Difference between revisions of "Linux-for-Sys-Ads/C2/Administrating-Group-with-gpasswd-command/English"

From Script | Spoken-Tutorial
Jump to: navigation, search
 
Line 262: Line 262:
  
 
biotech:bgfh699:anshu,abhishek:anshu, ashok,abhishek,asha
 
biotech:bgfh699:anshu,abhishek:anshu, ashok,abhishek,asha
|| Notice that, '''asha''' is added as a member of '''biotech group.'''
+
|| Notice that, '''asha''' is added as a member of the '''group biotech.'''
 
|-
 
|-
 
|| Type: id asha [Enter]
 
|| Type: id asha [Enter]
|| We’ll also check the details of '''user asha''' using the '''id command.'''
+
|| We will check the details of '''user asha''' using the '''id command.'''
 
|-
 
|-
 
|| highlight, groups: asha(1012), biotech(1014)
 
|| highlight, groups: asha(1012), biotech(1014)
Line 283: Line 283:
 
|| Switch to the '''terminal''' where we are '''logged in '''as '''user abhishek.'''
 
|| Switch to the '''terminal''' where we are '''logged in '''as '''user abhishek.'''
  
Now to delete '''user asha''' from the '''group biotech''', type the command as shown
+
Now to delete '''user asha''' from the '''group biotech''', type the '''command''' as shown
 
|-
 
|-
 
|| Show the output
 
|| Show the output
Line 289: Line 289:
 
|-
 
|-
 
|| Type: exit [Enter]
 
|| Type: exit [Enter]
|| Exit from the user account '''abhishek'''
+
|| Exit from the '''user account abhishek'''.
 
|-
 
|-
 
|| Type
 
|| Type
Line 302: Line 302:
  
 
biotech:bgfh699:anshu,abhishek:anshu, ashok,abhishek
 
biotech:bgfh699:anshu,abhishek:anshu, ashok,abhishek
|| Notice that '''user asha''' is no longer a member of the '''biotech group.'''
+
|| Notice that '''user asha''' is no longer a member of the '''group biotech.'''
 
|-
 
|-
 
||  
 
||  
Line 315: Line 315:
  
 
grep "biotech" /etc/gshadow
 
grep "biotech" /etc/gshadow
|| Now check the entry for '''group biotech''' in the '''gshadow''' file.
+
|| Now check the entry for the '''group biotech''' in the '''gshadow''' file.
 
|-
 
|-
 
|| Show the second field
 
|| Show the second field
Line 340: Line 340:
 
|| Switch to the second '''terminal'''.
 
|| Switch to the second '''terminal'''.
  
'''Now Login''' as '''user ashok,''' who is a member of the '''group boitech.'''
+
Now '''login''' as '''user ashok,''' who is a member of the '''group biotech.'''
 
|-
 
|-
 
|| Type: newgrp biotech [Enter]
 
|| Type: newgrp biotech [Enter]
|| Then '''login''' to the '''group biotech'''
+
|| Then '''login''' to the '''group biotech'''.
 
|-
 
|-
 
|| On getting $ prompt back
 
|| On getting $ prompt back
Line 349: Line 349:
 
|-
 
|-
 
|| Type: id [Enter]
 
|| Type: id [Enter]
|| Now type the '''id command'''
+
|| Now type the '''id command'''.
 
|-
 
|-
 
|| Highlight
 
|| Highlight
Line 360: Line 360:
 
|-
 
|-
 
|| Type exit [Enter]
 
|| Type exit [Enter]
|| Exit''' '''from the '''group biotech.'''
+
|| Exit from the '''group biotech.'''
 
|-
 
|-
 
|| Type exit [Enter]
 
|| Type exit [Enter]
Line 371: Line 371:
 
|-
 
|-
 
|| Type: newgrp biotech [Enter]
 
|| Type: newgrp biotech [Enter]
|| Let’s try to '''login''' to '''group biotech '''now.
+
|| Now let me try to '''login''' to the '''group biotech '''.
 
|-
 
|-
 
|| Show the output
 
|| Show the output
 
|| It is asking for a '''password'''.
 
|| It is asking for a '''password'''.
  
