Updated: 2015-04-04 03:32 EDT
adduser
and useradd
are the samehomer
and flanders
Do not print this assignment on paper!
- On paper, you will miss updates, corrections, and hints added to the online version.
- On paper, you cannot follow any of the hyperlink URLs that lead you to hints and course notes relevant to answering a question.
- On paper, scrolling text boxes will be cut off and not print properly.
15h00 (3pm) Tuesday April 7, 2015 (Week 13)
WARNING: Some inattentive students upload Assignment #12 into the Assignment #11 upload area. Don’t make that mistake! Be exact.
Do not print this assignment on paper! On paper, you cannot follow any of the hyperlink URLs that lead you to hints and course notes relevant to answering a question.
This assignment is based on your weekly Class Notes.
Remember to READ ALL THE WORDS to work effectively and not waste time.
This is an overview of how you are expected to complete this assignment. Read all the words before you start working.
For full marks, follow these directions exactly.
You will create some minimal file system structure in your HOME directory on the CLS.
Most work will involve changes in your own Linux Virtual Machine running Centos 6.6. You can use the Checking Program to check your work as you go. You can check your work with the Checking Program as often as you like before you submit your final mark.
When you are finished, leave the files and directories in place on both the CLS and your own CentOS Virtual Machine as part of your deliverables. Do not delete any assignment work until after the term is over! Assignments may be re-marked at any time on the CLS; you must have your term work available on the CLS right until term end.
All course notes are available on the Internet and also on the CLS. You can learn about how to read and search these CLS files using the command line on the CLS under the heading Copies of the CST8207 course notes near the bottom of the page Course Linux Server.
This is a Users and Groups assignment. Review course notes Users and Groups.
See the course notes or use the on-line help (man
command) for the commands listed below for more information:
chown
– (change owner) Change the owner and/or group of an existing inode (needs root
privilege)gpasswd
– administer groups: set group administrator users, set group members, add and remove users from a group, change or remove the group passwordgroupadd
– add a new group to the /etc/group
filegroupdel
– remove a group from the /etc/group
filegroupmod
– modify group name, number, password account information in the /etc/group
filegroups
– list the groups you (or another account) are in (from /etc/group
)id [user]
– display current account, current groups, and SELinux security context informationpasswd
– change your own password, or another user’s password (as root
)su [-] [user]
– (substitute user) Become another user (default root
), with that user’s permissionsuseradd
– add a new user account and home directoryuserdel
– delete an account (and possibly the home directory as well)usermod
– modify account information (and possibly home directory as well)whoami
– (who am I?) Display current account useridParts of this lab are done as different non-root users. Other parts are done as the root
user. Pay attention to which part is done by which user. You must use the su
command to start a shell with the permissions of another user. The root
user can use su
to become any other user without requiring a password.
If you start a root
subshell, your prompt will tell you if you are the root
user by changing to include a #
character instead of a $
character. You can also use the commands id
or whoami
to show your current userid.
Some answers require you to record command lines. Do not include the shell prompt with your command lines. Give only the part of the command line that you would type yourself.
Make sure you know the difference between a command line (which is what you type into the shell) and command output (which is what the command displays on your screen). Pay attention to whether the question asks you to record the command line or the command output.
/etc/passwd
file and its shadow and the /etc/group
file and its shadow on your CentOS system.
diff
to know what has changed during this lab, and you can sometimes recover these files without reverting everything back to a snapshot.I recommend that once you have booted your CentOS VM, you connect to it and work using a remote login session (e.g. ssh
or PuTTY
) where copy-and-paste works and where you can have multiple simultaneous connections into the VM. The VMware console is not friendly.
Note that SSH sessions (and whatever you are doing inside them) do not survive across a VMware suspend. Make sure you save your editor files and exit your SSH session before you pause or suspend your virtual machine. (Editor sessions that run inside the VMware console do survive across suspend and resume, since they don’t depend on a network connection.)
