Presentation on theme: "Unix/Linux basics 0100 - user management Operating systems lab Gergely Windisch room 4.12"— Presentation transcript:
Unix/Linux basics 0100 - user management Operating systems lab Gergely Windisch firstname.lastname@example.org room 4.12 http://nik.bmf.hu/gwindisch/os_2010
grep Do some basic pattern maching - search Search in files: grep 'string' filename cat filename | grep 'string' Will print only the lines where the given expression is found for example: list all the mp3 files in the current dir ls -l | grep 'mp3' grep -v : negate the function - print when not present
grep useful switches: v : negative search h : when grepping multiple files, return the name of the actual file i : case insensitive w : look only for whole words n : add the line number to the hit
Practice grep list all the mp3 files why does it list those files? – try ls -l | grep 'rw'
Regular expressions advanced pattern maching – looks ugly, but is useful – can find for example phone numbers in many formats: 06303234433, 36303234433, 36-30- 3234433, (3630)3234433, (06 30)-32 34 4 33 06-(30)-323-4433 etc. – regexp can find all of these with one search we are not going into more details here. if interested: – http://...
Regular expression and grep.. | grep 'mp3' - will list all lines containing mp3.. | grep '^mp3' - lists all lines starting with mp3.. | grep 'mp3$' - lists all lines ending with mp3.: could mean any character.. | grep 'm.3' : one of the character inside.. | grep 'mp' [-]: interval:.. | grep 'mp[g1-4]': mpg,mp1,mp2,mp3,mp4
Regexp practice List all the files in the current directory that start with a capital letter hint: ls -1 lists files in a column
grep exercise list only the directories and the symbolic links in the current directory
sed sed is an automated text processor will modify text files using pre-definied programs – takes one line at a time, and does everything we have told it to do with that line sed 'program ' inputfile > outputfile cat inputfile | sed 'program' How should we proceed if the input file is the same as the output?
sed (2) sed 'program' inputfile > inputfile (why not?) what is the output of ls -l? now type: ls -l > something – what goes into something? what is the output of ls -l now? what if we run ls -l > something again? what do we see? according to this, why shouldn't we use sed 'program' inputfile > inputfile?
sed commands man sed to get all the different commands tutorial está aquí: http://www.grymoire.com/Unix/Sed.html p: print current line – ls -l | sed 'p' - what happens? -n: no printing – ls -l | sed -n '4' - only print line 4 – ls -l | sed -n '1,5 p' - only print those lines
sed commands (2) d: delete lines. Works just like p – ls -l | sed '1,6 d' - print lines 7,8,9 etc. – One can use this to delete the lines from an file s: substitute – ls -l | sed s/hallgato/otheruser/ - first in line – ls -l | sed s/hallgato/otheruser/g - all of them – Separator can be other character as well sed s/http:\/\/aaa.hu\/uns\/index.html/bbb.hu/ sed s!http://aaa.hu/uns/index.html!bbb.hu!
sed exercise download the accountrc file from the website wget http://nik.bmf.hu/gwindisch/OS_2010/accoun trc http://nik.bmf.hu/gwindisch/OS_2010/accoun trc Write a shell script (one command) that changes the smtp server address from smtp.datanet.hu to sendmail.bmf.hu and back The result should go in the same file
sed exercise solution #!/bin/bash cat accountrc | sed s/” smtp.datanet.hu”/”sendmail.bmf.hu”/g > tempfile mv tempfile accountrc
Other commands cut: cut the output into columns – for example: list only the names of the groups in the system: cat /etc/group | cut -d: -f1 wc: word count. wc -l: number of lines – count the users: cat /etc/passwd | wc -l head, tail: print only the first (last) few lines – cat messages.log | tail tac: print contents of file backwards
excercise print the number of the users in the system
excercise print the number of the users in the system what about the inactive users? – (inactive users: who's line starts with #)
exercise 2 create a shell script that takes a file as an input parameter and returns the name of the owner.
exercise 3 create a shell script that takes a filename as an input parameter, and if the owner of this file is the hallgato user, then give the file to the root user (chown)
exercise 4 change the previous script so that it only gives the file to the root if the owner is the current user
exercise 5 modify the previous script so that it takes a second parameter which is the name of the user the file should be given to, but only give that user the file if the user exists on the system
Today's agenda - user management Users in the system Important files Adding users Role management
Users in unix (like operating systems) User name / User ID / Group ID Users are identified by the UID – Name is just for the humans UID 0 is the root - users with that number have the permissions Real users start at 1000 (on most systems) Pseudo users exist (1-999) Users can be part of multiple groups (primary and secondary groups)
Where are they stored? /etc/passwd - holds the users user-name:x:user-number:group-number:comment section:/home-directory:default-shell
Where are they stored? (2) /etc/group - holds the groups
Where are they stored? (3) /etc/shadow - holds the passwords – Used to be in /etc/passwd, but it is not secure – One line / user Login name:Encrypted password:Days since Jan 1, 1970 since password was last changed:Days before password can be changed:Days after it must be changed:Days before the expiration that the user is warned:Days after password expires and the user is disabled:Days since the password has been disabled
Important files and commands /etc/login.defs - default login options /etc/skel - default directory for new users
Modifying user accounts Modifying user accounts is simple - just modify the contents of /etc/passwd
Adding users with useradd (1) useradd is a command line tool to add users -mCreate a home directory in /home/ -MNo home directory created. -gSpecify the initial group for the user. -GSpecify the initial group for the user by using the group number. -sSpecify the default shell for the user. If not specified set to /bin/bash -eSpecify the expiration date. Format YYY-MM-DD -fNumber of days after a password expires that an account is disabled. By default this feature is disabled (-1) -uSpecify the user id number to be used.
Adding users with useradd (2) useradd user1 – create user (without settings) – check out what happens useradd -D – do not create, just print the defaults useradd -g group1 user3 – create user3, add it to group1 useradd -g group1 -G group2,group3 user4 – create user4, assign it to group1 and 2,3 as secondary
Running commands as others su - Start root shell (dangerous) sudo command visudo - edit the file pfexec in Solaris
Exercise 1 Create four users: alice, bob, cecilia and lajos (it is a fine hungarian name) The users should have full access to their home directories, and they should not have any access to each others' home dir, except for lajos who needs read permission for bob's home directory. Create a shared directory under /var/share. Make it accessible from each of the users' home directories. Set it up in a way so that only the owners of the files are able to delete the files inside the shared directory. Make this dir appear in the newly created accounts as well automatically.
Exercise 2 Write a shell script that can add users to the system. It should ask questions like "Username: ", "Group"… etc. The responses to the questions should be used to parametrize the commands necessary to create the new user. It needs to be foolproof - it should check if the username and the group name already exists, whehter the shell specified exists etc. Our good friend Bob has just gotten promoted to Enterprise Wide User Administrator (or EWUA). Your task is to create a new group for Bob called EWUA, set the system up so that he (and the members of that group) can use your previous script to add users to the system. He should not be able to run any other commands as root, just those that are necessary for being EUWA.
User management in Solaris Role based access control same files as in linux /etc/security holds roles
Exercise in solaris Create a new user, check his rights, assign a role to it and see it now