% Everything about linux user- & filemanagement % % Core topic for computer science matura % % Copyright 2009, Lukas Prokop \documentclass[ draft, % Entwurfsstadium %final, % fertiges Dokument 11pt, %smallheadings, % small headers %normalheadings, % normal headers bigheadings, % big headers ngerman, % wird an andere Pakete weitergereicht a4paper, BCOR5mm, % Zusaetzlicher Rand auf der Innenseite DIV11, % Seitengroesse (siehe Koma Skript Dokumentation !) %DIVcalc, % automatische Berechnung einer guten Zeilenlaenge 1.1headlines, % Zeilenanzahl der Kopfzeilen %headinclude, % Kopf einbeziehen headexclude, % Kopf nicht einbeziehen %footinclude, % Fuss einbeziehen footexclude, % Fuss nicht einbeziehen %mpinclude, % Margin einbeziehen mpexclude, % Margin nicht einbeziehen pagesize, % Schreibt die Papiergroesse in die Datei. % Wichtig fuer Konvertierungen %oneside, % einseitiges Layout twoside, % Seitenraender for zweiseitiges Layout onecolumn, % Einspaltig %twocolumn, % Zweispaltig %openany, % Kapitel beginnen auf jeder Seite openright, % Kapitel beginnen immer auf der rechten Seite % (macht nur bei 'twoside' Sinn) %cleardoubleplain, % leere, linke Seite mit Seitenstil 'plain' %cleardoubleempty, % leere, linke Seite mit Seitenstil 'empty' titlepage, % Titel als einzelne Seite ('titlepage' Umgebung) %notitlepage, % Titel in Seite integriert % % Absatzabstand: Einzeilig, %parskip, % Freiraum in letzter Zeile: 1em %parskip*, % Freiraum in letzter Zeile: Viertel einer Zeile %parskip+, % Freiraum in letzter Zeile: Drittel einer Zeile %parskip-, % Freiraum in letzter Zeile: keine Vorkehrungen % % Absatzabstand: Halbzeilig %halfparskip, % Freiraum in letzter Zeile: 1em %halfparskip*, % Freiraum in letzter Zeile: Viertel einer Zeile %halfparskip+, % Freiraum in letzter Zeile: Drittel einer Zeile %halfparskip, % Freiraum in letzter Zeile: keine Vorkehrungen % % Absatzabstand: keiner parindent, % Eingeruckt (Standard) headsepline, % Linie unter Kolumnentitel %headnosepline, % keine Linie unter Kolumnentitel %footsepline, % Linie unter Fussnote %footnosepline, % keine Linie unter Fussnote %chapterprefix, % Ausgabe von 'Kapitel:' nochapterprefix, % keine Ausgabe von 'Kapitel:' %liststotoc, % Tabellen & Abbildungsverzeichnis ins TOC %idxtotoc, % Index ins TOC bibtotoc, % Bibliographie ins TOC %bibtotocnumbered, % Bibliographie im TOC nummeriert %liststotocnumbered, % Alle Verzeichnisse im TOC nummeriert tocindent, % eingereuckte Gliederung %tocleft, % Tabellenartige TOC listsindent, % eingereuckte LOT, LOF %listsleft, % Tabellenartige LOT, LOF %pointednumbers, % Headernumbering mit Punkt, siehe DUDEN ! pointlessnumbers, % Headernumbering ohne Punkt, siehe DUDEN ! %openbib, % alternative Formatierung des Literaturverzeichnisses %leqno, % Formelnummern links fleqn, % Formeln werden linksbuendig angezeigt ]{scrartcl} % scrartcl, scrreprt and scrbook %\documentclass[11pt,a4paper]{article} % PACKAGES \usepackage{ngerman} \usepackage{fullpage} \usepackage[utf8]{inputenc} \usepackage[ngerman]{babel} \usepackage{multicol} \usepackage[sf]{titlesec} \usepackage[dvips,pdftex]{geometry} \usepackage{amssymb} \usepackage{graphicx} \usepackage{pstricks} \usepackage{pst-node} \usepackage{pst-plot} \usepackage{boxedminipage} \usepackage{bibgerm} \usepackage{listings} \usepackage{color} \usepackage{graphicx} \usepackage{xcolor} \usepackage[centertags,sumlimits,intlimits,namelimits,fleqn]{amsmath} \usepackage{booktabs} \usepackage{multirow} % Mehrfachspalten \usepackage{dcolumn} % Ausrichtung an Komma oder Punkt \setcounter{topnumber}{3} \setcounter{bottomnumber}{2} \setcounter{totalnumber}{5} \usepackage{makeidx} \usepackage[footnote,smaller,printonlyused]{acronym} \usepackage{units} \usepackage{multicol} % CONFIGURATION \pagenumbering{arabic} \pagestyle{myheadings} \setcounter{tocdepth}{2} \parindent0mm \parskip2mm \addto\captionsngerman{ % "captionsgerman" fuer alte Rechschreibung \renewcommand{\figurename}{Abb.}% \renewcommand{\tablename}{Tab.