Difference between revisions of "Linux-for-Sys-Ads/C2/Group-Password-and-Login/English"

From Script | Spoken-Tutorial
Jump to: navigation, search
 
Line 146: Line 146:
 
|| We will open a new '''terminal '''window for this.
 
|| We will open a new '''terminal '''window for this.
  
Right click the '''terminal.'''
+
Right click on the '''terminal.'''
  
 
From the pop-up select '''Open Terminal.'''
 
From the pop-up select '''Open Terminal.'''
Line 236: Line 236:
 
|| Notice that our current '''group''' is '''CSE'''.
 
|| Notice that our current '''group''' is '''CSE'''.
  
And there is no '''supplementary groups''' listed.
+
And there are no '''supplementary groups''' listed.
  
 
So, it's clear that '''suraj '''is not member of the''' group music_club.'''
 
So, it's clear that '''suraj '''is not member of the''' group music_club.'''
Line 261: Line 261:
 
|-
 
|-
 
|| Highlight spoken@spoken$
 
|| Highlight spoken@spoken$
|| Currently, we are back to the user account '''spoken'''.
+
|| We are back to the '''user account spoken'''.
 
|-
 
|-
 
|| Slide 8:
 
|| Slide 8:
Line 357: Line 357:
 
|-
 
|-
 
|| Highlight in the output
 
|| Highlight in the output
|| As we know '''suraj''' is not member of any '''supplementary group.'''
+
|| As we know '''suraj''' is not a member of any '''supplementary group.'''
 
|-
 
|-
 
|| Type: newgrp - music_club
 
|| Type: newgrp - music_club
Line 368: Line 368:
 
|-
 
|-
 
|| Type pass_music [Enter]
 
|| Type pass_music [Enter]
|| Type '''pass underscore music '''which we set just now
+
|| Type '''pass underscore music '''which we set just now.
 
|-
 
|-
 
|| On getting $ prompt back
 
|| On getting $ prompt back
Line 405: Line 405:
 
|-
 
|-
 
|| Type exit [Enter]
 
|| Type exit [Enter]
|| Exit from the group '''CSE '''login session
+
|| Exit from the '''group CSE '''login session
 
|-
 
|-
 
|| Type exit [Enter]
 
|| Type exit [Enter]
|| Exit from the group '''music_club '''login session
+
|| Exit from the '''group music_club '''login session
 
|-
 
|-
 
|| Type exit [Enter]
 
|| Type exit [Enter]
|| Now exit from the user login session
+
|| Now exit from the '''user login session'''.
 
|-
 
|-
 
|| spoken@spoken:
 
|| spoken@spoken:
|| We are back to the user session '''spoken'''
+
|| We are back to the '''user session spoken'''
 
|-
 
|-
 
|| Slide 12A
 
|| Slide 12A

Latest revision as of 09:26, 18 February 2019

Title of script: Group Password and Login

Author: Antara Roy Choudhury

Keywords: Group password, login to a group, gpasswd, newgrp, su


Visual Cue Narration
Slide 1: Introduction Hello and welcome to the spoken tutorial on Group Password and Login.
Slide 2: Learning Objectives In this tutorial we will learn about
  • newgrp command
  • Securing a group with password
  • Login to a group as group member
  • Login to a group as non-member

We will do this through some examples.

Slide 3: System requirement To record this tutorial, I am using Ubuntu Linux 16.04 OS
Slide:4 Prerequisite To practice this tutorial,
  • you should have gone through the Linux System Administration tutorials on this website and
  • you must have root access to your computer.
Slide 5: Earlier in the series, we had created two users, suraj and testmod.

Let us check the status of these users.

Press Ctrl+Alt+T Open the Terminal by pressing Ctrl, Alt and T keys simultaneously on the keyboard.
Type sudo su [Enter]

Password of your account

[Enter]

First, login as superuser or root user.
Only narration Here onwards, please remember to press the Enter key after typing each command.
Type id suraj [Enter] Now type id space suraj
Show the output and highlight The output indicates that Suraj belongs to primary group CSE.

He is not a member of any additional supplementary group.

Type id testmod [Enter] Now type id space testmod
Show the output and highlight The output shows that user testmod belongs to primary group Electronics.

