How To Allow Normal User Run Commands As Root In Linux with sudo Command?
We have an application that needs higher privileges than normal user. This application may be run with root user. But we need to run this application with normal user with root privileges.
Sudo Command
sudo command is used to elevate user privileges to higher. Generally used to run commands as root user. Commands issued with sudo are logged into /var/log/auth.log
In this example we will print the /etc/shadow file which is only printed with the root user. In order to get root privileges we will use sudo .
Sudo Command
Sudoers
Sudoers is sudo configuration file where sudo enabled users are list. Beyond listing users also their permissions are set in this file. Sudoers file can be access from /etc/sudoers . Example sudoers file can be found below
Add User To Wheel Group To Enable Admin Access
There are different ways to get root privileges. Most used way is to add user to the wheel group. Whell is a special group where users in this group have root privileges.
Now user test2 can run higher privilege commands like below
Add User Specifically In The Sudoers File
We can add user test2 to the sudoers file like adding following line.
We will add our user with echo to the /etc/sudoers file
test2 is the username
ALL=(ALL) ALL line will add all privileges to the test2 user.
Sudo Usage Log
sudo command usage is important because it will give root access to the normal users. The actions of the users should be saved in to a log file. sudo command log files are stored in the /var/log/auth.log .
How To Allow Normal User Run Commands As Root In Linux with sudo Command? Infografic
Источник
Linux List All Users In The System Command
Tutorial requirements
Requirements
Linux
Root privileges
No
Difficulty
Easy
Est. reading time
5 mintues
Table of contents
Linux list all users account using the /etc/passwd file
In order to list all users on Linux, use the cat command as follows: $ cat /etc/passwd Here is what I see:
Each line in the file has seven fields as follows. For example, consider the following line: vnstat:x:131:137:vnstat daemon. /var/lib/vnstat:/usr/sbin/nologin Where,
No ads and tracking
In-depth guides for developers and sysadmins at Opensourceflare✨
Join my Patreon to support independent content creators and start reading latest guides:
How to set up Redis sentinel cluster on Ubuntu or Debian Linux
How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
vnstat – The user name or login name.
x – Encrypted password is stored in the /etc/shadow file.
131 – UID (user ID number)
137 – Primary GID (group ID number)
vnstat daemon – GECOS. It may includes user’s full name (or application name, if the account is for a program), building and room number or contact person, office telephone number, home telephone number and any other contact information.
/var/lib/vnstat – Home directory for the user.
/usr/sbin/nologin – Login shell for the user. Pathnames of valid login shells comes from the /etc/shells file.
How to list users in Linux using pagers
Of course we can use pagers such as more/less commands as follows to view the /etc/passwd file: $ more /etc/passwd $ less /etc/passwd Sample outputs:
Fig.01: List users using /etc/passwd
Linux list user names only
To list only usernames type the following awk command: $ awk -F’:’ ‘< print $1>‘ /etc/passwd Sample outputs:
Another option is to use the cut command: $ cut -d: -f1 /etc/passwd
Get a list of all users using the getent command
To get a list of all Linux users you can type the following getent command: $ getent passwd $ getent passwd | grep tom ## get a list all users ## $ getent passwd | cut -d: -f1 ## count all user accounts using the wc ## $ getent passwd | wc -l One can use the compgen command on Linux to list users and other resources too: $ compgen -u
Find out whether a user account exists in the Linux server
We can use above commands to see whether a user exists in the Linux machine as follows using the grep command:
A simplified command would be:
How to count user accounts in the Linux server
Want to get user accounts count on your system? Try the wc command as follows: $ compgen -u | wc -l $ getent passwd | wc -l
A Note About System and General Users
Each user has numerical user ID called UID. It is defined in /etc/passwd file. The UID for each user is automatically selected using /etc/login.defs file when you use useradd command. To see current value, enter: $ grep «^UID_MIN» /etc/login.defs $ grep UID_MIN /etc/login.defs Sample outputs:
1000 is minimum values for automatic uid selection in useradd command. In other words all normal system users must have UID >= 1000 and only those users are allowed to login into system if shell is bash/csh/tcsh/ksh etc as defined /etc/shells file. Type the following command to list all login users:
To see maximum values for automatic uid selection in the useradd command, enter: $ grep «^UID_MAX» /etc/login.defs Sample outputs:
In other words, all normal system users must have UID >= 1000 (MIN) and UID /etc/shells file. Here is an updated code to get details:
Источник
How to Block or Disable Normal User Logins in Linux
As a system administrator, you will inevitably perform scheduled system maintenances at some point or another. A few times, your system may also encounter some problem(s) and you will be forced to put it down to fix the problem(s). What ever the situations is, it is a good idea to prevent non-root(normal) users from connecting to the system.
In this article, we will describe how to block non-root users logins using /etc/nologin file as well as a nologin shell in Linux. We will look at how to set a message that explains to users what is actually happening.
How to Block User Logins Using /etc/nologin File
The primary function of /etc/nologin file is to display a message (stored in the file) to users attempting to log on to a system during the process of shutdown.
Once the message has been displayed to the user, the login procedure terminates, preventing the user from logging onto the system.
This can be used to block user login by manually creating the file as follows.
Add the message below to the file, which will be shown to users attempting to log on to the system.
Now you can test if it all works; as you can see from the screen shot below, a normal user tecmint is not able to login.
Block User Login in Linux
How to Block User Logins Using nologin Shell
This method works a little differently: it only blocks a user from accessing a shell. But he or she can log on to the system via programs such as ftp that do not necessarily require a shell for the user to connect to a system.
Additionally, it can allow you to block shell access to specific users in special scenarios.
On RHEL/CentOS/Fedora
Simply use chsh (change shell) command to change the users shell in /etc/passwd file from something like /bin/bash or /bin/sh to /sbin/nologin meaning refuse a login.
