System administrations User profiles su sudo Shell operations


System administrations User profiles su sudo Shell operations

In our last two assignments you have learnt about user managements. You discover that
  • Files those are responsible for user and group managements
  • How to create a normal user
  • How to create user without password
  • How to create bulk users and groups
  • How to delete bulk user and groups
In this assignment we will discuss about user variables and profiles. User's session starting from his login to till exit is controlled by some profile files. These files are located in /etc/skel. When you create a new user script files from this directory are copied in user's home directory. There is only exceptions when user is created with –M switch or user home directoy is already exist.
linux useradd
In such a situations you need to copy these file manually. These file are hidden and can be seen by –a switch with ls commands.
 $ls –a 
linux user login

.bash_profile

.bash_profiles
This script file instructs user session to check .bashrc file for user aliases and functions. Further its set user command path . if you want add your own directory to your command path. Edit this file. For example user vinita wants her home directory should be check while excuting commands she can add this line in her .bash_profile files.
$vi .bash_profile
PATH=$PATH:$HOME/BIN:/home/vinita 

.bashrc

.bashrc
This file is used to controls user variable and other profile during his login session. If you want to execute any command automatically on user logon set that command in this file. For example if user vinita wants to clear screen immediately after her login. She need to add clear command at end of this file.
 $vi .bashrc
 # add your command only in the end of file
 clear 
With this file you can play a funny trick with your friends. Create a user and set exit command in his .bashrc files. Now ask your friends to login with this user. exit command will logout the user as soon as user will login and user will never will be able to login.

.bash_logout

.bash_logout
This file is used to clear the terminals after the exit of current user.

Aliases

The alias command is used to create another name for a command. The alias does not exactly replace the name of the command; it simply gives another name to that command. An alias command begins with the keyword alias and the new name for the command, followed by an equal sign and the command the alias will reference. No spaces can be around the equal sign used in the alias command. In the next example, list becomes another name for the ls command:
$ alias list=ls
$ ls
Report vickey nikki
$ list
Report vickey nikki
$ 
You can also use an alias to alternate for a command and its option, but you need to enclose both the command and the option within single quotes. Any command you alias that contains spaces must be enclosed in single quotes as well. In the next example, the alias longlist is set for command ls -l
$ alias longlist='ls -l' 
linux alias commands

Controlling some important Shell Operations

The BASH shell has several features that enable you to control the way different shell operations work. You need not know all these options for exam. But some hand operations you should always try in exam.

To stop logout form CTRL+D

Several commands in Linux are completed with CTRL+D. for example if you are making file form cat command the CTRL+D is used to save the files. And if you are using calculator on command prompt then CTRL+D is used to exit form calculators. But what if you pressed accidently CTRL+D two times, it will logout you from current session and you have login again.
 $set –o ignoreeof 
Now press CTRL+D and you will get a message “Use “logout” to leave the shell.
linux shell

To stop overwriting of files

Other important shell operations are overwriting. How many times you have overwritten files. For example
$cat > test
Testing file
$ls test 
now run this command once again
$cat > test
Old matter will overwrite without any message
$ls $cat test
Old matter will overwrite without any message 
Notice how easily Linux can overwrite file. To turnoff this shell feature
 $set –o noclobber 
Now whenever you will try to overwrite it will stop you with error message.
linux shell
Whatever you set with –o option can be correct with + sign.
$set +o ignoreeof
Now again you can logout with CTRL+D. 

Changing shell prompt

By default shell prompt show user name hostname and current working directory. You can change this prompt to following variable.
change command prompt
The following table lists the codes for configuring your prompt:
 Prompt Codes Description 
\!         Current history number
\$         Use $ as prompt for all users except
           the root user, which has the # as its prompt
\d         Current date
\#         History command number for just the current shell
\h         Hostname
\s         Shell type currently active
\t         Time of day in hours, minutes, and seconds
\u         Username
\v         Shell version
\w         Full pathname of the current working directory
\W         Name of the current working directory
\\         Displays a backslash character
\n         Inserts a newline
\[ \]      Allows entry of terminal-specific display characters
           for features like color or bold font
\nnn       Character specified in octal format

Granting root privilege to normal user

Generally in Linux, a system administrator does everything possible as a normal user. It's a good practice to use superuser privileges only when absolutely necessary. But one time when it's appropriate is during the Red Hat exams. Good administrators will return to being normal users when they're done with their tasks. Mistakes as the root user can disable your Linux system. There are two basic ways to make this work:
su
The superuser command, su, prompts you for the root password before logging you in with root privileges.
linux su commands
su command without any arguments will ask for root password. By giving root password you will get root privilege. To execute any command you should know the exact path of command otherwise you get command not found error. Because you will not get root’s command path. To get root’s environments and command paths and home directory use – hyphen sign with su commands

Limiting Access to su

First, you will need to add the users who you want to allow access to the su command. Make them a part of the wheel group. By default, this line in /etc/group looks like:
 wheel:x:10:root 
You can add the users of your choice to the end of this line directly, with the usermod -G wheel [username] command, or with the Red Hat User Manager.
 #usermod –G wheel vinita 
Next, you will need to make your Pluggable Authentication Modules (PAM) look for this group. You can do so by activating the following command in your /etc/pam.d/su file:
 # auth required pam_wheel.so use_uid 
sudo
The sudo command allows users listed in /etc/sudoers to run administrative commands. You can configure /etc/sudoers to set limits on the root privileges granted to a specific user.
linux sudo commands
To use sudo commands you don't need to give root password. A user with appropriate right from /etc/sudoers can execute root privilege command form his own passwords.
Red Hat Enterprise Linux provides some features that make working as root somewhat safer. For example, logins using the ftp and telnet commands to remote computers are disabled by default.

Limiting Access to sudo

You can limit access to the sudo command. Regular users who are authorized in /etc/sudoers can access administrative commands with their own password. You don't need to give out the administrative password to everyone who thinks they know as much as you do about Linux. To access /etc/sudoers in the vi editor, run the visudo command.
linux vi /etc/sudoers
From the following directive, the root user is allowed full access to administrative commands:
linux sudoers files
For example, if you want to allow user vinita full administrative access, add the following directive to /etc/sudoers:
 root ALL=(ALL) ALL vinita ALL=(ALL) ALL 
In this case, all vinita needs to do to run an administrative command such as starting the network service from her regular account is to run the following command, entering her own user password (note the regular user prompt, $):
 $ sudo /sbin/service network restart Password: 
linux sudo commands
You can even allow special users administrative access without a password. As suggested by the comments, the following directive in /etc/sudoers would allow all users in the wheel group to run administrative commands without a password:
 %wheel ALL=(ALL) NOPASSWD: ALL 
But you don't have to allow full administrative access. For example, if you want to allow those in the %users group to shut down the local system, you can activate the following directive:
 %users localhost=/sbin/shutdown -h now 

Share this post

No comments:

Post a Comment