Lab Assignment #2: Creating Users and Groups

Due January 28th via Brightspace submission link.

Rob Brandon

Prerequisites

  • CST8207 GNU/Linux System Support
  • Read chapters six and seven in the class reading
  • First lab assignment is complete
  • Computer meets program specifications (see lab #1)
  • the latest version of VMware Workstation Professional is installed
  • the latest version of Zoom is installed
  • a partner in the same lab section as you - contact your lab professor directly if you would like to be assigned a partner

Deliverables

  1. Provide your own script to your partner for testing and grading.
  2. Submit your partner’s graded script along with your comments using the Lab Assignment #2 submission link on Brightspace.

Evaluation

  • This script is assessed by your partner. Your lab professor will confirm the grade.

Do not print this assignment on paper!

  • On paper, you will miss updates, corrections, and hints added to the online version.
  • On paper, you cannot follow any of the hyperlink URLs that lead you to hints and course notes relevant to answering a question.

Purpose of this Assignment

  1. Create user accounts
  2. Disable user accounts
  3. Setup account / password policies
  4. Enable user accounting

Introduction and Overview

This assignment will be completed using your Red Hat Enterprise Linux 64-bit virtual machine.

Requirements

You will need your Red Hat Enterprise Linux 64-bit virtual machine from the previous lab. It is highly recommended that you take a snapshot of your virtual machine before you begin this lab.

Instructions

Start your virtual machine.

Creating an account

Use the commands useradd, groupadd and passwd to create a new account in Red Hat Enterprise Linux. The account should have the following properties:

  • Username: cst8305
  • User ID: 1555
  • Password: distributeofficialfolkchair
  • Group ID: 1555
  • Group name: cst8305
  • Real name: CST8305 Test
  • Home directory: /home/cst8305
  • Shell: /bin/bash

Log into the cst8305 account to confirm that it is set up correctly.

You might want to take the time to increase the Blank Screen timeout to 15 minutes so you don’t have to retype that password quite so often.

Using a script to create many accounts

This assignment requires you to write a script.

Properties of this script

  1. Make sure that you include your name and College userid as a comment at the start of the script.

  2. When you have completed the script, ensure that it is executable, so that it can be executed as ./15users.sh from the shell command line.

  3. Sample output for the script is given, so that you may check your work as you proceed.

  4. Be careful what input you give your script. Shell metacharacters or spaces may cause unexpected behaviour.

  5. The example below does not fully test your script; you will need to try other examples to make sure your scripts work properly for all permitted inputs. Your script should reject null or blank input with an error message.

  6. Remember to double quote all variable expansions to prevent syntax errors and other unwanted problems in your script.

Creating multiple accounts

The command newusers can read standard input (or an input file) to generate user accounts.

Write a script called 15users.sh to generate the input that is required by newusers. Your script should produce fifteen lines of output on STDOUT. The output of your script can be redirected to newusers to create user accounts. Refer to the man page for newusers for more information on how each line of output should be formatted.

Your script should obtain the following values from command line arguments:

  • A prefix, to be used at the beginning of each username
  • A description, which will be used as the real name of each user

The only characters allowed in the prefix are letters and numbers.

The only characters allowed in the description are letters, numbers and spaces.

Whether a particular Linux distribution will accept spaces in the username depends on how PAM is configured. Red Hat Linux will not accept spaces in usernames.

The remainder of the username after the prefix should be user followed by the number of the user. If the prefix is cat and the description is Feline Friend, then each new user would be configured by the script as follows:

  • Username: catuser01 through to catuser15
  • User ID: 1001 through 1015
  • Group ID: Same as User ID
  • Password: Randomly generated password using openssl rand -base64 12
  • Real Name: Feline Friend
  • Home directory: /home/catuser01 through to /home/catuser15
  • Shell: /bin/bash

Note that the home directory of each user should have the exact same name as the username, and each home directory should be a subdirectory of the /home directory. For example, if a user is named catuser05, their home directory should be /home/catuser05

Your script should correctly handle errors if there is null, blank or missing input. Your script is not expected to handle invalid characters. The only characters allowed in the prefix are letters and numbers, and the only characters allowed in the description are letters, numbers and spaces.

