05_unix_English_2010

advertisement
Unix/Linux basics
0100 - user management
Operating systems lab
Gergely Windisch
windisch.gergely@nik.bmf.hu
room 4.12
http://nik.bmf.hu/gwindisch/os_2010
grep




Do some basic pattern maching - search
Search in files: grep 'string' filename
cat filename | grep 'string'
Will print only the lines where the given
expression is found
for example: list all the mp3 files in the
current dir


ls -l | grep 'mp3'
grep -v : negate the function - print when not
present
grep

useful switches:





v : negative search
h : when grepping multiple files, return the name
of the actual file
i : case insensitive
w : look only for whole words
n : add the line number to the hit
Practice grep
• list all the mp3 files
• why does it list those files?
– try ls -l | grep 'rw'
Regular expressions
• advanced pattern maching
– looks ugly, but is useful
– can find for example phone numbers in many
formats: 06303234433, 36303234433, 36-303234433, (3630)3234433, (06 30)-32 34 4 33
06-(30)-323-4433 etc.
– regexp can find all of these with one search
• we are not going into more details here. if
interested:
– http://...
Regular expression and grep
• .. | grep 'mp3' - will list all lines containing mp3
• .. | grep '^mp3' - lists all lines starting with
mp3
• .. | grep 'mp3$' - lists all lines ending with mp3
• .: could mean any character .. | grep 'm.3'
• []: one of the character inside .. | grep 'mp[34]'
• [-]: interval: .. | grep 'mp[g1-4]':
mpg,mp1,mp2,mp3,mp4
Regexp practice
• List all the files in the current directory that
start with a capital letter
• hint: ls -1 lists files in a column
grep exercise
• list only the directories and the symbolic links
in the current directory
grep exercise solution
• ls -l . | grep '^[dl]'
grep exercise (2)
• There is a config file called /etc/debconf. It has
settings and comments (which start with #).
• Get rid of all the comments, and save the rest
in a new file.
grep exercise 2 solution
• cat /etc/debconf.conf | egrep -v '^#' > newfile
sed
• sed is an automated text processor
• will modify text files using pre-definied
programs
– takes one line at a time, and does everything we
have told it to do with that line
• sed 'program ' inputfile > outputfile
• cat inputfile | sed 'program'
• How should we proceed if the input file is the
same as the output?
sed (2)
• sed 'program' inputfile > inputfile (why not?)
• what is the output of ls -l?
• now type: ls -l > something
– what goes into something?
•
•
•
•
what is the output of ls -l now?
what if we run ls -l > something again?
what do we see?
according to this, why shouldn't we use
sed 'program' inputfile > inputfile?
sed commands
• man sed to get all the different commands
• tutorial está aquí:
http://www.grymoire.com/Unix/Sed.html
• p: print current line
– ls -l | sed 'p' - what happens?
• -n: no printing
– ls -l | sed -n '4' - only print line 4
– ls -l | sed -n '1,5 p' - only print those lines
sed commands (2)
• d: delete lines. Works just like p
– ls -l | sed '1,6 d' - print lines 7,8,9 etc.
– One can use this to delete the lines from an file
• s: substitute
– ls -l | sed s/hallgato/otheruser/ - first in line
– ls -l | sed s/hallgato/otheruser/g - all of them
– Separator can be other character as well
• sed s/http:\/\/aaa.hu\/uns\/index.html/bbb.hu/
• sed s!http://aaa.hu/uns/index.html!bbb.hu!
sed exercise
• download the accountrc file from the website
• wget
http://nik.bmf.hu/gwindisch/OS_2010/accoun
trc
• Write a shell script (one command) that
changes the smtp server address from
smtp.datanet.hu to sendmail.bmf.hu and back
• The result should go in the same file
sed exercise solution
• #!/bin/bash
cat accountrc | sed s/”
smtp.datanet.hu”/”sendmail.bmf.hu”/g >
tempfile
mv tempfile accountrc
Other commands
• cut: cut the output into columns
– for example: list only the names of the groups in
the system: cat /etc/group | cut -d: -f1
• wc: word count. wc -l: number of lines
– count the users: cat /etc/passwd | wc -l
• head, tail: print only the first (last) few lines
– cat messages.log | tail
• tac: print contents of file backwards
excercise
• print the number of the users in the system
excercise
• print the number of the users in the system
• what about the inactive users?
– (inactive users: who's line starts with #)
exercise 2
• create a shell script that takes a file as an input
parameter and returns the name of the owner.
exercise 3
