sudo = POWER!! (managing users in Linux) // Linux for Hackers // EP4
Summary
TLDRThis video script is a fun and educational journey into Linux user management, presented through a 'hacking' lens with a Marvel Avengers theme. It covers creating and deleting users, changing user details, and understanding permissions with sudo. The tutorial uses a free Linux lab provided by Hack The Box Academy, allowing viewers to follow along and learn essential Linux skills while engaging with the entertaining narrative of assembling the Avengers to stop Thanos.
Takeaways
- π The video is an educational tutorial on managing users in Linux, covering creation, deletion, and modification of user accounts.
- π οΈ The script introduces commands like 'adduser' and 'useradd' for creating users, with 'adduser' being more interactive and 'useradd' being quicker but less detailed.
- π It explains the importance of the 'sudo' command, which provides superuser permissions for executing commands that require higher privileges.
- π€ The video uses a humorous analogy of assembling the Avengers to fight Thanos, relating to the process of adding users and granting them powers in a Linux system.
- π The script covers the significance of the '/etc/passwd' and '/etc/shadow' files, which store user account information and hashed passwords, respectively.
- π€ It discusses the concept of User IDs (UID) and Group IDs (GID), which are assigned to users and groups upon creation.
- π The tutorial mentions the creation of home directories for users and how some commands, like 'useradd', do not create them by default.
- π The script explains how to modify user accounts using the 'usermod' command, allowing changes to properties like shell preference and username.
- π₯ The importance of groups in Linux is highlighted, showing how users can be part of multiple groups and how to manage group memberships.
- πͺ The 'sudoers' file is introduced as the key configuration file that defines who can use 'sudo' and what commands they are allowed to execute.
- ποΈ The process of deleting users and groups is covered, demonstrating how to remove accounts and groups using 'userdel' and 'groupdel' commands.
Q & A
What is the main topic of the video script?
-The main topic of the video script is managing users in Linux, including creating, deleting, and modifying user accounts, as well as understanding permissions and the sudo command.
What is the significance of the 'add user' and 'user add' commands in Linux?
-The 'add user' command is used to create a new user account in Linux and it performs additional setup tasks such as creating a home directory and setting a default shell. The 'user add' command also creates a new user but does not perform these additional tasks, hence it's considered 'lazy'.
What does the 'sudo' command represent in Linux?
-The 'sudo' command stands for 'super user do' and allows a permitted user to execute a command as the superuser or another user, effectively granting temporary root privileges for that command.
How can you check the list of users on a Linux system?
-You can check the list of users on a Linux system by using the 'cat /etc/passwd' command, which displays the contents of the passwd file containing user account information.
What file stores the hashed passwords in Linux?
-The hashed passwords in Linux are stored in the '/etc/shadow' file.
What is the purpose of the 'usermod' command in Linux?
-The 'usermod' command is used to modify the details of an existing user account, such as changing the user's shell, home directory, or group memberships.
What does the 'su' command do, and how is it different from 'sudo'?
-The 'su' command is used to switch to another user account, optionally becoming that user by providing their password. It is different from 'sudo', which allows a user to run a single command with the privileges of another user, typically the superuser.
What is the 'sudoers' file, and why is it important?
-The 'sudoers' file defines policies for sudo command usage, specifying which users and groups can execute what commands and as what users. It is important because it controls who has the ability to perform administrative tasks on the system.
How can you delete a user in Linux?
-You can delete a user in Linux using the 'sudo userdel' command followed by the username of the account you wish to remove.
What is the principle of least privilege mentioned in the script, and why is it important?
-The principle of least privilege is a security concept where users are given the minimum levels of access necessary to perform their tasks. It is important because it reduces the risk of damage to the system in case of user account compromise.
How does the script relate the management of users in Linux to the Marvel's Avengers and the Infinity Gauntlet?
-The script uses the theme of Marvel's Avengers and the Infinity Gauntlet as a metaphor to explain user management in Linux. It compares the sudo command to wearing the Infinity Gauntlet, granting superpowers, and the process of adding and deleting users to assembling and disassembling the Avengers team.
