
+deluser --remove-home maestro 
+```

 delete user maestro


-> usermod -aG sudo maestro 
+```bash
+usermod -aG sudo maestro 
+```

-add user maestro to group sudo
+Add user maestro to group sudo:


-> cat /etc/passwd 
+```bash
+cat /etc/passwd 
+```

 list users' passwords (and therefore users)

-> groupadd awesome 
+```bash
+groupadd awesome 
+```

 create the group 'awesome'

- passwords are stored in /etc/shadow.
+Passwords are stored in /etc/shadow.

- there are user accounts for processes such as 'bin' and 'nobody' which are locked, so they're unusable.
+There are user accounts for processes such as 'bin' and 'nobody' which are locked, so they're unusable.

-> passwd -l bin 
+```bash
+passwd -l bin 
+```

-lock the user 'bin'
+Lock the user 'bin'.

-> more /etc/passwd | grep games 
+```bash
+more /etc/passwd | grep games 
+```

 we find the name, password and user id of the user 'games'. I.e. the password is 'x', and the user id is '5'.  The password is an impossible hash, so no input password could match.

-> groupdel learners | delete the group 'learners'
+```bash
+groupdel learners | delete the group 'learners'
+```

-> gpasswd -d pi games | remove user 'pi' from the group 'games'
+```bash
+gpasswd -d pi games | remove user 'pi' from the group 'games'
+```

-> id games 
+```bash
+id games 
+```

 find the id number of group 'games' (60)

-> usermod -aG sudo maestro 
+```bash
+usermod -aG sudo maestro 
+```

 add user to group 'maestro'

@@ -114,7 +156,9 @@ Alternatively, change the shell in /etc/passwd.

 Usermod also lets you change a user's username:

-> usermod -l henry mark
+```bash
+usermod -l henry mark
+```

 However, this will not change the home directory.

@@ -126,7 +170,9 @@ usermod -L henry

 -G or -groups adds the user to other groups:

-> usermod -G sudo henry
+```bash
+usermod -G sudo henry
+```

 -s adds the user to a shell.

@@ -140,45 +186,53 @@ In /etc/group, a group file may look like this:

 We can use groupmod, like like usermod, e.g. to change a name:

-> groupmod -n frontoffice backoffice
+```bash
+groupmod -n frontoffice backoffice
+```

 Delte a group:

-> groupdel frontoffice
+```bash
+groupdel frontoffice
+```

 # Logins

 See list of logged on users.

-> w
+```bash
+w
+```

 See last logons:

-> last
+```bash
+last
+```

 or all logon attempts, including bad attempts:

-> lastb
+```bash
+lastb
+```

 List recently accessed files:

-> last -d
+```bash
+last -d
+```

 See files opened by steve

-> lsof -t -u steve
+```bash
+lsof -t -u steve
+```

 See files opened by anyone but steve

-> lsof -u ^steve
-
-Fuser can also track people loggingin:
-
-> fuser /var/log/syslog
-
-... and fuser can kill everything accessing the home directory:
-
-> fuser -km /home
+```bash
+lsof -u ^steve
+```

 # Looking for Dodgy Files

@@ -186,21 +240,29 @@ Some files can be executed by people as if they had super user permissions, and

 Let's start with files executable by user:

-> sudo find / -type f -perm -g=s -ls
+```bash
+sudo find / -type f -perm -g=s -ls
+```

 And then those executable by the group:

-> find / -type f -perm -g=s -ls
+```bash
+find / -type f -perm -g=s -ls
+```

 And finally, worrying files, executable by anyone as if sie were the owner:

-> find / -xdev \( -o -nogroup \) -print
+```bash
+find / -xdev \( -o -nogroup \) -print
+```

 Then have a look at resource usage per user.

-#SGID
+# SGID

-> sudo chmod u+s process.sh
+```bash
+sudo chmod u+s process.sh
+```

 This will modify process.sh to that instead of being simply executable, anyone executing it will have the permissions as if owner while executing it.