Linux-for-Sys-Ads/C2/Group-Password-and-Login/English-timed
From Script | Spoken-Tutorial
Time | Narration |
00:01 | Hello and welcome to the spoken tutorial on Group Password and Login. |
00:08 | In this tutorial we will learn about
newgrp command |
00:14 | Securing a group with password |
00:17 | Login to a group as group member |
00:20 | Login to a group as non-member |
00:24 | We will do this through some examples. |
00:28 | To record this tutorial, I am using Ubuntu Linux 16.04 OS |
00:35 | To practice this tutorial,
you should have gone through the Linux System Administration tutorials on this website and |
00:45 | you must have root access to your computer. |
00:49 | Earlier in the series, we had created two users, suraj and testmod. |
00:56 | Let us check the status of these users. |
01:00 | Open the Terminal by pressing Ctrl, Alt and T keys simultaneously on the keyboard. |
01:09 | First, login as superuser or root user. |
01:16 | Here onwards, please remember to press the Enter key after typing each command. |
01:23 | Now type id space suraj |
01:28 | The output indicates that Suraj belongs to primary group CSE. |
01:34 | He is not a member of any additional supplementary group. |
01:39 | Now type id space testmod |
01:44 | The output shows that user testmod belongs to primary group Electronics. |
01:51 | He is also a member of two supplementary groups - music_club and literature_club |
02:00 | For this demonstration, we will use the group music_club. |
02:06 | We will first check the details of the group music_club. |
02:11 | Type the command as shown |
02:15 | The output shows the details of the group music_club. |
02:20 | Here the value of the second field i.e. the password field is x. |
02:26 | So, for password details we have to refer to the /etc/gshadow file. |
02:34 | Type the command as shown. |
02:38 | Here, the value of the second field is an exclamation mark. |
02:43 | This means that the password is either invalid or not set. |
02:49 | Also, we can see that testmod is listed as a member of the group music_club. |
02:56 | It is clear that the group music_club does not have a valid password. |
03:03 | Now, let us check how a member like testmod and a non-member like suraj can login to this group. |
03:12 | For login to a group, we will use newgrp command. |
03:17 | The newgrp command is used to change the current group ID during a login session. |
03:24 | The syntax of newgrp command is- newgrp space hyphen space Newgroup |
03:33 | Here, hyphen and Newgroup are optional parameters |
03:39 | Newgroup is either a group ID number or a group name located in /etc/group. |
03:47 | Then newgrp refers to the file /etc/passwd for the particular entry of the user. |
03:57 | And changes the current group to the default group listed in the file /etc/passwd for the user. |
04:07 | Optional hyphen flag re-initializes the user's environment as though the user has just logged in. |
04:16 | Otherwise, the current environment remains unchanged. |
04:21 | For the demonstration in this tutorial, we will always use the hyphen flag. |
04:27 | Let me try to login to the group music_club as a member, say testmod. |
04:34 | For this we have to login to user account testmod |
04:39 | We will open a new terminal window for this. |
04:43 | Right click on the terminal. |
04:45 | From the pop-up select Open Terminal. |
04:50 | From this point onwards, we will use both these terminals. |
04:55 | We will switch from one terminal to another terminal for demonstration purpose. |
05:01 | In the new terminal we are logged in as user spoken. |
05:06 | Now, let me login as user testmod. |
05:12 | Then type id |
05:15 | music_club is listed as one of the supplementary groups. |
05:21 | In order to login to group music_club, type- newgrp space hyphen space music underscore club |
05:33 | The command has executed without any error. |
05:37 | Type id once again. |
05:40 | Notice now that our current group is music_club. |
05:45 | Earlier it was Electronics. |
05:49 | So, our current group has changed. |
05:51 | We are logged in to music_club. |
05:57 | This login session will continue until we execute the exit command. |
06:03 | So, let’s now type exit command |
06:07 | Recall the id command |
06:10 | Now, our current group is Electronics. |
06:14 | To exit from this user login session, type exit. |
06:19 | Notice that the terminal prompt has changed. |
06:22 | Currently, we are logged in as user spoken. |
06:27 | Now, let’s see how a non-member like suraj can login to the group music_club. |
06:35 | Let us try to use the same newgrp command for this purpose. |
06:40 | Let me login as user suraj |
06:46 | We are logged in as suraj. |
06:50 | Type id |
06:52 | Notice that our current group is CSE. |
06:56 | And there are no supplementary groups listed. |
07:00 | So, it's clear that suraj is not member of the group music_club. |
07:07 | Let me login to group music_club |
07:12 | It is asking the password. But we haven’t set any valid password for the group music_club. |
07:20 | We cannot login to the group music_club. |
07:24 | Press Control and D keys together to exit the group login process. |