Interested users may look into the various Linux virtual terminal programs such as
tmux
andscreen
that do allow you to suspend and resume your sessions even from a remote login.
root
files in non-root accountsIndexFiles saved anywhere under your sysadmin HOME directory in CentOS should be owned by you and in one of your groups, not owned by root
or in the root
group. (The presence of root
files in non-root accounts is often a sign that your machine has been cracked!)
Do not leave root-owner or root-group files in your account. You should change the owner and group to you of anything you create as root
in your account. To find files not owned by you or not in your own group in your account:
[abcd0001@abcd0001 ~]$ cd ; pwd ; echo "$USER" ; find . ! -user "$USER" -ls
/home/abcd0001 # your HOME directory not abcd0001
abcd0001 # your own userid not abcd0001
[... any non-abcd0001 owner files are listed here ...]
[abcd0001@abcd0001 ~]$ cd ; pwd ; echo "$USER" ; find . ! -group "$USER" -ls
/home/abcd0001 # your HOME directory not abcd0001
abcd0001 # your own userid not abcd0001
[... any non-abcd0001 group files are listed here ...]
Note that the above commands were run when logged in as your sysadmin account, not when logged in as root
– make sure the $USER
variable contains your own userid not the root
userid. You want to find files not owned by or in the group of your own userid.
If you find any files that are not owned by or in the group of your own sysadmin userid, you should change the owner and group of these files to be your own userid and group. (The command that does this has a recursive option that lets you change everything under a directory.)
Hints: You need to know which account has permissions to change the ownership and group of a file. You need to know how to make the change. See the examples in Users and Groups.
Advanced users can modify the above
find
to send pathnames intosudo
runningxargs
withchown
. See Find and Xargs.
Complete your CentOS Install and Configure.
Do a Remote Login to the Course Linux Server (CLS) from any existing computer, using the host name appropriate for whether you are on-campus or off-campus.
Make the CLS directory ~/CST8207-15W/Assignments/assignment12
~/CST8207-15W/Assignments/assignment12
(the same hierarchy as you have already made on the CLS).This CentOS assignment12
directory in your sysadmin account is the Base Directory for all pathnames in this assignment. Store your CentOS files and answers below in this sysadmin Base Directory.
Run the Fetch and Checking Program to verify your work so far.
Pay careful attention to whether you are working on the CLS or CentOS, and which account you are using! Watch the userid and hostname values in your
PS1
prompt string! All answer files in this assignment get stored in the CentOS Base Directory, not on the CLS.
adduser
and useradd
are the sameIndexDo the commands in this section using your own sysadmin non-root account. Use
sudo
only as needed. As mentioned above, all output files must be owned by you and saved on CentOS in the Base Directory for this assignment in your system admin account (not in theroot
account!).
On CentOS, useradd
and adduser
are the same command with two different names. On some versions of Linux – Debian, Ubuntu, etc. – adduser
is a different command with different options.
On CentOS, try man adduser
and then man useradd
and see that they are exactly the same thing. (If the man
command is not found, you missed a step in a previous assignment. Go back and install the missing package.)
On the CLS (not CentOS), try the same two man
command lines and see that the two commands useradd
and adduser
are different and have different man
pages on the CLS. (The CLS runs Ubuntu Linux, which is a Debian-based distribution. CentOS is a Red Hat distribution.)
On CentOS, find the absolute pathnames of the two command names adduser
and useradd
. (Note: The which
command won’t find the location of these two commands when run as a non-root user. Use the other command that locates the pathname and manual pages of a command name. Review the “related commands” in the Search Path notes.) You will need these two absolute pathnames for the next question.
adduser.txt
adduser.txt
in your CentOS Base Directory the two lines of output from a long ls
listing of the two above absolute pathnames. Your file will be two lines and 20 words.Look at the ls
output lines in adduser.txt
:
useradd
and adduser
are the same command on CentOS.which
command did not work to find the absolute pathnames of either of these commands when run as a non-root user. (Hint: which
only finds executable programs. Who has permissions to execute the useradd
command?)Run the Fetch and Checking Program to verify your work so far.
homer
and flanders
IndexReview the course notes on Users and Groups.
