User management and the most useful tool UNIX can give you
Marek Šuppa
Ondrej Jariabka
Adrián Matejov
If for nothing else, it's worth it for regular expressions.
Knowing [regular expressions] can mean the difference between solving a problem in 3 steps and solving it in 3,000 steps. When you’re a nerd, you forget that the problems you solve with a couple keystrokes can take other people days of tedious, error-prone work to slog through.
-- Cory Doctorow
https://www.theguardian.com/technology/2012/dec/04/ict-teach-kids-regular-expressions
UNIX was devised with "collaboration in mind"
The concept of users plays a central role
UNIX was devised with "collaboration in mind"
The concept of users plays a central role
Same thing with Linux: it is a multi-user OS
Each user is identified with a UID
UIDYou know, sharing is caring and all that.
In principle, UNIX has been built so that people could collaborate on documents, something basically unheard of in 1970s
Via logging in. Two things need to happen:
Identification
Authorization
In general, two files:
/etc/passwd
/etc/shadow
The concept of shadowing came from the need to make the password hashes a bit more secure -- so that they could not be bruteforced by a random user capable of logging in.
Linux was kind of lucky: shadowing was ported there very early and basically just stayed in up until now.
/etc/passwdA file full of colon (:) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/sh/etc/passwdA file full of colon (:) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/shEach field has a specific meaning:
jsmith: the username (generally lowercase)/etc/passwdA file full of colon (:) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/shEach field has a specific meaning:
jsmith: the username (generally lowercase)
x: password (the x here means the password is in /etc/shadow)
/etc/passwdA file full of colon (:) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/shEach field has a specific meaning:
jsmith: the username (generally lowercase)
x: password (the x here means the password is in /etc/shadow)
1001: the user's UID
/etc/passwdA file full of colon (:) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/shEach field has a specific meaning:
jsmith: the username (generally lowercase)
x: password (the x here means the password is in /etc/shadow)
1001: the user's UID
1000: the user's primary GID (Group ID)
/etc/passwdA file full of colon (:) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/shEach field has a specific meaning:
jsmith: the username (generally lowercase)
x: password (the x here means the password is in /etc/shadow)
1001: the user's UID
1000: the user's primary GID (Group ID)
Joe Smith,Room 7,(234)555-8910,j@smi.th: some further (contact) details about the user
/etc/passwdA file full of colon (:) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/shEach field has a specific meaning:
jsmith: the username (generally lowercase)
x: password (the x here means the password is in /etc/shadow)
1001: the user's UID
1000: the user's primary GID (Group ID)
Joe Smith,Room 7,(234)555-8910,j@smi.th: some further (contact) details about the user
/home/jsmith: home directory path
/etc/passwdA file full of colon (:) delimited fields like
jsmith:x:1001:1000:Joe Smith,Room 7,(234)555-8910,j@smi.th:/home/jsmith:/bin/shEach field has a specific meaning:
jsmith: the username (generally lowercase)
x: password (the x here means the password is in /etc/shadow)
1001: the user's UID
1000: the user's primary GID (Group ID)
Joe Smith,Room 7,(234)555-8910,j@smi.th: some further (contact) details about the user
/home/jsmith: home directory path
/bin/sh: user's default shell
The 5th row is actually https://en.wikipedia.org/wiki/Gecos_field -- a historical curiosity
/etc/shadowSimilar to /etc/passwd in format, for example
jsmith:$6$rTDC8QprwvDu.:15377:0:99999:7:::daemon:*:17206:0:99999:7:::/etc/shadowSimilar to /etc/passwd in format, for example
jsmith:$6$rTDC8QprwvDu.:15377:0:99999:7:::daemon:*:17206:0:99999:7:::Once again, each field has a specific meaning:
jsmith: the username! or *: account is password locked, login only possible via other means (SSH)!!: password not set yet15377: day of last password change0: days until change allowed99999: days until change required7: days warning for expiration/etc/shadowSimilar to /etc/passwd in format, for example
jsmith:$6$rTDC8QprwvDu.:15377:0:99999:7:::daemon:*:17206:0:99999:7:::Once again, each field has a specific meaning:
jsmith: the username! or *: account is password locked, login only possible via other means (SSH)!!: password not set yet15377: day of last password change0: days until change allowed99999: days until change required7: days warning for expirationAll the numbers of days are counted from the "beginning of the UNIX epoch": 1 January 1970.
