CHAPTER 1: INTRODUCTION TO SYSTEM & NETWORK ADMINISTRATION (3 HRS)

1.1 Objectives/Goals, Challenges, and Common Practices

Objectives/Goals
 System Administration:
o Ensuring the efficient, reliable, and secure operation of computing environments.
o Managing the installation, configuration, and maintenance of hardware and software
systems.
o Supporting users, optimizing performance, and troubleshooting issues.
 Network Administration:
o Configuring and maintaining network services (e.g., DNS, DHCP, firewall, routing, etc.).
o Ensuring network availability, security, and optimal performance.
o Managing IP addressing, network protocols, and network architecture.

Challenges
 Scalability: As organizations grow, systems and networks need to scale efficiently without
degradation in performance.
 Security: Protecting the system from both internal and external threats through firewalls,
encryption, and continuous monitoring.
 Downtime Management: Minimizing downtime through redundancy, backups, and
disaster recovery plans.
 Automation: Handling repetitive tasks through scripting or automation tools to improve
efficiency and reduce human error.
 Resource Optimization: Ensuring that servers, storage, and network bandwidth are used
efficiently to avoid bottlenecks.

Common Practices
 Backup and Recovery: Regularly backing up data and creating disaster recovery plans.
 Monitoring and Logging: Using monitoring tools (e.g., Nagios, Zabbix) and maintaining
logs for troubleshooting and security.
 Documentation: Keeping up-to-date documentation of systems, configurations, and
procedures.
 User Management: Managing user accounts, permissions, and authentication methods.
 Patch Management: Keeping systems and software updated with the latest security
patches and updates.

1.3 Unix-like Systems vs. Windows Systems

Unix-like Systems (e.g., Linux, BSD)

 Philosophy:
o Based on a modular and minimalistic approach where each component does one task well.
o High emphasis on command-line interfaces (CLI) and scripts.
 Strengths:
o Open Source: Free, highly customizable, with a vast community-driven development
model.
o Security: Known for a strong security model and permissions structure.
o Reliability and Stability: Often chosen for high-availability environments like servers.
o Flexibility: Can be adapted to various use cases and hardware configurations.
 Common Uses:
o Web servers, database servers, networking infrastructure, embedded systems, etc.
 Challenges:
o May have a steeper learning curve due to heavy reliance on CLI.
o Support for proprietary software can sometimes be lacking.

Windows Systems
 Philosophy:
o Designed to be user-friendly with a strong focus on graphical user interfaces (GUI).
 Strengths:
o GUI-oriented: Makes it easier for non-technical users to interact with the system.
o Broad Application Support: Extensive support for enterprise applications (e.g., Microsoft
Office, Exchange Server, etc.).
o Active Directory (AD): Offers a robust directory service for centralized management of
resources.
o Integration with Microsoft Ecosystem: Seamless integration with other Microsoft
products and services.
 Common Uses:
o Enterprise environments, desktop computing, user account management, etc.
 Challenges:
o Licensing costs can be high.
o Windows may be more susceptible to malware compared to Unix-like systems.
Additional Considerations:
 Hybrid Environments: Many organizations utilize both Unix-like and Windows systems in
hybrid environments to leverage the strengths of each.
 Cloud Platforms: Both Unix-like and Windows systems are widely available on cloud
platforms, providing flexibility and scalability options.
 Personal Preferences: The choice between Unix-like and Windows systems often depends
on personal preferences, familiarity, and specific use case requirements.

1.4 Linux Distributions and UIs

Linux Distributions
 Definition: A Linux distribution is a specific version of Linux bundled with various tools,
applications, and system management utilities.

Popular Distributions

1. Ubuntu:
o Popular for beginners due to its ease of use and strong GNOME GUI.
o Widely used for both desktop and server environments.
2. CentOS/Red Hat Enterprise Linux (RHEL):
o Enterprise-grade distribution with a focus on security and stability.
o Preferred for corporate and high-availability server environments.
3. Debian:
o Known for its stability and versatility.
o Often used as the basis for other distributions (e.g., Ubuntu).
4. Arch Linux:
o Highly customizable and aimed at experienced users.
o Minimal out-of-the-box, encouraging users to build from the ground up.
5. Fedora:
o A cutting-edge distro, often used for testing the latest technologies.
o Serves as the upstream project for RHEL.

