User management and the most useful tool UNIX can give you
Marek Šuppa
Ondrej Jariabka
Adrián Matejov
If for nothing else, it's worth it for regular expressions.
Knowing [regular expressions] can mean the difference between solving a problem in 3 steps and solving it in 3,000 steps. When you’re a nerd, you forget that the problems you solve with a couple keystrokes can take other people days of tedious, error-prone work to slog through.
-- Cory Doctorow
https://www.theguardian.com/technology/2012/dec/04/ict-teach-kids-regular-expressions
UNIX was devised with "collaboration in mind"
The concept of users plays a central role
UNIX was devised with "collaboration in mind"
The concept of users plays a central role
Same thing with Linux: it is a multi-user OS
Each user is identified with a UID
UID
You know, sharing is caring and all that.
In principle, UNIX has been built so that people could collaborate on documents, something basically unheard of in 1970s
Via logging in. Two things need to happen:
Identification
Authorization
In general, two files:
/etc/passwd
/etc/shadow
The concept of shadowing came from the need to make the password hashes a bit more secure -- so that they could not be bruteforced by a random user capable of logging in.
Linux was kind of lucky: shadowing was ported there very early and basically just stayed in up until now.
/etc/passwd
A file full of colon (:
) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/sh
/etc/passwd
A file full of colon (:
) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/sh
Each field has a specific meaning:
jsmith
: the username (generally lowercase)/etc/passwd
A file full of colon (:
) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/sh
Each field has a specific meaning:
jsmith
: the username (generally lowercase)
x
: password (the x
here means the password is in /etc/shadow
)
/etc/passwd
A file full of colon (:
) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/sh
Each field has a specific meaning:
jsmith
: the username (generally lowercase)
x
: password (the x
here means the password is in /etc/shadow
)
1001
: the user's UID
/etc/passwd
A file full of colon (:
) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/sh
Each field has a specific meaning:
jsmith
: the username (generally lowercase)
x
: password (the x
here means the password is in /etc/shadow
)
1001
: the user's UID
1000
: the user's primary GID
(Group ID)
/etc/passwd
A file full of colon (:
) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/sh
Each field has a specific meaning:
jsmith
: the username (generally lowercase)
x
: password (the x
here means the password is in /etc/shadow
)
1001
: the user's UID
1000
: the user's primary GID
(Group ID)
Joe Smith,Room 7,(234)555-8910,j@smi.th
: some further (contact) details about the user
/etc/passwd
A file full of colon (:
) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/sh
Each field has a specific meaning:
jsmith
: the username (generally lowercase)
x
: password (the x
here means the password is in /etc/shadow
)
1001
: the user's UID
1000
: the user's primary GID
(Group ID)
Joe Smith,Room 7,(234)555-8910,j@smi.th
: some further (contact) details about the user
/home/jsmith
: home directory path
/etc/passwd
A file full of colon (:
) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/sh
Each field has a specific meaning:
jsmith
: the username (generally lowercase)
x
: password (the x
here means the password is in /etc/shadow
)
1001
: the user's UID
1000
: the user's primary GID
(Group ID)
Joe Smith,Room 7,(234)555-8910,j@smi.th
: some further (contact) details about the user
/home/jsmith
: home directory path
/bin/sh
: user's default shell
The 5th row is actually https://en.wikipedia.org/wiki/Gecos_field -- a historical curiosity
/etc/shadow
Similar to /etc/passwd
in format, for example
jsmith:$6$rTDC8QprwvDu.:15377:0:99999:7:::daemon:*:17206:0:99999:7:::
/etc/shadow
Similar to /etc/passwd
in format, for example
jsmith:$6$rTDC8QprwvDu.:15377:0:99999:7:::daemon:*:17206:0:99999:7:::
Once again, each field has a specific meaning:
jsmith
: the username!
or *
: account is password locked, login only possible via other means (SSH)!!
: password not set yet15377
: day of last password change0
: days until change allowed99999
: days until change required7
: days warning for expiration/etc/shadow
Similar to /etc/passwd
in format, for example
jsmith:$6$rTDC8QprwvDu.:15377:0:99999:7:::daemon:*:17206:0:99999:7:::
Once again, each field has a specific meaning:
jsmith
: the username!
or *
: account is password locked, login only possible via other means (SSH)!!
: password not set yet15377
: day of last password change0
: days until change allowed99999
: days until change required7
: days warning for expirationAll the numbers of days are counted from the "beginning of the UNIX epoch": 1 January 1970.
