SOLUTION COMPREHENSIVE 2 : MANAGING USERS AND GROUPS , PERMISSIONS AND PROCESSES

In this review, you will manage user and group accounts, set permissions on files and directories, and manage processes.

OUTCOMES

You should be able to:

  • Manage users and groups.

  • Set permissions on files and directories.

  • Remove processes that are consuming too much CPU.

BEFORE YOU BEGIN

Log in to workstation as student using student as the password.
On workstation, run lab rhcsa-rh124-review2 start to start the comprehensive review. This script runs a process that consumes the maximum CPU resources and creates the necessary files to set up the environment correctly.

[student@workstation ~]$ lab rhcsa-rh124-review2 start

INSTRUCTIONS

Accomplish the following tasks on serverb to complete the exercise.

  1. Terminate the process that is currently using the most CPU time.
    1.1. From workstation, open an SSH session to serverb as student.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$

1.2. Use the top command to view the real-time system status.

[student@serverb ~]$ top

1.3. From the interactive interface of top, pay attention to the %CPU column and confirm that there is a process called dd, consuming the most CPU resources.

...output omitted...
 PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
 COMMAND
2303 student 20 0 217048 944 876 R 99.7 0.1 100:11.64 dd
...output omitted...

Notice the process dd with the PID 2303 in the preceding output, which is consuming the majority of CPU resources, at 99.7%. The PID and the percentage of CPU resource consumption may vary in your system.

1.4. From the interactive interface of top, type k to kill the process dd with PID 2303, as you determined in the preceding step. If the default PID shown in the prompt matches that of the process consuming the majority of CPU resources, press the Enter key on the keyboard. If it does not match, specify the PID interactively.

...output omitted...
PID to signal/kill [default pid = 2303] Enter
...output omitted...

1.5. Use the default signal SIGTERM to terminate the process.

...output omitted...
Send pid 2833 signal [15/sigterm] Enter
...output omitted...

1.6. From the interactive interface, press the q key on the keyboard to quit top.


2. Create a new group called database that has the GID 50000.
2.1. Switch to the user root.

[student@serverb ~]$ sudo su -
[sudo] password for student: student
[root@serverb ~]#

2.2. Use the groupadd command to create a new group called database with GID 50000.

[root@serverb ~]# groupadd -g 50000 database



3. Create a new user called dbuser1 that uses the group database as one of its secondary groups. The initial password of dbuser1 should be set to redhat. Configure the user dbuser1 to force a password change on its first login. The user dbuser1 should be able to change its password after 10 days since the day of the password change. The password of dbuser1 should expire in 30 days since the last day of the password change.
3.1. Use the useradd command to create a new user called dbuser1 that uses the group database as one of its secondary groups.

[root@serverb ~]# useradd -G database dbuser1

3.2. Use the passwd command to set the password of dbuser1 to redhat.

[root@serverb ~]# passwd dbuser1
Changing password for user dbuser1.
New password: redhat
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: redhat
passwd: all authentication tokens updated successfully.

3.3. Use the chage command to force dbuser1 to change its password on first login.

[root@serverb ~]# chage -d 0 dbuser1

3.4. Use the chage command to set the minimum age of the password of dbuser1 to 10 days.

[root@serverb ~]# chage -m 10 dbuser1

3.5. Use the chage command to set the maximum age of the password of dbuser1 to 30 days.

[root@serverb ~]# chage -M 30 dbuser1



4. Configure the user dbuser1 to use sudo to run any command as the superuser.
4.1. Create the file /etc/sudoers.d/dbuser1 to configure dbuser1 so that the user can use sudo to run any command as the superuser. You may use the vim /etc/sudoers.d/dbuser1 command to create the file. The /etc/sudoers.d/dbuser1 should contain the following content.

dbuser1 ALL=(ALL) ALL



5. Configure the user dbuser1 to have a default umask of 007.
5.1. Switch to the user dbuser1.

[root@serverb ~]# su - dbuser1
[dbuser1@serverb ~]$

5.2. Append the line umask 007 to the files /home/dbuser1/.bash_profile and /home/dbuser1/.bashrc.

[dbuser1@serverb ~]$ echo "umask 007" >> .bash_profile
[dbuser1@serverb ~]$ echo "umask 007" >> .bashrc

5.3. Exit the dbuser1 user's shell.

[dbuser1@serverb ~]$ exit
logout
[root@serverb ~]#



6. The permissions on /home/student/grading/review2 should allow the group members of the database and the user student to access the directory and create contents in it. All other users should have read and execute permissions on the directory. Also, ensure that users are only allowed to delete files they own from /home/student/grading/review2 and not files belonging to others.
6.1. Use the mkdir command to create /home/student/grading/review2.

[root@serverb ~]# mkdir /home/student/grading/review2

6.2. On the /home/student/grading/review2, use the chown command to set student and database as the owning user and group respectively.

[root@serverb ~]# chown student:database /home/student/grading/review2

6.3. Use the chmod command to apply the SetGID special permission on /home/ student/grading/review2.

[root@serverb ~]# chmod g+s /home/student/grading/review2

6.4. Use the chmod command to apply the permission mode 775 on /home/student/grading/review2.

[root@serverb ~]# chmod 775 /home/student/grading/review2

6.5. Use the chmod command to apply the stickybit special permission on /home/student/grading/review2.

[root@serverb ~]# chmod o+t /home/student/grading/review2

6.6. Exit the root user's shell.

[root@serverb ~]# exit
logout
[student@serverb ~]$

6.7. Log out of serverb.

[student@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$




Evaluation
On workstation, run the lab rhcsa-rh124-review2 grade command to confirm success of this exercise.

[student@workstation ~]$ lab rhcsa-rh124-review2 grade


Finish
On workstation, run lab rhcsa-rh124-review2 finish to complete the comprehensive review. This script terminates the process and deletes the files and directories created during the start of the comprehensive review and ensures that the environment on serverb is clean.

[student@workstation ~]$ lab rhcsa-rh124-review2 finish

Red Hat System Administration I

Digital Handbook
Modul 1

Introduction

Modul 2

Getting Started With Red Hat Enterprise Linux

Modul 3

Accessing the Command Line

Modul 4

Managing Files From The Command Line

Modul 5

Getting Help In Red Hat Enterprise Linux

Modul 6

Creating, Viewing, And Editing Text Files

Modul 7

Managing Local Users And Groups

Modul 8

Controlling Access To Files

Modul 9

Monitoring and Managing Linux Processes

Modul 10

Controlling Services And Daemons

Modul 11

Configuring And Securing SSH

Modul 12

Analyzing and Storing Logs

Modul 13

Managing Networking

Modul 14

Archiving and Transferring Files

Modul 15

Installing and Updating Software Packages

Modul 16

Accessing Linux File Systems

Modul 17

Analyzing Servers and Getting Support

Modul 18

Comprehensive Review