Outlines
π§ββοΈ Introduction to Linux User Management
The script starts with an introduction to the importance of user management in Linux, targeting hackers and enthusiasts. It humorously references the Avengers assembling to stop Thanos, a metaphor for tackling Linux challenges. The video promises a comprehensive guide on creating, modifying, and deleting user accounts and groups, as well as managing permissions through sudo. The sponsor, Hack The Box Academy, is introduced as a platform for learning and practicing Linux skills with a free lab environment. The video encourages viewers to engage with the content and subscribe for more.
π Creating and Verifying User Accounts
This paragraph delves into the process of creating user accounts in Linux, using the 'add user' command, and the importance of the root user's permissions. It explains how to check the list of users with the 'cat /etc/passwd' command and the significance of the 'x' marker indicating password storage in the 'shadow' file. The script also clarifies the difference between 'add user' and 'user add' commands, highlighting the latter's lack of interactive setup for additional user details.
π οΈ Modifying User Accounts and Understanding File Structure
The script continues with how to modify existing user accounts using the 'usermod' command, including changing the default shell and updating usernames. It provides insights into the structure of the '/etc/passwd' and '/etc/shadow' files, explaining the meaning of user IDs, group IDs, and home directories. The paragraph also contrasts the 'add user' and 'user add' commands, noting the latter's omission of default settings like home directories and shell types.
π€ Granting Superuser Permissions with sudo
This section introduces the concept of superuser permissions in Linux, symbolized by the 'sudo' command, likened to wearing the Infinity Gauntlet. It explains how 'sudo' allows temporary root user capabilities to perform administrative tasks. The script also covers the 'su' command for switching user accounts and the importance of the 'sudoers' file in defining who can use 'sudo'. It humorously adds the character Thanos to the 'sudoers' file, granting him all powers.
π₯ Group Management and sudoers Configuration
The script discusses the creation of user groups and the assignment of sudo privileges to these groups. It details the steps to add a group to the 'sudoers' file, allowing members to execute any command without a password. The paragraph also demonstrates how to add and remove users from groups, emphasizing the power dynamics between characters like Iron Man and Thanos in the context of the Infinity Gauntlet.
π₯ Dealing with User and Group Deletions
The final paragraph covers the deletion of users and groups in Linux using 'sudo userdel' and 'groupdel' commands. It uses the narrative of Iron Man using the Infinity Gauntlet to restore deleted users, symbolizing the recovery of system resources. The script concludes with the principle of least privilege, emphasizing the importance of restricting powerful commands like 'sudo' to prevent misuse.
Mindmap
Keywords
π‘Linux
π‘User Management
π‘Sudo
π‘Sudoers
π‘User ID (UID)
π‘Group ID (GID)
π‘Home Directory
π‘Shell
π‘Password Hashing
π‘Avengers
π‘Hack The Box Academy
Highlights
Essential Linux user management skills for anyone interested in Linux or hacking.
Introduction to the concept of user accounts and permissions in Linux.
Explanation of creating, modifying, and deleting user accounts with 'adduser' and 'useradd' commands.
Difference between 'adduser' and 'useradd' commands in terms of functionality.
The importance of the 'sudo' command for gaining superuser permissions.
How to view and understand the /etc/passwd file for user account information.
The role of the /etc/shadow file in storing hashed passwords.
Creating user groups and the relationship between users and their groups in Linux.
Using 'usermod' to change properties of an existing user account.
The concept of the 'sudoers' file and its control over who can use 'sudo'.
How to edit the 'sudoers' file safely to grant or restrict 'sudo' access.
Demonstration of adding a user to the 'sudo' group to grant superuser permissions.
Using 'su' to switch between user accounts and the need for correct passwords.
The ability to delete users and the impact on system accounts.
Introduction to the concept of least privilege and its importance in system security.
How to create and manage groups with 'groupadd' and 'gpasswd' commands.
The process of adding users to a group to grant collective permissions.
Final thoughts on the importance of user management in Linux for security and system administration.
