SUDO STUFF su <user> sudo -<i|s>u <user> [shell] ssh <user>@localhost sudo bash # all used to escalate power, switch users, lets you do something that maybe you didn't have access to before su <user> # this will fail sudo su <user> # this will work # when password of the user you're attempting to login as has not been set logname echo $LOGNAME # how to find your old name even after switching users PERMISSIONS AND SPECIAL PERMISSIONS sudo chown [-R] <user>:<group> /path/to/dir/or/file # to change user/group permissions on a file or folder [recursively] # chmod 0700, chmod 4750, chmod +t, chmod g+s /path/to/folder... # these all replace the "x" in the "drwxr-x---" form of file permissions # shows lowercase if the x is also set, uppercase if it is not # can cause vulnerabilities if you don't know what you're doing!! watch it. SUID # on a file: when exec'd, this executable will run with perms of file owner, not executor in octal: 4000 in ugo: u+s SGID # on a file: same as SUID but with perms of group # on a folder: forces group permission inheritance on all (newly-created only? are they changeable after?) subdirs in octal: 2000 in ugo: g+s sticky bit # on anything: file(s in the folder) can't be deleted except by owner # first created to keep stuff in RAM, then used to keep ppl from deleting other users' /tmp files in octal: 1000 in ugo: +t # note that it is a +t and NOT a +s; easy to miss! ugo perms vs 0744 perms # use +x and -x instead of numbers USER ACCOUNTS default userfiles are in /etc/skel ex.: set a default SSH configuration by adding a .ssh folder and config files in it getent passwd <user> # to check if already extant userdel <user> useradd \ -m \ -s <shell> \ -g <group> \ -c '<comment>' \ -u <UID> \ <user> chage <user> passwd <user> # change user's password passwd -S <user> # view status of user account passwd -u <user> # unlocks a locked user account dovecot <___________________> # to generate a passwd hash for use with passwd -_________ # or for use directly in /etc/shadow usermod -s /dev/null -p *LK* <user> # changes login shell to /dev/null to stop login at login screen # changes password hash to *LK* to disable logging in via password # keypairs still work!! chage -E $(date -d -1days +%Y-%m-%d) <user> # set account expiry date to yesterday GROUPS getent group | grep <group> # to check if group already extant groupdel <group> groupadd -g <GID> \ <group> usermod -aG <group> <user> # add an additional group to a user gpasswd -M <user1>,<user2>,<user3> # add users in bulk # group membership will be set to ONLY the listed users; all others will be REMOVED LOCAL USER ACCOUNTS luseradd lpasswd lusermod luserdel # confusing because they have subtly different syntax than the normal user commands # read the man pages first luseradd -ms <shell> -g <group> -c '<comment>' <user> lpasswd <user> # change local user's password lchage -d 0 <user> # expire password, to force reset next login lgroupmod --member-add <user> <group> lgroupmod --member-remove <user> <group>