Lab 11: Creating Users and Groups: You need to use your Kali or Ubuntu VM for this lab

(Lab
requires you to have root access). Total 32 points.

Introduction
This is Lab 16: Creating Users and Groups. By performing this lab, students will learn how to
create a new user account, establish the initial password for this account, and make other
modifications such as making the new user a member of a secondary group.

In this lab, you will perform the following tasks:

 Create a new group with the groupadd command

 Make changes to groups using the groupmod command
 Create a new user with the useradd command
 Set and reset a user's password with the passwd command
 Make changes to the user account with the usermod command

Creating Groups
In this task, you will create group and user accounts.

Group accounts can be helpful to use in order to be able to assign permissions on files shared by
a group of users.

User accounts in Linux distributions based upon RedHat, like the CentOS distribution, start with
the first User ID (UID) at 500, the next UID given at 501, and so on. The current trend followed
by many other distributions is to have the first UID be 1000, the second to be 1001, and so on.
Starting with RedHat 7, standard user accounts begin at 1000, a consideration when migrating
older systems with existing user accounts.

If managing accounts for multiple systems, then it is desirable to have a network-based

authentication server, where accounts can be created once, but used on many machines.
Otherwise, managing multiple accounts on multiple machines can be challenging as it can be
difficult to ensure that the user, and all the groups they belong to, all have the same UIDs and
GIDs on all machines.

Another issue with multiple machine accounts is that it can be difficult to keep the passwords to
each account synchronized across all machines.

Managing accounts for local users is still useful for individual machines, even if they have access
to a network-based authentication server. In this lab, you will manage local group and user
accounts.
Step 1
In order to administer the user and group accounts, you will want to switch users to the root
account with the following command. Provide the root password kali or password depend
on what you setup when you installed the machine

 sudo su

When answering questions make sure that you show proof of your work by including a
screenshot of your command and output results. Please DO NOT include the entire screen.

Example:

1. After running the above commands how can you verify that you are logged in as the root
user?

Step 2

Use the groupadd command to create groups called research and sales:

 groupadd -r research
 groupadd -r sales

The groupmod command can be used with a -n option to change the name of either of these
groups or with the -g option in order to change the GID for either of the groups. The groupdel
command can be used to delete either of the groups, as long as neither of them have been made
the primary group for a

2. Show your results and explain the use of the -r option.

Step 3
Use the getent command to retrieve information about the new research group:

getent group research

3. Show your results and explain your output.

Step 4
Use the grep command to retrieve information about the new sales group: in the /etc/group
folder.

4. Show your results.

Step 5
Use the groupmod command with the -n option to change the name of the sales group clerks.

5. Show your results.

Now use the groupmod command with the -g option to change the GID for the clerks group to
10002. Use the grep command to verify the changes made above.

6. Show your results.

Important: Note that any files that had been in the sales group will now have no group name
and will now be orphaned files.

Step 6
Delete the clerks group using the groupdel command along with the name of the group. Use
the grep command to verify that the clerk’s group has been removed:

7. Show your results.

Important: If you decide to delete a group with the groupdel command, be aware that any files
that are owned by that group will also become orphaned.

Step 7
View the default values used by the useradd command using the -D option:

8. Show your results.

The SKEL value provides administrators with an easy way to populate a new user account with
key configuration files. It determines which skeleton directory will have its contents copied into
the new user’s home directory. The -k option on the useradd command allows a different SKEL
directory than the default to be used when creating a new user account. This is useful because
most systems have users that need access to different resources as appropriate to their job
functions.
Step 8
Set the INACTIVE parameter to allow users with expired passwords to log in for up to thirty days
before their accounts are disabled, then view the new default values. The -D option to the
useradd command will allow you to view or change some of the default values used by the
useradd command.

In the example below, the -D option specifies changes to the default values used when creating a
new user. The -f 30 option specifies that users who have expired passwords can still log in for
up to thirty days before their accounts are inactivated. Using the -D option by itself displays the
current defaults, which have been changed by the previous command.

 useradd -D -f 30
 useradd -D

Change the above values to 20 days.

9. Show your results.

Step 9
Modify the CREATE_MAIL_SPOOL value in the /etc/default/useradd file using the nano text
editor:

nano /etc/default/useradd
root@localhost:~# nano /etc/default/useradd
Press the down arrow key to scroll to the bottom of the file:

On the CREATE_MAIL_SPOOL=no line, backspace over the no and type yes:

Press Ctl + X to exit and type Y. Press Enter to save your changes then type useradd -D at the prompt
to confirm the new setting:

10. Execute the following command and show your results. What new value do you see?

 useradd -D
Step 10
Create a new user named student who is a secondary member of the research group and a
primary member of their own private group. Use a comment of Linux Student that will appear
as the full name of the user when they do a graphical login. Make sure that their home directory
will be created by specifying the -m option. Then use grep to verify the new user and their group
memberships: The user's account information is stored in the /etc/passwd and /etc/shadow
files. The user's group information can be found in the /etc/passwd and /etc/group files.

 useradd -G research -c 'Linux Student' -m student

 grep student /etc/passwd

11. run the grep command show your results.

Step 11
Use the usermod command to add the research group as a secondary group for the sysadmin
user: Users who are actively logged into the system will not be able to use any new group
memberships until the next time they log into the system.

12. Show your results.

Step 12
Using the getent command, view the research group members again:

 getent group research

13. Use getent to show the student group: Show your results.

Next, use getent to show the passwd and shadow databases for the student user:

 getent passwd student

 getent shadow student

The output should now show that both sysadmin and student are secondary members of the
research group.

The GID of the student group matches the fourth field of the passwd information for the
student user. This is what makes the student a primary member of the student group.
Finally, the ! appearing in the second password field of the shadow file, shows that the password
for the student has not been set.

Step 13
Create a new user called csci190. Use the passwd command to set the password, csci190, for
the user. Enter the password twice then view the shadow file entry for the student user again:

14. Show your results. What is the long string next to the $ sign?

Step 14
Just because a user has a password doesn't mean that they have ever logged into the system. Use
the last command to see if the csci190 user has ever logged in:

15. Show your results.

Step 15
A more permanent solution to preventing access to the student account would be to delete the
account with either the userdel student or userdel -r student commands. Using the -r
option with the userdel command removes the user's home directory and mail, in addition to
deleting the user's account.

16. Delete the csci190 account and remove the user's home directory: Show your results