Transcripts
managing users in linux this is
essential you got to know this if you
want to get into linux or become a
hacker or do anything
don't skip this so assemble the avengers
we gotta stop thanos
what
welcome to linux for hackers and
everyone because everyone
needs to learn linux this is episode 4
and you don't want to miss this when
we're talking about user management user
accounts and linux and we're pretty much
going to cover everything from creating
users deleting them changing them
creating groups deleting those putting
on the infinity gauntlet and giving
yourself super godlike permissions
which is also known as sudo or the
sudoer's file we'll cover all that
and yeah we're gonna assemble the
avengers and stop thanos we're going to
save the world and when i say we i mean
we because you're going to do this with
me you're getting a free
linux lab right here in this video check
the link in the description thanks to
our sponsor
hack the box academy it's seriously
amazing free to sign up
hack the box academy is basically a
trading ground for hackers
good hackers mind you so if you want to
follow along with me learn how to manage
users in linux and save the world
then click the link below get signed up
for free and you'll have a linux
lab right here in your browser and then
of course whatever else you want to
learn regarding hacking it's there so
check that out too also hack the box
academy now has a student subscription
and you get cpe credits for completing
tier 1 modules or above
kind of killer check it out link below
to learn more have you hacked the
youtube algorithm today let's make sure
you do hit that like button subscribe
comment
notification bell let's hack youtube
today ethically of course
anyways no time to waste get your
stinking coffee let's do this
right now okay here we go we're going to
learn nearly everything you need to know
about managing users and linux
and we're gonna have a bit of fun with
it too so get your copy and let's go
now first we gotta launch our lab our
free linux lab from hack the box academy
so go ahead and navigate out there
hack the blogs account of me they are
our sponsor and they're amazing it's
completely free if you haven't already
signed up we'll get signed up i've got a
video walking you through that right
here
so log in to hack the box academy go and
click on the linux fundamentals course
to get started go ahead and open up the
user management module right here and
then to launch our free amazing phone
box our lab
scroll about halfway down and click on
start instance and it's going to start
quick coffee break just a little sip and
it is ready go ahead and click on
interact to uh
interact with it and i've said it before
this is amazing it's your free linux lab
in your browser that you can mess with
and break things and
let's do this okay let's talk about
users every computer system has a user
including linux and you know what you're
a user
to be able to log into the server this
linux box and do anything you have to be
a user on the system which user are you
let's see in a previous video we showed
this already so let's go ahead and
launch our terminal
our green or yellow box up at the top
here this is launching our shell
if you don't know what that is we'll go
back to the last video and watch that
one we talk all about it to quickly see
who you are you simply type in who
am i and there you are your user account
and you as user 86527 can log into this
linux machine
and do stuff you can launch programs
play games hack
create things delete things if you have
the right permissions we'll cover that
here in a moment
you you can do a lot of stuff as a user
of the system but not all users are the
same now hey
i've got some bad news we're under
attack our system our linux
box here we're being attacked by
thanos that's his name right the bad guy
from avengers yes thanos he's attacking
us
bad guy thanos is gonna snap his fingers
and destroy all our user accounts and we
won't be able to have fun on linux
anymore
we have to stop him but how do we do
that avengers assemble we need the
avengers right let's call them do they
have like a bat signal i don't know how
you call them
they just know they need help right or
that we need help but they're not in our
system right now we have to create these
user accounts to come and stop thanos
before he
snaps anyways let's start by adding the
avengers to our system
let's start with thor he's my favorite
so the command will be
add user thor and honestly it's that
simple that's all we need
the command add user will obviously add
a user but it's not the only one that
does this by the way just so you know
there's add user and then confusingly
there's another one called
user add which they do both add a user
but this command right here is a little
lazy
he doesn't do as much whereas this
command will do a lot i'll show you the
difference here real quick we'll bring
in our other avengers
anyways let's add thor real quick now
i'm going to hit enter but it's not
going to work
watch only root may add a user a group
to the system now what is a root
i mean root's another user on the system
if you watched our previous videos in
the series you would know all about root