He is also a member of two supplementary groups - music_club and literature_club

For this demonstration, we will use the group music_club.

We will first check the details of the group music_club.

Type

grep "music_club" /etc/group

[Enter]

Type the command as shown
Show the output and highlight The output shows the details of the group music_club.

Here the value of the second field i.e. the password field is x.

So, for password details we have to refer to the /etc/gshadow file.

change group to gshadow

Command should be:

grep "music_club" /etc/gshadow

[Enter]

So type the command as shown.
Highlight the second field Here, the value of the second field is an exclamation mark.

This means that the password is either invalid or not set.

Highlight appropriately in the output Also, we can see that testmod is listed as a member of the group music_club.
Retain same screen It is clear that the group music_club does not have a valid password.

Now, let us check how a member like testmod and a non-member like suraj can login to this group.

For login to a group, we will use newgrp command.

Slide 6A:
  • The newgrp command is used to change the current group ID during a login session.
  • The syntax of newgrp command is-

newgrp space hyphen space Newgroup

  • Here, hyphen and Newgroup are optional parameters
Slide 6B
  • Newgroup is either a group ID number or a group name located in /etc/group.
Slide 6C
  • Then newgrp refers to the file /etc/passwd for the particular entry of the user.
  • And changes the current group to the default group listed in the file /etc/passwd for the user.
Slide 7:
  • Optional hyphen flag re-initializes the user's environment as though the user has just logged in.
  • Otherwise, the current environment remains unchanged.

For the demonstration in this tutorial, we will always use the hyphen flag.

Let me try to login to the group music_club as a member, say testmod.

For this we have to login to user account testmod

Click on Terminal We will open a new terminal window for this.

Right click on the terminal.

From the pop-up select Open Terminal.

Show the two terminals side by side or up & down From this point onwards, we will use both these terminals.

We will switch from one terminal to another terminal for demonstration purpose.

Highlight spoken@spoken$ In the new terminal we are logged in as user spoken.

Now, let me login as user testmod.

Type su - testmod [Enter]

pass_radha [Enter]

Type su space hyphen space testmod
Type id [Enter] Then type id
Highlight in the output music_club is listed as one of the supplementary groups.
Type:

newgrp - music_club

[Enter]

In order to login to group music_club, type-

newgrp space hyphen space music underscore club

On getting $ prompt back The command has executed without any error.
Type id [Enter] Type id once again.
Highlight in the output Notice now that our current group is music_club.
Highlight in the output of the previous command Earlier it was Electronics.

So, our current group has changed.

We are logged in to music_club.

This login session will continue until we execute the exit command.

Type exit [Enter] So, let’s now type exit command
Type id [Enter] Recall the id command
Highlight in the output Now, our current group is Electronics.
Type exit [Enter] To exit from this user login session, type exit.
Highlight spoken@spoken$ Notice that the terminal prompt has changed.

Currently, we are logged in as user spoken.

Now, let’s see how a non-member like suraj can login to the group music_club.

Let us try to use the same newgrp command for this purpose.

Type su - suraj [Enter]

Type pass_suraj [Enter]

Let me login as user suraj
Highlight login prompt

suraj@ubuntu$

We are logged in as suraj.
Type id [Enter] Type id
Highlight in the output Notice that our current group is CSE.

And there are no supplementary groups listed.

So, it's clear that suraj is not member of the group music_club.

Type:

newgrp - music_club [Enter]

Let me login to group music_club
Show the output It is asking the password.

But we haven’t set any valid password for the group music_club.

We cannot login to the group music_club.

Press Ctrl and D

[Enter]

Press Control and D keys together to exit the group login process.
Type exit [Enter] Now exit from the user login session
Highlight spoken@spoken$ We are back to the user account spoken.
Slide 8: From this we understand that
  • if a group does not have a valid password set,
  • then only a group member can use newgrp - group command to login to the group.
  • Non-members cannot login to the group.
Slide 9: So, let us secure the group access with a password.
  • Superuser or group administrator
    • can use gpasswd space Newgroup
    • to set or change the password of a group.
  • Newgroup is either a group ID or a group name that you have to write in the command.

We will discuss about the group administrator in a separate tutorial later.

Let us now try to set the password as superuser.