User Interfaces (UIs) in Linux

1. Graphical User Interfaces (GUIs):
o GNOME, KDE Plasma, XFCE, Cinnamon: Popular desktop environments offering different
visual and functional experiences.
o Use Cases: GUIs are preferred for desktop users who interact with the system for daily
tasks, but may also be used in lightweight environments like Raspberry Pi.
2. Command-Line Interface (CLI):
o Bash, Zsh, Fish: Linux systems primarily rely on command-line shells for administrative
tasks.
o Use Cases: CLIs are essential for server administration, scripting, automation, and
performing advanced system operations.
Linux distributions cater to different users—from beginners to advanced users—offering both
GUIs and CLIs. Choosing the right distribution and UI depends on the specific use case,
expertise, and needs of the system or network administration tasks.

1.5 Linux Operations Review

1.5.1 File System Hierarchy and Standard (FHS)

The File System Hierarchy Standard (FHS) defines the directory structure and directory
contents in Linux and Unix-like systems. It outlines how directories should be organized,
ensuring consistency across different Linux distributions.
 Key Directories in FHS

 /(Root Directory): The top-level directory, from which all other directories branch off.
 /bin: Contains essential user commands (e.g., ls, cp, mv), required for the system to
operate in single-user mode.
 /boot: Holds files needed for the bootloader, including the Linux kernel.
 /dev: Contains device files representing hardware devices (e.g., hard drives, keyboards).
 /etc: Holds system configuration files (e.g., passwd, hosts, fstab).
 /home: Directory containing user-specific data and configuration (each user has a sub-
directory within /home).
 /lib: Contains essential shared libraries and kernel modules required for booting.
 /mnt and /media: Used for mounting external devices (e.g., USB, CD-ROMs).
 /opt: For installing optional software that is not part of the standard Linux distribution.
 /proc: Virtual filesystem providing information about system processes and hardware.
 /root: The home directory for the superuser (root).
 /sbin: Contains essential system administration commands (e.g., ifconfig, fdisk).
 /tmp: Temporary files are stored here; usually cleaned up automatically.
 /usr: Secondary hierarchy containing user programs and libraries that are not essential for
system booting.
 /var: Contains variable data such as logs, spool files, and temporary storage for system
services (e.g., log, mail).

The FHS helps ensure that system files and user data are properly organized and
accessible, making it easier for administrators to navigate and manage Linux systems.

1.5.2 File System Commands

 Creating, Deleting, and Modifying Directories:
o mkdir: Creates a new directory.
o rmdir: Removes an empty directory.
o rm -r: Recursively removes a directory and its contents.
o mv: Moves or renames files and directories.
 Managing Files:
o touch: Creates or updates a file's timestamp.
o cp: Copies files.
o rm: Removes files.
o cat: Displays the contents of a file.
o head: Displays the first few lines of a file.
o tail: Displays the last few lines of a file.
 Permissions and Ownership:
o ls -l: Lists files with detailed permissions, ownership, and modification times.
o chmod: Changes file permissions.
o chown: Changes file ownership.
o chgrp: Changes file group ownership.
 Searching for Files:
o find: Searches for files based on various criteria (e.g., name, type, location, modification
time).
o locate: Searches for files using a database of file names and locations.
 Other Useful Commands:
o df: Displays disk usage.
o du: Displays disk usage of files and directories.
o lsof: Lists open files.
o free: Displays memory usage.
o top: Displays system processes and resource usage.

1.5.3 System Management Commands

 Booting and Shutting Down:
o reboot: Restarts the system.
o halt: Shuts down the system.
o poweroff: Shuts down the system and cuts power (if supported).
 Services and Processes:
o systemctl: Manages system services (e.g., starting, stopping, restarting).
o ps: Lists running processes.
o kill: Terminates a process.
o top: Displays system processes and resource usage.
 Networking:
o ifconfig: Configures network interfaces.
o ip: Advanced network configuration tool.
o ping: Tests network connectivity.
o traceroute: Traces the path of packets.
 Time and Date:
o date: Displays or sets the system time and date.
o timedatectl: Configures system time and date settings.
 User Management:
o useradd: Creates a new user account.
o userdel: Deletes a user account.
o passwd: Changes a user's password.
o groups: Lists user groups.
o sudo: Provides elevated privileges to users.

1.5.4 Additional Tips

 Practice Regularly: The best way to learn Linux system operations is through hands-on
practice.
 Use a Virtual Machine: Experiment with Linux distributions in a virtual machine
environment to avoid affecting your main system.
 Refer to Documentation: Consult the official documentation and online resources for
detailed information and examples.
 Join Online Communities: Participate in forums and communities to ask questions and
learn from others.