not groot
root but we're going to temporarily
borrow some power from the root which
he's also known as the super user um so
what we're going to do here is hit the
up arrow to get our command back in
there add user thor we're going to go to
the beginning of our command
and type in sudo or it's also often
pronounced soo do but it's spelt sudo so
i want to say that
this is kind of like saying please in
linux please do this i'm getting super
powers to do this
again i'll explain more about that here
in a moment but anyways this is gonna
work
okay cool we got a fun prompt here let's
put a password in for thor i'm gonna say
hammer type it in again hammer full name
i think it's just thor
it'll ask you for all this random
information you don't have to put it all
in just enter enter enter
is it correct sure and thor's created he
is now a user on the system but how do
we know that where
is he well to find out what users are on
your system there's one simple place to
look
i'm going to clear my screen real quick
by typing in clear or i can just do
control
l whoo nice and clean there's a file in
the system that has a list of every user
on this
box or this system we're going to use
the command cat which we learned before
we're going to cat the forward slash
etsy forward slash pass
wd when we do that here's what happens
boom bunch of users on our system i bet
you're surprised like where all these
users come from i mean the first two we
recognize right i mean the last two
uh this one right here is us user blah
blah
and then thor the one we just created
there he is all these other entries are
indeed
user accounts on this system and they do
serve a purpose a lot of these you can't
log in
with like right here it says no login on
this account they do serve a purpose not
the topic for another video anyways now
real quick
what does all this right here mean it's
kind of gobbledygook right i mean the
first bit we understand what it is the
username
thor and user blah blah blah but what's
all the stuff after it well just after
the username we have
just an x sitting there all by himself
in fact you'll see this on pretty much
every user account appear
x max and what the x indicates is that
your password is stored in a separate
file called the
shadow file more specifically it's in a
place called etsy
shadow in linux we store our passwords
in the shadows where they're hidden you
can't see them but for real
if we go to it real quick we can
actually look at it let's do cat
etc etsy shadow oh permission deny we
need some
listen please sudo there we go and right
here next to the username thor we have
his password which that's actually not
his password
that's the hashed version topic for
another time anyways now just after x we
have two numbers
and they're the same we have one
thousand one and one thousand one what
are those
well those are his ids the first one is
his user id or a uid it's a number
which you can obviously see it's 1001.
the second one is his
group id we'll cover groups here in a
second but just know that when we create
a user in linux
we both create a user and a group for
that user so we have a username named
thor
we also have a group named thor and the
member of that group
is thor and then after that we got some
like random filler stuff like his name
and comments and stuff
and then after that we have his home
directory where he gives his hammer and
his
chest plate i don't know what thor has
his hair ties for thor his home
directory is in
the same place that a lot of people's
home directories are home
and then a directory called thor we'll
look at that here in a moment and then
just after that
we have his default shell when thor logs
into the system
what shell is he going to be given again
if you don't know what i'm talking about
go look at our previous video
but by default when we created his user
account with the add user command
it's going to be bash so that is what
all that gobbledygook means now let me
show you what the user add command does
our
alternative command which is kind of
weird so we have thor he's pretty
awesome but we need some extra help
i think we need iron man yeah yeah let's
get iron man in here so we'll do sudo
and instead of add user we're gonna
we're gonna do user
add and same as before we'll just type
in the user name iron man
and watch what happens here it is
different it's simple
that's it so remember add user like asks
hey put in his password
uh what's his first name last name
what's social security number
favorite flavor ice cream like all that
stuff this one just says
okay you're like uh what else
what do i do now that's what i meant by
saying that command is lazy because he
doesn't do anything but just say okay
yeah here's a user account i'm not gonna
do anything else like
set the password for you like you can do
that yourself um and i'll show you how
to do that here in a second but right
now
iron man is created but you can't really
do much with him so if we cat our
password file again to see what user
accounts we have in our system cat
slash etsy pass wd he's there iron man
is shown up
but there's a few things missing now for
example he has the x there saying that
his password's in the shadow file but is
