DFN30053 OPEN SOURCE OPERATING SYSTEM E-BOOK

201

useradd

USERADD  To provide the password, type
sudo passwd nelia

 and press Enter.
 Provide the password. Then, press Enter.
 Re-type the same password for the confirmation. Then, press

Enter.

202

AFTER YOU
ADD THE USERS
THE FRONT OF

UBUNTU

203

CREATE &
MODIFY
GROUPS

COMMAND-LINE TOOLS

204

GROUPS TO LIST GROUPS

 To list the groups a user is in,
 On terminal, type

groups
 or, type

groups nelia

205

TO JOIN A GROUP

GROUPS  To join a user to a group,
 On terminal, type

sudo usermod -G bigproject nelia
 To join a user to another groups (multiple groups),
 On terminal, type

sudo usermod -aG smallproject nelia

206

GROUPS ADDGROUP, groupadd

 To add a new group,
 On terminal, type

sudo addgroup bigproject
 or, type

sudo groupadd bigproject
 To create a system group (GID < 1000),
 On terminal, type

sudo groupadd -r smallproject

207

ADMINISTRATOR
PRIVILEGES

ROOT USER & PRIVILEGES

ROOT ACCOUNT 208

THE ROOT ACCOUNT - THE MOST
PRIVILEGED ACCOUNT ON A LINUX SYSTEM

 It has UID of 0.
 It is an administrator or superuser account in Linux.
 It has no security restrictions imposed upon it.
 It has the ability to modify the system in any way desired.
 It has access to all commands and files on a Linux.
 It is easy to perform administrative duties without restrictions and any

mistake can damage the whole system.
 It has home directory, and it is located at /root on a system.
 Login with root account has to be as careful as possible.

209

ROOT ACCOUNT any mistake can
damage the
whole system

UID of 0 ability to modify the system

administrator or
superuser account

access to all commands and files

no security restrictions

/root as it’s home directory

# as it’s BASH prompt

210

ASSIGN
ADMINISTRATIVE
PRIVILEGES

GRAPHICAL TOOLS

211

CONFIGURATION FILES

 The /etc/sudoers file controls who can run command as what users
on what machines and can also control special things such as
whether you need a password for particular commands.

 Composed of aliases (basically variables) and user specification
(which control who can run what)

 User specification:
 Declare that “A user can run command as root”
 Declare that “A user is a member of the specific group” and that
“Members of the group can run command as root”

212

CONFIGURATION FILES

A user can run
command as root

A user is a
member of the
sudo group the
sudo’s member
can run
command as
root

SET USER ACCOUNT USING GUI 213

USER ACCOUNTS

 To find this tool, click Session
Indicator › System Settings › User
Accounts.

 Click the Unlock button and enter
your password to unlock the user
settings.

 Select the user whose privileges
you want to change.

 Click the label Standard next to
Account type and select
Administrator.

214

ASSIGN
ADMINISTRATIVE
PRIVILEGES

COMMAND-LINE TOOLS

215

USERMOD USERMOD

 On terminal, type
sudo usermod -aG sudo nelia
 And press Enter.

VISUDO 216

 Append the following entry under
“#User privilege specification”:

 To edit /etc/sudoers file, type
sudo visudo

 And press Enter.

 Save and Exit.

The sudoers file is a file Linux administrators use to allocate system rights (privilege)
to system users. This allows the administrator to control who does what. When you
want to run a command that requires root rights, Linux checks your username
against the
sudoers file.

VISUDO

217

USERADD USERADD

 Append -G sudo option

218

This Photo by Unknown Author is licensed under CC BY-SA-NC

MANAGING FILES
PERMISSIONS

This Photo by Unknown Author is licensed under CC BY-ND

219

PERMISSIONS

REGULAR PERMISSIONS

ACCESS RIGHTS OR PERMISSIONS 220

 Each file and directory is assigned access rights or
permissions for the user owner of the file, the members
of a group (group owner), and everybody else (other).

 You can restrict access to yourself alone, you can allow
users in a predesignated group to have access, or you
can permit anyone on your system to have access.

