From 2d652250b5eaa53d0831a8dd88028fbc646e3e3e Mon Sep 17 00:00:00 2001 From: Laurent Modolo <laurent@modolo.fr> Date: Tue, 6 Oct 2020 10:29:33 +0200 Subject: [PATCH] add SE Linux section --- 5_users_and_rights.md | 62 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/5_users_and_rights.md b/5_users_and_rights.md index d67a4f8..442b4bc 100644 --- a/5_users_and_rights.md +++ b/5_users_and_rights.md @@ -182,3 +182,65 @@ You can try again the `chown` command with the `sudo` command. Check the content of the file `/etc/shadow` , what is the utility of this file (you can get help from the `man` command). +## Creating Users + +You can add a new user to your system with the command `useradd` + +```sh +useradd -m -s /bin/bash -g users -G adm,docker student +``` + +- `-m` create a hone directory +- `-s` specify the shell to use +- `-g` the default group +- `-G` the additional groups + +To log into another account you can use the command `su` + +What is the difference between the two following command ? + +```sh +su student +``` + +```sh +sudo su student +``` + +What append when you don't specify a login with the `su` command ? + +## Creating groups + +You can add new groups to your system with the command `groupadd` + +```sh +sudo groupadd dummy +``` + +Then you can add users to these group with the command `usermod` + +```sh +sudo usermod -a -G dummy student +``` + +And check the result: + +```sh +groups student +``` + +To remove an user from a group you can rewrite it's list of group with the command `usermod` + +```sh +sudo usermod -G student student +``` + +Check the results. + +## Security-Enhanced Linux + +While what you have seen in this section hold true for every Unix system, additional rules can be applied to control the rights in Linux. This is what is called [SE Linux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) (**s**ecurity-**e**nhanced **Linux**) + +When SE Linux is enabled on a system, every **process** can be assigned a set of right. This is how, on Android for example, some programs can access your GPS while other cannot, etc. In this case it's not the user rights that prevail, but the **process** launched by the user. + +[To understand more about processes you can head to the next section.](https://http://perso.ens-lyon.fr/laurent.modolo/unix/6_unix_processes.html) \ No newline at end of file -- GitLab