it really because we didn't set a
password did we also notice here that
um his default shell is different it's
sh for
shell instead of bash so real quick i
want to take a look at the shadow file
to see if the stuff is there
that's interesting you can see that he
does have
an entry in the shadow file but it
doesn't seem to be a password
and i don't think it is but we can set
this password real quick command to set
a password for someone or change a
password for any username
is going to be password without the o-r
i'll show you so we'll we'll need super
powers sudo command is p-a-s-s-w-d
and then the user name so i'll type in
iron man and now we can set his password
jarvis there we go he's got a legit hash
there so we know it's working now one
thing the ad user command did not do for
iron man is it did not give him a home
he doesn't have a house right now he
doesn't have a home directory if i
navigate to the home directory well all
the
user directories live i go cd forward
slash home
and i type in ls i can see there are two
directories there for thor and then for
me
but iron man he doesn't have a home dude
and that's one downside of using the
user ad command
is again he's lazy he doesn't do this
kind of stuff if i jump into the thor
directory by doing cd
thor and then lsing his contents
yeah he's got a desktop he's got
templates if i do ls
dash al to reveal the hidden files he's
got a bunch of stuff going on in there
which we're not going to get into right
now i mean it is important but right now
we got to save the world
thor is here and he's coming clear our
screen now if we cap the password file
again
etsy pass wd i'm super annoyed that iron
man's
default shell is not the same as
everyone else's it's just sh
let's make sure it is bash we can modify
user account new command time are you
ready the command is
user mod which stands for user
modification and as you might expect it
will modify a user account now there are
a ton of things we can change if you do
dash h for help to see like what can i
do with this it'll tell you
a lot of stuff and i'm not going to
cover everything right now that take
forever and
thanos is here so i'll do sudo because
we will need special permissions
user mod and let's say i want to change
that shell for iron man
i'll do iron man say that's who i want
to change it for
dash dash shell and i'll say ben
bash done and if we cap the user or the
cat the password file once more welcome
iron man you now are using bash just
like everyone else
and we can change other things too like
maybe his name like sometimes iron man
isn't iron man sometimes he's tony stark
so if we do sudo user mod once more
we'll use the switch
dash l and then we'll put in the new
information
tony stark that's his new username and
then the old one
iron man done so if i cat the password
file once more
huh he's tony stark now but we don't
need tony stark right now we need iron
man let's change it back
okay better okay here we go now again
thanos is here and we need more than
just two avengers
avengers assemble let's create more
right now real quick
fast and that is where the user add
command comes in handy because you can
add things really quickly enough to go
through a menu every single time so
we'll just do it real quick
and we also have switches to help us
with that if i do user add dash h
we can do a lot of the stuff that the
add user command does just in one line
so i'll do user add let's bring in
hulk and i'll do a dash m which dash m
will actually create a home directory
form so whereas iron man didn't get one
by default i almost forgot we need
superhero permissions there we go let's
get spider-man in here
loki why not oh we can't forget captain
america
and i suppose we'll need doctor strange
i don't like that movie that much
didn't like it at all wasn't a fan but
he kind of played a key role so we'll
put him in here
so now we have some avengers if i do uh
cat
etsy password file boom
we got them they're here if you've seen
the movies you know it doesn't go
great at first thanos does get the power
he gets the
the gauntlet or what is it called ah
okay the infinity gauntlet almost forgot
actually i did forget i had to look it
up thanos has the power and he does
flick his fingers or snaps fingers and
do some bad stuff
now i'm gonna add the user account
thanos
we're bringing him in he's there i'm
going to set his password real quick
password inevitable let's see if he's
here yep there's thanos
now here in linux the infinity gauntlet
that gives you super
awesome powers and has all the stones
and you can flick your fingers and
everyone disappears
in linux that's definitely the pseudo
command
or pseudo we haven't really dived into
that deeply just yet
but right now we are it's a command we
use all the time it stands for
super user do essentially every time we
use that command it's like we're
slipping on the infinity gauntlet
the super powerful glove and this is the
worst glove you'll ever see we slip that
glove on and for one moment
we have powers to do whatever we frickin
want so the sudo command or the sudo
command
were able to grab the powers of the
super user the root user
and use them for that command now the
super user in the system