1.5.1.1 Single-rooted Hierarchy, Seamless and Extensible File Systems

Single-rooted Hierarchy

 In Linux and Unix-like systems, the file system is single-rooted, meaning there is a single
top-level directory called the root directory (/).
 All files, directories, devices, and partitions are part of this single hierarchy and branch out
from the root directory.
 Unlike Windows, where there may be separate file systems for each drive (C:, D:, etc.),
Linux unifies everything under a single root. For instance, external drives and partitions
are mounted under existing directories within the root hierarchy.

Seamless Integration

 In a single-rooted hierarchy, different file systems (e.g., external devices, network drives, or
partitions) are mounted to directories within the root structure, creating a seamless and
unified interface.
 Example: You might mount a USB drive to /mnt/usb, making it appear as part of the file
system tree, even though it's physically a separate device.
 Administrators can manage multiple file systems (e.g., ext4, NTFS, FAT32) within the same
file hierarchy, making it easier to access and work with various storage media.

Extensible File Systems

 Extensibility refers to the system's ability to grow and scale without major
reconfigurations. Linux file systems can be expanded easily, either by adding new storage
devices or by resizing partitions.
 The Logical Volume Manager (LVM) allows dynamic resizing of file systems, making it
easier to extend disk storage without interrupting system operations.

Common File Systems in Linux

 Ext4 (Fourth Extended File System): The most widely used Linux file system, known for
its reliability, performance, and scalability.
 XFS: High-performance journaling file system, commonly used in large-scale environments.
 Btrfs (B-tree File System): A modern file system with advanced features like snapshots,
compression, and dynamic resizing.
 ZFS: Offers high storage capacities, advanced data protection, and file system integrity
checks.

Key Advantages of Linux File Systems

 Flexibility: Linux file systems support a wide range of devices and partition types (local
and remote).
 Stability: Systems are rarely affected by file system crashes due to journaling and other
safeguards.
 Security: Linux's file system permissions and access controls (read, write, execute) provide
robust security.

1.5.1.2 Mounting Additional File Systems

Mounting refers to the process of attaching a file system (e.g., an external device, disk
partition, or network drive) to the existing file system hierarchy, so it can be accessed and
managed like any other directory.

Steps for Mounting a File System

1. Identify the Device:

o Use commands like lsblk (list block devices) or fdisk -l to identify the available disks and
partitions (e.g., /dev/sda1, /dev/sdb).
2. Create a Mount Point:
o The mount point is an empty directory where the file system will be attached.
o Example: To mount an external USB drive, create a directory like /mnt/usbdrive:
Bash

sudo mkdir /mnt/usbdrive

3. Mount the Device:
o Use the mount command to attach the file system to the mount point.
o Example:
Bash

sudo mount /dev/sdb1 /mnt/usbdrive

4. Unmount the Device:
o When finished using the device, unmount it to avoid data corruption.
o Example:
Bash

sudo umount /mnt/usbdrive

Additional Considerations

 File System Type: Specify the file system type using the -t option if necessary (e.g., -t ext4,
-t ntfs).
 Mount Options: Use mount options to control behavior (e.g., -o rw for read/write access, -
o ro for read-only access).
 Automatic Mounting: Configure /etc/fstab to automatically mount file systems at boot.
 Network File Systems (NFS): Mount network drives using NFS by specifying the server
and share name.
 Virtual File Systems (VFS): Linux supports various virtual file systems (e.g., procfs, sysfs)
for accessing system information.
By mastering the process of mounting file systems, administrators can easily access
and manage external storage devices, network drives, and other file systems within
their Linux environments.

Mounting File Systems Automatically

 You can configure file systems to be mounted automatically at boot by adding an entry to
the /etc/fstab file. This file defines which devices are mounted where and with what
options.
 Mounting Network File Systems

 Linux also supports mounting network file systems like NFS (Network File System) and
SMB/CIFS (for accessing Windows shares). These allow accessing remote file systems as
if they were local.
Example of mounting an NFS share:
Bash

sudo mount -t nfs 192.168.1.100:/sharedfolder /mnt/nfs

Explanation of the command:
 sudo: Executes the command with superuser privileges.
 mount: Mounts the file system.
 -t nfs: Specifies the file system type as NFS.
 192.168.1.100:/sharedfolder: The NFS server address and share name.
 /mnt/nfs: The local mount point where the remote share will be accessible.

