sudo = POWER!! (managing users in Linux) // Linux for Hackers // EP4

00:00

managing users in linux this is

00:02

essential you got to know this if you

00:03

want to get into linux or become a

00:04

hacker or do anything

00:06

don't skip this so assemble the avengers

00:08

we gotta stop thanos

00:14

what

00:18

welcome to linux for hackers and

00:20

everyone because everyone

00:22

needs to learn linux this is episode 4

00:24

and you don't want to miss this when

00:25

we're talking about user management user

00:27

accounts and linux and we're pretty much

00:29

going to cover everything from creating

00:30

users deleting them changing them

00:32

creating groups deleting those putting

00:34

on the infinity gauntlet and giving

00:35

yourself super godlike permissions

00:37

which is also known as sudo or the

00:39

sudoer's file we'll cover all that

00:41

and yeah we're gonna assemble the

00:42

avengers and stop thanos we're going to

00:44

save the world and when i say we i mean

00:46

we because you're going to do this with

00:47

me you're getting a free

00:48

linux lab right here in this video check

00:50

the link in the description thanks to

00:52

our sponsor

00:52

hack the box academy it's seriously

00:54

amazing free to sign up

00:55

hack the box academy is basically a

00:57

trading ground for hackers

00:59

good hackers mind you so if you want to

01:00

follow along with me learn how to manage

01:02

users in linux and save the world

01:04

then click the link below get signed up

01:05

for free and you'll have a linux

01:07

lab right here in your browser and then

01:09

of course whatever else you want to

01:10

learn regarding hacking it's there so

01:12

check that out too also hack the box

01:13

academy now has a student subscription

01:15

and you get cpe credits for completing

01:18

tier 1 modules or above

01:20

kind of killer check it out link below

01:22

to learn more have you hacked the

01:23

youtube algorithm today let's make sure

01:25

you do hit that like button subscribe

01:26

comment

01:27

notification bell let's hack youtube

01:28

today ethically of course

01:30

anyways no time to waste get your

01:32

stinking coffee let's do this

01:35

right now okay here we go we're going to

01:37

learn nearly everything you need to know

01:38

about managing users and linux

01:40

and we're gonna have a bit of fun with

01:42

it too so get your copy and let's go

01:44

now first we gotta launch our lab our

01:46

free linux lab from hack the box academy

01:49

so go ahead and navigate out there

01:50

hack the blogs account of me they are

01:52

our sponsor and they're amazing it's

01:54

completely free if you haven't already

01:55

signed up we'll get signed up i've got a

01:56

video walking you through that right

01:58

here

01:58

so log in to hack the box academy go and

02:00

click on the linux fundamentals course

02:01

to get started go ahead and open up the

02:03

user management module right here and

02:05

then to launch our free amazing phone

02:06

box our lab

02:08

scroll about halfway down and click on

02:09

start instance and it's going to start

02:11

quick coffee break just a little sip and

02:14

it is ready go ahead and click on

02:15

interact to uh

02:17

interact with it and i've said it before

02:18

this is amazing it's your free linux lab

02:20

in your browser that you can mess with

02:22

and break things and

02:23

let's do this okay let's talk about

02:25

users every computer system has a user

02:28

including linux and you know what you're

02:30

a user

02:32

to be able to log into the server this

02:34

linux box and do anything you have to be

02:36

a user on the system which user are you

02:38

let's see in a previous video we showed

02:40

this already so let's go ahead and

02:41

launch our terminal

02:42

our green or yellow box up at the top

02:44

here this is launching our shell

02:46

if you don't know what that is we'll go

02:47

back to the last video and watch that

02:48

one we talk all about it to quickly see

02:50

who you are you simply type in who

02:52

am i and there you are your user account

02:55

and you as user 86527 can log into this

02:58

linux machine

02:58

and do stuff you can launch programs

03:00

play games hack

03:01

create things delete things if you have

03:03

the right permissions we'll cover that

03:04

here in a moment

03:05

you you can do a lot of stuff as a user

03:07

of the system but not all users are the

03:09

same now hey

03:10

i've got some bad news we're under

03:12

attack our system our linux

03:14

box here we're being attacked by

03:17

thanos that's his name right the bad guy

03:19

from avengers yes thanos he's attacking

03:21

us

03:21

bad guy thanos is gonna snap his fingers

03:23

and destroy all our user accounts and we

03:24

won't be able to have fun on linux

03:26

anymore

03:26

we have to stop him but how do we do

03:28

that avengers assemble we need the

