User, Group and Permissions: Day 03

Topics

In Linux, a link is a reference to a file or directory. It provides an additional path or name to access the same file or directory without duplicating the data. Links are used to organize files, create backups, and even provide shortcuts to files located elsewhere.

  1. Hard Links
  2. Symbolic (Soft) Links

A hard link creates another directory entry for an existing file. Both the original file and the hard link point to the same inode (a data structure that holds the file’s metadata and data block pointers). Hard links cannot be created for directories (except for special directories like . and ..), and they do not work across different file systems.

  • Both the original file and the hard link share the same inode and data.
  • Deleting the original file doesn’t delete the data, as the hard link still points to the same data.
  • They cannot span file systems.
ln /path/to/sourcefile /path/to/hardlinkfile

A symbolic link (symlink) is a special file that points to another file or directory. It stores the path to the original file and works as a shortcut or reference. Unlike hard links, symbolic links can span different file systems and can link to both files and directories.

  • A symlink contains a path to the original file.
  • It works across different file systems.
  • If the target file is deleted, the symlink becomes broken (dangling symlink).
  • Useful for creating shortcuts or references to files in different locations.
ln -s /path/to/sourcefile /path/to/symlinkfile

A symbolic link points to the original file or directory, and acts like a shortcut.

ln -s /home/user/document.txt /home/user/symlink_document.txt

A hard link points to the same data on the disk as the original file. Both the original file and the hard link are indistinguishable.

ln /home/user/document.txt /home/user/hardlink_document.txt
  • Backup or Duplication: When you need another entry point to a file without duplicating the data. Hard links are useful in backups and creating copies without taking additional storage space.
  • Shortcuts: To create a shortcut or reference to a file or directory in a different location. For example, creating a symlink to a configuration file in a different directory.

Conclusion

Both hard links and symbolic links have their uses. Hard links are ideal for pointing directly to data without duplicating it, while symbolic links are perfect for creating shortcuts or linking files across file systems.

echo Command in Linux

The echo command is used to display a line of text or the value of a variable to the standard output (usually the terminal). It is commonly used in shell scripts for printing messages.

Syntax:

echo [OPTION] [STRING]

Understanding Variables and Paths in Linux

Variables in Linux

A variable in Linux is a container used to store information that can be accessed and manipulated by commands or scripts. Variables are essential in shell scripting, as they allow for dynamic and flexible execution of commands.

Types of Variables:

  1. Environment Variables:

    • These variables are set globally and affect the behavior of the system or processes. They are usually set in the shell configuration files like .bashrc, .bash_profile, or .profile.
    • Example:
      export PATH="/usr/local/bin:$PATH"
      In this case, PATH is an environment variable that defines the directories where executable programs are located.

  2. Shell Variables:

    • These are variables set for use within the shell session or script and are not global. They can store strings, numbers, and the results of commands.
    • Example:
      name="Alice"
echo "Hello, $name"
      Output:
      Hello, Alice

Using Variables:

  • Define a variable:
    variable_name="value"

Understanding the .env File in Linux

A .env file is used to set environment variables for your system or application. These variables store configuration values, credentials, and other parameters that the system or application can reference during execution. Typically, .env files are used to define key-value pairs in a format that’s easy to manage, especially in development or deployment environments.

Purpose of .env Files

  1. Storing Configuration:

    • .env files are commonly used to store environment-specific configuration, such as API keys, database URLs, and other sensitive information.
    • This keeps sensitive information out of your main application code and allows different configurations for different environments (e.g., development, testing, production).

  2. Loading Environment Variables:

    • The .env file allows for easy loading of variables into the environment at the start of a session, so they can be accessed by your shell or application.

Format of a .env File

A .env file typically consists of key-value pairs, where the key is the name of the variable and the value is its corresponding value. Each pair is separated by an equal sign (=).

