sudo = POWER!! (managing users in Linux) // Linux for Hackers // EP4

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

managing users in linux this is essential you got to know this if you want to get into linux or become a hacker or do anything don't skip this so assemble the avengers we gotta stop thanos what welcome to linux for hackers and everyone because everyone needs to learn linux this is episode 4 and you don't want to miss this when we're talking about user management user accounts and linux and we're pretty much going to cover everything from creating users deleting them changing them creating groups deleting those putting on the infinity gauntlet and giving yourself super godlike permissions which is also known as sudo or the sudoer's file we'll cover all that and yeah we're gonna assemble the avengers and stop thanos we're going to save the world and when i say we i mean we because you're going to do this with me you're getting a free linux lab right here in this video check the link in the description thanks to our sponsor hack the box academy it's seriously amazing free to sign up hack the box academy is basically a trading ground for hackers good hackers mind you so if you want to follow along with me learn how to manage users in linux and save the world then click the link below get signed up for free and you'll have a linux lab right here in your browser and then of course whatever else you want to learn regarding hacking it's there so check that out too also hack the box academy now has a student subscription and you get cpe credits for completing tier 1 modules or above kind of killer check it out link below to learn more have you hacked the youtube algorithm today let's make sure you do hit that like button subscribe comment notification bell let's hack youtube today ethically of course anyways no time to waste get your stinking coffee let's do this right now okay here we go we're going to learn nearly everything you need to know about managing users and linux and we're gonna have a bit of fun with it too so get your copy and let's go now first we gotta launch our lab our free linux lab from hack the box academy so go ahead and navigate out there hack the blogs account of me they are our sponsor and they're amazing it's completely free if you haven't already signed up we'll get signed up i've got a video walking you through that right here so log in to hack the box academy go and click on the linux fundamentals course to get started go ahead and open up the user management module right here and then to launch our free amazing phone box our lab scroll about halfway down and click on start instance and it's going to start quick coffee break just a little sip and it is ready go ahead and click on interact to uh interact with it and i've said it before this is amazing it's your free linux lab in your browser that you can mess with and break things and let's do this okay let's talk about users every computer system has a user including linux and you know what you're a user to be able to log into the server this linux box and do anything you have to be a user on the system which user are you let's see in a previous video we showed this already so let's go ahead and launch our terminal our green or yellow box up at the top here this is launching our shell if you don't know what that is we'll go back to the last video and watch that one we talk all about it to quickly see who you are you simply type in who am i and there you are your user account and you as user 86527 can log into this linux machine and do stuff you can launch programs play games hack create things delete things if you have the right permissions we'll cover that here in a moment you you can do a lot of stuff as a user of the system but not all users are the same now hey i've got some bad news we're under attack our system our linux box here we're being attacked by thanos that's his name right the bad guy from avengers yes thanos he's attacking us bad guy thanos is gonna snap his fingers and destroy all our user accounts and we won't be able to have fun on linux anymore we have to stop him but how do we do that avengers assemble we need the avengers right let's call them do they have like a bat signal i don't know how you call them they just know they need help right or that we need help but they're not in our system right now we have to create these user accounts to come and stop thanos before he snaps anyways let's start by adding the avengers to our system let's start with thor he's my favorite so the command will be add user thor and honestly it's that simple that's all we need the command add user will obviously add a user but it's not the only one that does this by the way just so you know there's add user and then confusingly there's another one called user add which they do both add a user but this command right here is a little lazy he doesn't do as much whereas this command will do a lot i'll show you the difference here real quick we'll bring in our other avengers anyways let's add thor real quick now i'm going to hit enter but it's not going to work watch only root may add a user a group to the system now what is a root i mean root's another user on the system if you watched our previous videos in the series you would know all about root not groot root but we're going to temporarily borrow some power from the root which he's also known as the super user um so what we're going to do here is hit the up arrow to get our command back in there add user thor we're going to go to the beginning of our command and type in sudo or it's also often pronounced soo do but it's spelt sudo so i want to say that this is kind of like saying please in linux please do this i'm getting super powers to do this again i'll explain more about that here in a moment but anyways this is gonna work okay cool we got a fun prompt here let's put a password in for thor i'm gonna say hammer type it in again hammer full name i think it's just thor it'll ask you for all this random information you don't have to put it all in just enter enter enter is it correct sure and thor's created he is now a user on the system but how do we know that where is he well to find out what users are on your system there's one simple place to look i'm going to clear my screen real