03:30

avengers right let's call them do they

03:32

have like a bat signal i don't know how

03:33

you call them

03:34

they just know they need help right or

03:35

that we need help but they're not in our

03:37

system right now we have to create these

03:38

user accounts to come and stop thanos

03:40

before he

03:41

snaps anyways let's start by adding the

03:44

avengers to our system

03:45

let's start with thor he's my favorite

03:47

so the command will be

03:49

add user thor and honestly it's that

03:52

simple that's all we need

03:53

the command add user will obviously add

03:55

a user but it's not the only one that

03:57

does this by the way just so you know

03:59

there's add user and then confusingly

04:01

there's another one called

04:02

user add which they do both add a user

04:06

but this command right here is a little

04:07

lazy

04:08

he doesn't do as much whereas this

04:09

command will do a lot i'll show you the

04:11

difference here real quick we'll bring

04:12

in our other avengers

04:13

anyways let's add thor real quick now

04:14

i'm going to hit enter but it's not

04:16

going to work

04:17

watch only root may add a user a group

04:19

to the system now what is a root

04:21

i mean root's another user on the system

04:23

if you watched our previous videos in

04:24

the series you would know all about root

04:26

not groot

04:27

root but we're going to temporarily

04:28

borrow some power from the root which

04:30

he's also known as the super user um so

04:33

what we're going to do here is hit the

04:34

up arrow to get our command back in

04:35

there add user thor we're going to go to

04:37

the beginning of our command

04:38

and type in sudo or it's also often

04:41

pronounced soo do but it's spelt sudo so

04:43

i want to say that

04:44

this is kind of like saying please in

04:45

linux please do this i'm getting super

04:47

powers to do this

04:48

again i'll explain more about that here

04:50

in a moment but anyways this is gonna

04:51

work

04:52

okay cool we got a fun prompt here let's

04:54

put a password in for thor i'm gonna say

04:56

hammer type it in again hammer full name

04:58

i think it's just thor

05:00

it'll ask you for all this random

05:01

information you don't have to put it all

05:02

in just enter enter enter

05:03

is it correct sure and thor's created he

05:05

is now a user on the system but how do

05:08

we know that where

05:09

is he well to find out what users are on

05:12

your system there's one simple place to

05:13

look

05:13

i'm going to clear my screen real quick

05:15

by typing in clear or i can just do

05:16

control

05:17

l whoo nice and clean there's a file in

05:19

the system that has a list of every user

05:20

on this

05:21

box or this system we're going to use

05:23

the command cat which we learned before

05:25

we're going to cat the forward slash

05:27

etsy forward slash pass

05:28

wd when we do that here's what happens

05:31

boom bunch of users on our system i bet

05:33

you're surprised like where all these

05:35

users come from i mean the first two we

05:36

recognize right i mean the last two

05:38

uh this one right here is us user blah

05:40

blah

05:41

and then thor the one we just created

05:42

there he is all these other entries are

05:44

indeed

05:45

user accounts on this system and they do

05:47

serve a purpose a lot of these you can't

05:48

log in

05:49

with like right here it says no login on

05:51

this account they do serve a purpose not

05:53

the topic for another video anyways now

05:55

real quick

05:55

what does all this right here mean it's

05:58

kind of gobbledygook right i mean the

05:59

first bit we understand what it is the

06:01

username

06:02

thor and user blah blah blah but what's

06:04

all the stuff after it well just after

06:06

the username we have

06:07

just an x sitting there all by himself

06:09

in fact you'll see this on pretty much

06:10

every user account appear

06:12

x max and what the x indicates is that

06:14

your password is stored in a separate

06:16

file called the

06:17

shadow file more specifically it's in a

06:19

place called etsy

06:21

shadow in linux we store our passwords

06:23

in the shadows where they're hidden you

06:25

can't see them but for real

06:26

if we go to it real quick we can

06:27

actually look at it let's do cat

06:29

etc etsy shadow oh permission deny we

06:32

need some

06:33

listen please sudo there we go and right

06:35

here next to the username thor we have

06:37

his password which that's actually not

06:38

his password

06:39

that's the hashed version topic for

06:41

another time anyways now just after x we

06:43

have two numbers

06:44

and they're the same we have one

06:45

thousand one and one thousand one what

06:48

are those

06:48

well those are his ids the first one is

06:52

his user id or a uid it's a number

06:55

which you can obviously see it's 1001.