which is the root user he's the boss he
can do whatever stinking wants on linux
he can change all the settings
he can delete all the settings he can
ruin everything delete half your stuff
rmrf man that's what thanos is gonna do
and if you can use the pseudo command to
impersonate him just for a moment
that's a pretty stinking powerful
command it's a command that you don't
want to just give to anyone you want to
restrict that access and by default it
is pretty restricted
now you can see that right now we've
been using sudo all day
we have the infinity gauntlet we can put
that sucker on and use it whenever we
want to
but not everyone can use it for example
iron man he can't use it we can actually
pretend to be iron man real quick
new command time you ready the command
is s u
s u allows us to impersonate another
user we're actually switching
users we're becoming this user so let's
become iron man
i've always wanted to be iron man let's
do this so again the command is su
we'll do a space a dash or a tick space
and then the username of who we want to
switch into
now real quick by default if you don't
put anything here just
su space dash it's going to switch you
to the root user
which we can do like watch and i don't
know the root password
um actually but we can do this we can
put our gauntlet on
put the affinity gauntlet on sudo su
space dash i just became the root user i
just became the infinity gauntlet which
is kind of weird
you never want to become the infinity
gauntlet never log in as root that's why
we have sudo so i'm going to hit ctrl
d or we can just type in exit or
log out either of any of those so i'll
just do ctrl d
to become myself again but anyways back
to becoming iron man so i'll do su
space dash iron man now doing this
without the gauntlet on i will have to
know iron man's password this goes for
any time you use the su command but if i
were to use sudo
and put my gauntlet back on i don't have
to put a password in but anyways
i'll become iron man put his password in
jarvis
i'm iron man now iron man is pretty
powerful but he cannot use a pseudo
command let's try it real quick
i'll do sudo and i'll try to add a user
user add
let's try to bring in pepper potts his
wife right yeah wife
that's gonna ask for a pseudo password
okay just type in jarvis
things are looking pretty good right no
we're in trouble
you're not in the sudoers file this
incident will be reported you're like
you're grounded iron man you can't do
this i do love that we're talking about
marvel and we have this spider-man line
that comes in
anyways that's an overused line anyway
um so real quick
what is this right here the sue doers
file which is a very very awkward phrase
basically this file the sudor's file
defines
who can use sudo who can wear the
gauntlet right now iron man
is not in that file so we can't put it
on so what do you say we go take a look
at that file i know you're itching to so
let's do it real quick now the scooters
file is a very important file that you
don't want to jack up
and you can jack it up you can ruin your
entire system by
messing up the scenarios file but there
are some checks in place to keep you
safe now normally in linux
to edit a file you might just use your
default text editor right the one you
love like we might use
nano or them but with a suitor's file
the best practice is to do but with the
scooter
but with these two doors file there's a
certain way we have to do it now we will
have to use sudo to do this so i'm going
to stop being iron man for a second i'm
going to
ctrl d to log out of iron man okay i'm
me again the command will be sudo
and then right after that it'll be vi
sudo this is the only best practice
recommended way to
edit the sudoers file so let's uh get in
there and take a look and it's not a
crazy big file either it's kind of
simple in a way so i'll hit enter
and we're in and then i'll scroll down
through this document to
about here right here is where we're
able to see who's got permission to do
what obviously root can use sudo and
i'll explain what all this means here in
a moment and then down here in this
section we have allowed members of a
group
pseudo access or pseudo to execute any
command and then just below that we have
something else we have a percent sign
and then
pseudo this actually is a group and if
you're a member of this group the sudo
group
well you can do all this and what this
actually means is you can enter
any command at all and you don't have to
enter
a password which is pretty dangerous
kind of risky but
it's okay so if you're in this file
you have the power and thanos does have
the power let's go ahead and add thanos
real quick
we'll pretend he's already in there so
just under root i'm going to add thanos
so we'll start with the username which
is
thanos the first option here is what
systems
can thanos have ultimate power on well
it's the infinity gauntlet
all systems and this would be if they're
like multi-system situations but
and then i'll do a space equals not plus
sign
equals all and that all stands for all
commands now if you want to just give
thanos options to do one thing like
maybe add a user we might do forward
slash
sbn forward slash user add giving him
access to that one command