quick by typing in clear or i can just do control l whoo nice and clean there's a file in the system that has a list of every user on this box or this system we're going to use the command cat which we learned before we're going to cat the forward slash etsy forward slash pass wd when we do that here's what happens boom bunch of users on our system i bet you're surprised like where all these users come from i mean the first two we recognize right i mean the last two uh this one right here is us user blah blah and then thor the one we just created there he is all these other entries are indeed user accounts on this system and they do serve a purpose a lot of these you can't log in with like right here it says no login on this account they do serve a purpose not the topic for another video anyways now real quick what does all this right here mean it's kind of gobbledygook right i mean the first bit we understand what it is the username thor and user blah blah blah but what's all the stuff after it well just after the username we have just an x sitting there all by himself in fact you'll see this on pretty much every user account appear x max and what the x indicates is that your password is stored in a separate file called the shadow file more specifically it's in a place called etsy shadow in linux we store our passwords in the shadows where they're hidden you can't see them but for real if we go to it real quick we can actually look at it let's do cat etc etsy shadow oh permission deny we need some listen please sudo there we go and right here next to the username thor we have his password which that's actually not his password that's the hashed version topic for another time anyways now just after x we have two numbers and they're the same we have one thousand one and one thousand one what are those well those are his ids the first one is his user id or a uid it's a number which you can obviously see it's 1001. the second one is his group id we'll cover groups here in a second but just know that when we create a user in linux we both create a user and a group for that user so we have a username named thor we also have a group named thor and the member of that group is thor and then after that we got some like random filler stuff like his name and comments and stuff and then after that we have his home directory where he gives his hammer and his chest plate i don't know what thor has his hair ties for thor his home directory is in the same place that a lot of people's home directories are home and then a directory called thor we'll look at that here in a moment and then just after that we have his default shell when thor logs into the system what shell is he going to be given again if you don't know what i'm talking about go look at our previous video but by default when we created his user account with the add user command it's going to be bash so that is what all that gobbledygook means now let me show you what the user add command does our alternative command which is kind of weird so we have thor he's pretty awesome but we need some extra help i think we need iron man yeah yeah let's get iron man in here so we'll do sudo and instead of add user we're gonna we're gonna do user add and same as before we'll just type in the user name iron man and watch what happens here it is different it's simple that's it so remember add user like asks hey put in his password uh what's his first name last name what's social security number favorite flavor ice cream like all that stuff this one just says okay you're like uh what else what do i do now that's what i meant by saying that command is lazy because he doesn't do anything but just say okay yeah here's a user account i'm not gonna do anything else like set the password for you like you can do that yourself um and i'll show you how to do that here in a second but right now iron man is created but you can't really do much with him so if we cat our password file again to see what user accounts we have in our system cat slash etsy pass wd he's there iron man is shown up but there's a few things missing now for example he has the x there saying that his password's in the shadow file but is it really because we didn't set a password did we also notice here that um his default shell is different it's sh for shell instead of bash so real quick i want to take a look at the shadow file to see if the stuff is there that's interesting you can see that he does have an entry in the shadow file but it doesn't seem to be a password and i don't think it is but we can set this password real quick command to set a password for someone or change a password for any username is going to be password without the o-r i'll show you so we'll we'll need super powers sudo command is p-a-s-s-w-d and then the user name so i'll type in iron man and now we can set his password jarvis there we go he's got a legit hash there so we know it's working now one thing the ad user command did not do for iron man is it did not give him a home he doesn't have a house right now he doesn't have a home directory if i navigate to the home directory well all the user directories live i go cd forward slash home and i type in ls i can see there are two directories there for thor and then for me but iron man he doesn't have a home dude and that's one downside of using the user ad command is again he's lazy he doesn't do this kind of stuff if i jump into the thor directory by doing cd thor and then lsing his contents yeah he's got a desktop he's got templates if i do ls dash al to reveal the hidden files he's got a bunch of stuff going on in there which we're not going to get into right now i mean it is important but right now we got to save the world thor is here and he's coming clear our screen now if we cap the password file again etsy pass wd i'm super annoyed that iron man's default shell is not the same as everyone else's it's just sh let's make sure it is bash we can modify user account new command time are you ready the command is user mod which stands for user modification and as you might expect it will modify a user account now there are a ton of things we can change if you do dash h for help to see like what can i do with this it'll tell you a lot of stuff and i'm not going to cover everything right now that take