KEY=value

Example of a .env File:

DATABASE_URL="postgres://user:password@localhost/dbname"
API_KEY="your-api-key-here"
DEBUG=true
PORT=3000

Key Rules for .env Files:

  1. No spaces around the = sign:

    • Valid:
      API_KEY="abc123"
    • Invalid:
      API_KEY = "abc123"  # This will not work

  2. Comments:

    • You can add comments in a .env file by using the # symbol.
    • Example:
      # This is a comment
DEBUG=true

  3. Quoting Values:

    • If the value contains spaces or special characters, wrap it in double quotes (").
    • Example:
      GREETING="Hello, World!"

Using .env Files in Applications

  • In Node.js:

    • You can use the dotenv package to load variables from a .env file into your application.
    • First, install dotenv:
      npm install dotenv
    • Then, add this line at the beginning of your JavaScript code:
      require('dotenv').config();
console.log(process.env.DATABASE_URL);

  • In Bash:

    • You can load a .env file using the source or . command:
      source .env
      or
      . .env
    • After sourcing, the variables defined in the .env file will be available in the shell session.

Best Practices for .env Files:

  1. Don’t Commit .env Files to Version Control:

    • Since .env files may contain sensitive information like passwords or API keys, it’s important not to commit them to version control (e.g., Git). Instead, add .env to your .gitignore file:
      # .gitignore
.env

  2. Use Different .env Files for Different Environments:

    • It’s a common practice to have different .env files for different environments, such as:
      • .env.development for development
      • .env.production for production
    • This allows you to easily switch between configurations by specifying the appropriate .env file.

  3. Security Considerations:

    • Store sensitive information (like passwords) securely, and use tools like vault or cloud secrets management services in production environments.

Conclusion

The .env file is a convenient way to manage environment variables in Linux and other operating systems. It helps keep sensitive data like API keys, database URLs, and configuration settings separate from application code. By following best practices, you can ensure that .env files are used securely and effectively in both development and production environments.

User Management in Rocky Linux 9

Overview

User management in Linux involves creating, modifying, and deleting user accounts, as well as assigning user privileges and managing groups. In Rocky Linux 9, user management is done via command-line tools like useradd, usermod, userdel, and groupadd.

1. useradd (Create a New User)

  • Usage: useradd <username>

  • Explanation: The useradd command is used to create a new user account. The command creates the user’s home directory and sets up default user configuration files.

    Example:

    $ sudo useradd -m john
    • -m: Creates the home directory for the user.

2. usermod (Modify User Account)

  • Usage: usermod [options] <username>

  • Explanation: The usermod command modifies an existing user account. You can change user details like the home directory, username, user ID, group membership, etc.

    Examples:

    • Change user’s home directory:

      $ sudo usermod -d /home/john_doe john

    • Add a user to a group:

      $ sudo usermod -aG sudo john
      • -aG: Adds the user to the specified group without removing them from other groups.

3. userdel (Delete a User Account)

  • Usage: userdel [options] <username>

  • Explanation: The userdel command removes a user account from the system. It can also remove the user’s home directory and mail spool if specified.

    Example:

    $ sudo userdel -r john
    • -r: Removes the user’s home directory and mail spool along with the user.

4. passwd (Change User Password)

  • Usage: passwd <username>

  • Explanation: The passwd command is used to change a user’s password. If no username is specified, it changes the current user’s password.

    Example:

    $ sudo passwd john
    • Prompts you to enter a new password for the user john.

5. groupadd (Create a Group)

  • Usage: groupadd <groupname>

  • Explanation: The groupadd command creates a new group on the system.

    Example:

    $ sudo groupadd developers

6. groupdel (Delete a Group)

  • Usage: groupdel <groupname>

  • Explanation: The groupdel command deletes a specified group from the system. Note that it does not remove users assigned to the group.

    Example:

    $ sudo groupdel developers

7. gpasswd (Administer Group Passwords)

  • Usage: gpasswd <groupname>

  • Explanation: This command is used to administer group passwords. It allows you to assign a password to a group, which can be used for privileged group access.

    Example:

    $ sudo gpasswd developers

8. id (Display User and Group Information)

  • Usage: id <username>

  • Explanation: The id command displays the user’s UID (User ID), GID (Group ID), and group memberships.