INFORMATION OF PERMISSION SETS 221

 To view the files or directory ownership and
permission on your current working directory:
ls –l

 To view the ownership and permission of a
specific file:
ls –l [file_name]

 To view the ownership and permission of the
directory itself, not its contents:
ls –ld [directory_name]

OWNERSHIP/ USER CATEGORIES 222

 Categories of users can have access to a file or directory:

• User (owner)
• Group (the members of a group)
• Others (everyone else in the system)

 When a user creates a file or directory, that user's name
(or the username) and primary group become the user
owner and group owner of the file, respectively

CHANGING OWNERSHIPS 223

 Only the root user can change ownership of a file or directory

 To change the ownership of a file or directory, you can use the
chown (change owner) command:
sudo chown [user]:[group] [filename]

 You can use the chgrp (change group) command to change the
group owner of a file or directory:
sudo chgrp [group] [filename]

 Both commands accept the –R option to change ownerships
recursively

PERMISSION TYPES 224

 The mode of a file is divided into three sections based on
categories or the user(s) who receive(s) the permissions to
that file or directory

 Each category has its own set of regular permissions:

• read
• write
• execute

PERMISSION TYPES (CONT.) 225

 Read permission is represented by r, write by w and execute
by x

 An empty permission is represented by a dash, -

User (owner)
permissions

Group owner
permissions

INFORMATION OF PERMISSION SETS

(CONT.)

 Example :

226

PERMISSION TYPES (CONT.) PERMISSION DEFINITION FOR FILES 227

DEFINITION FOR DIRECTORIES

read Allows a user to open and Allows a user to list the contents

read the contents of a file of the directory

write Allows a user to open, Allows a user to add or remove
read, and edit the contents files to and from the directory

of a file

execute Allows a user to execute Allows a user to change, search,
the file in memory (if it is a or execute programs in the
directory
program file or script)

CHANGING PERMISSIONS 228

 Only the owner and the root user can change permission
of a file or directory

 You can use the chmod command to change file’s mode
with two methods:

 symbolic method
 absolute method

229

SYMBOLIC METHOD CHMOD DESCRIPTION
OPTIONS
Adds a permission
+ Removes a permission
- Assigns entire set of permission (it will remove previous set of
= permissions)

r Sets read permissions
w Sets write permissions
x Sets execute permissions
u Sets permissions for the user owner
g Sets permissions for the group owner
o Sets permissions for other users
a Sets permissions for access by the user owner, group owner and
other users
s
t Sets User ID and Group ID permission
Sets sticky bit permission

SYMBOLIC METHOD (CONT.) 230

 To add execute permission to the owner and group
owner of a file:
sudo chmod ug+x [filename]

 To add execute permission to the others and remove
write permission from the group owner of a file:
sudo chmod g-w,o+x [filename]

231

ABSOLUTE METHOD 4 21 4 21 42 1
r wx r wx r wx
Group owner
User owner Others
7 7 7

 Each categories with three permissions, conform to an octal
binary format

 The first octal digit applies to the owner category, the second
to the group owner and the third to the others category

 Use 4 for read permission, 2 for write and 1 for execute

ABSOLUTE METHOD (CONT.) 232

 The read, write, execute permission is simply the addition
of 4+2+1 to get 7

 To have the mode rw-r--r-- for a file:
sudo chmod 644 [filename]

 To have the mode rwxr-x--- for a file:
sudo chmod 750 [filename]

233

PERMISSIONS

SPECIAL PERMISSIONS

SPECIAL PERMISSIONS 234

 With special permissions, any user who runs that executable
file assumes the user ID of the owner (or group) of the
executable file.

 You can use three special permissions on files and directories:

• SUID (Set User ID) permission
• SGID (Set Group ID) permission
• Sticky bit permission

I.e., from the root/ owner account, run chmod u+s [filename]
will cause other users have full permission of the file, but for a
limited time.

235

SPECIAL PERMISSIONS (CONT.) PERMISSION FUNCTION FOR FILES FUNCTION FOR DIRECTORIES

SUID (Set Allows a user to execute a No special function
User ID
binary compiled program
GUID (Set
Group ID) and become the owner of the

Sticky bit file for the duration of

execution.

Allows a user to execute a If the user has a write permission and

binary compiled program then creates new files or

and become the member of subdirectories, the user’s name

group that is attached (group become the owner of the file and

owner) to the file for the directory’s group become the group

duration of execution. owner of the files or subdirectories.

No special function The contents of the directory (files

and directories) can only be deleted

or renamed by the root user or the

owner of the files or directories.