Reminder: You will need
root
privileges to run account management commands, but all other commands should be done using your unpriviileged sysadmin account.Always log in and use your sysadmin account and use
sudo
only when needed. As mentioned above, all output files must be owned by you and saved on CentOS in the usual place for this assignment in your account (not in theroot
account!).
For this section you will require two more ordinary user (non-root, non-system) accounts. We will use two names from The Simpsons television series.
homer
homer
(no options needed) and then give it a simple password.flanders
flanders
(no options needed) and then give it the same password.simpsons.txt
id
commands to record the account information for each of the two Simpsons accounts into a simpsons.txt
file. Your file will be two lines, six words, 105 characters; one line for each of the two new Simpsons accounts.simpasswd.txt
simpasswd.txt
file. Your file will be two lines, two words, 84 characters; one line for each Simpsons account. Each password file line will have seven colon-separated fields in it.simpath.txt
ls
listing of the absolute pathname of each Simpsons account HOME directory (not the contents of the directory – just the directory itself) into a simpath.txt
file, one per line. Your file will be two lines and 18 words. If you get permission denied, you aren’t using the correct option to ls
to show only the directory, not the contents.simperm.txt
simperm.txt
file. Your file will be one line, one word, four characters. (Remember why three digits in a file is saved as four characters? Review Text file line end differences in File Transfer.)Run the Fetch and Checking Program to verify your work so far.
simpub.txt
The SB Output File: In the next steps, where you are required to save a command line or its output, do the command and then copy and record the command line or its output as a separate line into an output file named simpub.txt
in your CentOS Base Directory that will be noted as the SB output file below. If you can’t answer a question, leave a blank line in this output file. (The vim
option :set number
may be useful to you as you edit.)
If you use redirection to append lines to the output file, instead of using an editor, make sure you back up the file before each try, in case you accidentally over-write the file and lose the previous answers. You could also create snapshots after each question.
Below, we will create a /public
directory in the system ROOT directory in which any user can create files. The directory will allow any user to create names in it (or remove names, or rename). Recall that the permissions on a directory are not the same as the permissions on the things named in the directory. Permission to change file names does not grant permission to change file content.
You will need to use a command that lets you start a subshell as another user. Review Users and Groups.
In this section you will need to run commands as different users. You may find it helpful to have separate windows open into your CentOS VM, with subshells in each window running as a different user. Then, you can simply change windows to change users instead of having to exit and enter subshells in the same window. Be lazy! (You could also use the
suspend
command andfg
to change sub-shells.)
/public
Use appropriate privileges to create a directory called /public
under the top-level ROOT directory. The exact name is /public
(NOT /root/public
and NOT ./public
and NOT public
!).
Now, give the /public
directory full access permissions for everybody.
You should be able to touch
and remove a file in this new /public
directory as any non-root account. Test this (not as root
).
flanders
user.
flanders
!flanfile
flanders
user, redirect the current date into a new flanfile
file in the above /public
directory. The file will be one line, 6 words, 29 characters.
flanfile
file as Line 1 in the SB output file in your CentOS Base Directory (two words only).
flanfile
file as Line 2 in the SB output file (three digits only).flanfile
and use the syntax that does not change any other permissions, no matter what they might be.
flanfile
file as Line 4 in the SB output file (three digits only).homer
user.
homer
!homer
user, try to display the contents of the flanfile
.
homer
does not have permission to read the file content.homfile
homer
user, rename the flanfile
file (still owned by flanders
) to have the new name homfile
(in the same directory as flanfile
).
ls
listing of that new name confirming that the renamed file is still owned by flanders
.
ls
output as Line 5 in the SB output file.homer
user, remove the homfile
name.
flanders
.flanders
) is now gone forever./public
directory is now completely empty.Understand clearly why homer
can rename and then delete a file that he doesn’t own and can’t read. Review Links and Inodes.