    Example:

    $ id john
    • Displays information such as:
      uid=1001(john) gid=1001(john) groups=1001(john),10(wheel)

9. groups (Display Group Memberships)

  • Usage: groups <username>

  • Explanation: The groups command shows the groups to which a user belongs.

    Example:

    $ groups john
    • Output might be:
      john : john wheel

10. chown (Change Ownership of Files/Directories)

  • Usage: chown [options] <user>:<group> <file>

  • Explanation: The chown command is used to change the ownership of a file or directory. It can be used to assign files to a user and a group.

    Example:

    $ sudo chown john:developers /home/john/file.txt

11. chgrp (Change Group Ownership of Files/Directories)

  • Usage: chgrp <groupname> <file>

  • Explanation: The chgrp command changes the group ownership of a file or directory.

    Example:

    $ sudo chgrp developers /home/john/file.txt

12. whoami (Current User)

  • Usage: whoami

  • Explanation: Displays the username of the current user.

    Example:

    $ whoami
john

13. w (Who Is Logged In)

  • Usage: w

  • Explanation: Displays who is logged in and what they are doing.

    Example:

    $ w
    • Example output:
      11:42:43 up 4 days,  3:34,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
john     pts/0    :0               09:23    3.00s  0.01s  0.01s w

14. last (Display Last Logins)

  • Usage: last

  • Explanation: Displays the login history for users, showing when and where users last logged in.

    Example:

    $ last

15. su (Switch User)

  • Usage: su - <username>

  • Explanation: The su (substitute user) command allows you to switch to another user account. If no username is provided, it defaults to the root user.

    Example:

    $ su - john
    • Switches to the john user account.

16 SSH private and public key

πŸ” SSH Key Authentication in RHEL 8

SSH key-based authentication is a secure and convenient method for logging into remote systems without using passwords.

πŸ“‚ SSH Key Pair Basics

  • Public Key (id_rsa.pub): Shared with the remote server.
  • Private Key (id_rsa): Kept secure and private on the client.

πŸ”’ Never share your private key.

  • πŸ› οΈ Generate SSH Key Pair
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  • Copy Public Key to Remote Server
ssh-copy-id user@remote-server
  • Login with ssh key
ssh user@remote-server
  • Permissions on Remote Server for a specific user
sudo chown -R john:john /home/john/.ssh
chmod 700 /home/john/.ssh
chmod 600 /home/john/.ssh/authorized_keys

16. sudo (Execute a Command as Another User)

  • Usage: sudo <command>

  • Explanation: The sudo command allows users to execute commands with elevated privileges, typically as the root user. Users need to be part of the sudoers group to use sudo.

    Example:

    $ sudo apt update

17. /etc/passwd (User Account Information)

  • Explanation: This file contains basic information about all user accounts on the system, including their username, UID, GID, home directory, and login shell.

    Example:

    $ cat /etc/passwd
    • Example entry:
      john:x:1001:1001:John Doe:/home/john:/bin/bash

18. /etc/shadow (User Password Information)

  • Explanation: This file stores user password information in an encrypted format. Only privileged users (like root) can read this file.

    Example:

    $ cat /etc/shadow
    • Example entry:
      john:$6$8DF....:18011:0:99999:7:::

Linux Permission Management

In Linux, file and directory permissions define who can read, write, or execute a file. These permissions are crucial for system security and multi-user environments.

🧱 Basic Concepts

Every file/directory has:

  • Owner: User who owns the file
  • Group: Group associated with the file
  • Others: Everyone else

Permission Types

SymbolMeaningApplies to
rReadFile: view contentDirectory: list files
wWriteFile: modify contentDirectory: add/remove files
xExecuteFile: run as a programDirectory: enter directory

πŸ” Viewing Permissions

Use ls -l:

$ ls -l file.txt
-rw-r--r-- 1 user group 1024 May  7 12:00 file.txt

2. Numeric (Octal) Mode

OctalBinaryMeaning
7111rwx
6110rw-
5101r-x
4100r–
0000

πŸ” What are Permissions in Linux?

