M01: Introduction to Operating Systems
 		TU1: Installing, configuring and exploiting a computer system
 		ASIX1
 		Practical Exercise 10: Managing users and groups accounts 17-2-13

Practical Exercise 10:  Managing users and groups accounts

GENERAL CONDITIONS
1- Deadline: 2-03-2013.
2- Send your report as a PDF file attached to an e-mail with the following specifications:
     a) E-mail address: cf(at)collados.org or jordi.binefa(at)fje.edu depending who is your teacher
     b) File Name:
        b.1) ASIX1 (Catalan): asix1_surname_name_m01tu01pr10.pdf
        b2.) DAW1 (English): daw1_surname_name_m01tu01pr10.pdf     
     c) Subject:
         c.1) ASIX1 (Catalan): asix1_surname_name_m01tu01pr10
         c.2) DAW1 (English): daw1_surname_name_m01tu01pr10
3- Make this report individually.
4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font:Times New Roman (or Liberation Serif), b) Size: 10, c) Questions typeface: Bold, d) Answers typeface: Regular.
6- Page numbering on footer bar.

CONFIGURING USER AND GROUP ACCOUNTS

1- Introduction
A user is a real person, or process,  or device which uses or access to some resources of a computer such as folders, files, programs, hardware and so on. A group is a collection of users. Groups are used as a basis for determining file access permissions. It depends on your groups membership that you will be able to access or not to certain folders, files, hardware, databases and so on.

In order to define properly a new user, you must provide to the system some basic information. A system user will need:
 a) A username
 b) Usually, an encrypted password
 c) A set of necessary files directories, and permissions. For instance, its home directory.
 d) A numerical value called  User IDentifier or UID associated with the username. The user will be identified by the system thanks to its UID rather than its username.
e) A default group. A user must be member of one or more groups. If a user is member of just one group, that group will be its default group. The group name must exist. Instead of a group name, you can write the unique number that identifies the group.
 f) A default shell, usually /bin/bash.
 g) Another characteristics like comments, expiry date, additional groups memberships and so on.
 h) An entry in files /etc/passwd and /etc/shadow.

In order to define properly a new group, you must provide to the system some basic information. A system group will need:
 a) A group name.
b) A numerical value called  Group IDentifier or GID associated with the group name. The group  will be identified by the system thanks to its GID rather than its group name.
c)  Users which are member of that group.

The purpose of this exercise is to learn how to manage user and group account on Linux and particularly, with the Ubuntu distribution. We will learn how to add and delete system users and grups. Additionally, we will study the main chararacterisitics  of  system user and groups, and how to modify these characteristics. In order to configure and manage system users and groups, the Linux operating  provides you with a poerful set of command-line utilities: a) useradd adds a new user account to the system, b) userdel deletes a user's account, c) usermod modifies a user's account, d) groupadd adds a new group to the system, e) groupdel removes a group and f) groupmod modifies a group. If your computer runs Ubuntu Linux,  a  GUI utility called user-admin will help to configure and manage easily your system users and groups.

2- mkpasswd
a) Descrition: The command-line utility mkpasswd encrypts a given password.
b) Synopis: mkpasswd  PASSWORD
c) As a result, a encrypted version of PASSWORD will be displayed on screen
d) Example:
linux:~ #  mkpasswd   mst1298
NvwgZmyymrgZQ
e) When  you run the useradd command (read section 3),  you should use the result of this command with the -p option.