we don't want to do that thanos has all
power
oh and that's all we need i'm going to
hit control
x to say i want out of here don't want
to save it hit y
hit enter to write it to that file and
thanos is there
he's got the gauntlet on he can do
whatever he wants let's see if he can
we're going to become thanos for a
second so i'll do sudo
su space dash space thanos
we're thanos right now so let's do sudo
user ad what's another bad guy he uses
oh yeah his daughter nebulous little
spring nebula in here the stanos have
access let's see
what's his password inevitable yep
it did it worked so let's cap the uh
password file yep there's nebula
so thanos has ultimate power he's got
the gauntlet on
and crap he's about to snap you ready
he's going to delete half the
population in our case half the avengers
we have here to delete a user
new new command time it's terrible but
new command time coffee break
okay i'm ready sudo user
del or user delete as you might expect
this command will
delete a user and we'll take out thor
thor is gone if we catch the password
file
thor he's gone pseudo user delete
spider-man gone bye doctor strange
gone and just like that with a snap of
his fingers we're down to
hulk loki and captain america oh and
iron man two there he is
and just when it seems hopeless just
when it seems all is lost the avengers
have a plan ant-man comes in somehow
quantum stuff anyways we need the
gauntlet we need pseudo access to be
able to
bring captain america back and all the
other people got got deleted so let's do
this right now so
we're gonna explore a new concept we're
going to create a group to do that
new command time here we go we'll do
sudo group
add and as you might expect group add
will simply add a new group i'll do a
space i'll name my group
infinite
gauntlet does spell that right i don't
care that's what it's going to be called
and the group is there but how do we
know where is that group at
well just like we have a password file
to look at our users in the system
we have a file to look at the groups and
it's much more self-explanatory it makes
more sense
i'm going to cat the etsy group
file and there it is infinity gauntlet
right there
as well as every other group that was
created for our users
i told you whenever a user account is
created also they have a group created
for themselves as well
now what i want to do is make sure that
the members of the infinity gauntlet
group
do have ultimate power because you mean
you should you have the infinity
gauntlet on
so we need to add the infinity gauntlet
group to our sudoers file
let's do that real quick so again we'll
do sudo vi sudo to edit that file the
only way to do it don't you ever do it a
different way
i'm just kidding but seriously um let's
edit that file we're gonna scroll down
to
where we were and then right here right
now we see that members of the sudo
group
can do whatever they want and actually
real quick let me show you the reason we
can do whatever we want
is because we're members of the sudo
group if i do
actually new command time if you just
type in group i'm sorry
groups groot
it'll tell you what groups you are a
member of the current user account
you're logged in as and here i'm a
member of my own group user 86527
and the pseudo group which gives me
gauntlet
access anyways let's make sure the
gauntlet does have the appropriate
permissions here so just under
the sudo group i'm going to add percent
infinity
gauntlet make sure you spell it right
i'll do a space and i'll pretty much
copy the one just above it i'll say all
which again is all systems
space equal sign space i'll say no
password which is nopa sswd like we see
here
i'll do a colon and say all essentially
it's saying you can do everything you
want
all commands and you don't need a
password you got all them stones
anyways so i'm going to hit control now
actually you know what real quick before
i do that
i'm going to mess it up like i mentioned
before if you mess up your suitors file
you can break the entire system
there is some checks in there that'll
keep you safe so i'll just go
and i hit control x to get out of there
yes to save hit enter it'll say whoa
whoa whoa
there is a syntax error right there not
supposed to do that what are you doing
what are you going to do now what do you
want to do are you sure you want to save
this if i hit enter it will give me some
options
and i love this it's like you might want
to go edit it again hit e
hit x to get out of there and don't save
it just forget what you're doing you
don't know what you're doing or says you
know what if you're pretty confident
just hit q and say you want to save it
danger um let's be smart let's hit e to
edit it
and remove that crap we put in there and
then we can hit ctrl
x y and enter no errors we're good
so the infinity gauntlet group does have
ultimate sudo
super user due powers and now what's
left is the avengers have to somehow
become part of that group
put on the glove and change history and
if you've seen the movie
spoiler alert um iron man he does this
so we need to somehow get iron man into
the infinity gauntlet group let's do
that right now now real quick let's
demonstrate that iron man can't do crap
right now so if i
