Linux Exercise: User Account Management

Creating and Managing User Accounts

  1. Create two additional user accounts "tux1" and "tux2". Give these users a password so that you can login as these users. Verify the user accounts have been created.
    • # useradd -c "Tux the Penguin (1)" tux1
    • # useradd -c "Tux the Penguin (2)" tux2
    • # echo penguin | passwd --stdin tux1
    • # echo penguin | passwd --stdin tux2
    • # id tux1
    • # id tux2
  2. Look at the various files that store user information (/etc/passwd, /etc/shadow, /etc/group, /etc/gshadow) to view the user accounts you just created. Also look at the home directory of these new users, the contents of the home directory, and compare this to the contents of /etc/skel.
    • # cat /etc/passwd
    • # cat /etc/shadow
    • # cat /etc/group
    • # cat /etc/gshadow
    • # ls -ld /home/tux1
    • # ls -la /home/tux1
    • # ls -la /etc/skel
  3. In a different terminal window, try to logon as tux1 and tux2. Does this work?
  4. Lock the tux1 user account.
    • # usermod -L tux1
  5. In a different terminal window, try to logon as tux1. Does this work?
  6. Unlock the tux1 user account.
    • # usermod -U tux1
  7. Modify the password aging parameters for tux1 so that next time tux1 logs on, he is forced to reset his passwd.
    • # chage -l tux1
    • # chage tux1
      Enter the information so that it seems tux1 edited his password last, 100 days ago. And set the maximum password age to 90 days.
    • # chage -l tux1
  8. Once again, in a different terminal, logon as tux1. Does this work? Were you asked to change your password?

Creating teams and team directories

  1. Create an additional group "penguins". Make the users "tux1" and "tux2" member of this group.
    • # groupadd penguins
    • # usermod -a -G penguins tux1
    • # usermod -a -G penguins tux2
  2. Look at the various files that store user information to view how this secondary group is administered.
    • # cat /etc/passwd
    • # cat /etc/shadow
    • # cat /etc/group
    • # cat /etc/gshadow
    • # id tux1
    • # id tux2
  3. Create a team directory, /home/penguins. Set the appropriate permissions on this team directory, so that tux1 and tux2 can work together on a project in this directory.
    • # mkdir /home/penguins
    • # chgrp penguins /home/penguins
    • # chmod 2770 /home/penguins
  4. Login as tux1 and tux2, and verify that you can indeed use this directory to share documents. Also, can you delete each others documents? How would you prevent this?
    • With the current settings users will be able to delete each others documents. If necessary, this can be prevented by setting the sticky bit (chmod +t /home/penguins or chmod 3770 /home/penguins).

Password aging

  1. Look at the password aging information for tux1.
    • # chage -l
  2. Look how many days it's been since January 1st, 1970. You will need this number in the next steps, so store this in a variable "today"
    • # echo $(( $( date +"%s" ) / 86400 ))
    • # today=$(( $( date +"%s" ) / 86400 ))
  3. Change the last change date of the password of tux1 to 31 days ago.
    • # chage -d $(( $today - 31 )) tux1
  4. Set the maximum number of days between password changes to 30 days.
    • # chage -M 30 tux1
  5. Look at the password aging information for tux1 again.
    • # chage -l tux1
  6. Logout and login as tux1. Do you need to change the password? If so, do so otherwise the next exercises will fail.
  7. Logout and login as tux1 again. Do you need to change the password now?
  8. Logout and login as root. Look at the password aging information for tux1.
    • # chage -l

Note: The LPI exam may ask for the options to the chage command. So you'll have to learn at least the most important ones. In real life, in addition to reading the manual page, you can also simply run chage tux1. This will start an interactive wizard that will ask you for the values.

ulimit

  1. For this exercise, make sure your system is running in the non-graphical ("multi-user") systemd target.
    • If your system is running the graphical environment:
      # systemctl set-default multi-user
    • # reboot
  2. Look at the file /etc/security/limits and the contents of the directory /etc/security/limits.d. Change the parameters of tux1 so that he has a soft limit of 5 and a hard limit of 8, for the number of processes.
    • # vi /etc/security/limits.conf
      Add the following lines: 
      tux1     soft     nproc     5
tux1     hard     nproc     8
  3. Logout, login as tux1 and execute the ulimit -a command. What is your limit?
    • $ ulimit -a
  4. Look at how many processes you've got running already.
    • $ ps aux | grep tux1
      In addition to your shell you also have the ps and grep process. If you were logged in via ssh then there's also an instance of the sshd daemon running on your behalf. So normally at this stage you would have three or four processes running.
      If you were logged in using the graphical environment, it would not be uncommon to see something like 20 processes at this stage, depending on the number of windows you opened. With a hard limit of eight, it would be totally impossible to use the graphical environment.
  5. Try to start more than five processes, for instance by starting nested subshells repeatedly. What happens if you exceed the five processes?
    • $ bash
    • $ bash
    • $ ...
      Most likely you'll get an error at this stage.
      End your subshells until you're back at the master shell.
  6. Try to raise your limit for the number of processes. What is the maximum you can reach?
    • $ ulimit -u 10
      This will not work, as your hard limit is 8.
    • $ ulimit -u 8
      This will work.
    • $ ulimit -a
  7. Try to start more than five processes again. Does this work now?
    • $ bash
    • $ bash
    • $ ...
  8. Logout, login as root and remove the limits for the tux1 user.
    • # vi /etc/security/limits.conf
      Remove the lines about tux1.
End of exercise