System administrations User profiles su sudo Shell operations
In our last two assignments you have learnt about user managements. You discover that
- Files those are responsible for user and group managements
- How to create a normal user
- How to create user without password
- How to create bulk users and groups
- How to delete bulk user and groups
In this assignment we will discuss about user variables and profiles. User's session starting from his login to till exit is controlled by some profile files. These files are located in /etc/skel. When you create a new user script files from this directory are copied in user's home directory. There is only exceptions when user is created with –M switch or user home directoy is already exist.
In such a situations you need to copy these file manually. These file are hidden and can be seen by –a switch with ls commands.
$ls –a
.bash_profile
This script file instructs user session to check .bashrc file for user aliases and functions. Further its set user command path . if you want add your own directory to your command path. Edit this file. For example user vinita wants her home directory should be check while excuting commands she can add this line in her .bash_profile files.
$vi .bash_profile PATH=$PATH:$HOME/BIN:/home/vinita
.bashrc
This file is used to controls user variable and other profile during his login session. If you want to execute any command automatically on user logon set that command in this file. For example if user vinita wants to clear screen immediately after her login. She need to add clear command at end of this file.
$vi .bashrc # add your command only in the end of file clear
With this file you can play a funny trick with your friends. Create a user and set exit command in his .bashrc files. Now ask your friends to login with this user. exit command will logout the user as soon as user will login and user will never will be able to login.
.bash_logout
This file is used to clear the terminals after the exit of current user.
Aliases
The alias command is used to create another name for a command. The alias does not exactly replace the name of the command; it simply gives another name to that command. An alias command begins with the keyword alias and the new name for the command, followed by an equal sign and the command the alias will reference. No spaces can be around the equal sign used in the alias command. In the next example, list becomes another name for the ls command:
$ alias list=ls $ ls Report vickey nikki $ list Report vickey nikki $
You can also use an alias to alternate for a command and its option, but you need to enclose both the command and the option within single quotes. Any command you alias that contains spaces must be enclosed in single quotes as well. In the next example, the alias longlist is set for command ls -l
$ alias longlist='ls -l'
Controlling some important Shell Operations
The BASH shell has several features that enable you to control the way different shell operations work. You need not know all these options for exam. But some hand operations you should always try in exam.
To stop logout form CTRL+D
Several commands in Linux are completed with CTRL+D. for example if you are making file form cat command the CTRL+D is used to save the files. And if you are using calculator on command prompt then CTRL+D is used to exit form calculators. But what if you pressed accidently CTRL+D two times, it will logout you from current session and you have login again.
$set –o ignoreeof
Now press CTRL+D and you will get a message “Use “logout” to leave the shell.
To stop overwriting of files
Other important shell operations are overwriting. How many times you have overwritten files. For example
$cat > test Testing file $ls test
now run this command once again
$cat > test Old matter will overwrite without any message $ls $cat test Old matter will overwrite without any message
Notice how easily Linux can overwrite file. To turnoff this shell feature
$set –o noclobber
Now whenever you will try to overwrite it will stop you with error message.
Whatever you set with –o option can be correct with + sign.
$set +o ignoreeof Now again you can logout with CTRL+D.
Changing shell prompt
By default shell prompt show user name hostname and current working directory. You can change this prompt to following variable.
The following table lists the codes for configuring your prompt:
Prompt Codes Description \! Current history number \$ Use $ as prompt for all users except the root user, which has the # as its prompt \d Current date \# History command number for just the current shell \h Hostname \s Shell type currently active \t Time of day in hours, minutes, and seconds \u Username \v Shell version \w Full pathname of the current working directory \W Name of the current working directory \\ Displays a backslash character \n Inserts a newline \[ \] Allows entry of terminal-specific display characters for features like color or bold font \nnn Character specified in octal format
Granting root privilege to normal user
Generally in Linux, a system administrator does everything possible as a normal user. It's a good practice to use superuser privileges only when absolutely necessary. But one time when it's appropriate is during the Red Hat exams. Good administrators will return to being normal users when they're done with their tasks. Mistakes as the root user can disable your Linux system. There are two basic ways to make this work:
su
The superuser command, su, prompts you for the root password before logging you in with root privileges.
The superuser command, su, prompts you for the root password before logging you in with root privileges.
su command without any arguments will ask for root password. By giving root password you will get root privilege. To execute any command you should know the exact path of command otherwise you get command not found error. Because you will not get root’s command path. To get root’s environments and command paths and home directory use – hyphen sign with su commands
Limiting Access to su
First, you will need to add the users who you want to allow access to the su command. Make them a part of the wheel group. By default, this line in /etc/group looks like:
wheel:x:10:root
You can add the users of your choice to the end of this line directly, with the usermod -G wheel [username] command, or with the Red Hat User Manager.
#usermod –G wheel vinita
Next, you will need to make your Pluggable Authentication Modules (PAM) look for this group. You can do so by activating the following command in your /etc/pam.d/su file:
# auth required pam_wheel.so use_uid
sudo
The sudo command allows users listed in /etc/sudoers to run administrative commands. You can configure /etc/sudoers to set limits on the root privileges granted to a specific user.
The sudo command allows users listed in /etc/sudoers to run administrative commands. You can configure /etc/sudoers to set limits on the root privileges granted to a specific user.
To use sudo commands you don't need to give root password. A user with appropriate right from /etc/sudoers can execute root privilege command form his own passwords.
Red Hat Enterprise Linux provides some features that make working as root somewhat safer. For example, logins using the ftp and telnet commands to remote computers are disabled by default.
Limiting Access to sudo
You can limit access to the sudo command. Regular users who are authorized in /etc/sudoers can access administrative commands with their own password. You don't need to give out the administrative password to everyone who thinks they know as much as you do about Linux. To access /etc/sudoers in the vi editor, run the visudo command.
From the following directive, the root user is allowed full access to administrative commands:
For example, if you want to allow user vinita full administrative access, add the following directive to /etc/sudoers:
root ALL=(ALL) ALL vinita ALL=(ALL) ALL
In this case, all vinita needs to do to run an administrative command such as starting the network service from her regular account is to run the following command, entering her own user password (note the regular user prompt, $):
$ sudo /sbin/service network restart Password:
You can even allow special users administrative access without a password. As suggested by the comments, the following directive in /etc/sudoers would allow all users in the wheel group to run administrative commands without a password:
%wheel ALL=(ALL) NOPASSWD: ALL
But you don't have to allow full administrative access. For example, if you want to allow those in the %users group to shut down the local system, you can activate the following directive:
%users localhost=/sbin/shutdown -h now
No comments:
Post a Comment