Run the Fetch and Checking Program to verify your work so far.
In this section you will need to run commands as different users. You may find it helpful to have separate windows open into your CentOS VM, with subshells in each window running as a different user. Then, you can simply change windows to change users instead of having to exit and enter subshells in the same window. Be lazy! (You could also use the
suspend
command andfg
to change sub-shells.)
homflan
homflan
in the /public
directory that has the owner and group of homer
and homer
.
homer
to create this file, or you could create the empty file as any user first, then use super-user privilege to change the owner and group.ls
listing of the file and verify that both the owner and group are homer
.As the flanders
user try (and fail) to append the date
to the /public/homflan
file. You should get Permission denied
.
As the homer
user try (and succeed) to append the date
to the /public/homflan
file. There should be no error message.
Change only the file group and group permissions of the homflan
file so that both homer
and flanders
can read and write the homflan
file.
Hint: homer
, the owner of the file, will read and write the file using the owner permissions. Arrange that the file will be in one of the groups of the non-owner flanders
and so group permissions will apply to flanders
, allowing flanders
to read and write the file using the group permissions. Other users will be neither the owner of the file nor in the group of the file, so other permissions will apply to them and they cannot write the file.
Test it as three users. Both homer
and flanders
should be able to append data to the file, while your sysadmin (non-root) account should not be able to append data.
Exit from all the Simpsons user subshells and return to your sysadmin account shell.
Run the Fetch and Checking Program to verify your work so far.
starwars.txt
The WA Output File: In the next steps, where you are required to save a command line or its output, do the command and then copy and record the command line or its output as a separate line into an output file name starwars.txt
in your CentOS Base Directory that will be noted as the WA output file below. If you can’t answer a question, leave a blank line in this output file. (The vim
option :set number
may be useful to you as you edit.)
Take a snapshot of your virtual machine. Review Users and Groups.
luke
Create an account named luke
(all lower-case; no options needed).
Give the new luke
account a simple password.
luke.txt
Use a single command to search for lines containing luke
in the four system accounting files (in the password and password shadow files and in the group and group shadow files – four files in total). When you see four lines of output, put them into a new luke.txt
file. That file should contain the four lines that contain luke
in each line. Each line will be preceded by the name of the file in which it was found.
root
), run a long ls
listing on the new HOME directory (just the directory, not the contents) of the new luke
account. Only one line should output.
ls
to show only the directory, not the contents.usermod
IndexThe usermod
command modifies user account attributes, as recorded in the password file. Use only this command to make the following account change.
Do not use any other commands to make these changes unless told to do so. Do not text-edit any account files; use the commands designed for the purpose.
darth
luke
account to be darth
luke
user should be renamed to darth
.id luke
and confirm that it fails with “No such user”id darth
and confirm that darth
exists, but the account is still in the group named luke
.
ls -ld
on the HOME directory for this account (which hasn’t changed) and note that the owner has changed, but not the group (it’s still luke
). The name of the directory hasn’t changed, only the owner name.If you didn’t get the above results, restore the snapshot and try again.
groupmod
IndexThe groupmod
command modifies the group attributes, as recorded in the group file. Use only this command to make the following account change.
Do not use any other commands to make these changes unless told to do so. Do not text-edit any account files; use the commands designed for the purpose.
darth
luke
group to be darth
luke
group should be renamed to darth
.id darth
and confirm that the account is now in the group named darth
.ls -ld
on the HOME directory for this account (which still hasn’t changed) and note that both the owner and group have been changed (but not the name of the directory).If you didn’t get the above results, restore the snapshot and try again.
usermod
Indexsith
darth
account still uses an unchanged home directory of/home/luke
. Use a command to change and move (in one command line) this old home directory from its current luke
name to the new name sith
in the same parent directory as luke
:
-d
and -m
strictly according to the course notes (or read the man page).-d
and its following argument.ls -ld
on the new changed and moved sith
HOME directory for this account and confirm that both the owner and group are still darth
.luke
does not appear anywhere in those four files.darth
account using su
with the correct option. There should be no errors and the current directory should be the sith
HOME directory.darth
subshell and return to your sysadmin account shell.If you didn’t get the above results, restore the snapshot and try again.