Additional Considerations

 fstab Entries: The /etc/fstab file uses a specific format for entries. Refer to the
documentation for more details.
 NFS Configuration: Ensure that NFS is enabled and configured correctly on both the
server and client machines.
 SMB/CIFS Configuration: Install the necessary packages (e.g., cifs-utils) and configure
SMB/CIFS on both Windows and Linux systems.
 Security: Implement appropriate security measures (e.g., authentication, encryption)
when mounting network file systems.
By mastering these techniques, administrators can effectively manage and access file
systems from various sources within their Linux environments.
 1.5.1.3 File System Object-Oriented Design and File System Standards

Object-Oriented File System Design

 An object-oriented design in file systems refers to viewing each entity within the system
(files, directories, devices, etc.) as an object that can be interacted with in a uniform way.

Key Features of Object-Oriented File Systems

1. Uniformity: Files, directories, and devices are treated similarly as objects, making the
system modular and extensible.
2. Encapsulation: Each file or directory object manages its own data and metadata (e.g.,
ownership, permissions, timestamps).
3. Inheritance: File system objects can inherit properties (e.g., permissions) from their
parent objects.
4. Polymorphism: Objects in the file system can respond to the same commands (e.g., read,
write) differently based on their type (e.g., file, directory, device).

File System Standards

 FHS (File System Hierarchy Standard): As previously discussed, this standard defines the
structure and organization of file systems in Linux.
 POSIX (Portable Operating System Interface): A set of standards for maintaining
compatibility between Unix-like operating systems, including how file systems and
permissions are handled.
Other notable file system standards include EXT (Extended File System standards),
which govern the EXT family (EXT2, EXT3, EXT4), commonly used in Linux.
 1.5.1.4 Unix File and Directory Permissions

File and Directory Permissions in Unix/Linux

Unix-like systems, including Linux, implement a permissions model to control who can
access, modify, or execute files and directories.

Permission Types

 Read (r): Allows viewing the contents of a file or listing the contents of a directory.
 Write (w): Allows modifying or deleting the contents of a file or directory.
 Execute (x): Allows executing a file as a program or entering a directory.

User Classes

 Owner: The user who owns the file or directory.

 Group: A group of users to which the file or directory belongs.
 Others: All other users who have access to the system but don't belong to the owner's
group.

Permission Format

Permissions are represented as a string of 10 characters. For example:

-rwxr-xr--
 The first character (-) indicates the file type (- for a regular file, d for a directory).
 The next three characters (rwx) indicate the owner's permissions.
 The next three characters (r-x) indicate the group's permissions.
 The final three characters (r--) indicate the others' permissions.
 Changing Permissions

 Symbolic Mode:
Bash

chmod u+rwx,g+rx,o-r myfile

 Numeric Mode (Octal Notation):
Bash

chmod 750 myfile

1.5.1.4 Unix File and Directory Permissions (Continued)

Changing Ownership

 The chown command is used to change the ownership of a file or directory.

Bash

sudo chown user:group myfile

Special Permission Types

1. SetUID (Set User ID): When applied to an executable file, the process will run with the file
owner's permissions rather than the user who executed it.
o Symbolic representation: s in the owner's execute position.
o Octal representation: 4 (e.g., chmod 4755 filename).
2. SetGID (Set Group ID): When applied to a directory, files created within it inherit the
group ownership of the directory.
o Symbolic representation: s in the group's execute position.
o Octal representation: 2 (e.g., chmod 2755 dirname).
3. Sticky Bit: When applied to a directory, only the file owner can delete or modify files
within it.
o Symbolic representation: t in the others' execute position.
o Octal representation: 1 (e.g., chmod 1755 dirname).
 Example of Special Permissions