become iron man and i try to bring back
spider-man i can't i don't have the
glove i can't do it man iron man is
helpless but let's add them to the group
so to add a user to a group
pretty simple we're going to use the
same command we used earlier to modify a
user the user mod command
so we'll do sudo and keeping in mind i'm
logged in as me now not ironman anymore
i'll do sudo
user mod and the switch is dash
g now dash g by itself will add this
user to a group
but it will add it to that group and
kind of eliminate all other groups
you may not want to do that so we often
want to change this to
dash lowercase a capital g the a stands
for append
so this command here we're appending the
groups that ironman
is part of so just after dash ag we'll
type in
the group which is infinity gauntlet
and then the user we want to add which
will be iron man
just like that iron man has the glove on
we can actually see if that's happening
by going to
or catting the group file
etsy group and here we can see the
infinity gauntlet group
the members over here on the right and
there's iron man right there now again
if you saw the movie you know that iron
man and
and thanos were kind of wrestling with
the gloves so thanos was in the group
too
they kept going back and forth let me
add thanos in there real quick
so yes right now iron man and thanos are
both part of this group they both have
super awesome
powerful pseudo access but eventually
iron man does wrestle the
glove off of thanos and puts it on
himself so new command time how do you
remove
a user from a group this command is
called g password
the commands sometimes are weird um so
we'll do sudo
g pass wd we're gonna do dash d for
delete specify the user we want to
remove which will be
thanos take that off take that take it
and then we'll specify the group
infinity gauntlet take that thanos look
at the group once more
no one's in there so anyways iron man he
has the gauntlet
he snaps his fingers and he creates the
users we lost
let me become iron man i am iron man
pseudo
user ad captain america pseudo
user ad spiderman done we'll bring back
doctor strange
and i forgot who else but anyways you
get the picture right iron man has the
gauntlet on he has the power he's part
of the group
and he can now bring back everyone and
shoot while he's at it let's defeat
thanos right
sudo user delete
thanos here we go
goodbye thanos and then finally iron man
realizes the infinity gauntlet it's too
powerful
for anyone to possess so he destroys it
i think that's what happens
that's what we're going to do right now
so using the principle of least
privilege
we're going to remove the the infinity
gauntlet group we're going to delete
that group by doing the
group delete command in fact iron man
will do it himself right now and he's
going to
delete his access to do it at the same
time which is kind of weird right
so sudo group delete uh new command time
i forgot to sit man
which obviously means we're gonna be
deleting a group and the usage is pretty
straightforward just after group delete
we'll enter the name of the group
infinity gauntlet now this does not
delete any
users in that group it just deletes the
group and gone are also iron man's
privileges to do anything special
anymore
for example if he got greedy and wanted
to create the group once more
sorry iron man you don't have it anymore
and i think you have other problems to
worry about
we did it i think like we saved the
world right i mean iron man's
not okay but we we learned how to manage
users and linux and in the process we
assembled the avengers and took away the
infinity gauntlet destroyed it and saved
the world
yeah but seriously we learned a lot
today we learned how to manage users in
linux
add them delete them groups permissions
all that
and that's essential to managing a linux
system to becoming a hacker to doing
anything with linux now and
pretty much every area of it involves
linux and also if you want a quick
review of what we covered in text form
uh mosey on over to hack the box academy
the page we were at the whole time
and look it over they've got the
commands we we talked about in text form
and they also have a delightful quiz at
the very bottom to test your knowledge
and see how you do
and if you get it right you earn cubes
back which with the junk or cubes
go watch episode one if you don't know
what they are also if you want to test
your skills even further
i've got a quiz in the description below
it's free click the link
and uh let's see what you got and again
huge shout out to our sponsor hack the
box academy
it's free to access right now to do what
we've been doing here if you want to go
further and learn how to hack wordpress
and
and do python stuff and just man just so
many things
check them out link below i'll catch you
guys next time
[Music]
[Music]
you
Browse More Related Video
Linux for Hackers // EP 1 (FREE Linux course for beginners)
DevOps for Freshers | BΓ i 7: Quyα»n truy cαΊp trong Linux | DevOps cho ngΖ°α»i mα»i bαΊ―t ΔαΊ§u
El usuario administrador en Windows / Linux (ISO - 3.1)
Hardening Access to Your Server | Linux Security Tutorial
DVWA Setup in kali linux | dvwa blank page solution
Linux How To Set Password Rules and Policies
5.0 / 5 (0 votes)