forever and thanos is here so i'll do sudo because we will need special permissions user mod and let's say i want to change that shell for iron man i'll do iron man say that's who i want to change it for dash dash shell and i'll say ben bash done and if we cap the user or the cat the password file once more welcome iron man you now are using bash just like everyone else and we can change other things too like maybe his name like sometimes iron man isn't iron man sometimes he's tony stark so if we do sudo user mod once more we'll use the switch dash l and then we'll put in the new information tony stark that's his new username and then the old one iron man done so if i cat the password file once more huh he's tony stark now but we don't need tony stark right now we need iron man let's change it back okay better okay here we go now again thanos is here and we need more than just two avengers avengers assemble let's create more right now real quick fast and that is where the user add command comes in handy because you can add things really quickly enough to go through a menu every single time so we'll just do it real quick and we also have switches to help us with that if i do user add dash h we can do a lot of the stuff that the add user command does just in one line so i'll do user add let's bring in hulk and i'll do a dash m which dash m will actually create a home directory form so whereas iron man didn't get one by default i almost forgot we need superhero permissions there we go let's get spider-man in here loki why not oh we can't forget captain america and i suppose we'll need doctor strange i don't like that movie that much didn't like it at all wasn't a fan but he kind of played a key role so we'll put him in here so now we have some avengers if i do uh cat etsy password file boom we got them they're here if you've seen the movies you know it doesn't go great at first thanos does get the power he gets the the gauntlet or what is it called ah okay the infinity gauntlet almost forgot actually i did forget i had to look it up thanos has the power and he does flick his fingers or snaps fingers and do some bad stuff now i'm gonna add the user account thanos we're bringing him in he's there i'm going to set his password real quick password inevitable let's see if he's here yep there's thanos now here in linux the infinity gauntlet that gives you super awesome powers and has all the stones and you can flick your fingers and everyone disappears in linux that's definitely the pseudo command or pseudo we haven't really dived into that deeply just yet but right now we are it's a command we use all the time it stands for super user do essentially every time we use that command it's like we're slipping on the infinity gauntlet the super powerful glove and this is the worst glove you'll ever see we slip that glove on and for one moment we have powers to do whatever we frickin want so the sudo command or the sudo command were able to grab the powers of the super user the root user and use them for that command now the super user in the system which is the root user he's the boss he can do whatever stinking wants on linux he can change all the settings he can delete all the settings he can ruin everything delete half your stuff rmrf man that's what thanos is gonna do and if you can use the pseudo command to impersonate him just for a moment that's a pretty stinking powerful command it's a command that you don't want to just give to anyone you want to restrict that access and by default it is pretty restricted now you can see that right now we've been using sudo all day we have the infinity gauntlet we can put that sucker on and use it whenever we want to but not everyone can use it for example iron man he can't use it we can actually pretend to be iron man real quick new command time you ready the command is s u s u allows us to impersonate another user we're actually switching users we're becoming this user so let's become iron man i've always wanted to be iron man let's do this so again the command is su we'll do a space a dash or a tick space and then the username of who we want to switch into now real quick by default if you don't put anything here just su space dash it's going to switch you to the root user which we can do like watch and i don't know the root password um actually but we can do this we can put our gauntlet on put the affinity gauntlet on sudo su space dash i just became the root user i just became the infinity gauntlet which is kind of weird you never want to become the infinity gauntlet never log in as root that's why we have sudo so i'm going to hit ctrl d or we can just type in exit or log out either of any of those so i'll just do ctrl d to become myself again but anyways back to becoming iron man so i'll do su space dash iron man now doing this without the gauntlet on i will have to know iron man's password this goes for any time you use the su command but if i were to use sudo and put my gauntlet back on i don't have to put a password in but anyways i'll become iron man put his password in jarvis i'm iron man now iron man is pretty powerful but he cannot use a pseudo command let's try it real quick i'll do sudo and i'll try to add a user user add let's try to bring in pepper potts his wife right yeah wife that's gonna ask for a pseudo password okay just type in jarvis things are looking pretty good right no we're in trouble you're not in the sudoers file this incident will be reported you're like you're grounded iron man you can't do this i do love that we're talking about marvel and we have this spider-man line that comes in anyways that's an overused line anyway um so real quick what is this right here the sue doers file which is a very very awkward phrase basically this file the sudor's file defines who can use sudo who can wear the gauntlet right now iron man is not in that file so we can't put it on so what do you say we go take a look at that file i know you're itching to so let's do it real quick now the scooters file is a very important file that you don't want to jack up and you can jack it up you can ruin your entire system by messing up the scenarios file but there are some checks in place to keep you safe now normally in linux to edit a file you might just use your default text editor right the