Saturday, February 28, 2015

How to deny or block user login in linux



Deny user login by locking out account

Pass -l option to passwd command. It is used to lock the specified account and it is available to root only. The locking is performed by rendering the encrypted password into an invalid string and by prefixing the encrypted string with an !.

Syntax
passwd -l {username}
passwd  -l rajesh

Unlock account or allow login
To allow login use passwd command as follows:

passwd -u {username}
Passwd  -u rajesh

This is the reverse of the -l option - it will unlock the account password by removing the ! prefix.

/sbin/nologin shell

/sbin/nologin displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled or login is blocked.

Example: Deny login for rajesh user

Type the command as follows (login as root user):
# passwd -l rajesh
             or
You can also change shell to /sbin/nologin:
# usermod -s /sbin/nologin rajesh

Example: Allog login for rajesh user

Type the command as follows (login as root user):
# passwd -u rajesh
              or
You can also need change back shell from /sbin/nologin  to /bin/bash:
# usermod -s /bin/bash rajesh

Wednesday, February 25, 2015

Disable SSH root login



 Here is the step by step procedure to disable/deny direct root login via SSH

1. Login to the server as Root
2. Edit /etc/ssh/sshd_config

    Look for the line,

  PermitRootLogin=Yes

and then change the value of it to,

  PermitRootLogin=No 

3. Restart the sshd service and make sure its turned on
    service sshd restart        or     /etc/init.d/sshd restart
  
    service sshd status

Wednesday, February 18, 2015

how to create group in linux ?



about groups

Users can be listed in groups. Groups allow you to set permissions on the group level instead of having to set permissions for every individual user. Every Unix or Linux distribution will have a graphical tool to manage groups. Novice users are advised to use this graphical tool. More experienced users can use command line tools to manage users, but be careful: Some distributions do not allow the mixed use of GUI and CLI tools to manage groups Senior administrators can edit the relevant files directly with vi or vim.

groupadd

Groups can be created with the groupadd command. The example below shows the
creation of five (empty) groups.

root@linuxforfreshers:~# groupadd tennis
root@linuxforfreshers:~# groupadd football
root@linuxforfreshers:~# groupadd snooker
root@linuxforfreshers:~# groupadd formula1
root@linuxforfreshers:~# groupadd salsa


/etc/group

Users can be a member of several groups. Group membership is defined by the /etc/
group file.

root@linuxforfreshers:~# tail -5 /etc/group
tennis:x:1006:
football:x:1007:
snooker:x:1008:
formula1:x:1009:
salsa:x:1010:
root@linuxforfreshers:~#

The first field is the group's name. The second field is the group's (encrypted)
password (can be empty). The third field is the group identification or GID. The
fourth field is the list of members, these groups have no members.

usermod

Group membership can be modified with the useradd or usermod command.
root@linuxforfreshers:~# usermod -a -G tennis inge
root@linuxforfreshers:~# usermod -a -G tennis katrien
root@linuxforfreshers:~# usermod -a -G salsa katrien
root@linuxforfreshers:~# usermod -a -G snooker sandra
root@linuxforfreshers:~# usermod -a -G formula1 annelies
root@linuxforfreshers:~# tail -5 /etc/group
tennis:x:1006:inge,katrien
football:x:1007:
snooker:x:1008:sandra
formula1:x:1009:annelies
salsa:x:1010:katrien
root@linuxforfreshers:~#

Be careful when using usermod to add users to groups. By default, the usermod
command will remove the user from every group of which he is a member if the group
is not listed in the command! Using the -a (append) switch prevents this behaviour.


groupmod

You can change the group name with the groupmod command.

root@linuxforfreshers:~# groupmod -n darts snooker
root@linuxforfreshers:~# tail -5 /etc/group
tennis:x:1006:inge,katrien
football:x:1007:
formula1:x:1009:annelies
salsa:x:1010:katrien
darts:x:1008:Sandra


groupdel

You can permanently remove a group with the groupdel command.

root@linuxforfreshers:~# groupdel tennis
root@linuxforfreshers:~#


groups

A user can type the groups command to see a list of groups where the user belongs to.

[root@linuxforfreshers ~]$ groups
harry sports
[root@linuxforfreshers ~]$

Wednesday, February 11, 2015

examples for directory in linux or working with Directory commands



working with directories

1. Display your current directory.
ANS:pwd

2. Change to the /etc directory.
ANS:cd /etc

3. Now change to your home directory using only three key presses.
ANS:cd (and the enter key)

4. Change to the /boot/grub directory using only eleven key presses.
ANS:cd /boot/grub (use the tab key)

5. Go to the parent directory of the current directory.
ANS:cd .. (with space between cd and ..)

6. Go to the root directory.
ANS:cd /

7. List the contents of the root directory.
ANS:ls

8. List a long listing of the root directory.
ANS:ls –l

9. Stay where you are, and list the contents of /etc.
ANS:ls /etc

10. Stay where you are, and list the contents of /bin and /sbin.
ANS:ls /bin /sbin

11. Stay where you are, and list the contents of ~.
ANS:ls ~

12. List all the files (including hidden files) in your home directory.
ANS:ls -al ~

13. List the files in /boot in a human readable format.
ANS:ls -lh /boot

14. Create a directory testdir in your home directory.
ANS:mkdir ~/testdir

15. Change to the /etc directory, stay here and create a directory newdir in your home
directory.
ANS:cd /etc ; mkdir ~/newdir

16. Create in one command the directories ~/dir1/dir2/dir3 (dir3 is a subdirectory
from dir2, and dir2 is a subdirectory from dir1 ).
ANS:mkdir -p ~/dir1/dir2/dir3

17. Remove the directory testdir.
ANS:rmdir testdir