06:57

the second one is his

06:59

group id we'll cover groups here in a

07:00

second but just know that when we create

07:02

a user in linux

07:03

we both create a user and a group for

07:06

that user so we have a username named

07:07

thor

07:08

we also have a group named thor and the

07:10

member of that group

07:11

is thor and then after that we got some

07:13

like random filler stuff like his name

07:15

and comments and stuff

07:16

and then after that we have his home

07:19

directory where he gives his hammer and

07:21

his

07:21

chest plate i don't know what thor has

07:23

his hair ties for thor his home

07:25

directory is in

07:26

the same place that a lot of people's

07:27

home directories are home

07:30

and then a directory called thor we'll

07:32

look at that here in a moment and then

07:33

just after that

07:34

we have his default shell when thor logs

07:37

into the system

07:37

what shell is he going to be given again

07:39

if you don't know what i'm talking about

07:40

go look at our previous video

07:42

but by default when we created his user

07:44

account with the add user command

07:46

it's going to be bash so that is what

07:48

all that gobbledygook means now let me

07:49

show you what the user add command does

07:51

our

07:52

alternative command which is kind of

07:54

weird so we have thor he's pretty

07:56

awesome but we need some extra help

07:57

i think we need iron man yeah yeah let's

07:59

get iron man in here so we'll do sudo

08:01

and instead of add user we're gonna

08:03

we're gonna do user

08:05

add and same as before we'll just type

08:07

in the user name iron man

08:09

and watch what happens here it is

08:11

different it's simple

08:13

that's it so remember add user like asks

08:16

hey put in his password

08:17

uh what's his first name last name

08:19

what's social security number

08:21

favorite flavor ice cream like all that

08:22

stuff this one just says

08:24

okay you're like uh what else

08:27

what do i do now that's what i meant by

08:29

saying that command is lazy because he

08:30

doesn't do anything but just say okay

08:32

yeah here's a user account i'm not gonna

08:33

do anything else like

08:34

set the password for you like you can do

08:36

that yourself um and i'll show you how

08:37

to do that here in a second but right

08:38

now

08:39

iron man is created but you can't really

08:40

do much with him so if we cat our

08:42

password file again to see what user

08:44

accounts we have in our system cat

08:45

slash etsy pass wd he's there iron man

08:49

is shown up

08:49

but there's a few things missing now for

08:51

example he has the x there saying that

08:53

his password's in the shadow file but is

08:54

it really because we didn't set a

08:55

password did we also notice here that

08:58

um his default shell is different it's

09:00

sh for

09:01

shell instead of bash so real quick i

09:03

want to take a look at the shadow file

09:05

to see if the stuff is there

09:06

that's interesting you can see that he

09:08

does have

09:09

an entry in the shadow file but it

09:11

doesn't seem to be a password

09:12

and i don't think it is but we can set

09:14

this password real quick command to set

09:16

a password for someone or change a

09:17

password for any username

09:18

is going to be password without the o-r

09:22

i'll show you so we'll we'll need super

09:24

powers sudo command is p-a-s-s-w-d

09:28

and then the user name so i'll type in

09:30

iron man and now we can set his password

09:32

jarvis there we go he's got a legit hash

09:34

there so we know it's working now one

09:36

thing the ad user command did not do for

09:37

iron man is it did not give him a home

09:39

he doesn't have a house right now he

09:40

doesn't have a home directory if i

09:41

navigate to the home directory well all

09:42

the

09:43

user directories live i go cd forward

09:45

slash home

09:46

and i type in ls i can see there are two

09:48

directories there for thor and then for

09:50

me

09:51

but iron man he doesn't have a home dude

09:53

and that's one downside of using the

09:55

user ad command

09:56

is again he's lazy he doesn't do this

09:57

kind of stuff if i jump into the thor

09:59

directory by doing cd

10:01

thor and then lsing his contents

10:04

yeah he's got a desktop he's got

10:05

templates if i do ls

10:07

dash al to reveal the hidden files he's

10:10

got a bunch of stuff going on in there

10:11

which we're not going to get into right

10:13

now i mean it is important but right now

10:14