3- useradd
a) Descrption: The useradd command adds a new user to the system. This command adds a new entry to /etc/passwd and /etc/shadow.
b) Synopsis: useradd   username  <options>
c) Important options:
        -d --> This option specifies the users home directory. If not specified, the default from /etc/default/useradd is used.
        -g --> The group name or number of the user's default group (or primary group). The group name or number must refer to an already existing  group. If not specified, the default from /etc/default/useradd                   is used.
        -m -->  If it does not exist, the home directory for the new user account will be created.
        -p -->   Encrypted password as returned by mkpasswd.
        -s --> Specify user's login shell. The default for normal user accounts is taken from /etc/default/useradd.
        -u --> The  User IDentifier or UID. By default, will be the first free ID after the greatest used one.
        -G --> A list of supplementary groups. Each group is  separated  from  the  next  one  only by  a  comma,  without  whitespace.
d) Example 1: If you want to add to the system a new user called master,  with  the  following  characteristics: UID = 1000, Default group = users, Home directory = /home/master, Default shell = /bin/bash, and password = mst2012, you could run the following commands:
            1st)     mkpasswd  mst2012  ==> The result is: LlbjokSlEjavI
            2nd)    useradd  master  -u  1000  -g  users  -d  /home/master  -m  -s  /bin/bash  -p  LlbjokSlEjavI
e) Example 2: If you want to add to the system a new user called master,  with  the  following  characteristics: UID = 1000, Default group = users, Home directory = /home/master, Default shell =/bin/bash,  password = mst2012 and additional groups crontab and syslog, you could run the following single command:
                            useradd  master  -u  1000  -g  users -G crontab,syslog  -d  /home/master  -m  -s  /bin/bash  -p  $(mkpasswd  mst2012)
                            (Pay attention to the command substitution $(mkpasswd mst2012), which means that mkpasswd mst2012 will be replaced with the result of that command) 

4- userdel
a) Description: The useradel command deletes an user account.
b) Synopsis 1: userdel  username  ==> The user will be deleted but not its home folder. Entries in /etc/passwd, /etc/shadow and /etc/group will be deleted. Folder /home/username will not be deleted.
c) Synopsis 2: userdel  -r  username  ==>  The user will be deleted and its home folder as well. Entries in /etc/passwd, /etc/shadow and /etc/group will be deleted. Folder /home/username will be deleted.
d) Example: If you want to completely remove the user master, you should run the following command: userdel  -r  master  

5- usermod
a) Description: The usermod command modifies an user account.
b) Synopsis: usermod   <options>   username
c) Important options:
        -d --> This option specifies the new home directory of the user.
        -g --> The group name or number of the user's new default group.
        -p -->  An Encrypted new password.    
        -s --> Specifies an user's new login shell.
        -u --> Changes the  User IDentifier or UID.
        -G --> A list of supplementary groups. Each group is  separated  from  the  next  one  only by  a  comma,  without  whitespace. The user is removed  from  all  other  groups  not specified
        -a -G --> A list of supplementary groups. Each group is  separated  from  the  next  one  only by  a  comma,  without  whitespace. The user is added to specified groups. The user is not removed                  from not specified groups.
       
d) Example 1: The following command changes the UID. The new UID  will be 590:
        usermod  -u  590  master
e) Example 2: The following command changes the password. The new password will be master2013:
        usermod  -p  $(mkpasswd  2013)  master
f) Example 3: The following command changes the UID and password. The new password will be master2013 and the new UID will be 620:
        usermod  -p  $(master2013)  -u  620  master
g) Example 4: The following command adds a user to a group. A new user called teacher02 will be added to a group called teachers if you run:
        usermod  -a  -G  teachers  teacher02

6- groupadd
a) Description: The groupadd command adds a new group. This command adds a new entry to /etc/groups.
b) Synopsis:    groupadd   <options>   group_name
c) Important options:
        -g --> The  Group IDentifier or GID. By default, will be the first free ID after the greatest used one.
        Remember: Last string is the group name.
d) Example: The following command adds a new group called students. The value assigned to GID will be 120.
        groupadd   -g   120   students

 7- groupdel
a) Description: The groupdel command deletes a group.
b) Synopsis: groupdel  group_name
c) Example: groupdel  students
d) Important: A user's default group (also called primary group) is not removeable. Delete the user or modify its primary group if you want to delete that group.

