Module 15: System and User Security

Questions and Answers

What command is used to switch to another user account in a Linux system while obtaining their environment settings?

• sudo -u username
• su - username (correct)
• login username
• su username

What is a key risk associated with using the root account directly?

• User might forget their password
• Accidental execution of non-administrative tasks as root (correct)
• Background processes may fail
• Only certain commands can be executed

What information does the 'who' command provide about users?

• Shows usernames along with their login times and locations (correct)
• Lists the primary group for all users logged in
• Displays only the usernames and passwords of currently logged-in users
• Provides details on user permissions and roles

What is the main purpose of creating groups in a system?

To allow users to share files (D)

What is a consequence of creating GIDs under 1000?

They are reserved for system use and could cause conflicts (D)

Which command shows both local and network-based groups?

getent (D)

What does the command 'grep root /etc/group' accomplish?

It displays information about the root group (B)

Flashcards

User accounts on Linux

User accounts control access to files and directories on a Linux system, assigning permissions based on user and group.

Administrative accounts (root)

Root accounts hold supreme privileges on Linux systems, but using root directly carries significant risks.

su command

su command allows switching to another user's account and running a shell as that user .

sudo command

sudo allows users to temporarily execute commands with elevated privileges.

/etc/passwd file

The /etc/passwd file stores user account information, including user ID, home directory, shell.

System Accounts

Accounts used by services running on the Linux system, identified by UIDs between 1 and 499.

What does /etc/passwd store?

The /etc/passwd file stores user account information like username, UID, home directory, and shell.

What's the purpose of the * (asterisk) in the Password field of system accounts?

The asterisk (*) in the Password field of /etc/passwd for system accounts indicates that no password is stored.

What's the role of /etc/group?

The /etc/group file defines supplemental or secondary group memberships for users.

What does the id command do?

The id command prints user and group information, displaying primary and secondary group memberships of a user.

Where is user account info stored?

The /etc/passwd and /etc/shadow files store user account information and authentication details.

What's a User Private Group (UPG)?

Some Linux distributions create a User Private Group (UPG) when a new user account is created. This group is associated with the user and has the same ID as the user.

Why use commands to create users?

Using commands like useradd and groupadd is the preferred method for creating users and groups, as it ensures consistency and simplifies management compared to directly editing files.

What are groups used for?

Groups enable users to share files and collaborate, allowing permissions to be assigned based on group membership.

How to create a group?

Use the groupadd command as root to create a new group. Specify a group ID (GID) with the -g option. If no GID is provided, one will be assigned automatically.

What's the grep command used for?

The grep command searches for specific lines within files, like the /etc/group file, to verify group configurations and recent changes.

What does the getent command do?

The getent command displays information about local and network-based groups.

What's important to consider when choosing a GID?

Avoid assigning GIDs in the same range as future user IDs (UIDs), and be mindful that GIDs under 1000 are generally reserved for system use.

How to check for existing groups?

Use the grep command to search the /etc/group file for a specific group name.

Why plan group usage?

Planning how groups will be used before creating them is essential for effective user management and security.

Study Notes

Module 15: System and User Security

• Exam Objective 5.1 covers basic security and identifying user types on a Linux system.
• The objective focuses on various user types within a Linux environment.

Identifying User Accounts

• User accounts are designed to secure a Linux operating system.
• Accounts control file and directory access rights based on file permissions.

Users and Permissions

• User accounts belong to groups.
• This module covers commands to view user and group details and navigate between them.

Administrative Accounts

• Some commands require administrative or root privileges.
• Using the root account carries risks, so sudo or su are recommended for executing commands as root.
• Risks of logging in as root:
  • All processes run with root privileges.
  • Easier to accidentally run non-admin tasks as root.

Switching Users

• The su command allows running a shell as a different user.
• The su command with the [username] parameter opens a new shell.
• After pressing Enter, the correct password for the target user is needed.

Executing Privileged Commands

• The sudo command enables executing commands as another user.
• It's useful for distributions where root login isn't permitted.
• Unlike su, sudo prompts for your own password. This prevents a possible compromise of root privileges.

User Accounts

• The /etc directory contains files defining user and group accounts.
• The /etc/passwd file provides user account information (name, password placeholder, UID, primary group ID, comment, home directory, shell). Fields are separated by colons.

Passwords

• The /etc/shadow file contains encrypted user passwords (access requires root privileges).
• Fields in /etc/shadow include username, encrypted password, last password change, minimum/maximum password age, warning before password expiry, inactive period and password expiry time.

System Accounts

• Users typically log in using regular accounts (UID > 1000).
• The root account has UID 0 and special access.
• System accounts (UID 1-499) manage services on the system.
• System accounts in /etc/passwd and /etc/shadow may have different fields (like home directory, shell, password).

Group Accounts

• Users can belong to one or more groups.
• The /etc/passwd file specifies the primary group membership.
• The /etc/group file defines additional or secondary group memberships.
• Group information includes the group name, password holder(an 'x' indicates no password), group ID, and list of members in the group file.

Viewing User Accounts

• The id command displays user and group information (UID, username, primary group, and details of other groups).

Viewing Current Users

• The who command lists currently logged-in users, their terminal, and login times.

• The w command provides a more detailed view of logged-in users, including system status like user activity and load average.

Viewing Login History

• The last command displays login history, including previous and current login sessions. It gathers information from the /var/log/wtmp file.