}% } \listfiles \setcounter{secnumdepth}{3} \setcounter{tocdepth}{3} % Depth of TOC Display \usepackage{caption} \captionsetup{ margin = 10pt, font = {small,rm}, labelfont = {small,bf}, format = hang, % 'plain' oder 'hang' indention = 0em, % Einruecken der Beschriftung labelsep = colon, %period, space, quad, newline justification = RaggedRight, % justified, centering singlelinecheck = true, % false (true=bei einer Zeile immer zentrieren) position = bottom %top } %\topmargin25mm \headheight10mm \headsep10mm \markright{Everything about Linux' User- and Filemanagement} \setlength{\unitlength}{1cm} % COMMANDS % small command in text \newcommand{\cmd}[1]{\hskip2pt\textit{#1}\hskip2pt} % command environment \newenvironment{command}{ \begin{ttfamily} \definecolor{gray}{rgb}{0.8, 0.8, 0.8} \definecolor{black}{rgb}{0,0,0} % \fcolorbox{black}{gray}{\parbox{0.9\textwidth}{\textbf{\# CLI}}} \\ \colorbox{gray}{\parbox{0.9\textwidth}{\textbf{\# CLI}}} \\ \begin{minipage}[t]{\linewidth} }{ \end{minipage} \end{ttfamily} %\rule{\linewidth}{1} } % SITEINFORMATION %\subject{Core topic} \author{Lukas Prokop} \title{Everything about Linux' \\ User- and Filemanagement} \date{\today} % April 09 % find . -name '*.tex' | grep . -rn 'TODO' % TODO: % Non-replacement of ~ to a space % to log in or to login % Use that funny sudo xkcd % See also: % http://wiki.ubuntuusers.de/sudo % http://en.wikipedia.org/wiki/Superuser % http://de.wikipedia.org/wiki/Root-Account % http://de.wikipedia.org/wiki/Su_(Unix) \begin{document} % oh man ... latex sux % %\begin{titlepage} % \makeatletter % \vspace*{50pt} % \begin{center} % {\Large \@title \par} % \vskip 15pt % {\Large \@author \par} % \vskip 15pt % {\Large \@date \par} % \vskip 10pt % {\Large My name is Linus Torvalds and I'm your god! \par} % \end{center} % \makeatother %\end{titlepage} \makeatletter \begin{titlepage} \mbox{}\vspace{5\baselineskip}\\ \sffamily\huge \centering % Titel %\@subject \\ \@title %\vspace{3\baselineskip}\\ \vskip25pt \rmfamily\Large \@author %\vspace{2\baselineskip}\\ \vskip10pt \rmfamily\Large \@date \vspace{1\baselineskip}\\ \end{titlepage} \makeatother %\maketitle \tableofcontents \chapter{Basics -- Users and Information} \label{sec:basics} \section{Who I am} \label{sec:i} On UNIX systems you are identified by your username and your password. On command line interfaces your name will generally appear as the first argument in the prompt (something like user@host path\%). If you are logged in as root the percentage sign \% will change to a rhomb \#. However\ldots this is system-specific stuff and I want to make references to the Linux distributions grml\footnote{Linux distribution based on Debian; Live CD for sysadmins, texttool-users and geeks} and ubuntu\footnote{well-regarded Debian based distribution; focused on usability}. Most of the commands are available on all Linux\footnote{GNU/Linux} systems, because they all try to be POSIX-compatible. \subsection{whoami} \label{sec:whoami} Alright... I hope you were able to login. Sometimes you have to manage different accounts and log in with different usernames in different windows. You will lose the overview. In this case the UNIX command \cmd{whoami} will be helpful. \begin{command} root@localhost ~ \# whoami \\ root \end{command} \subsection{passwd} One of the most important things is changing your password. In difference to other OS' like Windows, Linux does not show any stars or other signs while typing your password. In the first moment it will confuse you, but you will realize that your partner (behind you) should not know the length of your password. That's only a security issue. Furthermore there is an algorithm which checks the security level of the password. So passwords like eg. ''abc'' are not accepted. \begin{command} root@localhost ~ \# passwd \\ (current) UNIX password: \\ Enter new UNIX password: \\ Retype new UNIX password: \\ Password unchanged \\ Enter new UNIX password: \\ Retype new UNIX password: \\ You must choose a longer password \\ Enter new UNIX password: \\ Retype new UNIX password: \\ Bad: new password is too simple \\ Enter new UNIX password: \\ Retype new UNIX password: \\ passwd: password updated successfully \end{command} \section{My name is root and I'm your God} \label{sec:root} \subsection{su} \label{sec:su} Alright... the most important user in a UNIX system is root. The name referes to a root, because user root is the user with UID zero and he is the only one, who can control the whole system. After installing