Press Alt+Tab Switch to the terminal in which we have logged in as a root user.
Type

gpasswd music_club

[Enter]

To set the password for the group music_club, type

gpasswd space the name of the group that is music underscore club

Type pass_music [Enter] Type group password as pass underscore music

Press Enter

Type pass_music Retype the same password and press Enter.
Now we will repeat the login process to the group music_club as a member and also as a non-member.
Press ALT+TAB Switch to the other terminal where we have logged in as user spoken
Type su - testmod [Enter]

Type pass_radha [Enter]

Let me login as user testmod.
Type:

newgrp - music_club [Enter]

Now login to the group music_club

The command has executed without any error.

Type id [Enter] Type id
Highlight in the output Notice that our current group is now music_club.
Slide 10 So what do we understand from this?
  • Even though the group has a password,
  • group members will not be prompted to provide the password while logging in.
Type exit [Enter] Exit from the group login session,
Type exit [Enter] Exit from the user testmod.
Highlight spoken@spoken$ We are back to the user prompt spoken.
Now, suraj is a non-member for the group music_club.

Let’s see if suraj can use the same newgrp command to login to the group.

Type su - suraj [Enter]

Type pass_suraj [Enter]

login as user suraj
Type id [Enter] Type the id command
Highlight in the output As we know suraj is not a member of any supplementary group.
Type: newgrp - music_club

[Enter]

Now login to the group music_club,
Show the output It is asking for a password.
Type pass_music [Enter] Type pass underscore music which we set just now.
On getting $ prompt back The command has executed without any error.
Type id [Enter] Type id command
Highlight in the output Notice, our current group is now music_club.
Slide 11 So what do we understand from this?
  • If the group has a password set,
  • Non-members have to provide the correct password in order to login to the group.
Type newgrp [Enter] To switch back to your original login group, type newgrp
Retain same screen Now, newgrp command is used without any argument.

It should change the current group to the default group for user suraj.

As we know the default or primary group for user suraj is CSE.

Let me check that.

Type id [Enter] Type the id command.
Highlight in the output Notice, our current group is now CSE.
Type exit [Enter] Exit from the group CSE login session
Type exit [Enter] Exit from the group music_club login session
Type exit [Enter] Now exit from the user login session.
spoken@spoken: We are back to the user session spoken
Slide 12A A note on group password:
  • If the user is root, he or she will not be prompted for a password.
  • If there is no group password set and the user is not listed as a member of the group.
  • Then the user will be denied access
Slide 12B Non-root users will be prompted for a group password
  • if the user is not listed as a group member
  • and the group has a password.
Slide 12D
  • Notice that more than one person is permitted to know the group password.
  • So, group password has an inherent security problem.
  • However, groups are a useful tool for permitting cooperation between different users.
Switch to the terminal Switch to the terminal, in which we have logged in as a root user.
Type exit [Enter] Exit from the root user.
This brings us to the end of this tutorial.

Let us summarize.

Slide 13

Summary

In this tutorial we learnt about-
  • newgrp command
  • Securing a group with password
  • Login to a group as a group member
  • Login to a group as a non-member
Slide 14A Assignment As an assignment-
  1. Create a new group accounts for the college database.
  2. Give a suitable password for the group created.
  3. Create two users: rekha and sheetal.
Slide 14B Assignment
  1. Check details of user rekha using the command id.
  2. Add rekha as a member of the group.
  3. Check how the user rekha can login to the group accounts.
Slide 14C Assignment
  1. Check how the user sheetal can login to the group accounts.
  2. At every step, check the details of group accounts from /etc/gshadow file.
Slide 15 About Spoken Tutorial project The video at the following link summarises the Spoken Tutorial project.

Please download and watch it.

Slide 16

Spoken Tutorial workshops

The Spoken Tutorial Project team conducts workshops using spoken tutorials and gives certificates.

For more details, please write to us.

Slide 17

Forum for specific questions:

Pls post your timed queries in this Forum.
Slide 18

Acknowledgement

Spoken Tutorial Project is funded by NMEICT, MHRD, Government of India.

More information on this mission is available at this link.

The script has been contributed by Antara.

And this is Praveen from IIT Bombay signing off.

Thanks for joining.

Contributors and Content Editors

Nancyvarkey, Pravin1389