As the '''group biotech''' doesn't have any '''password''',  
+
As the '''group biotech''' doesn't have any '''password''', we can’t proceed further.
 
+
we can’t proceed further.
+
 
|-
 
|-
 
|| Press Enter
 
|| Press Enter
|| Press '''Enter''' to exit from the '''group''' '''login process'''.
+
|| Press '''Enter''' to exit from the '''group login process'''.
 
|-
 
|-
 
|| Retain same screen
 
|| Retain same screen
Line 389: Line 387:
 
|-
 
|-
 
|| Type exit [Enter]
 
|| Type exit [Enter]
|| Exit''' '''from the '''user account asha.'''
+
|| Exit from the '''user account asha.'''
 
|-
 
|-
 
|| Switch to root terminal
 
|| Switch to root terminal
Line 395: Line 393:
 
|-
 
|-
 
|| Type gpasswd biotech [Enter]
 
|| Type gpasswd biotech [Enter]
|| Now set the '''password''' for '''group biotech''' again,
+
|| Now set the '''password''' for '''group biotech''' again.
 
|-
 
|-
 
|| Type: new_pass [Enter]
 
|| Type: new_pass [Enter]
|| I will type the new '''password''' as '''new_pass '''
+
|| I will type the new '''password''' as '''new_pass '''.
 
|-
 
|-
 
|| Type: new_pass [Enter]
 
|| Type: new_pass [Enter]
Line 460: Line 458:
 
# Add '''user chandan''' to the '''group'''
 
# Add '''user chandan''' to the '''group'''
 
# Remove '''sumita''' from the '''group'''
 
# Remove '''sumita''' from the '''group'''
# Remove the '''password''' of the '''group'''
+
# Check if '''user sumita''' can '''login''' to the '''group'''
# Check if '''user sumita''' can login to the '''group'''
+
 
# At every step, check the entry in '''/etc/gshadow''' file
 
# At every step, check the entry in '''/etc/gshadow''' file
  

Latest revision as of 15:08, 15 February 2019

Title of script: Administrating Group with gpasswd Command

Author: Antara Roy Choudhury

Keywords: Group password, Adding group member and administrator, Deleting member, Removing password, Restricting password, gpasswd, newgrp

Visual Cue Narration
Slide 1: Introduction Hello and welcome to the spoken tutorial on Administering Group with gpasswd command.
Slide 2: Learning Objectives In this tutorial we will learn to
  • Set group administrator
  • Set group member
  • Add and delete user
  • Remove password of a group
  • Restrict access of a group

We will do this through some examples.

Slide 3: System requirement To record this tutorial, I am using Ubuntu Linux 16.04 OS
Slide:4 Prerequisite To practice this tutorial,
  • you should have gone through the Linux System Administration tutorials on this website and
  • you must have root access to your computer.
Slide 5A:
  • We already know that we can use gpasswd command to set the password for a group.
  • It can also be used to add members, delete members, give administrative rights, etc.
Slide 5B:
  • This is the syntax
  • Here the option field is not mandatory.
For this demonstration, we will first create a group named biotech.
Press Ctrl+Alt+T Open the Terminal by pressing Ctrl, Alt and T keys simultaneously on the keyboard.
Type sudo su [Enter]

Type Password of your account

[Enter]

Now login as superuser or root user.
Only narration Here onwards, please remember to press the Enter key after typing each command.
Type addgroup biotech [Enter] Let us create a group biotech
Show the output The group biotech is added with GID 1011
gpasswd biotech

[Enter]

Now, let us secure this group’s access with a password.

Type gpasswd space biotech

Type pass_biotech [Enter] Then I will type the new password as pass_biotech
Type pass_biotech [Enter] Retype the same password
Slide 6:
  1. abhishek, pass_abhishek
  2. ashok, pass_ashok
  3. anushka, pass_anushka
  4. asha, pass_asha
  5. anshu, pass_anshu
We will now add five new users to the system using adduser command.

Pause the video here and create some users with the following details:

For this demonstration I have already done this.

cat /etc/passwd

and highlight

Now let us check the /etc/passwd file.