A useful concept for allowing groups of users to access a set of resources
A useful concept for allowing groups of users to access a set of resources
Uniquely identified by a GID
Can have an access password (quite uncommon these days)
From its point of view there are
Information about them is stored in /etc/group and /etc/gshadow
/etc/group and /etc/gshadow/etc/groupsudo:x:3:mrshu,vidriduch,admanlp:x:7:daemon,lp,mrshux, in which case it is shadowed)/etc/group and /etc/gshadow/etc/group
sudo:x:3:mrshu,vidriduch,admanlp:x:7:daemon,lp,mrshux, in which case it is shadowed)/etc/gshadow
sudo:!::lp:!!::!, !!, *)Each user can be in multiple groups
Just one of them is primary (its GID is right after UID in /etc/passwd)
Each user can be in multiple groups
Just one of them is primary (its GID is right after UID in /etc/passwd)
We can get the list of groups we are in by running the groups command:
$ groupsmrshu sudo lp$ groups admanadman : adman sudoroot useran account for system administrator
in the UNIX security model, the root user is considered "all-powerful"
this user traditionally has UID 0 and home directory /root
it is also associated with a specific root group (GID is also 0)
root useran account for system administrator
in the UNIX security model, the root user is considered "all-powerful"
this user traditionally has UID 0 and home directory /root
it is also associated with a specific root group (GID is also 0)
sudostands for "superuser do" or "substitute user do"
allows "normal" users to run commands as root
only for users specified in its configuration (/etc/sudoers)
sudo)id
UID and GIDs)$ iduid=1001(mrshu) gid=1001(mrshu) groups=1001(mrshu),27(sudo)id
UID and GIDs)$ iduid=1001(mrshu) gid=1001(mrshu) groups=1001(mrshu),27(sudo)su USER
USER (abbreviation of "set user")USER is rootroot's password, this is how you can get root privilegessu - is effectively the same thing as logging in as a different userid
UID and GIDs)$ iduid=1001(mrshu) gid=1001(mrshu) groups=1001(mrshu),27(sudo)su USER
USER (abbreviation of "set user")USER is rootroot's password, this is how you can get root privilegessu - is effectively the same thing as logging in as a different userpasswd
root can also use it to change passwords of other users (passwd USER)aka "regex" or "regexp"
a quick way of describing a particular pattern of characters in text
allows for extremely effective search and replace
aka "regex" or "regexp"
a quick way of describing a particular pattern of characters in text
allows for extremely effective search and replace
can be found everywhere on *NIX systems, but the especially in text editors
comes from the ed editor but you'll mostly encounter the grep program
aka "regex" or "regexp"
a quick way of describing a particular pattern of characters in text
allows for extremely effective search and replace
can be found everywhere on *NIX systems, but the especially in text editors
comes from the ed editor but you'll mostly encounter the grep program
in general grep outputs lines which match a given regex pattern
The name grep itself comes from the ed command:
“One afternoon I asked Ken Thompson if he could lift the regular expression recognizer out of the editor and make a one-pass program to do it. He said yes. The next morning I found a note in my mail announcing a program named grep. It worked like a charm. When asked what that funny name meant, Ken said it was obvious. It stood for the editor command that it simulated, g/re/p (global regular expression print).”
-- Chapter 9, On the Early History and Impact of Unix Tools to Build the Tools for a New Millenium
grep commandTask: show lines in file.txt that match the regular expression regexp.
grep commandTask: show lines in file.txt that match the regular expression regexp.
There are various ways of doing it:
file as an argument
grep "regexp" file.txtinput forwarded via standard I/O forwarding
grep "regexp" < file.txtdata passed from pipe
cat file.txt | grep "regexp"$ cat file.txt1 a.smith12 joe23 molly134 nemo75 rob56 roy8character(s)
$ cat file.txt | grep o2 joe23 molly134 nemo75 rob56 roy8strings of characters
$ cat file.txt | grep mo3 molly134 nemo7$ cat file.txta.smith1joe2molly13nemo7rob5roy8.)$ cat file.txt | grep "o.."joe2molly13rob5roy8\.$ cat file.txt | grep "\."a.smith1$ cat file.txta.smith1joe2molly13nemo7rob5roy8a class of characters (denoted [])
2, 3 or 5"$ cat file.txt | grep [235]joe2molly13rob5$ cat file.txta.smith1joe2molly13nemo7rob5roy8a class of characters (denoted [])
"find all lines which contain 2, 3 or 5"
$ cat file.txt | grep [235]joe2molly13rob5"find all lines where o is followed by either e or y"
cat file.txt | grep "o[ey]"joe2roy8$ cat file.txt1 a.smith12 joe23 molly134 nemo75 rob56 roy8character classes can also be specified as ranges (i.e. [a-z] or [0-9])
[a-z]) followed by a number from 4 to 9"$ cat file.txt | grep [a-z][a-z][a-z][4-9]4 nemo75 rob56 roy8{} $ cat file.txt | grep [a-z]{3}[4-9]4 nemo75 rob56 roy8$ cat file.txt1 a.smith12 joe23 molly134 nemo75 rob56 roy8invert the class by putting ^ at the beginning of the definition ([^ ])
[a-z]) not followed by a number from 4 to 9"$ cat file.txt | grep [a-z][a-z][a-z][^4-9]1 a.smith12 joe23 molly134 nemo7$ cat text.txtSo, looking at the lock or the silk?Repetitions can be applied on any character or character class.
