## How to create a user

useradd -m -d <HomeDir> -g <Group> username


It’s optional to specify the new user’s home directory and group, but I strongly suggest to do so. -m stands for create home, -d to allocate a directory. (Warning, don’t mess up useradd and adduser, the later one is a higher level’s implementation. Here is a detailed explanation of these two’s differences.)

## How to create a group

groupadd groupname


## How to add a user to a group

By usermod:

where usermod means modify a user account, -a stands for append, append this user to a group.

## How to list all users in a group

Well, there is not such a built-in command for that, but we can use:

grep '^groupname' /etc/group


or apt-get install members, then

members groupname


## What is sticky bit

### What is sticky bit looks like

Sticky bit is used for directories. As wikipedia said:

When the sticky bit is set, only the item’s owner, the directory’s owner, or root can rename or delete files. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner.

For example, if the professor create a /homework directory with sticky bit, every student can upload their homework, but they cannot rename or delete other students’ homework.

### How to set it

chmod +t /path/to/directory


or

chmod 1755


where 1 stands for sticky bit, 7 for owner has all privilege, 5 for read and execute privilege for the group, and for others.

Now, /path/to/directory should looks like this (replaced last character):

drwxr-xr-t   1 root     other          0 Nov 10 12:57 test


As wikipedia said, if the sticky-bit is set on the directory without the execution bit set for the others category, it is indicated with a capital T:

drwxr-xr-T   1 root     other          0 Nov 10 12:57 test


## What is setuid

One sentence explanation: Regardless of who runs this program, run it as the user who owns it, not the user that executes it.

### How to set it

chmod u+s /path/to/file


### And it is dangerous

For instance, a simple shell script showfile.sh has set setuid as root privilege:

#!/bin/sh
# showfile
ls -l | sort


And If I am a bad guy, I could easily write script :

rm -rf /some/where/important


and saved as name ls, add my ls to the front of \$PATH. Now when I tried to run showfile.sh, Boom ! The files are deleted.

## BTW

If you found grammar errors or typos, please feel free to help me correct it.