On Debian/Ubuntu
Here, you have to use /bin/false file. The command below changes the user tecmint’s shell to /bin/false meaning do nothing (after user provides login credentials):
You may also like to read these following related articles.
That’s all for now! If you have any questions or additional ideas to share concerning this topic, make use of the comment form below.
If You Appreciate What We Do Here On TecMint, You Should Consider:
TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.
If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.
We are thankful for your never ending support.
Источник
3 Ways to Change a Users Default Shell in Linux
In this article, we will describe how to change a user’s shell in Linux. The shell is a program that accepts and interprets commands; there are several shells such as bash, sh, ksh, zsh, fish and many other lesser known shells available on Linux.
Bash (/bin/bash) is a popular shell on most if not all Linux systems, and it’s normally the default shell for user accounts.
There are several reasons for changing a user’s shell in Linux including the following:
To block or disable normal user logins in Linux using a nologin shell.
Use a shell wrapper script or program to login user commands before they are sent to a shell for execution. Here, you specify the shell wrapper as a user’s login shell.
To meet a user’s demands (wants to use a specific shell), especially those with administrative rights.
When creating user accounts with the useradd or adduser utilities, the —shell flag can be used to specify the name of a user’s login shell other than that specified in the respective configuration files.
A login shell can be accessed from a text based interface or via a SSH from remote Linux machine. However, if you login via a graphical user interface (GUI), you can access the shell from a terminal emulators like xterm, konsole and many more.
Let’s first list all available shells on your Linux system, type.
Before you proceed any further, note that:
A user can change their own shell to any thing: which, however must be listed in the /etc/shells file.
Only root can run a shell not listed in /etc/shells file.
If an account has a restricted login shell, then only root can change that user’s shell.
Now let’s discuss three different ways to change Linux user shell.
1. usermod Utility
usermod is a utility for modifying a user’s account details, stored in the /etc/passwd file and the -s or —shell option is used to change the user’s login shell.
In this example, we’ll first check user tecmint’s account information to view his default login shell and then change its login shell from /bin/sh to /bin/bash as follows.
Change User Shell using Usermod
2. chsh Utility
chsh is a command line utility for changing a login shell with the -s or –shell option like this.
Change User Shell Using chsh
The two methods above all modify the shell specified in /etc/passwd file which you can edit manually as in the third method below.
3. Change User Shell in /etc/passwd File
In this method, simply open the /etc/passwd file using any of your favorite command line text editors and change a specific users shell.
Change User Shell in Passwd File
When your done editing, save and close the file.
Do not forget to read these related topics:
In this article, we described various ways of changing a user’s shell in Linux. To share any thoughts with us, use the comment section below.
If You Appreciate What We Do Here On TecMint, You Should Consider:
TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.
If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.
We are thankful for your never ending support.
Источник
How to check List users in Linux Complete Guide for Beginners 2021
There are commands to create user in Linux, delete user, add a user to group, and see logged in user but Is there any command to list users in Linux?
No, there is no command to list users in Linux.
Now, what will you do if you want to see available users in your Linux system/server?
This article is all about to list users in Linux using some other commands and tricks.
Get a list users in Linux from /etc/ passwd file
User information is saved in /etc/ passwd file. this file contains one line for each user account. you can easily get list users from /etc/password file using a combination of cat command and grep command.
This command will show all fields and content of this file, The first field of the line consist username. other fields contain the following information
User name
Encrypted password (x means that the password is stored in the /etc/shadow file)
User ID number (UID)
User’s group ID number (GID)
Full name of the user (GECOS)
User home directory
Login shell (defaults to /bin/bash)
If you want to display only first field ( usrname ) form passwd file then use awk or cut command.
File is created in current directory name users.txt, if you want to save another location give the full path instead of users.txt
More formated awk command to retrieve the username and other information from /etc/ passwd file
Use getent command to see list users
Getent is a utility used to fetch data entries form databases supported by the Name Service Library. In Linux, this data b asese is configured into /etc/ nsswitct .conf file including passwd datase . To get users list linux by type the follwoing syntax.
To Check total users on your system in numbers use the following command
$getent passwd | wc -l
Total users on my systems are 53 only.
Check the existence of a user in the Linux system
If you have very long list of users, some time may be 1000 (It is possible, because big server has 1000s users). a will you know user exists in your system/server or not?
For example, Your hr madam asks “please check john user is exist on your system, having following problem to log in system”
You can use the following command to check whether a user exists in the system or not.
$ getent passwd | grep john
If the user exists the command above will print the user’s login information. If there is no output that means the user doesn’t exist means the user doesn’t exist.
Vijay user is exist on this system so it gvie the result. And john user doesn’t exist on this system so no result. See example below:
Normal users and System Users
There is no technical difference between normal user and system users. System user is being created default at the time of installation process and have nologin shell.
In other hand normal user is created by system administrator.
UID is the numeric value for each user, difined in file /etc/ passwd . When you run useradd command to create user in linux , user select automatically UID for /etc/login.defs. lol
To check the minimume and maximume user ID’s values on your system. You can use following command:
$grep -E ‘^UID_MIN|^UID_MAX’ /etc/login.defs
Above result, you can see that all normal users have UID between 1000 and 60000.
Following command will be used to list all normal users in your Linux system:
In the above result, all users have been created by me in last tutorial How to create user in linux.
Some advanced commands and outputs
Conclusion
In this tutorial, you learned how to list users in the Linux system, filter them using different methods. and what are the main differences between system users and normal Linux users?
The same commands apply for any Linux distribution, including Ubuntu, CentOS, RHEL, Debian and Linux Mint.
If you have any question, feel free comment below. You can contact me through [email protected]
Sudo Command
Block User Login in Linux