we got to save the world

10:15

thor is here and he's coming clear our

10:17

screen now if we cap the password file

10:19

again

10:20

etsy pass wd i'm super annoyed that iron

10:23

man's

10:24

default shell is not the same as

10:25

everyone else's it's just sh

10:27

let's make sure it is bash we can modify

10:29

user account new command time are you

10:31

ready the command is

10:32

user mod which stands for user

10:34

modification and as you might expect it

10:36

will modify a user account now there are

10:38

a ton of things we can change if you do

10:40

dash h for help to see like what can i

10:42

do with this it'll tell you

10:44

a lot of stuff and i'm not going to

10:46

cover everything right now that take

10:47

forever and

10:48

thanos is here so i'll do sudo because

10:50

we will need special permissions

10:52

user mod and let's say i want to change

10:53

that shell for iron man

10:55

i'll do iron man say that's who i want

10:57

to change it for

10:58

dash dash shell and i'll say ben

11:02

bash done and if we cap the user or the

11:05

cat the password file once more welcome

11:07

iron man you now are using bash just

11:09

like everyone else

11:09

and we can change other things too like

11:11

maybe his name like sometimes iron man

11:13

isn't iron man sometimes he's tony stark

11:15

so if we do sudo user mod once more

11:18

we'll use the switch

11:19

dash l and then we'll put in the new

11:22

information

11:23

tony stark that's his new username and

11:25

then the old one

11:26

iron man done so if i cat the password

11:30

file once more

11:30

huh he's tony stark now but we don't

11:32

need tony stark right now we need iron

11:33

man let's change it back

11:35

okay better okay here we go now again

11:37

thanos is here and we need more than

11:38

just two avengers

11:40

avengers assemble let's create more

11:42

right now real quick

11:43

fast and that is where the user add

11:45

command comes in handy because you can

11:46

add things really quickly enough to go

11:47

through a menu every single time so

11:49

we'll just do it real quick

11:50

and we also have switches to help us

11:51

with that if i do user add dash h

11:53

we can do a lot of the stuff that the

11:55

add user command does just in one line

11:57

so i'll do user add let's bring in

12:01

hulk and i'll do a dash m which dash m

12:04

will actually create a home directory

12:05

form so whereas iron man didn't get one

12:07

by default i almost forgot we need

12:09

superhero permissions there we go let's

12:11

get spider-man in here

12:13

loki why not oh we can't forget captain

12:15

america

12:16

and i suppose we'll need doctor strange

12:18

i don't like that movie that much

12:19

didn't like it at all wasn't a fan but

12:21

he kind of played a key role so we'll

12:22

put him in here

12:23

so now we have some avengers if i do uh

12:26

cat

12:27

etsy password file boom

12:31

we got them they're here if you've seen

12:33

the movies you know it doesn't go

12:35

great at first thanos does get the power

12:37

he gets the

12:38

the gauntlet or what is it called ah

12:40

okay the infinity gauntlet almost forgot

12:42

actually i did forget i had to look it

12:43

up thanos has the power and he does

12:46

flick his fingers or snaps fingers and

12:48

do some bad stuff

12:50

now i'm gonna add the user account

12:52

thanos

12:53

we're bringing him in he's there i'm

12:55

going to set his password real quick

12:57

password inevitable let's see if he's

13:00

here yep there's thanos

13:01

now here in linux the infinity gauntlet

13:03

that gives you super

13:04

awesome powers and has all the stones

13:06

and you can flick your fingers and

13:07

everyone disappears

13:09

in linux that's definitely the pseudo

13:11

command

13:12

or pseudo we haven't really dived into

13:14

that deeply just yet

13:16

but right now we are it's a command we

13:17

use all the time it stands for

13:20

super user do essentially every time we

13:22

use that command it's like we're

13:23

slipping on the infinity gauntlet

13:24

the super powerful glove and this is the

13:26

worst glove you'll ever see we slip that

13:28

glove on and for one moment

13:30

we have powers to do whatever we frickin

13:31

want so the sudo command or the sudo

13:33

command

13:34

were able to grab the powers of the

13:36

super user the root user

13:37

and use them for that command now the

13:40

super user in the system

13:41

which is the root user he's the boss he

13:43

can do whatever stinking wants on linux

