Estimated Time: 30 minutes
Objective
In this lab, the student will learn how to create, rename, and delete groups using the Linux operating system. The student will also add a member to a group, and modify group permissions.
Equipment
The following equipment is required for this exercise:
A computer with Knoppix 3.9 running.
Scenario
A few members in the Engineering Department, who are using Linux, are going to be working on classified documents. They need to have their own group created so they can keep these documents in certain folders that only their group will have permissions to. A group must be created and members added to this group.
Procedures
In this lab, the student will first create the engineering group and add a user account to this group. The student will then rename the group. In the last step, the student will delete the group.
Tips:
• User permissions apply to the owner of the file or directory
• Group permissions apply to the members of the group that are assigned to a file or directory
• Linux stores group information in the /etc/group file.
Preliminary step
First, click the Knoppix Penguin icon, to get to the root shell.
Assign yourself a root password with the passwd command, and enter the password twice.
passwd
Changing password for user root.
Enter new UNIX password:
Retype new UNIX password:
The password will be successfully updated.
If you do not currently have a user account, create one now, based on your name. For example, Maria Chavez could create a user account like this:
useradd –m mchavez
As root, assign your new account a password in this way. For Maria’s case, she would type (while logged in as root):
passwd mchavez
Changing password for user mchavez.
Enter new UNIX password:
Retype new UNIX password:
Type it twice and it will be accepted.
In Knoppix, passwords are locked by default. That is why mchavez couldn’t create her own password immediately after her user account was created. Root has to do it.
Step 1: Creating a Group and Adding Users to the Group
Use the account you created earlier (or mchavez) while doing this lab. In addition, create another user account called temp1, with a password, who will not be in your group. Refer back to Part 1 for this if you need to.
1. Login with the root account.
2. At the command prompt, type:
groupadd engineering
This will create the engineering group.
3. Next, add your account to the new engineering group by typing:
usermod –G engineering mchavez
This will add the mchavez account to the engineering group.
4. Verify that the new group has been created by typing:
grep mchavez /etc/group
The grep command looks for strings of text. In this case, the user asked the grep command to look in the /etc/group file for anything named mchavez. What were the results?
__________________________________________________________________
________________________________________________________________________
Step 2: Create a Working Directory for the Engineering Group 1. As the root user, go to the /home directory:
cd /home
2. Create a new directory:
mkdir eng
3. Verify that the new directory exists:
ls –l
Notice the words root root in the line for the eng directory.
The first root indicates that the root user owns the eng directory.
The second root refers to a group (also called root) whose members have access to the eng directory.
4. Change the group membership of the eng directory with the following command:
chgrp engineering eng
5. Verify that group membership has changed from root to engineering:
ls –l
Which group’s members now have membership in the eng directory?
____________________________________________________________________
6. Change the permissions of the engineering directory:
chmod 771 eng
7. Verify that permissions of the directory have changed:
ls -l
Write down the permissions you see in the listing. Do you know how they correspond to the Octal number 771? You may have to ask the instructor.
Contents of root’s home directory. Notice the entry for the /eng directory Note:
Both the root account and the engineering group have the same Read, Write, and Execute permissions. The third group, called “everyone”, or “other” has Execute privileges only.
Step 3: Creating Files in the eng Directory 1. Switch users from root to the mchavez account:
su – mchavez
2. Go into the eng directory:
cd /home/eng 3. Create a file. Type:
touch grp_file
The touch command creates a file, although it has nothing in it.
4. Verify that the new file was created:
ls –l
Is the file grp_file there? Y/N
____________
5. Exit from the mchavez account. Type exit
Now switch to a user temp1 who is not a member of the engineering group:
su – temp1
6. Go to the /home/eng directory:
cd /home/eng 7. Create a file:
touch grp_file1 What happened?
__________________________________________________________
Try typing:
ls –l
What happened? Why?
__________________________________________________________
Step 4: Deleting the eng directory 1. Log back in as the root user:
exit
2. Verify that you are the root user:
whoami
3. Go to the /home directory:
cd /home
4. Delete the eng dir and its contents:
rm –r eng
When prompted to descend into directory eng, type Y for yes.
When prompted to delete the files, type Y for yes.
When prompted to delete the directory, type Y for yes.
5. Verify that the eng directory has been removed:
ls –l
Is the eng directory gone? Y/N
____________
Step 5: Renaming a Group 1. At the command prompt, type:
groupmod –n engineers engineering Press Enter. This will rename the group.
2. Verify that the group name changed:
grep engineers /etc/group What is the output?
____________________________________________
Step 6: Deleting a Group 1. At the command prompt type:
groupdel engineers
Press Enter. This will delete the group.
2. Verify with the grep command:
grep engineers /etc/group
If the grep command returns with no output, it did not find anything in the file.
Troubleshooting
To create accounts in Knoppix, the user must be logged in as the root user. If problems are encountered while creating these accounts, verify that the user has the necessary administrative privileges.
Reflection
Why is it important that only an administrator be allowed to create groups?