A useful concept for allowing groups of users to access a set of resources
A useful concept for allowing groups of users to access a set of resources
Uniquely identified by a GID
Can have an access password (quite uncommon these days)
From its point of view there are
Information about them is stored in /etc/group
and /etc/gshadow
/etc/group
and /etc/gshadow
/etc/group
sudo:x:3:mrshu,vidriduch,admanlp:x:7:daemon,lp,mrshu
x
, in which case it is shadowed)/etc/group
and /etc/gshadow
/etc/group
sudo:x:3:mrshu,vidriduch,admanlp:x:7:daemon,lp,mrshu
x
, in which case it is shadowed)/etc/gshadow
sudo:!::lp:!!::
!
, !!
, *
)Each user can be in multiple groups
Just one of them is primary (its GID
is right after UID
in /etc/passwd
)
Each user can be in multiple groups
Just one of them is primary (its GID
is right after UID
in /etc/passwd
)
We can get the list of groups we are in by running the groups
command:
$ groupsmrshu sudo lp
$ groups admanadman : adman sudo
root
useran account for system administrator
in the UNIX security model, the root
user is considered "all-powerful"
this user traditionally has UID
0 and home directory /root
it is also associated with a specific root
group (GID
is also 0)
root
useran account for system administrator
in the UNIX security model, the root
user is considered "all-powerful"
this user traditionally has UID
0 and home directory /root
it is also associated with a specific root
group (GID
is also 0)
sudo
stands for "superuser do" or "substitute user do"
allows "normal" users to run commands as root
only for users specified in its configuration (/etc/sudoers
)
sudo
)id
UID
and GID
s)$ iduid=1001(mrshu) gid=1001(mrshu) groups=1001(mrshu),27(sudo)
id
UID
and GID
s)$ iduid=1001(mrshu) gid=1001(mrshu) groups=1001(mrshu),27(sudo)
su USER
USER
(abbreviation of "set user")USER
is root
root
's password, this is how you can get root
privilegessu -
is effectively the same thing as logging in as a different userid
UID
and GID
s)$ iduid=1001(mrshu) gid=1001(mrshu) groups=1001(mrshu),27(sudo)
su USER
USER
(abbreviation of "set user")USER
is root
root
's password, this is how you can get root
privilegessu -
is effectively the same thing as logging in as a different userpasswd
root
can also use it to change passwords of other users (passwd USER
)aka "regex" or "regexp"
a quick way of describing a particular pattern of characters in text
allows for extremely effective search and replace
aka "regex" or "regexp"
a quick way of describing a particular pattern of characters in text
allows for extremely effective search and replace
can be found everywhere on *NIX systems, but the especially in text editors
comes from the ed
editor but you'll mostly encounter the grep
program
aka "regex" or "regexp"
a quick way of describing a particular pattern of characters in text
allows for extremely effective search and replace
can be found everywhere on *NIX systems, but the especially in text editors
comes from the ed
editor but you'll mostly encounter the grep
program
in general grep
outputs lines which match a given regex pattern
The name grep itself comes from the ed
command:
“One afternoon I asked Ken Thompson if he could lift the regular expression recognizer out of the editor and make a one-pass program to do it. He said yes. The next morning I found a note in my mail announcing a program named grep. It worked like a charm. When asked what that funny name meant, Ken said it was obvious. It stood for the editor command that it simulated, g/re/p (global regular expression print).”
-- Chapter 9, On the Early History and Impact of Unix Tools to Build the Tools for a New Millenium
grep
commandTask: show lines in file.txt
that match the regular expression regexp
.
grep
commandTask: show lines in file.txt
that match the regular expression regexp
.
There are various ways of doing it:
file as an argument
grep "regexp" file.txt
input forwarded via standard I/O forwarding
grep "regexp" < file.txt
data passed from pipe
cat file.txt | grep "regexp"
$ cat file.txt1 a.smith12 joe23 molly134 nemo75 rob56 roy8
character(s)
$ cat file.txt | grep o2 joe23 molly134 nemo75 rob56 roy8
strings of characters
$ cat file.txt | grep mo3 molly134 nemo7
$ cat file.txta.smith1joe2molly13nemo7rob5roy8
.
)$ cat file.txt | grep "o.."joe2molly13rob5roy8
\.
$ cat file.txt | grep "\."a.smith1
$ cat file.txta.smith1joe2molly13nemo7rob5roy8
a class of characters (denoted []
)
2
, 3
or 5
"$ cat file.txt | grep [235]joe2molly13rob5
$ cat file.txta.smith1joe2molly13nemo7rob5roy8
a class of characters (denoted []
)
"find all lines which contain 2
, 3
or 5
"
$ cat file.txt | grep [235]joe2molly13rob5
"find all lines where o
is followed by either e
or y
"
cat file.txt | grep "o[ey]"joe2roy8
$ cat file.txt1 a.smith12 joe23 molly134 nemo75 rob56 roy8
character classes can also be specified as ranges (i.e. [a-z]
or [0-9]
)
[a-z]
) followed by a number from 4
to 9
"$ cat file.txt | grep [a-z][a-z][a-z][4-9]4 nemo75 rob56 roy8
{}
$ cat file.txt | grep [a-z]{3}[4-9]4 nemo75 rob56 roy8
$ cat file.txt1 a.smith12 joe23 molly134 nemo75 rob56 roy8
invert the class by putting ^
at the beginning of the definition ([^ ]
)
[a-z]
) not followed by a number from 4
to 9
"$ cat file.txt | grep [a-z][a-z][a-z][^4-9]1 a.smith12 joe23 molly134 nemo7
$ cat text.txtSo, looking at the lock or the silk?