13:45

he can change all the settings

13:46

he can delete all the settings he can

13:48

ruin everything delete half your stuff

13:50

rmrf man that's what thanos is gonna do

13:54

and if you can use the pseudo command to

13:55

impersonate him just for a moment

13:57

that's a pretty stinking powerful

13:59

command it's a command that you don't

14:00

want to just give to anyone you want to

14:02

restrict that access and by default it

14:04

is pretty restricted

14:05

now you can see that right now we've

14:07

been using sudo all day

14:08

we have the infinity gauntlet we can put

14:10

that sucker on and use it whenever we

14:11

want to

14:12

but not everyone can use it for example

14:14

iron man he can't use it we can actually

14:16

pretend to be iron man real quick

14:17

new command time you ready the command

14:19

is s u

14:20

s u allows us to impersonate another

14:22

user we're actually switching

14:24

users we're becoming this user so let's

14:26

become iron man

14:27

i've always wanted to be iron man let's

14:29

do this so again the command is su

14:31

we'll do a space a dash or a tick space

14:33

and then the username of who we want to

14:34

switch into

14:35

now real quick by default if you don't

14:37

put anything here just

14:38

su space dash it's going to switch you

14:41

to the root user

14:42

which we can do like watch and i don't

14:44

know the root password

14:46

um actually but we can do this we can

14:49

put our gauntlet on

14:50

put the affinity gauntlet on sudo su

14:54

space dash i just became the root user i

14:57

just became the infinity gauntlet which

14:58

is kind of weird

14:59

you never want to become the infinity

15:00

gauntlet never log in as root that's why

15:02

we have sudo so i'm going to hit ctrl

15:04

d or we can just type in exit or

15:07

log out either of any of those so i'll

15:10

just do ctrl d

15:11

to become myself again but anyways back

15:13

to becoming iron man so i'll do su

15:14

space dash iron man now doing this

15:18

without the gauntlet on i will have to

15:20

know iron man's password this goes for

15:22

any time you use the su command but if i

15:24

were to use sudo

15:25

and put my gauntlet back on i don't have

15:27

to put a password in but anyways

15:29

i'll become iron man put his password in

15:31

jarvis

15:32

i'm iron man now iron man is pretty

15:34

powerful but he cannot use a pseudo

15:35

command let's try it real quick

15:37

i'll do sudo and i'll try to add a user

15:39

user add

15:40

let's try to bring in pepper potts his

15:42

wife right yeah wife

15:43

that's gonna ask for a pseudo password

15:45

okay just type in jarvis

15:47

things are looking pretty good right no

15:49

we're in trouble

15:50

you're not in the sudoers file this

15:52

incident will be reported you're like

15:54

you're grounded iron man you can't do

15:56

this i do love that we're talking about

15:57

marvel and we have this spider-man line

15:59

that comes in

16:00

anyways that's an overused line anyway

16:02

um so real quick

16:03

what is this right here the sue doers

16:06

file which is a very very awkward phrase

16:09

basically this file the sudor's file

16:11

defines

16:12

who can use sudo who can wear the

16:14

gauntlet right now iron man

16:16

is not in that file so we can't put it

16:18

on so what do you say we go take a look

16:19

at that file i know you're itching to so

16:20

let's do it real quick now the scooters

16:22

file is a very important file that you

16:23

don't want to jack up

16:24

and you can jack it up you can ruin your

16:26

entire system by

16:27

messing up the scenarios file but there

16:29

are some checks in place to keep you

16:30

safe now normally in linux

16:31

to edit a file you might just use your

16:33

default text editor right the one you

16:35

love like we might use

16:36

nano or them but with a suitor's file

16:39

the best practice is to do but with the

16:40

scooter

16:41

but with these two doors file there's a

16:42

certain way we have to do it now we will

16:44

have to use sudo to do this so i'm going

16:45

to stop being iron man for a second i'm

16:47

going to

16:48

ctrl d to log out of iron man okay i'm

16:50

me again the command will be sudo

16:52

and then right after that it'll be vi

16:56

sudo this is the only best practice

16:58

recommended way to

16:59

edit the sudoers file so let's uh get in

17:02

there and take a look and it's not a

17:03

crazy big file either it's kind of

17:05

simple in a way so i'll hit enter

17:07

