Index

Table of contents

Permissions

Users

show current user
whoami
id
show all users
cat /etc/passwd
sed 's/:.*//' /etc/passwd
create user (create home dir, set password, etc.)
adduser [user]
create user only
useradd [user]
set password only
passwd [user]
delete user
sudo deluser [user]
change file ownership
chown [user] [file]
change file ownership (recursive
chown -R [user] [directory]
change file access rights
chmod [-R] [uga][+-][r][w][x]

switch user

become root
sudo su
become a specific user
sudo su [user]
execute a command as another user
sudo su [user] -c [command]
sudo -u [user] [command]

Groups

show goups of user
groups [user]
list groups
vi /etc/group
list members in group
lid [group]
add user to group
usermod -a -G [group] [user]
change directory group ownership
chgrp [group] [file]...
change directory group ownership recursively
chgrp -R [group] [dir]...

Visudo

open visudo to edit sudo permissions
sudo visudo
most important man pages
man visudo
man sudoers
allow user to run script as root
[user]	ALL=(ALL) /path/to/script.sh
Give user full sudo rights
[user]	ALL=(ALL:ALL) ALL

allowing sudo without authentication

allow [user] to execute a specific script as root
[user]	ALL=(ALL) NOPASSWD: /path/to/your/script
allow user to invoke scripts ending with -foo.sh as root
[user]	ALL=(ALL) NOPASSWD:/path/to/*-foo.sh
Give user full sudo rights
[user]	ALL=(ALL)       NOPASSWD: ALL

Locking

lock an account
passwd -l [user]
unlock an account
passwd -u [user]

ssh access

disable root login
vi /etc/ssh/sshd_config
PermitRootLogin no
service ssh restart
only the user "vriendje" is allowed to log in through ssh, deny all other users ssh access
vi /etc/ssh/sshd_config
AllowUsers vriendje
service ssh restart
manual for sshd_config
man sshd_config
generate ssh key
ssh-keygen
copy ssh key to server (password no longer required on login)
ssh-copy-id [user]@[server]
ssh key required (user/password login no longer possible)
vi /etc/ssh/sshd_config
PasswordAuthentication no
service ssh restart