your operating system, you will interact as root in general, to configure all the application stuff. \begin{quote} I am root -- I'm allowed to \end{quote} But one person is also allowed to have several usernames. Maybe you want to set up two different accounts: ''work'' and ''private''. And you can also have to different accounts like ''user'' and ''root''. Basically root always exists. There is no way to delete him. So of course you have to able to change accounts. It's very frustrating to reboot your computer, log in as root, install a program, reboot again and log in as the user back again. There is a much more simple way: \cmd{su} (''superuser''). This command lets you change your User ID. To get back to your previous account, use the keys Ctrl+D. \begin{command} user@localhost ~ \% su \\ Password: \\ root@localhost /home/user \# \\ user@localhost ~ \% \end{command} After that action you can install programs (eg. with APT on Debian systems) or edit the user-configuration file /etc/passwd (see section \pageref{sec:etc_passwd}). But there are a lot of other options, you can use with \cmd{su}. I will not describe all of the following examples, because some of them should explain themselve. \begin{command} user@localhost ~ \% su -c 'echo \$UID' \\ Password: \\ 0 \\ user@localhost ~ \% \end{command} In this example su executes the command after -c with the login shell of the superuser. If we look into the /etc/passwd, it says /bin/zsh. So the command ''echo \$UID'' will be executed by the zsh as root. And this returns the integer zero (the UID of root). You can also append an other username to the command, to execute the command not as superuser (but the other username). \begin{command} user@localhost ~ \% su \\ Password: \\ root@localhost /home/luki \# echo \$PATH \\ /sbin:/bin:/usr/bin:/usr/local/sbin:/usr/games \\ root@localhost /home/luki \# pwd \\ /home/luki \\ root@localhost /home/luki \# \\ user@localhost ~ \% su - \\ Password: \\ root@localhost ~ \# echo \$PATH \\ /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/games \\ root@localhost ~ \# pwd \\ /root \\ root@localhost ~ \# \\ user@localhost ~ \% su -l \\ Password: \\ root@localhost ~ \# echo \$PATH \\ /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/games \\ root@localhost ~ \# pwd \\ /root \\ root@localhost ~ \# \\ luki@localhost ~ \% \end{command} What happened here? Well, if we use \cmd{su} we will get root permission, but actually this is not really a root session. We will keep user's working directory (pwd) and will keep user's PATH-environment. If we use \cmd{su -}, you will get the real root environment. But it is a standalone. So you can use exactly this command or (if you want to add additional options) you have to use \cmd{su -l}. In this environment the \$PWD and \$PATH will be different. User root is allowed to execute the programs in /usr/sbin (that's the difference between the two \$PATH). \begin{command} user@localhost ~ \% su -s /bin/bash otheruser Password: otheruser@localhost:/home/user\$ \end{command} The option s of the \cmd{su} command is intended to define the shell you would like to use. If you don't specify one, \cmd{su} will find one from different source. The manpage tells in which the shell will be find. \begin{itemize} \item The shell specified with --shell \item If --preserve-environment is used, the shell specified by the \$SHELL environment variable \item The shell indicated in the /etc/passwd entry for the target user \item /bin/sh if a shell could not be found by any above method \end{itemize} You can get all possible login shell with: \begin{command} user@localhost ~ \% cat /etc/shells \# /etc/shells: valid login shells /bin/csh /bin/sh /usr/bin/es /usr/bin/ksh /bin/ksh /usr/bin/rc /usr/bin/tcsh ... etc \end{command} You should realize that the superuser has to absolute control over the system. So sharing the password will lead to a compromised system. With Rootkits it will be possible to take over your system without your knowledge. So be aware to choose a difficult root password and don't write it down digital. \subsection{sudo} \label{sec:sudo} So we talked about the problem to become a superuser and work with this special accounts. But probably you don't want to