and we're in and then i'll scroll down

17:08

through this document to

17:10

about here right here is where we're

17:12

able to see who's got permission to do

17:14

what obviously root can use sudo and

17:16

i'll explain what all this means here in

17:18

a moment and then down here in this

17:19

section we have allowed members of a

17:20

group

17:21

pseudo access or pseudo to execute any

17:23

command and then just below that we have

17:25

something else we have a percent sign

17:26

and then

17:27

pseudo this actually is a group and if

17:29

you're a member of this group the sudo

17:31

group

17:32

well you can do all this and what this

17:34

actually means is you can enter

17:35

any command at all and you don't have to

17:37

enter

17:39

a password which is pretty dangerous

17:40

kind of risky but

17:42

it's okay so if you're in this file

17:45

you have the power and thanos does have

17:47

the power let's go ahead and add thanos

17:48

real quick

17:49

we'll pretend he's already in there so

17:51

just under root i'm going to add thanos

17:53

so we'll start with the username which

17:54

is

17:55

thanos the first option here is what

17:57

systems

17:58

can thanos have ultimate power on well

18:01

it's the infinity gauntlet

18:02

all systems and this would be if they're

18:04

like multi-system situations but

18:06

and then i'll do a space equals not plus

18:09

sign

18:09

equals all and that all stands for all

18:13

commands now if you want to just give

18:15

thanos options to do one thing like

18:16

maybe add a user we might do forward

18:18

slash

18:19

sbn forward slash user add giving him

18:22

access to that one command

18:24

we don't want to do that thanos has all

18:26

power

18:27

oh and that's all we need i'm going to

18:29

hit control

18:30

x to say i want out of here don't want

18:32

to save it hit y

18:33

hit enter to write it to that file and

18:36

thanos is there

18:37

he's got the gauntlet on he can do

18:38

whatever he wants let's see if he can

18:40

we're going to become thanos for a

18:41

second so i'll do sudo

18:44

su space dash space thanos

18:47

we're thanos right now so let's do sudo

18:49

user ad what's another bad guy he uses

18:51

oh yeah his daughter nebulous little

18:53

spring nebula in here the stanos have

18:55

access let's see

18:57

what's his password inevitable yep

19:00

it did it worked so let's cap the uh

19:03

password file yep there's nebula

19:05

so thanos has ultimate power he's got

19:07

the gauntlet on

19:08

and crap he's about to snap you ready

19:11

he's going to delete half the

19:12

population in our case half the avengers

19:14

we have here to delete a user

19:16

new new command time it's terrible but

19:19

new command time coffee break

19:22

okay i'm ready sudo user

19:25

del or user delete as you might expect

19:28

this command will

19:29

delete a user and we'll take out thor

19:32

thor is gone if we catch the password

19:35

file

19:36

thor he's gone pseudo user delete

19:39

spider-man gone bye doctor strange

19:43

gone and just like that with a snap of

19:44

his fingers we're down to

19:46

hulk loki and captain america oh and

19:49

iron man two there he is

19:50

and just when it seems hopeless just

19:52

when it seems all is lost the avengers

19:54

have a plan ant-man comes in somehow

19:56

quantum stuff anyways we need the

19:57

gauntlet we need pseudo access to be

19:59

able to

20:00

bring captain america back and all the

20:01

other people got got deleted so let's do

20:03

this right now so

20:04

we're gonna explore a new concept we're

20:06

going to create a group to do that

20:08

new command time here we go we'll do

20:11

sudo group

20:12

add and as you might expect group add

20:14

will simply add a new group i'll do a

20:16

space i'll name my group

20:18

infinite

20:21

gauntlet does spell that right i don't

20:24

care that's what it's going to be called

20:26

and the group is there but how do we

20:28

know where is that group at

20:29

well just like we have a password file

20:31

to look at our users in the system

20:33

we have a file to look at the groups and

20:35

it's much more self-explanatory it makes

20:37

more sense

20:38

i'm going to cat the etsy group

20:41

file and there it is infinity gauntlet

20:45

right there

20:45

as well as every other group that was

20:47

created for our users

20:49

i told you whenever a user account is

20:50

created also they have a group created

20:52

for themselves as well

20:53

now what i want to do is make sure that

20:54

