Unix/Linux basics 0100 - user management Operating systems lab Gergely Windisch windisch.gergely@nik.bmf.hu room 4.12 http://nik.bmf.hu/gwindisch/os_2010 grep Do some basic pattern maching - search Search in files: grep 'string' filename cat filename | grep 'string' Will print only the lines where the given expression is found for example: list all the mp3 files in the current dir ls -l | grep 'mp3' grep -v : negate the function - print when not present grep useful switches: v : negative search h : when grepping multiple files, return the name of the actual file i : case insensitive w : look only for whole words n : add the line number to the hit Practice grep • list all the mp3 files • why does it list those files? – try ls -l | grep 'rw' Regular expressions • advanced pattern maching – looks ugly, but is useful – can find for example phone numbers in many formats: 06303234433, 36303234433, 36-303234433, (3630)3234433, (06 30)-32 34 4 33 06-(30)-323-4433 etc. – regexp can find all of these with one search • we are not going into more details here. if interested: – http://... Regular expression and grep • .. | grep 'mp3' - will list all lines containing mp3 • .. | grep '^mp3' - lists all lines starting with mp3 • .. | grep 'mp3$' - lists all lines ending with mp3 • .: could mean any character .. | grep 'm.3' • []: one of the character inside .. | grep 'mp[34]' • [-]: interval: .. | grep 'mp[g1-4]': mpg,mp1,mp2,mp3,mp4 Regexp practice • List all the files in the current directory that start with a capital letter • hint: ls -1 lists files in a column grep exercise • list only the directories and the symbolic links in the current directory grep exercise solution • ls -l . | grep '^[dl]' grep exercise (2) • There is a config file called /etc/debconf. It has settings and comments (which start with #). • Get rid of all the comments, and save the rest in a new file. grep exercise 2 solution • cat /etc/debconf.conf | egrep -v '^#' > newfile sed • sed is an automated text processor • will modify text files using pre-definied programs – takes one line at a time, and does everything we have told it to do with that line • sed 'program ' inputfile > outputfile • cat inputfile | sed 'program' • How should we proceed if the input file is the same as the output? sed (2) • sed 'program' inputfile > inputfile (why not?) • what is the output of ls -l? • now type: ls -l > something – what goes into something? • • • • what is the output of ls -l now? what if we run ls -l > something again? what do we see? according to this, why shouldn't we use sed 'program' inputfile > inputfile? sed commands • man sed to get all the different commands • tutorial está aquí: http://www.grymoire.com/Unix/Sed.html • p: print current line – ls -l | sed 'p' - what happens? • -n: no printing – ls -l | sed -n '4' - only print line 4 – ls -l | sed -n '1,5 p' - only print those lines sed commands (2) • d: delete lines. Works just like p – ls -l | sed '1,6 d' - print lines 7,8,9 etc. – One can use this to delete the lines from an file • s: substitute – ls -l | sed s/hallgato/otheruser/ - first in line – ls -l | sed s/hallgato/otheruser/g - all of them – Separator can be other character as well • sed s/http:\/\/aaa.hu\/uns\/index.html/bbb.hu/ • sed s!http://aaa.hu/uns/index.html!bbb.hu! sed exercise • download the accountrc file from the website • wget http://nik.bmf.hu/gwindisch/OS_2010/accoun trc • Write a shell script (one command) that changes the smtp server address from smtp.datanet.hu to sendmail.bmf.hu and back • The result should go in the same file sed exercise solution • #!/bin/bash cat accountrc | sed s/” smtp.datanet.hu”/”sendmail.bmf.hu”/g > tempfile mv tempfile accountrc Other commands • cut: cut the output into columns – for example: list only the names of the groups in the system: cat /etc/group | cut -d: -f1 • wc: word count. wc -l: number of lines – count the users: cat /etc/passwd | wc -l • head, tail: print only the first (last) few lines – cat messages.log | tail • tac: print contents of file backwards excercise • print the number of the users in the system excercise • print the number of the users in the system • what about the inactive users? – (inactive users: who's line starts with #) exercise 2 • create a shell script that takes a file as an input parameter and returns the name of the owner. exercise 3 • create a shell script that takes a filename as an input parameter, and if the owner of this file is the hallgato user, then give the file to the root user (chown) exercise 4 • change the previous script so that it only gives the file to the root if the owner is the current user exercise 5 • modify the previous script so that it takes a second parameter which is the name of the user the file should be given to, but only give that user the file if the user exists on the system Today's agenda - user management • • • • Users in the system Important files Adding users Role management Users in unix (like operating systems) • User name / User ID / Group ID • Users are identified by the UID – Name is just for the humans • UID 0 is the root - users with that number have the permissions • Real users start at 1000 (on most systems) • Pseudo users exist (1-999) • Users can be part of multiple groups (primary and secondary groups) Where are they stored? • /etc/passwd - holds the users • user-name:x:user-number:group-number:comment section:/home-directory:default-shell Where are they stored? (2) • /etc/group - holds the groups Where are they stored? (3) • /etc/shadow - holds the passwords – Used to be in /etc/passwd, but it is not secure – One line / user • Login name:Encrypted password:Days since Jan 1, 1970 since password was last changed:Days before password can be changed:Days after it must be changed:Days before the expiration that the user is warned:Days after password expires and the user is disabled:Days since the password has been disabled Important files and commands • /etc/login.defs - default login options • /etc/skel - default directory for new users Modifying user accounts • Modifying user accounts is simple - just modify the contents of /etc/passwd Important commands • Adding users – useradd, adduser, GUI tools, edit the passwd • Passwords – passwd • Deleting, modifying – userdel, usermod Adding users with useradd (1) • useradd is a command line tool to add users -m Create a home directory in /home/ -M No home directory created. -g Specify the initial group for the user. -G Specify the initial group for the user by using the group number. -s Specify the default shell for the user. If not specified set to /bin/bash -e Specify the expiration date. Format YYY-MM-DD -f Number of days after a password expires that an account is disabled. By default this feature is disabled (-1) -u Specify the user id number to be used. Adding users with useradd (2) • useradd user1 – create user (without settings) – check out what happens • useradd -D – do not create, just print the defaults • useradd -g group1 user3 – create user3, add it to group1 • useradd -g group1 -G group2,group3 user4 – create user4, assign it to group1 and 2,3 as secondary Running commands as others • su Start root shell (dangerous) • sudo command • visudo - edit the file • pfexec in Solaris Exercise 1 • Create four users: alice, bob, cecilia and lajos (it is a fine hungarian name) • The users should have full access to their home directories, and they should not have any access to each others' home dir, except for lajos who needs read permission for bob's home directory. • Create a shared directory under /var/share. Make it accessible from each of the users' home directories. Set it up in a way so that only the owners of the files are able to delete the files inside the shared directory. Make this dir appear in the newly created accounts as well automatically. Exercise 2 • Write a shell script that can add users to the system. It should ask questions like "Username: ", "Group"… etc. The responses to the questions should be used to parametrize the commands necessary to create the new user. It needs to be foolproof - it should check if the username and the group name already exists, whehter the shell specified exists etc. • Our good friend Bob has just gotten promoted to Enterprise Wide User Administrator (or EWUA). Your task is to create a new group for Bob called EWUA, set the system up so that he (and the members of that group) can use your previous script to add users to the system. He should not be able to run any other commands as root, just those that are necessary for being EUWA. User management in Solaris • Role based access control • same files as in linux • /etc/security holds roles Exercise in solaris • Create a new user, check his rights, assign a role to it and see it now