Three basic repetition operators:
\?: match once or not at all\+: match one and more times*: match zero and more times$ cat text.txtSo, looking at the lock or the silk?Repetitions can be applied on any character or character class.
Three basic repetition operators:
\?: match once or not at all\+: match one and more times*: match zero and more timesMatch all ls followed by zero or one o:
$ cat text.txt | grep "lo\?"So, looking at the lock or the silk?Match all ls followed by at least one or more os:
$ cat text.txt | grep "lo\+"So, looking at the lock or the silk?Match all ls followed by zero or more os:
$ cat text.txt | grep "lo*"So, looking at the lock or the silk?$ cat file.txt1 a.smith12 joe23 molly134 nemo75 rob56 roy8Anchors are two very important "special characters":
^: match the beginning of the line$: match the end of the line$ cat file.txt1 a.smith12 joe23 molly134 nemo75 rob56 roy8Anchors are two very important "special characters":
^: match the beginning of the line$: match the end of the lineFind numbers at the beginning:
$ cat file.txt | grep "^[0-9]\+"1 a.smith12 joe23 molly134 nemo75 rob56 roy8Find numbers at the end:
$ cat file.txt | grep "[0-9]\+$"1 a.smith12 joe23 molly134 nemo75 rob56 roy8grep command IIgrep PATTERNS FILE
prints lines that match patterns
-i: make the search case-insensitive (ignore-case)
-v: print lines that do not match the pattern (invert)
-o: output only the matched part of the line (only)
-n: include the line number in the output (number)
$ cat file.txta.smith1joe2molly13nemo7rob5roy8$ cat file.txt | grep "[0-5]\$" -n1:a.smith12:joe23:molly135:rob5$ cat file.txt | grep "[0-5]\$" -n -v4:nemo76:roy8echo "Hello World!" | grep -i worldHello World!echo "Hello World!" | grep -i world -oWorldcut and paste
cutcut out a field from a text file, based on some separator
-d DELIM set a specific delimiter (TAB by default)
-f FIELDS
-f 2) or a list (like -f 2,5)<from>-<to> format (like -f 2-4)$ cut /etc/group -f 3 -d: | tail -n 597284971970969$ cut /etc/group -f 1,3 -d: | tail -n 5flatpak:972screen:84firebird:971nm-fortisslvpn:970docker:969pastejoin files horizontally (like horizontal cat)
-d sets the delimiter (TAB by default)
-s appends data in serial rather than in paralel
$ cat names.txtMark SmithBobby BrownSue MillerJenny Igotit$ cat numbers.txt555-1234555-9876555-6743867-5309$ paste names.txt numbers.txtMark Smith 555-1234Bobby Brown 555-9876Sue Miller 555-6743Jenny Igotit 867-5309$ paste -d, names.txt numbers.txtMark Smith,555-1234Bobby Brown,555-9876Sue Miller,555-6743Jenny Igotit,867-5309$ paste -s names.txt numbers.txtMark Smith Bobby Brown Sue Miller Jenny Igotit555-1234 555-9876 555-6743 867-5309Example taken straight from the great Wikipedia:
If for nothing else, it's worth it for regular expressions.
Knowing [regular expressions] can mean the difference between solving a problem in 3 steps and solving it in 3,000 steps. When you’re a nerd, you forget that the problems you solve with a couple keystrokes can take other people days of tedious, error-prone work to slog through.
-- Cory Doctorow
https://www.theguardian.com/technology/2012/dec/04/ict-teach-kids-regular-expressions
Keyboard shortcuts
| ↑, ←, Pg Up, k | Go to previous slide |
| ↓, →, Pg Dn, Space, j | Go to next slide |
| Home | Go to first slide |
| End | Go to last slide |
| Number + Return | Go to specific slide |
| b / m / f | Toggle blackout / mirrored / fullscreen mode |
| c | Clone slideshow |
| p | Toggle presenter mode |
| t | Restart the presentation timer |
| ?, h | Toggle this help |
| Esc | Back to slideshow |