the members of the infinity gauntlet

20:56

group

20:56

do have ultimate power because you mean

20:58

you should you have the infinity

21:00

gauntlet on

21:00

so we need to add the infinity gauntlet

21:02

group to our sudoers file

21:04

let's do that real quick so again we'll

21:05

do sudo vi sudo to edit that file the

21:08

only way to do it don't you ever do it a

21:09

different way

21:10

i'm just kidding but seriously um let's

21:13

edit that file we're gonna scroll down

21:14

to

21:15

where we were and then right here right

21:17

now we see that members of the sudo

21:19

group

21:20

can do whatever they want and actually

21:21

real quick let me show you the reason we

21:23

can do whatever we want

21:24

is because we're members of the sudo

21:26

group if i do

21:27

actually new command time if you just

21:29

type in group i'm sorry

21:31

groups groot

21:34

it'll tell you what groups you are a

21:36

member of the current user account

21:37

you're logged in as and here i'm a

21:38

member of my own group user 86527

21:40

and the pseudo group which gives me

21:43

gauntlet

21:44

access anyways let's make sure the

21:45

gauntlet does have the appropriate

21:47

permissions here so just under

21:49

the sudo group i'm going to add percent

21:51

infinity

21:54

gauntlet make sure you spell it right

21:56

i'll do a space and i'll pretty much

21:57

copy the one just above it i'll say all

21:58

which again is all systems

22:00

space equal sign space i'll say no

22:02

password which is nopa sswd like we see

22:05

here

22:06

i'll do a colon and say all essentially

22:08

it's saying you can do everything you

22:09

want

22:10

all commands and you don't need a

22:11

password you got all them stones

22:13

anyways so i'm going to hit control now

22:16

actually you know what real quick before

22:17

i do that

22:18

i'm going to mess it up like i mentioned

22:20

before if you mess up your suitors file

22:22

you can break the entire system

22:24

there is some checks in there that'll

22:26

keep you safe so i'll just go

22:29

and i hit control x to get out of there

22:32

yes to save hit enter it'll say whoa

22:35

whoa whoa

22:36

there is a syntax error right there not

22:38

supposed to do that what are you doing

22:40

what are you going to do now what do you

22:41

want to do are you sure you want to save

22:42

this if i hit enter it will give me some

22:44

options

22:44

and i love this it's like you might want

22:47

to go edit it again hit e

22:48

hit x to get out of there and don't save

22:50

it just forget what you're doing you

22:51

don't know what you're doing or says you

22:52

know what if you're pretty confident

22:53

just hit q and say you want to save it

22:55

danger um let's be smart let's hit e to

22:59

edit it

23:00

and remove that crap we put in there and

23:02

then we can hit ctrl

23:03

x y and enter no errors we're good

23:07

so the infinity gauntlet group does have

23:10

ultimate sudo

23:11

super user due powers and now what's

23:13

left is the avengers have to somehow

23:15

become part of that group

23:16

put on the glove and change history and

23:18

if you've seen the movie

23:19

spoiler alert um iron man he does this

23:22

so we need to somehow get iron man into

23:25

the infinity gauntlet group let's do

23:26

that right now now real quick let's

23:28

demonstrate that iron man can't do crap

23:29

right now so if i

23:30

become iron man and i try to bring back

23:34

spider-man i can't i don't have the

23:36

glove i can't do it man iron man is

23:37

helpless but let's add them to the group

23:39

so to add a user to a group

23:40

pretty simple we're going to use the

23:41

same command we used earlier to modify a

23:43

user the user mod command

23:45

so we'll do sudo and keeping in mind i'm

23:47

logged in as me now not ironman anymore

23:49

i'll do sudo

23:50

user mod and the switch is dash

23:53

g now dash g by itself will add this

23:56

user to a group

23:57

but it will add it to that group and

23:59

kind of eliminate all other groups

24:01

you may not want to do that so we often

24:03

want to change this to

24:04

dash lowercase a capital g the a stands

24:08

for append

24:08

so this command here we're appending the

24:10

groups that ironman

24:12

is part of so just after dash ag we'll

24:15

type in

24:16

the group which is infinity gauntlet

24:19

and then the user we want to add which

24:21

will be iron man

24:22

just like that iron man has the glove on

24:25

we can actually see if that's happening

24:26