one you love like we might use nano or them but with a suitor's file the best practice is to do but with the scooter but with these two doors file there's a certain way we have to do it now we will have to use sudo to do this so i'm going to stop being iron man for a second i'm going to ctrl d to log out of iron man okay i'm me again the command will be sudo and then right after that it'll be vi sudo this is the only best practice recommended way to edit the sudoers file so let's uh get in there and take a look and it's not a crazy big file either it's kind of simple in a way so i'll hit enter and we're in and then i'll scroll down through this document to about here right here is where we're able to see who's got permission to do what obviously root can use sudo and i'll explain what all this means here in a moment and then down here in this section we have allowed members of a group pseudo access or pseudo to execute any command and then just below that we have something else we have a percent sign and then pseudo this actually is a group and if you're a member of this group the sudo group well you can do all this and what this actually means is you can enter any command at all and you don't have to enter a password which is pretty dangerous kind of risky but it's okay so if you're in this file you have the power and thanos does have the power let's go ahead and add thanos real quick we'll pretend he's already in there so just under root i'm going to add thanos so we'll start with the username which is thanos the first option here is what systems can thanos have ultimate power on well it's the infinity gauntlet all systems and this would be if they're like multi-system situations but and then i'll do a space equals not plus sign equals all and that all stands for all commands now if you want to just give thanos options to do one thing like maybe add a user we might do forward slash sbn forward slash user add giving him access to that one command we don't want to do that thanos has all power oh and that's all we need i'm going to hit control x to say i want out of here don't want to save it hit y hit enter to write it to that file and thanos is there he's got the gauntlet on he can do whatever he wants let's see if he can we're going to become thanos for a second so i'll do sudo su space dash space thanos we're thanos right now so let's do sudo user ad what's another bad guy he uses oh yeah his daughter nebulous little spring nebula in here the stanos have access let's see what's his password inevitable yep it did it worked so let's cap the uh password file yep there's nebula so thanos has ultimate power he's got the gauntlet on and crap he's about to snap you ready he's going to delete half the population in our case half the avengers we have here to delete a user new new command time it's terrible but new command time coffee break okay i'm ready sudo user del or user delete as you might expect this command will delete a user and we'll take out thor thor is gone if we catch the password file thor he's gone pseudo user delete spider-man gone bye doctor strange gone and just like that with a snap of his fingers we're down to hulk loki and captain america oh and iron man two there he is and just when it seems hopeless just when it seems all is lost the avengers have a plan ant-man comes in somehow quantum stuff anyways we need the gauntlet we need pseudo access to be able to bring captain america back and all the other people got got deleted so let's do this right now so we're gonna explore a new concept we're going to create a group to do that new command time here we go we'll do sudo group add and as you might expect group add will simply add a new group i'll do a space i'll name my group infinite gauntlet does spell that right i don't care that's what it's going to be called and the group is there but how do we know where is that group at well just like we have a password file to look at our users in the system we have a file to look at the groups and it's much more self-explanatory it makes more sense i'm going to cat the etsy group file and there it is infinity gauntlet right there as well as every other group that was created for our users i told you whenever a user account is created also they have a group created for themselves as well now what i want to do is make sure that the members of the infinity gauntlet group do have ultimate power because you mean you should you have the infinity gauntlet on so we need to add the infinity gauntlet group to our sudoers file let's do that real quick so again we'll do sudo vi sudo to edit that file the only way to do it don't you ever do it a different way i'm just kidding but seriously um let's edit that file we're gonna scroll down to where we were and then right here right now we see that members of the sudo group can do whatever they want and actually real quick let me show you the reason we can do whatever we want is because we're members of the sudo group if i do actually new command time if you just type in group i'm sorry groups groot it'll tell you what groups you are a member of the current user account you're logged in as and here i'm a member of my own group user 86527 and the pseudo group which gives me gauntlet access anyways let's make sure the gauntlet does have the appropriate permissions here so just under the sudo group i'm going to add percent infinity gauntlet make sure you spell it right i'll do a space and i'll pretty much copy the one just above it i'll say all which again is all systems space equal sign space i'll say no password which is nopa sswd like we see here i'll do a colon and say all essentially it's saying you can do everything you want all commands and you don't need a password you got all them stones anyways so i'm going to hit control now actually you know what real quick before i do that i'm going to mess it up like i mentioned before if you mess up your suitors file you can break the entire system there is some checks in there that'll keep you safe so i'll just go and i hit control x to get out of there yes to save hit enter it'll say whoa whoa whoa there is a syntax error right there not supposed to do that what are you doing what are you going to do now what do you want to do are you sure you want to save this if i hit enter it will