Table of contents
Permissions
Users
show current user
whoami
id
show all users
cat /etc/passwd
sed 's/:.*//' /etc/passwd
create user (create home dir, set password, etc.)
adduser [user]
create user only
useradd [user]
set password only
passwd [user]
delete user
sudo deluser [user]
change file ownership
chown [user] [file]
change file ownership (recursive
chown -R [user] [directory]
change file access rights
chmod [-R] [uga][+-][r][w][x]
switch user
become root
sudo su
become a specific user
sudo su [user]
execute a command as another user
sudo su [user] -c [command]
sudo -u [user] [command]
Groups
show goups of user
groups [user]
list groups
vi /etc/group
list members in group
lid [group]
add user to group
usermod -a -G [group] [user]
change directory group ownership
chgrp [group] [file]...
change directory group ownership recursively
chgrp -R [group] [dir]...
Visudo
open visudo to edit sudo permissions
sudo visudo
most important man pages
man visudo
man sudoers
allow user to run script as root
[user] ALL=(ALL) /path/to/script.sh
Give user full sudo rights
[user] ALL=(ALL:ALL) ALL
allowing sudo without authentication
allow [user] to execute a specific script as root
[user] ALL=(ALL) NOPASSWD: /path/to/your/script
allow user to invoke scripts ending with -foo.sh as root
[user] ALL=(ALL) NOPASSWD:/path/to/*-foo.sh
Give user full sudo rights
[user] ALL=(ALL) NOPASSWD: ALL
Locking
lock an account
passwd -l [user]
unlock an account
passwd -u [user]
ssh access
disable root login
vi /etc/ssh/sshd_config
PermitRootLogin no
service ssh restart
only the user "vriendje" is allowed to log in through ssh, deny all other users ssh access
vi /etc/ssh/sshd_config
AllowUsers vriendje
service ssh restart
manual for sshd_config
man sshd_config
generate ssh key
ssh-keygen
copy ssh key to server (password no longer required on login)
ssh-copy-id [user]@[server]
ssh key required (user/password login no longer possible)
vi /etc/ssh/sshd_config
PasswordAuthentication no
service ssh restart