• create a shell script that takes a filename as an
input parameter, and if the owner of this file is
the hallgato user, then give the file to the root
user (chown)
exercise 4
• change the previous script so that it only gives
the file to the root if the owner is the current
user
exercise 5
• modify the previous script so that it takes a
second parameter which is the name of the
user the file should be given to, but only give
that user the file if the user exists on the
system
Today's agenda - user management
•
•
•
•
Users in the system
Important files
Adding users
Role management
Users in unix (like operating systems)
• User name / User ID / Group ID
• Users are identified by the UID
– Name is just for the humans
• UID 0 is the root - users with that number have
the permissions
• Real users start at 1000 (on most systems)
• Pseudo users exist (1-999)
• Users can be part of multiple groups (primary
and secondary groups)
Where are they stored?
• /etc/passwd - holds the users
•
user-name:x:user-number:group-number:comment section:/home-directory:default-shell
Where are they stored? (2)
• /etc/group - holds the groups
Where are they stored? (3)
• /etc/shadow - holds the passwords
– Used to be in /etc/passwd, but it is not secure
– One line / user
• Login name:Encrypted password:Days since Jan 1, 1970
since password was last changed:Days before password
can be changed:Days after it must be changed:Days
before the expiration that the user is warned:Days after
password expires and the user is disabled:Days since the
password has been disabled
Important files and commands
• /etc/login.defs - default login options
• /etc/skel - default directory for new users
Modifying user accounts
• Modifying user accounts is simple - just modify
the contents of /etc/passwd
Important commands
• Adding users
– useradd, adduser, GUI tools, edit the passwd
• Passwords
– passwd
• Deleting, modifying
– userdel, usermod
Adding users with useradd (1)
• useradd is a command line tool to add users
-m
Create a home directory in /home/
-M
No home directory created.
-g Specify the initial group for the user.
-G Specify the initial group for the user by using the group
number.
-s Specify the default shell for the user. If not specified set to
/bin/bash
-e Specify the expiration date. Format YYY-MM-DD
-f Number of days after a password expires that an account is
disabled. By default this feature is disabled (-1)
-u Specify the user id number to be used.
Adding users with useradd (2)
• useradd user1
– create user (without settings)
– check out what happens
• useradd -D
– do not create, just print the defaults
• useradd -g group1 user3
– create user3, add it to group1
• useradd -g group1 -G group2,group3 user4
– create user4, assign it to group1 and 2,3 as
secondary
Running commands as others
• su Start root shell (dangerous)
• sudo command
• visudo - edit the file
• pfexec in Solaris
Exercise 1
• Create four users: alice, bob, cecilia and lajos (it is a
fine hungarian name)
• The users should have full access to their home
directories, and they should not have any access to
each others' home dir, except for lajos who needs
read permission for bob's home directory.
• Create a shared directory under /var/share. Make it
accessible from each of the users' home
directories. Set it up in a way so that only the
owners of the files are able to delete the files
inside the shared directory. Make this dir appear in
the newly created accounts as well automatically.
Exercise 2
• Write a shell script that can add users to the system. It
should ask questions like "Username: ", "Group"… etc. The
responses to the questions should be used to parametrize
the commands necessary to create the new user. It needs to
be foolproof - it should check if the username and the group
name already exists, whehter the shell specified exists etc.
• Our good friend Bob has just gotten promoted to Enterprise
Wide User Administrator (or EWUA). Your task is to create a
new group for Bob called EWUA, set the system up so that
he (and the members of that group) can use your previous
script to add users to the system. He should not be able to
run any other commands as root, just those that are
necessary for being EUWA.
User management in Solaris
• Role based access control
• same files as in linux
• /etc/security holds roles
Exercise in solaris
• Create a new user, check his rights, assign a
role to it and see it now
Download