<![CDATA[
SUDO STUFF
su <user>
sudo -<i|s>u <user> [shell]
ssh <user>@localhost
sudo bash
# all used to escalate power, switch users, lets you do something that maybe you didn't have access to before
su <user> # this will fail
sudo su <user> # this will work
# when password of the user you're attempting to login as has not been set
logname
echo $LOGNAME
# how to find your old name even after switching users
PERMISSIONS AND SPECIAL PERMISSIONS
sudo chown [-R] <user>:<group> /path/to/dir/or/file
# to change user/group permissions on a file or folder [recursively]
# chmod 0700, chmod 4750, chmod +t, chmod g+s /path/to/folder...
# these all replace the "x" in the "drwxr-x---" form of file permissions
# shows lowercase if the x is also set, uppercase if it is not
# can cause vulnerabilities if you don't know what you're doing!! watch it.
SUID
# on a file: when exec'd, this executable will run with perms of file owner, not executor
in octal: 4000
in ugo: u+s
SGID
# on a file: same as SUID but with perms of group
# on a folder: forces group permission inheritance on all (newly-created only? are they changeable after?) subdirs
in octal: 2000
in ugo: g+s
sticky bit
# on anything: file(s in the folder) can't be deleted except by owner
# first created to keep stuff in RAM, then used to keep ppl from deleting other users' /tmp files
in octal: 1000
in ugo: +t
# note that it is a +t and NOT a +s; easy to miss!
ugo perms vs 0744 perms
# use +x and -x instead of numbers
USER ACCOUNTS
default userfiles are in /etc/skel
ex.: set a default SSH configuration by adding a .ssh folder and config files in it
getent passwd <user>
# to check if already extant
userdel <user>
useradd \
-m \
-s <shell> \
-g <group> \
-c '<comment>' \
-u <UID> \
<user>
chage <user>
passwd <user>
# change user's password
passwd -S <user>
# view status of user account
passwd -u <user>
# unlocks a locked user account
dovecot <___________________>
# to generate a passwd hash for use with passwd -_________
# or for use directly in /etc/shadow
usermod -s /dev/null -p *LK* <user>
# changes login shell to /dev/null to stop login at login screen
# changes password hash to *LK* to disable logging in via password
# keypairs still work!!
chage -E $(date -d -1days +%Y-%m-%d) <user>
# set account expiry date to yesterday
GROUPS
getent group | grep <group>
# to check if group already extant
groupdel <group>
groupadd
-g <GID> \
<group>
usermod -aG <group> <user>
# add an additional group to a user
gpasswd -M <user1>,<user2>,<user3>
# add users in bulk
# group membership will be set to ONLY the listed users; all others will be REMOVED
LOCAL USER ACCOUNTS
luseradd
lpasswd
lusermod
luserdel
# confusing because they have subtly different syntax than the normal user commands
# read the man pages first
luseradd -ms <shell> -g <group> -c '<comment>' <user>
lpasswd <user>
# change local user's password
lchage -d 0 <user>
# expire password, to force reset next login
lgroupmod --member-add <user> <group>
lgroupmod --member-remove <user> <group>
]]>