Consider a shared directory where multiple users can write files, but no one can delete files
except their owner. In this case, you would set the sticky bit:
Bash

chmod +t /shared_directory

1.5.2 Essential Shell Commands

1.5.2.1 Basic File Manipulation Commands and Directory Navigation Commands

Basic File Manipulation Commands

1. ls (List Files):
o Displays the contents of a directory.
o Example:
Bash

ls -l
2. cp (Copy Files):
o Copies files or directories.
o Example:
Bash

cp file1 file2
3. mv (Move/Rename Files):
o Moves or renames files or directories.
o Example:
Bash

mv file1 /home/user/destination/
4. rm (Remove Files):
o Deletes files or directories.
o Example:
Bash
 rm file1
5. touch (Create Empty Files):
o Creates an empty file or updates the timestamp of an existing file.
o Example:
Bash

touch newfile.txt
6. cat (Concatenate and Display Files):
o Displays the content of a file.
o Example:
Bash

cat file1
7. nano or vi (Text Editors):
o Simple text editors used to modify files within the shell.
o Example:
Bash

nano file1
vi file1

Directory Navigation Commands

 cd (Change Directory):
o Navigates to a different directory.
o Example:
Bash

cd /home/user
 pwd (Print Working Directory):
o Displays the current working directory.
o Example:
Bash

pwd
 mkdir (Make Directory):
o Creates a new directory.
o Example:
Bash

mkdir newdirectory
 rmdir (Remove Directory):
o Deletes an empty directory.
o Example:
Bash

rmdir emptydir
 find (Search for Files/Directories):
o Searches for files or directories based on specified criteria.
o Example:
Bash

find /home/user -name "filename.txt"

 du (Disk Usage):
o Shows the size of files and directories.
o Example:
Bash

du -h

1.5.2.2 Process Management Commands

 ps (Process Status):
o Lists running processes.
o Example:
Bash

ps aux
 top (System Monitor):
o Displays a list of running processes, their CPU usage, memory consumption, and other
statistics.
o Example:
Bash
 top
 kill (Terminate Processes):
o Terminates a running process.
o Example:
Bash

kill 1234
 jobs (List Background Jobs):
o Lists background jobs that are running or suspended.
o Example:
Bash

jobs
 fg (Foreground Job):
o Brings a background job to the foreground.
o Example:
Bash

fg %1
1.5.2.2 Advanced File Manipulation Commands (Init, Processes, and Threads)

Process and Thread Management

 ps (Process Status):
o Displays information about active processes.
o Example:
Bash

ps aux
 top (Real-time Process Monitoring):
o Shows a real-time view of running processes and their resource usage.
o Example:
Bash

top
 htop (Improved top with an Interactive Interface):
o An advanced process manager with a better user interface and functionality.
 kill and killall (Terminate Processes):
o Terminates a process using its process ID (PID).
o Example:
Bash

kill 1234
killall firefox
 nice and renice (Process Priority Management):
o Adjusts the priority of a process. A lower "nice" value increases priority.
o Example:
Bash

nice -n 10 processname
renice -n 5 1234
 jobs, fg, bg:
o jobs: Displays background jobs.
o fg: Brings a background job to the foreground.
o bg: Sends a job to run in the background.
 init and systemd (System Initialization):
o init: Legacy system and service manager. Used to initialize processes during booting.
o systemd: A more modern and commonly used system and service manager that starts up
and maintains processes.
o Example:
Bash

systemctl start servicename

systemctl stop servicename

Other Advanced Commands

 tar (Archive Files):

o Combines multiple files into a single archive file (e.g., .tar, .tar.gz).
o Example:
 Bash

tar -cvf archive.tar file1 file2

 grep (Search within Files):
o Searches for patterns in files.
o Example:
Bash

grep "searchstring" filename

 chmod, chown (Permissions and Ownership Management):
o Changes file permissions and ownership (as discussed previously).
 df (Disk Free Space):
o Displays available disk space on mounted file systems.
o Example:
Bash

df -h

1.5.3 Advanced Shell Features

The shell offers several advanced features to streamline system administration and
scripting in Linux.

Combining Commands

 Pipelines (|): Connect the output of one command to the input of another.
o Example:
Bash

ps aux | grep firefox

This command lists all processes and then filters for those related to firefox.

Redirecting Output

 Output Redirection (>): Redirect the output of a command to a file, overwriting existing
content.
o Example:
Bash

echo "Hello, World" > file.txt

 Append (>>): Append the output to the file without overwriting.
o Example:
Bash

echo "Appending text" >> file.txt

Command Substitution

 Capture the output of one command and use it as an argument in another.

o Example:
Bash

echo "The current directory is $(pwd)"

Job Control (&, bg, fg)
 Background Processes (&): Run a command in the background by appending & to it.
o Example:
Bash

firefox &
 bg and fg: Manage background jobs, bringing them to the foreground or resuming them.

Environment Variables

 Environment variables store information used by programs and the shell itself.
o Example:
Bash

echo $PATH
Displays the directories where the shell looks for executable files.