We have got five new users abhishek, ashok, anushka, asha and anshu.

Slide 7: Every group can have administrators and members.

Now, who is the administrator of a group?

  • Administrator is the one who can add and remove users from that group.
  • Administrator can also change the password of the group
  • There can be more than one administrator for a group
Slide 10: Who is a member of a group?
  • Members can access the group without being prompted for a password.
  • We specify administrators and members as list of usernames.

Let us see some examples.

Slide 11: As a system administrator, you can use
  • -A option, to add one or more group administrators
  • -M option is to add one or more group members

You can use both -A and -M options together in a single command.

Type:

gpasswd -M anshu, ashok,abhishek -A abhishek biotech

[Enter]

Switch to the terminal,

Type the command as shown.

Note that we should not leave any space before or after the comma.

Highlight appropriately This command will add anshu, ashok and abhishek as member of the group biotech.

And user abhishek will be the group administrator.

Type

grep "biotech" /etc/gshadow

Let us now check the /etc/gshadow file for the entry of biotech group.

Type the command as shown.

Highlight

biotech:cfgy:abhishek:anshu, ashok,abhishek

Notice that anshu, ashok and abhishek are listed as members of the group biotech.
Highlight

biotech:cfgy:abhishek:anshu, ashok,abhishek

And abhishek is the group administrator.
Now, let me try to add user anshu as an another administrator.
Type

gpasswd -A anshu biotech [Enter]

Type the command as shown
Type

grep "biotech" /etc/gshadow

[Enter]

Again check the entry for the group biotech in gshadow file.
Highlight

biotech:cfgy:anshu:anshu, ashok,abhishek

Notice that now only anshu is the administrator, and abhsihek is not.

What is the reason for this?

gpasswd command with hyphen A option removes the existing administrators and replaces with the new ones.

Modify previous command as

gpasswd -A anshu, abhishek biotech

[Enter]

Let’s now learn to set abhishek and anshu as administrators for the group biotech.

So type the command as shown.

Make sure that there is no space between the comma and username.

Press up key until you get

grep "biotech" /etc/gshadow

[Enter]

Once again check the entry for the group biotech in gshadow file.
Highlight

biotech:cfgy:anshu,abhishek:anshu, ashok,abhishek

This time we see that both anshu and abhishek are administrators.
Slide 13: So then, how can we add a user to a group without replacing the existing member list?
  • We have hyphen small a option for this purpose.
  • A user can be added to a group by a super user or a group administrator.

Let me try to do this with the group administrator login.

Click on Terminal We will open a new terminal for this.

Right click the terminal.

And select Open Terminal from the pop-up

Show the two terminals side by side or up & down From this point onwards, we will use these two terminals.

We will switch from one terminal to another for demonstration purpose.

Highlight spoken@spoken:-$ In the new terminal, note that we are logged in as user spoken.
Type su - abhishek [Enter]

Type pass_abhishek [Enter]

Let me now login as user abhishek.
Type:

gpasswd -a asha biotech

[Enter]

To add user asha to the group biotech, type the command as shown

This option -a can be used to only add one user at a time.

Show the output The output says user asha is added to the group biotech.
Type

grep "biotech" /etc/gshadow

Switch to the terminal where we are logged in as a root user.

Now check the entry for the group biotech in gshadow file.

Highlight

biotech:bgfh699:anshu,abhishek:anshu, ashok,abhishek,asha

Notice that, asha is added as a member of the group biotech.
Type: id asha [Enter] We will check the details of user asha using the id command.
highlight, groups: asha(1012), biotech(1014) Group biotech is listed as a supplementary group for user asha.
Slide 14: How can we remove a user from a group?
  • You can use the -d option for this purpose.
  • This option can be used to delete one user at a time.
  • Both super user or group administrator can remove a user from the group.
gpasswd -d asha biotech

[Enter]

Switch to the terminal where we are logged in as user abhishek.

Now to delete user asha from the group biotech, type the command as shown

Show the output The output says that the user asha has been removed from the group biotech.
Type: exit [Enter] Exit from the user account abhishek.
Type

grep "biotech" /etc/gshadow

Now, switch to the terminal where we are logged in as a root user.