Linux is a multi-user operating system. Every file or directory is associated with access permissions for:

  • User (u) – the owner
  • Group (g) – users in the same group
  • Others (o) – all other users

Each can have three types of permissions:

SymbolPermissionFile MeaningDirectory Meaning
rReadView contentsList files
wWriteModify contentsAdd/remove files
xExecuteRun as programEnter (cd) the folder

πŸ‘οΈ Viewing Permissions

Use ls -l to view permissions:

$ ls -l file.txt
-rw-r--r-- 1 user group 1024 May  7 12:00 file.txt

Breakdown:

  • - β†’ file type (d for directory)
  • rw- β†’ user can read/write
  • r-- β†’ group can read
  • r-- β†’ others can read

✏️ Changing Permissions with chmod

You can change permissions in two ways:

1. Symbolic Mode

chmod u+x script.sh       # Add execute for user
chmod g-w file.txt        # Remove write for group
chmod o=r file.txt        # Set read-only for others
chmod a+x deploy.sh       # Add execute for all (user, group, others)

2. Numeric (Octal) Mode

OctalBinaryPermission
7111rwx
6110rw-
5101r-x
4100r–
0000

Examples:

chmod 755 script.sh       # rwxr-xr-x
chmod 644 file.txt        # rw-r--r--

Recursive Change

chmod -R 755 /path/to/dir

πŸ” Special Permissions

Linux supports special permissions for advanced access control.

1. Setuid (Set User ID)

  • When set on an executable, the process runs as the file owner.
  • Represented by s in the user field (rws).
chmod u+s /usr/bin/somebinary

2. Setgid (Set Group ID)

  • On files: Process runs with the file’s group.
  • On directories: New files inherit the directory’s group.
  • Represented by s in the group field (rwxr-sr-x).
chmod g+s /shared/folder

3. Sticky Bit

  • Commonly used on shared directories like /tmp.
  • Only the file’s owner can delete it.
  • Represented by t in the others field (rwxrwxrwt).
chmod +t /shared/folder

πŸ§ͺ Special Permissions with Octal

chmod 1755 file.sh   # Sticky bit + rwxr-xr-x
chmod 2755 file.sh   # Setgid + rwxr-sr-x
chmod 4755 file.sh   # Setuid + rwsr-xr-x

View them with ls -l:

  • s in user/group field: Setuid/Setgid
  • t in others field: Sticky bit

πŸ“˜ Summary

  • Use ls -l to view permissions
  • Use chmod (symbolic or octal) to modify them
  • Use chown to change file ownership
  • Use chmod u+s, g+s, or +t to set special permissions

Mastering Linux permissions helps enforce security, especially in multi-user environments.

🌐 RHEL 8 Networking Overview

Red Hat Enterprise Linux 8 introduces several modern tools and practices for network configuration and management. It replaces legacy networking services like network and ifconfig with NetworkManager and nmcli.

🧰 Key Tools

ToolPurpose
nmcliCLI to control NetworkManager
nmtuiText-based UI for NetworkManager
ipShow/manipulate routing, devices, IPs
ssDisplay socket statistics (replaces netstat)
firewalldManage firewall dynamically
nmstatectlDeclarative network management (advanced)

πŸ“ Network Configuration Files

File/DirectoryPurpose
/etc/NetworkManager/Main NetworkManager configs
/etc/sysconfig/network-scripts/Legacy ifcfg-* files (still used)
/etc/resolv.confDNS resolution
/etc/hostsStatic hostname-IP mapping
/etc/hostnameSets the system hostname

πŸ–§ Common Networking Commands

πŸ”Ž View Network Interfaces

ip a
nmcli device status
  • Bring Interface Up/Down
nmcli device disconnect ens33
nmcli device connect ens33
  • Set Static Ip address
nmcli con add type ethernet con-name static-ens33 ifname ens33 ipv4.addresses 192.168.1.100/24 \
  ipv4.gateway 192.168.1.1 ipv4.dns "8.8.8.8" ipv4.method manual
  • Restart Networking
nmcli networking off
nmcli networking on
# or restart NetworkManager service
systemctl restart NetworkManager