Repetitions can be applied on any character or character class.
Three basic repetition operators:
\?
: match once or not at all\+
: match one and more times*
: match zero and more times$ cat text.txtSo, looking at the lock or the silk?
Repetitions can be applied on any character or character class.
Three basic repetition operators:
\?
: match once or not at all\+
: match one and more times*
: match zero and more timesMatch all l
s followed by zero or one o
:
$ cat text.txt | grep "lo\?"So, looking at the lock or the silk?
Match all l
s followed by at least one or more o
s:
$ cat text.txt | grep "lo\+"So, looking at the lock or the silk?
Match all l
s followed by zero or more o
s:
$ cat text.txt | grep "lo*"So, looking at the lock or the silk?
$ cat file.txt1 a.smith12 joe23 molly134 nemo75 rob56 roy8
Anchors are two very important "special characters":
^
: match the beginning of the line$
: match the end of the line$ cat file.txt1 a.smith12 joe23 molly134 nemo75 rob56 roy8
Anchors are two very important "special characters":
^
: match the beginning of the line$
: match the end of the lineFind numbers at the beginning:
$ cat file.txt | grep "^[0-9]\+"1 a.smith12 joe23 molly134 nemo75 rob56 roy8
Find numbers at the end:
$ cat file.txt | grep "[0-9]\+$"1 a.smith12 joe23 molly134 nemo75 rob56 roy8
grep
command IIgrep PATTERNS FILE
prints lines that match patterns
-i
: make the search case-insensitive (ignore-case)
-v
: print lines that do not match the pattern (invert)
-o
: output only the matched part of the line (only)
-n
: include the line number in the output (number)
$ cat file.txta.smith1joe2molly13nemo7rob5roy8$ cat file.txt | grep "[0-5]\$" -n1:a.smith12:joe23:molly135:rob5$ cat file.txt | grep "[0-5]\$" -n -v4:nemo76:roy8echo "Hello World!" | grep -i worldHello World!echo "Hello World!" | grep -i world -oWorld
cut
and paste
cut
cut out a field from a text file, based on some separator
-d DELIM
set a specific delimiter (TAB by default)
-f FIELDS
-f 2
) or a list (like -f 2,5
)<from>-<to>
format (like -f 2-4
)$ cut /etc/group -f 3 -d: | tail -n 597284971970969$ cut /etc/group -f 1,3 -d: | tail -n 5flatpak:972screen:84firebird:971nm-fortisslvpn:970docker:969
paste
join files horizontally (like horizontal cat
)
-d
sets the delimiter (TAB by default)
-s
appends data in serial rather than in paralel
$ cat names.txtMark SmithBobby BrownSue MillerJenny Igotit$ cat numbers.txt555-1234555-9876555-6743867-5309
$ paste names.txt numbers.txtMark Smith 555-1234Bobby Brown 555-9876Sue Miller 555-6743Jenny Igotit 867-5309
$ paste -d, names.txt numbers.txtMark Smith,555-1234Bobby Brown,555-9876Sue Miller,555-6743Jenny Igotit,867-5309
$ paste -s names.txt numbers.txtMark Smith Bobby Brown Sue Miller Jenny Igotit555-1234 555-9876 555-6743 867-5309
Example taken straight from the great Wikipedia:
If for nothing else, it's worth it for regular expressions.
Knowing [regular expressions] can mean the difference between solving a problem in 3 steps and solving it in 3,000 steps. When you’re a nerd, you forget that the problems you solve with a couple keystrokes can take other people days of tedious, error-prone work to slog through.
-- Cory Doctorow
https://www.theguardian.com/technology/2012/dec/04/ict-teach-kids-regular-expressions
Keyboard shortcuts
↑, ←, Pg Up, k | Go to previous slide |
↓, →, Pg Dn, Space, j | Go to next slide |
Home | Go to first slide |
End | Go to last slide |
Number + Return | Go to specific slide |
b / m / f | Toggle blackout / mirrored / fullscreen mode |
c | Clone slideshow |
p | Toggle presenter mode |
t | Restart the presentation timer |
?, h | Toggle this help |
Esc | Back to slideshow |