by going to

24:27

or catting the group file

24:30

etsy group and here we can see the

24:33

infinity gauntlet group

24:34

the members over here on the right and

24:35

there's iron man right there now again

24:37

if you saw the movie you know that iron

24:38

man and

24:39

and thanos were kind of wrestling with

24:41

the gloves so thanos was in the group

24:43

too

24:43

they kept going back and forth let me

24:45

add thanos in there real quick

24:46

so yes right now iron man and thanos are

24:48

both part of this group they both have

24:49

super awesome

24:50

powerful pseudo access but eventually

24:53

iron man does wrestle the

24:55

glove off of thanos and puts it on

24:56

himself so new command time how do you

24:58

remove

24:59

a user from a group this command is

25:01

called g password

25:03

the commands sometimes are weird um so

25:05

we'll do sudo

25:06

g pass wd we're gonna do dash d for

25:09

delete specify the user we want to

25:11

remove which will be

25:13

thanos take that off take that take it

25:15

and then we'll specify the group

25:17

infinity gauntlet take that thanos look

25:20

at the group once more

25:21

no one's in there so anyways iron man he

25:23

has the gauntlet

25:24

he snaps his fingers and he creates the

25:27

users we lost

25:28

let me become iron man i am iron man

25:31

pseudo

25:32

user ad captain america pseudo

25:35

user ad spiderman done we'll bring back

25:39

doctor strange

25:40

and i forgot who else but anyways you

25:41

get the picture right iron man has the

25:43

gauntlet on he has the power he's part

25:45

of the group

25:46

and he can now bring back everyone and

25:48

shoot while he's at it let's defeat

25:50

thanos right

25:51

sudo user delete

25:55

thanos here we go

25:58

goodbye thanos and then finally iron man

26:00

realizes the infinity gauntlet it's too

26:02

powerful

26:03

for anyone to possess so he destroys it

26:05

i think that's what happens

26:06

that's what we're going to do right now

26:07

so using the principle of least

26:08

privilege

26:09

we're going to remove the the infinity

26:11

gauntlet group we're going to delete

26:12

that group by doing the

26:14

group delete command in fact iron man

26:16

will do it himself right now and he's

26:17

going to

26:18

delete his access to do it at the same

26:20

time which is kind of weird right

26:21

so sudo group delete uh new command time

26:25

i forgot to sit man

26:26

which obviously means we're gonna be

26:28

deleting a group and the usage is pretty

26:30

straightforward just after group delete

26:32

we'll enter the name of the group

26:33

infinity gauntlet now this does not

26:36

delete any

26:37

users in that group it just deletes the

26:39

group and gone are also iron man's

26:41

privileges to do anything special

26:42

anymore

26:43

for example if he got greedy and wanted

26:45

to create the group once more

26:47

sorry iron man you don't have it anymore

26:49

and i think you have other problems to

26:50

worry about

26:51

we did it i think like we saved the

26:53

world right i mean iron man's

26:54

not okay but we we learned how to manage

26:57

users and linux and in the process we

26:59

assembled the avengers and took away the

27:01

infinity gauntlet destroyed it and saved

27:03

the world

27:04

yeah but seriously we learned a lot

27:06

today we learned how to manage users in

27:07

linux

27:08

add them delete them groups permissions

27:11

all that

27:12

and that's essential to managing a linux

27:13

system to becoming a hacker to doing

27:16

anything with linux now and

27:17

pretty much every area of it involves

27:19

linux and also if you want a quick

27:21

review of what we covered in text form

27:23

uh mosey on over to hack the box academy

27:25

the page we were at the whole time

27:26

and look it over they've got the

27:27

commands we we talked about in text form

27:30

and they also have a delightful quiz at

27:32

the very bottom to test your knowledge

27:33

and see how you do

27:34

and if you get it right you earn cubes

27:36

back which with the junk or cubes

27:38

go watch episode one if you don't know

27:39

what they are also if you want to test

27:41

your skills even further

27:42

i've got a quiz in the description below

27:44

it's free click the link

27:45

and uh let's see what you got and again

27:47

huge shout out to our sponsor hack the

27:49

box academy

27:50

it's free to access right now to do what

27:52

we've been doing here if you want to go

27:53

further and learn how to hack wordpress