236

SPECIAL PERMISSIONS (CONT.)  Representing special permissions in the mode:

r wx r wx r wx



rws rws rwt

$ chmod o+t test

Representing ineffective special permissions in the mode:

rw- rw- rw-



rwS rwS rwT

SETTING SPECIAL PERMISSIONS 237

 To have the SUID and GUID for a file:
sudo chmod +s [filename]

 To set sticky bit permission to a file:
sudo chmod +t [filename]

 To have SUID and GUID for a file:
sudo chmod 6750 [filename]

 To set sticky bit permission to a file:
sudo chmod 1750 [filename]

238

DEFAULT
PERMISSION

UMASK

DEFAULT PERMISSIONS 239

 New files are given rw-rw-rw- and new directories are given
rwxrwxrwx by the system when they are created

 The umask (user mask) takes away permissions on new files
and directories immediately after they are created

 To view the current umask value:
umask

Output : 0002
 Note the final three digits in the output

DEFAULT PERMISSIONS (CONT.) 240

 umask 002 specifies that nothing (0) is taken away from
the user, also nothing (0) is taken away from members of
the group and write permission (2) is taken away from
others on new files and directories when they are first
created and given permissions by the system

 To change the umask value to 022, temporarily:
umask 022

241

TOPIC 5: COMMON
ADMINISTRATIVE

TASKS

242

MANAGE FILE SYSTEMS

This Photo by Unknown Author is licensed under CC BY-ND

LEARNING OUTCOMES 243

 Explain file systems or disk partitions in Linux system environment
 Explain common file system types and their features
 Apply graphical utilities to manage hard disk partitions
 Apply command-line utilities to manage hard disk partitions
 Show mount and unmount file systems to and from the Linux
directory tree
 Use /etc/fstab configuration file modify the file systems
 Display free space on mounted file systems
 Identifies file systems for errors in file systems

REQUIREMENTS

 Tools: Disk (graphical tool), df, du, fdisk, mkfs, fsck, mount,
umount, mounts

 Configuration files: /etc/fstab, /etc/mtab

LEARNING OUTCOMES 244

 Printer configuration in Linux system environment
 Use /etc/fstab configuration file modify the file systems
 Display free space on mounted file systems
 Identifies file systems for errors in file systems

REQUIREMENTS

• Tools: Printer Admin (graphical tool), lp, lpr
• Configuration files: /etc/cups/cupsd.conf

LEARNING OUTCOMES 245

 Network interfaces configuration in linux system environment
 Explain the basic of TCP/IP protocol
 Apply graphical utilities to configure a network interface to
use TCP/IP
 Apply command-line utilities to configure a network
interface to use TCP/IP
 Describe the purpose of host names
 Identify the configuration files to manage network
interfaces and host names
 Perform remote administration
 a. Secure Shell (SSH)
 b. Virtual Network Computing (VNC]

LEARNING OUTCOMES 246

 Tries software management in Linux system environment
 Describe the purpose of the package managers
 Describe the purpose of the repositories
 Apply graphical utilities to modify the repositories
 Apply command-line utilities to modify the repositories
 Demonstrate graphical utilities to install, update, upgrade
and remove software
 Demonstrate command-line utilities to install, update,
upgrade and remove software
REQUIREMENTS

• Ubuntu machine connected with Internet
• Tools: graphical tools, dpkg, apt-cache, apt-get, deb, deb-src, add-apt-repository

247

This Photo by Unknown Author is This Photo by Unknown Author is licensed
under CC BY-NC-ND
licensed under CC BY-NC

FILESYSTEM OR DISK
PARTITION MANAGEMENT

248

FILE
SYSTEM

FILESYSTEM’S
INFORMATION

FILE SYSTEMS 249

 File systems define the format to store & retrieve data on storage
devices.

 The type of filesystem used determines how files are managed on
the storage device.

 Each filesystem can have different methods for storing files and
features that make the filesystem robust against errors.

 Linux supports many filesystems (available for use in the Linux).

FILE SYSTEM TYPES 250

 ext2 (Second extended filesystem)
 The native filesystem used on Linux, non-journaling filesystem

 ext3 (Third extended filesystem)
 A variation on ext2 that allows for journaling and has a faster
startup and recovery time

 ext4 (Fourth extended filesystem)
 A variation on ext3 that has larger filesystem support and speed
enhancements.

 reiserfs (Reiser File System)
 A journalizing filesystem and more suited for use with databases.