Run the Fetch and Checking Program to verify your work so far.
chsh
IndexUse the appropriate option to the chsh
command to print the list of possible shells (four lines).
Change the shell for darth
to be the one that prevents logins. (Choose the shell pathname that allows “no logins”.)
Try to start a subshell in the darth
account using su
. You will be rejected with This account is currently not available.
Run the Fetch and Checking Program to verify your work so far.
This section uses some commands you have not used before.
Every command you need to use is mentioned in the opening page of this assignment document and is described in the lecture notes on Users and Groups. Become familiar with this list of commands before you continue, so that you know what command name to choose below. Every command also has a man page.
You do not need to text-edit any files in this section. All the commands you need are noted at the top of this document (and again in the Users and Groups course notes). RTFM!
The four-person band Megadeth (note the unusual spelling of Megadeth) uses the following work approach and has the following Requirements:
Song files can be created by one band member who is the single group administrator account. Only this one group administrator account can create, delete, modify and write song files.
Files must only be readable (not writable or removable) by the other three non-administrator group (band) members. These three ordinary band members must only be able to read the song files, not change or remove or rename them.
Anybody who is not a band member is not allowed to view song files. You must prevent all public access of any kind to the song files. These people do not share their songs for free.
Follow the directions below to create accounts and directories that implement the above Requirements. Some of the work will need to be done as the root
super-user. (Only the root
user can create new accounts.) Most group maintenance work can be done as the band member who is assigned to be the group administrator.
The four Megadeth band members are (get the name and account spellings correct when you create these accounts, below! Case matters):
mustaid
ellefsd
broderc
drovers
mustaid
, ellefsd
, broderc
, drovers
megadeth
megadeth
(spelled all lower case) to the system accounting files.
megadeth
group a system group. Keep it ordinary.megadeth
group is now in the system group file and has a numeric GID larger than GID_MIN
. (Recall looking up this value when you created your own sysadmin account.)megadeth
group.
megadeth
group in the group shadow file lists Chris’ account userid in the third field.megadeth
group administrator. Using his account, use a command four times to add each of the four band members to the megadeth
group, one-by-one.
Adding user
will print each time.Confirm that the system group file contains the new megadeth
group with all four band members listed beside it.
Exit the Chris subshell when you are done adding four members.
music
Create a new song directory named music
(lower-case) in the same parent directory where all the user HOME directories are stored. (Your sysadmin HOME directory is in this directory.)
music
directory, with permissions that implement the Requirements given above. Set ownership and permissions for the music
directory to implement the given Requirements:
music
?
music
?
music
?
You need to verify that the requirements have been met using a Test Plan. Here it is:
test
date
into a new file named test
in the music
directory. It should be possible without any errors.test
file, but can not change it, rename it, or remove it.music
directory cannot be listed or entered by any user who is not a band member.music
music
in their HOME directory that links up to /home/music
so that each band member can then use the soft link to access the /home/music
directory instead typing the entire pathname.
ls music
and ls /home/music
show the same files, when run from the HOME directory of each band member.Run the Fetch and Checking Program to verify your work so far.
That is all the tasks you need to do.
Read your CLS Linux EMail and remove any messages that may be waiting. See Reading eMail for help.
Check your work a final time using the Checking Program and save the standard output as described below. Submit your mark following the directions below.
Optional: Keeping your main configuration snapshots, remove any intermediate snapshots you no longer require, to free up disk space. - Be careful not to remove your current work!
See CentOS Remote Checking, Marking, and Submitting your Work.
READ ALL THE WORDS. OH PLEASE, PLEASE, PLEASE READ ALL THE WORDS!