Check the entry for the group biotech in the gshadow file.

Highlight

biotech:bgfh699:anshu,abhishek:anshu, ashok,abhishek

Notice that user asha is no longer a member of the group biotech.

Type: gpasswd -r biotech

Let’s see what happens if we remove the password for the group?

We have to use hyphen small r option for this.

In the terminal, type gpasswd space -r space biotech

Press up key until you get

grep "biotech" /etc/gshadow

Now check the entry for the group biotech in the gshadow file.
Show the second field

biotech::abhishek…..

Notice that the password is empty.
Highlight

biotech::anshu,abhishek:anshu, ashok,abhishek

We can see the users who are already listed as members of this group.

Only the members are allowed to issue newgrp command to join this group.

Any non-member, for example asha, cannot join the group anymore.

Let us verify this.

Click on the terminal with user login prompt

Type: su - ashok [Enter]

Type: pass_ashok [Enter]

Switch to the second terminal.

Now login as user ashok, who is a member of the group biotech.

Type: newgrp biotech [Enter] Then login to the group biotech.
On getting $ prompt back We didn’t get any error.
Type: id [Enter] Now type the id command.
Highlight

gid=(1014)biotech

The output shows that we are logged in to the group biotech.

So, a member can login to a group, even if the group does not have any password.

Type exit [Enter] Exit from the group biotech.
Type exit [Enter] Now logout from the user account ashok.
Type: su - asha [Enter]

Type: pass_asha [Enter]

Let us now try to login as user asha who is not a member of the group biotech.
Type: newgrp biotech [Enter] Now let me try to login to the group biotech .
Show the output It is asking for a password.

As the group biotech doesn't have any password, we can’t proceed further.

Press Enter Press Enter to exit from the group login process.
Retain same screen So, we understand that a group need not have any password.

But in that case, a non-member will not be allowed to login to that group.

Type exit [Enter] Exit from the user account asha.
Switch to root terminal Now switch to the terminal where we are logged in as a root user.
Type gpasswd biotech [Enter] Now set the password for group biotech again.
Type: new_pass [Enter] I will type the new password as new_pass .
Type: new_pass [Enter] Retype the same password.
The group password is changed now.
Press up key until you get

grep "biotech" /etc/gshadow

Let’s check the entry for group biotech in the gshadow file.
Highlight second field, for example:

biotech:xctybk:anshu,abhishek:anshu, ashok,abhishek

We can see the encrypted password set here.
Slide 17: While using gpasswd command you should be careful about the following:
  • Except for the -A and -M options, other options cannot be combined.
  • Group administrator does not have permission to use gpasswd command with -A or -M option.
Switch to the terminal

Type exit [Enter]

Switch to the terminal, in which we have logged in as a root user.

Exit from the root access.

This brings us to the end of this tutorial.

Let us summarize.

Slide 18:

Summary

In this tutorial we learnt to
  • Set group administrator
  • Set group member
  • Add and delete user
  • Remove password of a group
  • Restrict access of a group
Slide 19:Assignment As an assignment-
  1. Create a new group nanotech
  2. Create four users: rajesh, sumita, anjan and chandan
  3. Set rajesh as the administrator of the group nanotech
  4. Set sumita and anjan as members
Slide 20: Assignment(Cont.)
  1. Add user chandan to the group
  2. Remove sumita from the group
  3. Check if user sumita can login to the group
  4. At every step, check the entry in /etc/gshadow file
Slide 22: About Spoken Tutorial project The video at the following link summarises the Spoken Tutorial project.

Please download and watch it.

Slide 23: Spoken Tutorial workshops The Spoken Tutorial Project team conducts workshops using spoken tutorials and gives certificates.

For more details, please write to us.

Slide 24: Forum for specific questions: Pls post your timed queries in this Forum.
Slide 25: Acknowledgement Spoken Tutorial Project is funded by NMEICT, MHRD, Government of India.

More information on this mission is available at this link.

The script has been contributed by Antara.

And this is Praveen from IIT Bombay signing off.

Thanks for joining.

Contributors and Content Editors

Nancyvarkey, Pravin1389