User and group management, file access
In this exercise there are 3 users, 3 groups, and 3 files to set up. Here's a script that sets them up. By reading and interpreting the script, please do the same thing manually yourself by duplicating the steps on the command line:
groupadd executives; usermod -G executives bill
groupadd hr; usermod -G hr mary
groupadd employees; usermod -G employees joe
echo stuff > workschedule
echo stuff > salaries
echo stuff > strategies
chgrp employees workschedule; chmod 644 workschedule
chgrp hr salaries; chmod 660 salaries
chgrp executives strategies; chmod 640 strategies
Now that you're set up, determine for each of the three users, against each of the three files, who can read what. (cat-ting a file is a test of its readability.) Identify each of the nine outcomes (file is readable, yes or no) by observing the files' permissions and group affiliations, and the users' group memberships. Write your predictions in this grid (print it out) as a "yes" or "no" in each cell. Then test all 9 cases empirically. Do so by logging in successively as each user, and testing each file. In each cell, under "yes" or "no," write the very brief reason for that outcome.
Observe bill's password aging characteristics:
chage -l bill
This information comes from the /etc/shadow file. Take a look at it there, in raw form:
cat /etc/shadow | grep bill
Since you just created bill's password, his most recent password change date is today. By default his password doesn't expire. Change that, to two days from the last change:
chage -M 2 bill
You've put a 2-day password change interval into effect. Now log in as bill again and observe the warning message. You get the warning because of the interaction between the setting for interval between password changes (2 days) and login warning pre-expiry lead time (by default, 3 days). It's going to warn you whenever you try to log in, once you get within 3 days of a required password change date. That date is 2 days from now, so you're within 3 days of it. Don't change the password.
Now make the computer think the last password change was the first of last month. Supposing that the current month is October 2005:
chage -d 2005-09-01 bill
With a 2-day password change interval, the password change requirement date is the 3rd of last month, so you're way overdue. Try to login as bill once again, and observe the behavior.
Printing the relevant documentation
If you don't know what a command does, refer to its man page. If you wish to print a man page, you can capture one as a text file. For example, if you want to print the man page for ls:
man -P cat ls > ls.man
(The "-P cat" option gets rid of screen paging by appointing the cat command, which does no paging, as the helper to do man's paging.) If you plan to move the text file to a Windows machine to print it from there, better also run it through the unix-to-windows file format converter to adjust it to Windows' end-of-line convention:
man -P cat ls | unix2dos > ls.man.txt
The primary commands for user maintenance are useradd, passwd, usermod, chage, and userdel. The primary commands for group maintenance are groupadd, gpasswd, groupmod, and groupdel.