 Setting Variables:
o Example:
 Bash

export MYVAR="Hello"
echo $MYVAR

Shell Scripting

 Shell scripts are programs written in the shell language (e.g., Bash) to automate tasks.
o A basic script example:
Bash

#!/bin/bash
echo "This is a basic shell script."
ls -l
 Save the script as script.sh.
 Make it executable with chmod +x script.sh.
 Run it with ./script.sh.

Aliases

 Aliases create shortcuts for frequently used commands.

o Example:
Bash

alias ll='ls -l'

Shell History (history command)
 history displays a list of previously executed commands.
o Example:
Bash

history | grep "cp"

Shows commands from the history containing "cp".

Command Chaining (&& and ||)

 && (AND): Executes the second command only if the first command succeeds.
o Example:
 Bash

mkdir newdir && cd newdir

 || (OR): Executes the second command only if the first command fails.
o Example:
Bash

mkdir newdir || echo "Directory creation failed"

Wildcards (*, ?, [])
 Wildcards are used for pattern matching in filenames or directories.
o * (Asterisk): Matches zero or more characters.
Bash

ls *.txt
o ? (Question mark): Matches a single character.
o [] (Square brackets): Matches characters within the brackets.
By understanding these advanced features, you can significantly enhance your efficiency
and automation capabilities when working with the shell.

CHAPTER 2: ACCOUNT AND SECURITY ADMINISTRATION, AND ACCESS CONTROL

(DAC, RBAC) (3 HRS)

2.1 What is Account and Security Administration?

Account and Security Administration

Account and Security Administration refers to managing user and group accounts and
setting up appropriate security policies to ensure that only authorized users have access to
system resources. This encompasses creating, deleting, and managing user accounts,
assigning them to groups, and ensuring proper access controls and security configurations
are in place.
System administrators are responsible for maintaining security by managing user
privileges, protecting data, enforcing password policies, and setting up access controls
based on roles and responsibilities.
Key elements of account and security administration include:
 User Accounts: Individual accounts assigned to users to access the system and its
resources.
 Group Accounts: Collections of user accounts that allow administrators to apply
permissions and roles to multiple users simultaneously.
 Security Policies: Enforce password requirements, access control, and authentication
mechanisms to safeguard the system.

2.1.1 What are User and Group Concepts, and User Private Group Scheme?

User Concepts
A user in a Linux or Unix-like system is any individual who interacts with the system. Each
user is associated with an account, which grants access to system resources based on their
permissions. Users are assigned unique identifiers and can belong to one or more groups
that define their roles and privileges.

Components of a User Account

1. Username: A unique identifier chosen by the user or system administrator (e.g., john,
admin).
2. User ID (UID): A unique numerical identifier assigned to each user (e.g., 1000, 1001). The
system uses this number internally to identify the user.
3. Home Directory: A private directory assigned to each user to store personal files
(/home/username).
4. Shell: The command-line interpreter associated with the user (e.g., /bin/bash).
5. Password: A secret key used to authenticate the user when logging in.
6. UID 0 (Root User): The root user (UID 0) is the superuser with unrestricted access to all
system files and commands.

User Management Tasks

 Adding a User: System administrators use commands like useradd to create a new user
account. - Example: bash sudo useradd -m john sudo passwd john
 Deleting a User: To remove a user account, the userdel command is used. - Example:
bash sudo userdel -r john
 Modifying a User: The usermod command modifies user attributes such as home
directories, groups, or shell settings. - Example: bash sudo usermod -s /bin/zsh john

2.1.1 User and Group Concepts (Continued)

Group Concepts
 Group: A collection of users who share common access permissions.
 Components of a Group:
o Group Name
o Group ID (GID)
o Group Members

Types of Groups:
o Primary Group: Automatically assigned to each user.
o Secondary Groups: Additional groups a user belongs to.

1. Group Management Tasks

 Adding a Group:
Bash

sudo groupadd developers

 Adding a User to a Group:
Bash

sudo usermod -aG developers john

 Listing User Groups:
Bash

groups john
 Removing a User from a Group:
Bash

sudo gpasswd -d john developers

 2. User Private Group (UPG) Scheme
 UPG: A scheme where each user has a private group with the same name.
 Advantages:
o Simplified permissions management
o Enhanced security
o File sharing flexibility

UPG in Action

1. A user creates a file, and it is automatically assigned the permissions -rw-r--r-- (644).
2. The user can share the file with others by adding them to the same group.

