A .highlight[user] is a basic unit of access control;
it has a set of credentials to access the system
and .highlight[owns] some files on it.
A .highlight[group] is a collection of users to facilitate shared access to resources.
A user can belong to many groups but one group is considered primary.
As an admin, you may need to add/delete users and change their rights and passwords.
This intro only covers the basic scenario of local users and groups.
---
# User and group information
For local users and groups, their information is stored in:
* `/etc/passwd` - users, their primary groups and basic settings
* `/etc/shadow` - hashed user passwords and expiration data
* `/etc/group` - group and their members
.advice[
Do not edit these files directly; use specialized utilities.
]
--
You can use .highlight[`getent <database>`] to access these lists, or `getent <database> <id>`
to get a specific record.
```
owner@linux:~$ getent passwd owner
owner:x:1001:1001:,,,:/home/owner:/bin/bash
```
---
# Changing passwords
Any user can change their own password with `passwd`, if they can provide their current one:
```
owner@linux:~$ passwd
Changing password for owner.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
```
--
Superuser can change any account's password without knowing the current one:
```
owner@linux:~$ sudo passwd owner
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
```
---
# Aside: home folder encryption
If a user's home folder is encrypted, the decryption key is protected
with their password.
In case the user changes their own password, the decryption key is
automatically re-encrypted using the provided old password.
In case of an admin password change, the user's old password will
still be needed to unlock the decryption key.
---
# Editing users, groups and their relation
To add a user, use .highlight[`adduser <user>`]; it will interactively ask for information.
By default, it will automatically create a new home folder and a primary group
with the same name and one member.
--
To add a group, use .highlight[`addgroup <group>`].
To add an existing user to a group, .highlight[`adduser <user> <group>`]
--
To remove a user from a group, use .highlight[`deluser <user> <group>`]
Users and groups are deleted with .highlight[`deluser <user>`] and .highlight[`delgroup <group>`]
_Reference:_ `man adduser`, `man deluser`
---
# The `skel`-eton of a home
When a new user's home folder is created, it's possible to
automatically populate its contents.
Contents of `/etc/skel` are used as a template.
They are copied to the new home folder
and changed to be owned by the new user.
---
# Exercise: adding a user
.exercise[
1. Create a user `test_user`
2. Change to that user with `su - test_user`
3. Try using `sudo`
4. Add the user to `sudo` group
5. Try again
6. Delete the user (with `--remove-home`)
]
.note[
A change in user's groups only fully applies if they log out
]
---
# Examining your system
An important part of Linux administration is being able to
gather information about the running system.
In this section multiple ways to do that are presented.
---
# What's the hardware?
Common commands to gather info about the hardware:
* .highlight[`cat /proc/cpuinfo`] and .highlight[`lscpu`] present CPU information
* .highlight[`lspci`] shows devices connected to the system bus
* .highlight[`lsusb`] shows devices connected via USB
* .highlight[`lsblk`] shows storage devices and their partitions
* .highlight[`lshw`] shows a hierarchical view of all hardware
* .highlight[`dmidecode`] shows information reported by the motherboard
.exercise[
Try them all out; they should be run as `root`
]
---
# What are the network settings?
`ip` is the command to access networking information in modern Linux systems.
For example, `ip a` shows addresses assigned to all interfaces.
Basic network settings are accessible through `/etc/networks`.
---
# Are we running out of space?
.highlight[`df -h`] (for "disk free") shows how much space is used per filesystem.
.note[
Ext filesystems reserve part of available space for emergency use by `root`.
It will show up as used.
The amount can be changed on the fly with `tune2fs`.
]
--
.highlight[`free -h`] shows information about used memory.
Note the difference between "free" (unused) and "available" (ready to be emptied) memory.
As such, low _free_ memory is not cause for concern.
_Reference:_ [Reserved space for root on a filesystem - why?](https://unix.stackexchange.com/questions/7950/reserved-space-for-root-on-a-filesystem-why)
---
# What's eating all the space?
The command .highlight[`du`] (for "disk usage") allows for calculation of real size of folders.
* .highlight[`du -h <path>`] calculates all folder sizes recursively from provided path.
* `-s` provides a summary: only the total for the path.
* `-d <level>` provides numbers up to `<level>` deep
* `-x` stops `du` from crossing into different filesystems
(very useful for `/`)
.exercise[
Try `du -h -d 1 ~` to measure use of your home folder
]
--
A friendlier interface for the same task is `ncdu`.
---
# How's the load?
.highlight[`uptime`] shows how long the system has been running,
as well as how busy the CPU is.
```
owner@linux:~$ uptime
10:04:17 up 1:03, 1 user, load average: 0.08, 0.02, 0.01
```
--
In this example, the system has been running for 1h3m.
--
Load average can be seen as a ratio of scheduled CPU tasks vs idle time
in a given time window (1, 5, and 15 minutes).
Ideally, this ratio should not be much more than amount of virtual cores in the system.
--
It also lists number of logged-in users. They are listed by .highlight[`who`].
---
# What's running?
.highlight[`ps`] is a utility to list running processes in the system.
Its output is highly tunable; my personal preference is .highlight[`ps aux`] for all processes on the system.
--
A more intuitive overview can be obtained with .highlight[`pstree -u`], which shows processes by parent-child relation.
--
For automation purposes, `pgrep` is also useful.
---
# What's hogging all the CPU / RAM?
.highlight[`top`] is a monitor of system resources.
It allows to quickly see what's using up system resources.
A nicer modern version is .highlight[`htop`].
---
# What is keeping things open?
.highlight[`lsof`] is a tool to see all open files and file-like objects
by processes.
.highlight[`lsof <path>`] shows processes keeping files under `<path>` open.
.highlight[`lsof -i`] displays all open network ports.
---
# How to see logs?
As mentioned before, most logs are stored under .highlight[`/var/log/`]
Logs are periodically "rotated", with older ones having `.1`, `.2`, ... appended