8- groupmod
a) Description: The groupmod command modifies a group using the values specified on the command line.This command modifies an entry in /etc/groups.
b) Synopsis: groupmod   <options>   group_name
c) Important options:
        -g --> Changes the  Group IDentifier or GID
        -n --> Changes the   group name
d) Example 1: The following command changes the GID. The new GID  will be 180:
        groupmod  -g  180  students
e) Example 2: The following command changes the group_name. The old group name is students.The new group name will be teachers:
        groupmod  -n  teachers students

9- gpasswd: Removing a user from a group. Adding a user to a group
a) If you are working with Ubuntu, you can remove a user from a group using the next command: gpasswd  -d  username  group_name
b) If you are working with Ubuntu, you can add a user to a group using the next command: gpasswd  -a  username  group_name
c) Example 1: The following command adds a user to a group. A new user called teacher02 will be added to a group called teachers if you run:
        gpasswd  -a  teacher02  teachers
d) Example 2: The following command deletes a user called teacher02 from a group called teachers:
        gpasswd  -d  teacher02  teachers

NOTE: Read the manual page of gpasswd (run man gpasswd) for any further information about this command.

10- User files, groups and user passwords
The /etc/passwd file contains information about all system users. Here we find the username, password, UID, home directory, etc.. A typical line in /etc/passwd looks like :
dai1:x:600:100:Usuari dai1:/home/dai1:/bin/bash.

Where there is username, password in plain text or an "x" if it is encrypted and saved in /etc/shadow special file, UID, default group, which belongs to the home directory and the shell that runs when user connects.

In /etc/shadow directory each line is a username and encrypted password and other items that do not concern us now.

In /etc/gshadow directory each line is a group name and encrypted password and the list of group members.

11 - Graphical tool for working with users and groups
a) Install gnome-system-tools running, as a root user,  the following command: aptitude   install   gnome-system-tools . Due to the fact that gnome-system-tools requires a lot of extra packages to be installed in your system,  is highly advisable to run this command in your home.

b) When gnome-system -tools is installed in your system you can start the Users and  Groups GUI utility which is  was invoked in menu-driven interfaces via Applications --> System Tools --> Administration > Users and Groups.

12- Interesting Links
http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
http://www.binefa.cat/isol/p11/www.cyberciti.biz/faq/understanding-etcshadow-file/

PRACTICAL EXERCISE

1- Open the terminal. Create a new user called clot2014, which is part of the users group, whose home directory is /home/clot2014, whose shell is the bash program, and whose encrypted password is PWDclot2014. User doesn't need more information. UID will be 2014. Look at changes at /etc/passwd and /etc/shadow.
 2- Working on terminal. Create alumnes11 group with GID = 211. Look at changes at /etc/group
3- Working on terminal. Modify clot2014's UID and change it to 3011. Look at changes at /etc/passwd
4- Working on terminal. Add clot2014's user to alumnes11 group. Look at changes at /etc/group
5- Working on terminal. Swap clot2014's default group to adm group. Look at changes at /etc/passwd
6- Working on terminal. Modify alumnes11's GID and change it to 311 . Look at changes at /etc/group
7- Remove clot2014's user. Look at changes at /etc/passwd and /etc/shadow
8- Remove alumnes11's group. Look at changes at /etc/group
9- Try to remove users group. What is happening?. Why?
10- From GUI repeat exercise 1.
11- From GUI repeat exercise 2.
12- From GUI repeat exercise 3.
13- From GUI repeat exercise 4.
14- From GUI repeat exercise 5.
15- From GUI repeat exercise 6.
16- From GUI repeat exercise 7.
17- From GUI repeat exercise 8.
18- Working with Users and  Groups GUI utility. Disable the fje user account. Try to gain access to the fje account. What's is happennig?.
19- Working with Users and  Groups GUI utility. Enable the fje user account again. Try to gain access to the fje account. What's is happennig now?.
20- Working on terminal. Disable the fje user account. Help: http://www.cyberciti.biz/faq/linux-disable-user-account-command/
21- Working on terminal. Enable the fje user account again. Help:  Work with -U instead of -L and  set EXPIRE_DATE to 99999.