give your friend the root password, but you want to allow him to install programs. In this case sudo will help you. % TODO: Talk about sudoers \subsection{ubuntu su} \label{sec:ubuntu_su} Ubuntu has a special concept concering root permissions. Ubuntu is used by a lot of noobs and so they don't want anybody to surf the web with root privileges. They deactivated the superuser, which exists technically, but is not accessable (because of an -- always wrong -- password). So ubuntu users can execute everything as root by using \cmd{sudo}, but each time they have to add \cmd{sudo} explicitly, so that they are aware of the fact, that they are superuser. If an ubuntu user really needs a root shell (eg. because has he has to do a lot of administrative stuff for the next 20 minutes), he can access the root shell via \cmd{sudo -s}. \begin{command} user@localhost ~ \% su \\ Password: \\ su: Authentication failure \\ 1 user@localhost ~ \% su -s /bin/bash Password: \\ root@localhost ~ \# \end{command} \subsection{root + BSD = toor} \label{sec:toor} If you read toor backwards, you will get root. If you want to log in as root, the system has to get the root shell. But that shell can be damaged and so you won't be able to work as root. And because you are not root, you also cannot repair the damaged shell. In this case BSD has created the toor-shell, which allows you to become a superuser without loading the root shell. \section{User data} \label{sec:user_data} Which data does the system store about you? \section{User configuration files} \label{sec:user_data_where} Where does the system store data about us? \subsection{/etc/passwd} \label{sec:etc_passwd} \subsection{/etc/shadow} \label{sec:etc_shadow} \subsection{/etc/passwd} \label{sec:etc_passwd} \subsection{/etc/profile} \label{sec:etc_profile} \section{Filemanagement} \label{sec:files} \section{Problems} \label{sec:problems} \subsection{Reseting a user} \label{sec:resetting} \begin{command} \#!/bin/bash \\ \\ mkdir /root \\ cp /etc/skel/.* /root \\ chmod 755 /root \\ chown -R root:root /root \end{command} \subsection{adduser} \label{sec:adduser} As root you can add new users with \cmd{adduser}. \begin{command} %user@localhost ~ \% adduser %adduser: Only root may add a user or group to the system. root@localhost /etc \# adduser \\ Adding user `test' ... \\ Adding new group `test' (1001) ... \\ Adding new user `test' (1001) with group `test' ... \\ Creating home directory `/home/test' ... \\ Copying files from `/etc/skel' ... \\ Enter new UNIX password: \\ Retype new UNIX password: \\ passwd: password updated successfully \\ Changing the user information for test \\ Enter the new value, or press ENTER for the default \\ Full Name []: Admin Nerd \\ Room Number []: \\ Work Phone []: \\ Home Phone []: \\ Other []: \\ Is the information correct? [y/N] y \end{command} \subsection{id} You can use \cmd{id} to get information about the current user. \begin{command} user@localhost /etc \% id \\ uid=1000(user) gid=1000(user) groups=22(user), $\backslash$ \\ 24(cdrom),25(floppy),29(audio),44(video),1000(user) \end{command} So what's that UID, GID and group-stuff? If you want to give a user the permission to access a file, you can change that with \cmd{chmod}. But if you have 1000 users, it will get very difficult for you. So you can combine all users in one group and give this group the permissions. This is the main advantage of groups. UIDs and GIDs are identifiers. Each file has several flags, which contain further information. \subsection{logname} This command returns the username you have used to login. \begin{command} user@localhost /etc \% logname \\ user \\ user@localhost /etc \% echo \$LOGNAME \\ user \\ user@localhost /etc \% su \\ Password: \\ root@localhost /etc \# logname \\ root \end{command} So logname returns the value of system-variable LOGNAME. %\subsection{chown} %\subsection{chmod} %\subsection{login} %\subsection{env} %\subsection{finger} %\subsection{megs} %\subsection{uptime} %\subsection{w} %\subsection{write} %\subsection{deluser} %\subsection{useradd} %\subsection{groupadd} %\subsection{usermod} %\subsection{uname} %\subsection{who} % ssh % sftp % apt? %\chapter{Appendix} %\label{sec:appendix} %\appendix \end{document} % EOF