give me some options and i love this it's like you might want to go edit it again hit e hit x to get out of there and don't save it just forget what you're doing you don't know what you're doing or says you know what if you're pretty confident just hit q and say you want to save it danger um let's be smart let's hit e to edit it and remove that crap we put in there and then we can hit ctrl x y and enter no errors we're good so the infinity gauntlet group does have ultimate sudo super user due powers and now what's left is the avengers have to somehow become part of that group put on the glove and change history and if you've seen the movie spoiler alert um iron man he does this so we need to somehow get iron man into the infinity gauntlet group let's do that right now now real quick let's demonstrate that iron man can't do crap right now so if i become iron man and i try to bring back spider-man i can't i don't have the glove i can't do it man iron man is helpless but let's add them to the group so to add a user to a group pretty simple we're going to use the same command we used earlier to modify a user the user mod command so we'll do sudo and keeping in mind i'm logged in as me now not ironman anymore i'll do sudo user mod and the switch is dash g now dash g by itself will add this user to a group but it will add it to that group and kind of eliminate all other groups you may not want to do that so we often want to change this to dash lowercase a capital g the a stands for append so this command here we're appending the groups that ironman is part of so just after dash ag we'll type in the group which is infinity gauntlet and then the user we want to add which will be iron man just like that iron man has the glove on we can actually see if that's happening by going to or catting the group file etsy group and here we can see the infinity gauntlet group the members over here on the right and there's iron man right there now again if you saw the movie you know that iron man and and thanos were kind of wrestling with the gloves so thanos was in the group too they kept going back and forth let me add thanos in there real quick so yes right now iron man and thanos are both part of this group they both have super awesome powerful pseudo access but eventually iron man does wrestle the glove off of thanos and puts it on himself so new command time how do you remove a user from a group this command is called g password the commands sometimes are weird um so we'll do sudo g pass wd we're gonna do dash d for delete specify the user we want to remove which will be thanos take that off take that take it and then we'll specify the group infinity gauntlet take that thanos look at the group once more no one's in there so anyways iron man he has the gauntlet he snaps his fingers and he creates the users we lost let me become iron man i am iron man pseudo user ad captain america pseudo user ad spiderman done we'll bring back doctor strange and i forgot who else but anyways you get the picture right iron man has the gauntlet on he has the power he's part of the group and he can now bring back everyone and shoot while he's at it let's defeat thanos right sudo user delete thanos here we go goodbye thanos and then finally iron man realizes the infinity gauntlet it's too powerful for anyone to possess so he destroys it i think that's what happens that's what we're going to do right now so using the principle of least privilege we're going to remove the the infinity gauntlet group we're going to delete that group by doing the group delete command in fact iron man will do it himself right now and he's going to delete his access to do it at the same time which is kind of weird right so sudo group delete uh new command time i forgot to sit man which obviously means we're gonna be deleting a group and the usage is pretty straightforward just after group delete we'll enter the name of the group infinity gauntlet now this does not delete any users in that group it just deletes the group and gone are also iron man's privileges to do anything special anymore for example if he got greedy and wanted to create the group once more sorry iron man you don't have it anymore and i think you have other problems to worry about we did it i think like we saved the world right i mean iron man's not okay but we we learned how to manage users and linux and in the process we assembled the avengers and took away the infinity gauntlet destroyed it and saved the world yeah but seriously we learned a lot today we learned how to manage users in linux add them delete them groups permissions all that and that's essential to managing a linux system to becoming a hacker to doing anything with linux now and pretty much every area of it involves linux and also if you want a quick review of what we covered in text form uh mosey on over to hack the box academy the page we were at the whole time and look it over they've got the commands we we talked about in text form and they also have a delightful quiz at the very bottom to test your knowledge and see how you do and if you get it right you earn cubes back which with the junk or cubes go watch episode one if you don't know what they are also if you want to test your skills even further i've got a quiz in the description below it's free click the link and uh let's see what you got and again huge shout out to our sponsor hack the box academy it's free to access right now to do what we've been doing here if you want to go further and learn how to hack wordpress and and do python stuff and just man just so many things check them out link below i'll catch you guys next time [Music] [Music] you

Info

Channel: NetworkChuck

Views: 221,053

Rating: undefined out of 5

Keywords: linux for hackers, linux, hacking, linux for everyone, learn linux, linux course, free linux course, linux for beginners, sudo, sudoers, adduser, useradd, linux tutorial, linux tutorial for beginners, kali linux, linux commands, gnu/linux, linux command line tutorial, linux operating system, linux for hacking, linux terminal, linux command line, ethical hacking, linux commands for beginners, introduction to linux, linux basic commands, linux training for beginners

Id: jwnvKOjmtEA

Channel Id: undefined

Length: 28min 19sec (1699 seconds)

Published: Fri May 21 2021