1. Shells
A shell is a command-line interpreter that provides a user interface for accessing the operating system’s services. It’s where you type commands that the kernel then executes. Different shells offer various features, scripting capabilities, and customization options.
Common Shells in Linux:
- Bash (Bourne-Again SHell): The most common default shell in Linux distributions. It’s a powerful and feature-rich shell with command-line editing, history, aliases, and scripting capabilities.
- Sh (Bourne Shell): An older, simpler shell. Bash is largely compatible with Sh.
- Zsh (Z Shell): A highly customizable shell with advanced features like improved tab completion, theme support, and powerful globbing.
- Csh (C Shell) / Tcsh (TENEX C Shell): Shells with a C-like syntax, often preferred by programmers.
- Ksh (Korn Shell): A powerful shell that combines features of Bash and Csh.
How to check a user’s default shell:
The default shell for a user is specified in the last field of their entry in the /etc/passwd file.
Example:
To see your current shell:
$ echo $SHELL /bin/bash
To see the default shell for a specific user (e.g., ‘john’):
$ grep ^john /etc/passwd john:x:1001:1001:John Doe,,,:/home/john:/bin/bash
Here, /bin/bash is John’s default shell.
2. Restricted Shells
A restricted shell is a special type of shell designed to limit the commands and actions a user can perform. This is often used for security purposes, such as for FTP users, kiosk systems, or accounts that should only run specific applications.
Common Restrictions:
- Cannot change directories (
cd). - Cannot set or unset environment variables.
- Cannot execute commands containing slashes (
/), preventing execution of commands outside the user’s PATH or specific allowed directories. - Cannot redirect output using
>,>>,<, etc.
Example:
The most common restricted shell is rbash (restricted bash), which is usually a hard link to bash or a symbolic link to /bin/bash invoked with the -r option.
To set a user's shell to rbash:
$ sudo usermod -s /bin/rbash newuser
When 'newuser' logs in, they will be in a restricted environment. For example, they might not be able to run cd / or execute commands like /bin/ls directly.
Another way to create a restricted environment is using tools like chroot or specialized applications that provide a jailed environment.
3. User Management Commands
Linux provides several command-line utilities for managing user and group accounts. These commands require root privileges (or sudo) to execute.
Key Commands:
| Command | Description | Example |
|---|---|---|
useradd | Creates a new user account. | sudo useradd -m newuser (creates user and home directory) |
usermod | Modifies an existing user account. | sudo usermod -aG sudo newuser (adds 'newuser' to 'sudo' group) |
userdel | Deletes a user account. | sudo userdel -r olduser (deletes user and their home directory) |
passwd | Sets or changes a user's password. | sudo passwd newuser (prompts for new password for 'newuser') |
groupadd | Creates a new group. | sudo groupadd developers |
groupmod | Modifies an existing group. | sudo groupmod -n devgroup developers (renames 'developers' to 'devgroup') |
groupdel | Deletes a group. | sudo groupdel oldgroup |
id | Displays user and group IDs for the current user or a specified user. | id john |
groups | Displays the groups a user belongs to. | groups john |
Example Usage:
Creating a new user 'student' with a home directory and setting their password:
$ sudo useradd -m student $ sudo passwd student
Adding 'student' to the 'teachers' group:
$ sudo usermod -aG teachers student
Deleting a user 'tempuser' and their home directory:
$ sudo userdel -r tempuser
4. Homes and Permissions
Every user account typically has a dedicated home directory (e.g., /home/username) where they store their personal files, documents, and configurations. Proper permissions on home directories are crucial for privacy and security.
Default Home Directory Permissions:
When a new user and their home directory are created, the default permissions are usually drwxr-xr-x (755). This means:
- Owner (user): Read, Write, Execute (
rwx) - The user can create, delete, and modify files within their home directory. - Group: Read, Execute (
r-x) - Members of the user's primary group can read and traverse the directory, but not modify its contents. - Others: Read, Execute (
r-x) - All other users can read and traverse the directory, but not modify its contents.
For stricter privacy, some systems might set home directory permissions to drwx------ (700), meaning only the owner has access.
Managing Permissions:
chmod: Changes file and directory permissions.chown: Changes file and directory ownership.chgrp: Changes file and directory group ownership.
Example:
Checking permissions of a home directory:
$ ls -ld /home/john drwxr-xr-x 4 john john 4096 Jul 29 10:30 /home/john
Changing a file's permissions to be readable and writable only by the owner:
$ chmod 600 /home/john/private_doc.txt
Changing the owner of a file to 'admin':
$ sudo chown admin /path/to/file.txt
Changing the group owner of a file to 'developers':
$ sudo chgrp developers /path/to/project_file.txt