Ensure that the output of your script is valid input for newusers. For example, if you provide your script with a prefix of bubbles and a description of Soap Company, your command might be ./15users.sh bubbles "Soap Company". The first line of output from this command might appear as follows:

bubblesuser01:v0Rx5gn+iJLEwoZb:1001:1001:Soap Company:/home/bubblesuser01:/bin/bash

If you try this, your first line output should look exactly like the line above, with one exception: the password should be different every time.

Test and confirm that your script only creates fifteen lines of valid input.

If you use a prefix of cst and CST8305 user for the description, your full output should look something like this:

cstuser01:EzVlK9Je8JvfQump:1001:1001:CST8305 user:/home/cstuser01:/bin/bash
cstuser02:EsKOfvhgnWpiBT6c:1002:1002:CST8305 user:/home/cstuser02:/bin/bash
cstuser03:qzQuR5vRgxdzY6dq:1003:1003:CST8305 user:/home/cstuser03:/bin/bash
cstuser04:rsHzuMzCMo+0J/NL:1004:1004:CST8305 user:/home/cstuser04:/bin/bash
cstuser05:wvAFieerb+a7oKfz:1005:1005:CST8305 user:/home/cstuser05:/bin/bash
cstuser06:9uY576O6r25Y2CIn:1006:1006:CST8305 user:/home/cstuser06:/bin/bash
cstuser07:v0Rx5gniJJLEwoZb:1007:1007:CST8305 user:/home/cstuser07:/bin/bash
cstuser08:fy64dp/hPVTYwcA5:1008:1008:CST8305 user:/home/cstuser08:/bin/bash
cstuser09:Aig5vJIGINDvQNbI:1009:1009:CST8305 user:/home/cstuser09:/bin/bash
cstuser10:62UZ+1mMyn71D38K:1010:1010:CST8305 user:/home/cstuser10:/bin/bash
cstuser11:FI5ml023FT+GIj4p:1011:1011:CST8305 user:/home/cstuser11:/bin/bash
cstuser12:Z4DnJOC75IBkpJ9D:1012:1012:CST8305 user:/home/cstuser12:/bin/bash
cstuser13:SM7fKAKW0+agDRSq:1013:1013:CST8305 user:/home/cstuser13:/bin/bash
cstuser14:OGbNfAKETTr1Cd/n:1014:1014:CST8305 user:/home/cstuser14:/bin/bash
cstuser15:QPbdeIQklqGlG734:1015:1015:CST8305 user:/home/cstuser15:/bin/bash

Testing

You can use the commands below to test the validity of your script output without actually creating a whole bunch of users every time. These commands confirm that your script generates valid input for newusers.

  1. ./15users.sh 'cst' 'CST8305 user' | wc

    Expected output: 15 lines, 30 words, 1140 characters

  2. ./15users.sh 'cst' 'CST8305 user' | awk -F: '{ $2 = ""; print }' | wc

    Expected output: 15 lines, 105 words, 900 characters

  3. ./15users.sh 'cst' 'CST8305 user' | awk -F: '{ $2 = ""; print }' | sum

    Expected output: 01089 1

  4. ./15users.sh 'cst' 'CST8305 user'

    Expected output: 15 lines, as described. Every password should be 16 characters long and different.

Running your script

Take a snapshot before you do the following:

Redirect the output of your 15users.sh script to a file named newaccounts.txt. Use cst as the prefix and CST8305 user for the description.

Type cat newaccounts.txt to confirm that it contains correct input for newusers as described above. Then run the command newusers newaccounts.txt as root.

Confirm that all fifteen accounts have been created by checking the /etc/passwd file.

Make sure to properly set the ownership and permissions on the newaccounts.txt file! It contains the passwords of all of the users you have just created!

Select one of the new accounts at random and try logging in with that user name.

It would be a security best practice to distribute the user passwords as quickly as possible, and then use shred to destroy the file newaccounts.txt.

Deleting accounts

Use the userdel command to remove the account cstuser01. Confirm the account is no longer present in the /etc/passwd file.

Don’t forget to delete the home directory for the cstuser01 account as well, and to confirm that it has been deleted.