2.1.2 User Administration, Modifying Accounts, and Group Administration

User Administration
 Adding a User:
Bash

sudo useradd -m john

sudo passwd john
 Modifying a User:
o Changing shell:
Bash

sudo usermod -s /bin/bash john

o Changing home directory:
Bash

sudo usermod -d /new/home john

o Adding to a group:
Bash

sudo usermod -aG developers john

 Deleting a User:
Bash

sudo userdel -r john

 Group Administration
 Adding a Group:
Bash

sudo groupadd developers

 Modifying a Group:
o Changing name:
Bash

sudo groupmod -n newdevelopers developers

o Changing GID:
Bash

sudo groupmod -g 2000 developers

 Deleting a Group:
Bash

sudo groupdel developers

 Adding Users to Groups:
Bash

sudo usermod -aG sudo john

 Listing Group Membership:
Bash

groups john

2.1.3 Password Aging and Default User Files

Password Aging
 Password aging is a security measure used to enforce password expiration and renewal
policies.
 Key settings:
o Maximum Password Age
o Minimum Password Age
o Warning Period
 Using chage command:
o View password aging information:
 Bash

sudo chage -l john

o Set password aging policy:
Bash

sudo chage -M 90 -m 10 -W 7 john

o Force immediate password change:
Bash

sudo chage -d 0 john

Default User Files

 Default user files are automatically created for new users.

 Common default files:
o .bashrc: Bash shell configuration file.
o .bash_profile: Another Bash shell configuration file.
o .profile: System-wide shell configuration file.
o .Xdefaults: X Window System configuration file.
o .ssh directory: Contains SSH keys for secure remote login.

2.1.3 Password Aging and Default User Files (Continued)

Default User Files

 Default user files are automatically created for new users.
 Common default files:
o .bashrc: Bash shell configuration file.
o .bash_profile: Another Bash shell configuration file.
o .profile: System-wide shell configuration file.
o .Xdefaults: X Window System configuration file.
o .ssh directory: Contains SSH keys for secure remote login.
The /etc/skel Directory
 /etc/skel contains skeleton files copied to new users' home directories.
 Purpose: Provides a standard configuration for new users.
 Customization: Administrators can modify files in /etc/skel to customize the default
environment for new users.
Example:
 Add a default welcome message:
Bash

echo "Welcome to the system!" >> /etc/skel/.bashrc

Conclusion:
User and group administration** is essential for controlling access to system resources, while
**password aging** policies help enhance security by enforcing password renewal. Default
user files, managed through the `/etc/skel` directory, provide a standard configuration
environment for all new users, ensuring consistency and allowing customization by
administrators. Together, these concepts ensure effective management and security of user
accounts in any Linux or Unix-based system.

2.2 Managing Files and Folder Permissions (Continued)

File and Folder Permissions

 Permissions: Define who can read, write, or execute files and directories.
 Permission Types:
o r (read): Allows viewing the file's contents or listing directory contents.
o w (write): Allows modifying the file or directory.
o x (execute): Allows executing a file or accessing a directory.
 Permission Representation:
o Symbolic notation: rwxr-xr--
o Octal notation: 754

Managing File Ownership

 Ownership: Defines who controls a file or directory.
 Attributes:
o User (Owner): The individual user.
o Group: The group associated with the file or directory.
 Commands:
o chown: Changes ownership.
o chgrp: Changes group ownership.

Examples

 Changing the Owner of a File:

Bash

sudo chown john myfile.txt

 Changing the Owner and Group of a File:
Bash

sudo chown john:developers myfile.txt

 Changing Ownership Recursively:
Bash

sudo chown -R john:developers /project

You've provided the correct information and examples for changing file ownership using
chown. Here's a summary:
Changing File Ownership with chown
 Syntax:
Bash

chown [options] <new_owner>:<new_group> <file>

 Options:
o -R: Recursively change ownership for all files and directories within a directory.
o -h: Change ownership of symbolic links instead of the target files.
 Examples:
o Change the owner of a file:
Bash

sudo chown john myfile.txt

o Change owner and group of a file:
Bash

sudo chown john:developers myfile.txt

o Change ownership recursively:
Bash
 sudo chown -R john:developers /project
Remember:
 To change ownership, you typically need sudo privileges or be the root user.
 The -R option is useful for changing ownership for multiple files or directories at once.
 The -h option is helpful when dealing with symbolic links.
File Permissions and Access Control in Linux

This section builds upon your understanding of file ownership and dives into managing file
permissions for secure access control.