07:31 | Now exit from the user login session |
07:36 | We are back to the user account spoken. |
07:40 | From this we understand that if a group does not have a valid password set, |
07:47 | then only a group member can use newgrp - group command to login to the group. |
07:55 | Non-members cannot login to the group. |
07:59 | So, let us secure the group access with a password. |
08:04 | Superuser or group administrator can use gpasswd space Newgroup to set or change the password of a group. |
08:15 | Newgroup is either a group ID or a group name that you have to write in the command. |
08:22 | We will discuss about the group administrator in a separate tutorial later. |
08:27 | Let us now try to set the password as superuser. |
08:32 | Switch to the terminal in which we have logged in as a root user. |
08:37 | To set the password for the group music_club, type gpasswd space the name of the group that is music underscore club |
08:49 | Type group password as pass underscore music
Press Enter |
08:56 | Retype the same password and press Enter. |
09:01 | Now we will repeat the login process to the group music_club as a member and also as a non-member. |
09:09 | Switch to the other terminal where we have logged in as user spoken |
09:15 | Let me login as user testmod. |
09:20 | Now login to the group music_club
The command has executed without any error. |
09:29 | Type id |
09:31 | Notice that our current group is now music_club. |
09:36 | So what do we understand from this? |
09:39 | Even though the group has a password, group members will not be prompted to provide the password while logging in. |
09:48 | Exit from the group login session, |
09:51 | Exit from the user testmod. |
09:55 | We are back to the user prompt spoken. |
09:59 | Now, suraj is a non-member for the group music_club. |
10:05 | Let’s see if suraj can use the same newgrp command to login to the group. |
10:11 | login as user suraj |
10:15 | Type the id command |
10:18 | As we know suraj is not a member of any supplementary group. |
10:23 | Now login to the group music_club, |
10:28 | It is asking for a password. |
10:30 | Type pass underscore music which we set just now. |
10:36 | The command has executed without any error. |
10:40 | Type id command |
10:43 | Notice, our current group is now music_club. |
10:48 | So what do we understand from this? If the group has a password set,
Non-members have to provide the correct password in order to login to the group. |
10:59 | To switch back to your original login group, type newgrp |
11:05 | Now, newgrp command is used without any argument. |
11:10 | It should change the current group to the default group for user suraj. |
11:16 | As we know the default or primary group for user suraj is CSE.
Let me check that. |
11:23 | Type the id command. |
11:26 | Notice, our current group is now CSE. |
11:30 | Exit from the group CSE login session |
11:34 | Exit from the group music_club login session |
11:39 | Now exit from the user login session. |
11:43 | We are back to the user session spoken |
11:47 | A note on group password: |
11:50 | If the user is root, he or she will not be prompted for a password. |
11:56 | If there is no group password set and the user is not listed as a member of the group. |
12:02 | Then the user will be denied access |
12:06 | Non-root users will be prompted for a group password |
12:10 | if the user is not listed as a group member and the group has a password. |
12:17 | Notice that more than one person is permitted to know the group password. |
12:23 | So, group password has an inherent security problem. |
12:29 | However, groups are a useful tool for permitting cooperation between different users. |
12:36 | Switch to the terminal, in which we have logged in as a root user. |
12:41 | Exit from the root user. |
12:44 | This brings us to the end of this tutorial.
Let us summarize. |
12:50 | In this tutorial we learnt about-
newgrp command |
12:55 | Securing a group with password |
12:58 | Login to a group as a group member |
13:01 | Login to a group as a non-member |
13:05 | As an assignment-
Create a new group accounts for the college database. |
13:12 | Give a suitable password for the group created. |
13:16 | Create two users: rekha and sheetal. |
13:21 | Check details of user rekha using the command id. |
13:26 | Add rekha as a member of the group. |
13:30 | Check how the user rekha can login to the group accounts. |
13:35 | Check how the user sheetal can login to the group accounts. |
13:40 | At every step, check the details of group accounts from /etc/gshadow file. |
13:48 | The video at the following link summarises the Spoken Tutorial project.
Please download and watch it. |
13:56 | The Spoken Tutorial Project team conducts workshops using spoken tutorials and gives certificates.
For more details, please write to us. |
14:08 | Pls post your timed queries in this Forum. |
14:12 | Spoken Tutorial Project is funded by NMEICT, MHRD, Government of India. |
14:18 | The script has been contributed by Antara. And this is Praveen from IIT Bombay signing off.
Thanks for joining. |