linux security and file permissions

Question 1

what does /etc/passwd store ?

Answer 1

stores the user account records.

Each line of text contains one user account record.

Fields in each record are delimited by colons.

Question 2

what are the fields in /etc/passwd user account records

Answer 2

user name
user password
user identifier (uid)
group identifier (gid)
gecos field
home directory
shell program

Question 3

description of User name

Answer 3

This field contains the user name used to log into the system.

Question 4

description of user password

Answer 4

This field contains the hash value of the user password. If the value is set to set to “x”, the actual password is stored in a separate shadow password file.

Question 5

description of User identifier
(UID)

Answer 5

This field contains a number used internally by the system to identify the user.

Question 6

description of group identifier

Answer 6

This field contains a number which identify the primary group of the user. All files
that are created by this user initially belong to this group.

Question 7

description of gecos field

Answer 7

This field contains comments describing the account.

Question 8

description of Home directory

Answer 8

This field contains the home directory of the user.

Question 9

description of Shell program

Answer 9

This field contains the shell program to start when the user logs into the system.

Question 10

what are the field names in etc/shadow.

Answer 10

user name
passwords
last change
minimum
maximum
warning
inactive
expire

Question 11

what does cat /etc/shadow | tail -n 1

Answer 11

returns the last line of the contents of the shadow password file.

shadow file contains a hash for each user and therefore the last line is not very meaningful

Question 12

what does cat /etc/shadow | head -n 1

Answer 12

returns the first line of the contents of the shadow password file.

Question 13

what does cat /etc/shadow | tail -n 1 | tr “:” “\n”

Answer 13

cat /etc/shadow | tail -n 1 | tr “:” “\n” will display the last line of the contents of the shadow password file, with each field separated by a colon (“:”) replaced with a newline.

Question 14

how to check if user login is disabled ?

Answer 14

use the grep “guest” /etc/shadow

if it return something like this
guest:!!::43nijnroi32

the !! means user login is disabled

Question 15

how to lock the passwd for guest

Answer 15

passwd -l guest

to verify use the grep “guest” /etc/shadow

if it return something like this
guest:!!::43nijnroi32

the !! means user login is disabled

Question 16

how to unlock the passwd for guest

Answer 16

passwd -u guest

Question 17

how to add users

Answer 17

adduser [name]

Question 18

how to add groups in linux

Answer 18

groupadd [options] groupname

Question 19

what is visudo

Answer 19

cmd allows you to edit the sudoers file, which controls who is allowed to use the sudo command and what actions they are permitted to perform.

Question 20

what happens if i add User_Alias IT2524_STUDENT = guest, karthik to user_aliases in sudoers file

Answer 20

Any time you want to give the users “guest” and “karthik” the same permissions, you can use the “IT2524_STUDENT” user alias in the sudoers file instead of listing the users individually.

Question 21

what happens over here

Command Aliases
These are groups of related commands…
Cmnd_Alias IT2524_COMMAND = /usr/sbin/visudo

Answer 21

The command alias “IT2524_COMMAND” is defined to include the command “/usr/sbin/visudo”.

This means that any time you want to give permission to execute the command “/usr/sbin/visudo”, you can use the “IT2524_COMMAND” in the sudoers file instead of listing the command individually.

Question 22

how to check id of user

Answer 22

id student

Question 23

what does usermod -a -G student may

Answer 23

it will add the user “may” to the group “student”

The -a option is used to append the user to the specified group, which means that it will add the user to the group without removing them from any other groups they may already be a member of.

The -G option is used to specify the group that the user should be added to. In this case, the group is “student”.

Question 24

what does chmod g+s project do ?

the user is student

Answer 24

if you have a group “student” and you want to allow the group to create files and directories in a shared directory, you can set the setgid bit on the directory with chmod g+s <directory_name>, this way any files and directories created by any member of the group "student" will be owned by the group "student" and the members of the group will have the permissions to access and modify those files.</directory_name>

Question 25

setgid bit will only take effect on ?

Answer 25

setgid bit will only take effect on directories, not on regular files.

Question 26

what happens If a user who is not a member of a group

Answer 26

If a user who is not a member of a group sets the setgid bit on a directory, new files and directories created within that directory will inherit the group ownership of the parent directory, but the user will not have any permissions to access or modify those files, as they are not part of the group.