Understanding File Permissions

 Permissions define who can read (r), write (w), or execute (x) files or directories.
 Three permission sets:
o User (Owner): Permissions for the file owner.
o Group: Permissions for the group associated with the file.
o Others: Permissions for all other users on the system.
 Symbolic notation: Uses r, w, and x to represent permissions.
 Octal notation: Uses numbers to represent permission combinations.
Setting File Permissions with chmod
The chmod command allows modifying file permissions.
Syntax:
Bash

chmod [options] <permissions> <file>

Options:
 -R: Apply changes recursively to directories and their contents.
Examples:
1. Grant full permissions to the owner (symbolic):
Bash

chmod u+rwx file.txt

2. Remove write permission for group and others (symbolic):
Bash

chmod go-w file.txt

3. Set permissions with octal notation:
Bash

chmod 755 script.sh

o Breakdown:
 7: Owner has read, write, and execute (rwx).
 5: Group and others have read and execute (rx).
4. Apply permissions recursively:
Bash

chmod -R 755 /var/www

o Changes permissions for /var/www and its contents to read, write, and execute for owner,
read and execute for group and others.
Remember:
 sudo privileges are often needed for changing permissions.
 Use chmod cautiously, especially when dealing with system files.
You've provided a comprehensive overview of advanced access control mechanisms in
Linux. Here's a summary of the key points:

Advanced Access Control

 Sticky Bit:
o Ensures only the file owner can delete or rename files in a directory.
o Set using chmod +t.
 SetUID and SetGID Bits:
o SetUID: Allows a process to run with the owner's permissions, not the user's.
o SetGID: Files created in a directory inherit the directory's group ownership.
o Set using chmod u+s or chmod g+s.
 Access Control Lists (ACLs):
o Provide granular permissions beyond the standard owner-group-other model.
o Set using setfacl and view using getfacl.

2.2.3 Managing Disk Quotas (Continued)

Setting Up Disk Quotas (Continued)

3. Assign Quotas to Users or Groups:
 Use edquota to edit quota limits:
Bash

sudo edquota john

Example quota entry:
Disk quotas for user john (uid 1001):
Filesystem blocks soft hard inodes soft hard
/dev/sda1 1200 5000 6000 100 500 600
 blocks: The amount of disk space the user is using.
 soft/hard block limits: The soft and hard limits for disk space.
 inodes: The number of files and directories the user owns.
 soft/hard inode limits: The soft and hard limits for inodes.
4. Configure Grace Periods:
 Set grace periods using edquota -t.
5. Enable Quota Enforcement:
 Use quotaon to enable quotas:
Bash

sudo quotaon -v /
Additional Considerations:
 Quota Reporting: Use repquota to view quota usage.
 Adjusting Quotas: Modify quota limits using edquota as needed.
 Quota Enforcement: Ensure quotas are enforced consistently.
By effectively managing disk quotas, administrators can prevent excessive disk
usage and ensure fair resource allocation among users.
You've provided a comprehensive overview of disk quota management in Linux. Here's a
summary of the key points:

Disk Quotas
 Purpose: Limit disk space and inode usage for users and groups.
 Types:
o Soft Quota: A limit that can be exceeded temporarily.
o Hard Quota: A strict limit that cannot be exceeded.
 Setup:
 1. Enable quotas in /etc/fstab.
2. Initialize quota files using quotacheck.
3. Assign quotas using edquota.
4. Configure grace periods using edquota -t.
5. Enable quota enforcement using quotaon.

Viewing Quota Usage

 repquota: Shows quota usage for all users and groups.
 quota: Shows quota usage for a specific user.

Best Practices
 Use soft quotas for warnings.
 Monitor disk usage regularly.
 Apply quotas to groups for efficient management.
 Educate users about disk quotas.
By effectively managing disk quotas, administrators can ensure fair resource
allocation and prevent excessive disk usage.

Conclusion:
Controlling access to files** using permissions, ACLs, and advanced features like sticky bits
and setuid is essential for maintaining security and organization on a system. **Disk quotas**
are vital for managing resources, preventing individual users or groups from consuming
excessive disk space, which could impact system performance. Properly managing file access
and quotas is key to a stable, secure, and efficient multi-user environment.
CHAPTER 3: FILE SYSTEMS AND MANAGEMENT OF DATA STORAGES (4HR)