Locking users out

Sometimes it is necessary to temporarily disable an account, without removing it. The best way to disable an account is to change its shell to a program that displays a message on the screen and denies system access. This way, whoever tries to log into the account, will fail, and will know why.

Disabling accounts using nologin

Use the command usermod to set the shell of the account cstuser02 to /sbin/nologin. Test that the account is disabled by typing su cstuser02. Do not enable this account again!

Disabling accounts using passwd

Use the command passwd to lock the account cstuser03. Test that the account is disabled by logging in using the GUI. Note that the original password no longer works.

Leave the cstuser03 account disabled.

Disabling all accounts

From time to time you may find it necessary to temporarily disable all users from logging into the system. This is done automatically during the system shutdown process.

Create the file /etc/nologin. Inside it place a comment you want the user to see when he/she tries to log into the system.

Log out of your account and try logging back in. You cannot log back in as a regular user.

Reboot your virtual machine. The /etc/nologin file should be deleted as part of the boot process. You should be able to log into any (enabled) account normally.

Peer Assessment of Script

Evaluate the script written by your partner according to the problem description above. Ask your partner to run the script tests listed above in the “Testing” section, and examine the results. Take a look at the source code of your partner’s script. Give your partner a letter grade from A+ to F for their script. Justify the letter grade to your partner. Your partner should be given as many opportunities as they like to rewrite each script in order to get a better grade (within reason).

Once your partner has either accepted the grades you assigned or gotten an “A+” for their script, submit a copy of their script using the Brightspace submission link, along with your comments and grading. Clearly indicate your partner’s name, and the letter grade you have given them. If their grade is not an “A+”, write an explanation of what problems you identified in their script which prevented them from getting an A+. If you cannot agree on a grade, consult with your lab professor.

Assigning an “A+” grade to a script of lesser quality is grounds for a reduction of your own grade on this lab assignment.

Script File Submission

Your partner’s script must be renamed to 15users.sh.txt. Do not modify your partner’s script. Submit the script, along with your comments and assigned grade using the Lab Assignment #2 submission link on Brightspace.

Troubleshooting

RHEL Troubleshooting

You can debug problems in emergency mode by using the journalctl command to view log and error messages. Error messages will be highlighted in red. Use the same keys you would use with less to navigate the output of journalctl. Press q to quit journalctl. Note that some error messages appear even during a normal boot. Use your judgement to determine which error messages are relevant to the failure of the system to boot.

VMware Troubleshooting

The most common problem with VMware Workstation since 2008 is when you receive the following error:

This virtual machine appears to be in use.

If this virtual machine is not in use, press the “Take Ownership” button to obtain ownership of it. Otherwise, press the “Cancel” button to avoid damaging it.

Ideally, you should click the “Take Ownership” button and then everything will work normally for you. If that doesn’t work, you can use the following procedure:

  1. Close VMware Workstation
  2. Delete any .lck or .lock files and/or folder you see in the directory containing the problematic virtual machine.
  3. Run VMware Workstation
  4. Start the virtual machine.

Note that you cannot increase the amount of RAM in a virtual machine beyond 3 GiB while it is running.


The following suggestions for VMware troubleshooting involve making changes to your host computer or the configuration of your virtual machine.

  1. Ensure that the following settings are turned on in your BIOS or UEFI firmware (you may not have all these settings, and some are different names for the same thing):
    • Intel Virtualization Technology
    • Intel VT-x
    • Virtualization Extensions
    • Vanderpool
  1. Try increasing the number of processor cores allocated to the virtual machine to two. If you have a quad-core Intel CPU, you might be able to allocate as many as four cores.
  2. Try uninstalling and reinstalling VMware.
  3. Try an older version of VMware.
  4. Don’t use VMware. Try VirtualBox instead. There are some instructions for installing RHEL in VirtualBox.

Changelog

  • Version 1.0
    • posted 10:00pm January 13, 2022
  • Version 1.01
    • posted 9:00am January 14, 2022
    • changed submission method
  • Version 1.1
    • posted 9:00am January 17, 2022
    • checksum for testing was wrong, sorry
    • clarified what reading needs to be done

  • Version: 1.1