A Primer to System Administration - Users and groups

How to create a user

By useradd:

useradd -m -d <HomeDir> -g <Group> username

It’s optional to specify the new user’s home directory and group, but I strongly suggest to do so. -m stands for create home, -d to allocate a directory. (Warning, don’t mess up useradd and adduser, the later one is a higher level’s implementation. Here is a detailed explanation of these two’s differences.)

How to create a group

By groupadd:

groupadd groupname

How to add a user to a group

By usermod:
usermod -a -G username

where usermod means modify a user account, -a stands for append, append this user to a group.

Read more

How to list all users in a group

Well, there is not such a built-in command for that, but we can use:

grep '^groupname' /etc/group

or apt-get install members, then

members groupname

What is sticky bit

What is sticky bit looks like

Sticky bit is used for directories. As wikipedia said:

When the sticky bit is set, only the item’s owner, the directory’s owner, or root can rename or delete files. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner.

For example, if the professor create a /homework directory with sticky bit, every student can upload their homework, but they cannot rename or delete other students’ homework.

How to set it

chmod +t /path/to/directory

or

chmod 1755

where 1 stands for sticky bit, 7 for owner has all privilege, 5 for read and execute privilege for the group, and for others.

Now, /path/to/directory should looks like this (replaced last character):

drwxr-xr-t   1 root     other          0 Nov 10 12:57 test

As wikipedia said, if the sticky-bit is set on the directory without the execution bit set for the others category, it is indicated with a capital T:

drwxr-xr-T   1 root     other          0 Nov 10 12:57 test

Read more …

What is setuid

One sentence explanation: Regardless of who runs this program, run it as the user who owns it, not the user that executes it.

How to set it

chmod u+s /path/to/file

And it is dangerous

For instance, a simple shell script showfile.sh has set setuid as root privilege:

#!/bin/sh
# showfile
ls -l | sort

And If I am a bad guy, I could easily write script :

rm -rf /some/where/important

and saved as name ls, add my ls to the front of $PATH. Now when I tried to run showfile.sh, Boom ! The files are deleted.

BTW

If you found grammar errors or typos, please feel free to help me correct it.