Index

Permissions

Users

show all users
cat /etc/passwd 
sed 's/:.*//' /etc/passwd
create user (create home dir, set password, etc.)
adduser [user]
create user only
useradd [user]
set password only
passwd [user]
delete user
sudo deluser [user]

switch user

become root
sudo su
become a specific user
sudo su [user]
execute a command as another user
sudo su [user] -c [command]
sudo -u [user] [command]

Groups

show goups of user
groups [user]
list groups
vi /etc/group
list members in group
lid [group]

Visudo

open visudo to edit sudo permissions
sudo visudo
most important man pages
man visudo
man sudoers
allow user to run script as root
[user]	ALL=(ALL) /path/to/script.sh
Give user full sudo rights
[user]	ALL=(ALL:ALL) ALL

allowing sudo without authentication

allow [user] to execute a specific script as root
[user]	ALL=(ALL) NOPASSWD: /path/to/your/script
allow user to invoke scripts ending with -foo.sh as root
[user]	ALL=(ALL) NOPASSWD:/path/to/*-foo.sh
Give user full sudo rights
[user]	ALL=(ALL)       NOPASSWD: ALL

Locking

lock an account
passwd -l [user]
unlock an account
passwd -u [user]

ssh access

disable root login
vi /etc/ssh/sshd_config
PermitRootLogin no
service ssh restart
only the user "boris" is allowed to log in through ssh, deny all other users ssh access
vi /etc/ssh/sshd_config
AllowUsers restrict
service ssh restart
generate ssh key
ssh-keygen
copy ssh key to server (password no longer required on login)
ssh-copy-id [user]@[server]
ssh key required (user/password login no longer possible)
vi /etc/ssh/sshd_config
PasswordAuthentication no
service ssh restart