I worked on the following objectives:
In this section, I created users based on the following table:
| First Name | Last Name | User ID | Job Role | Starting Password |
|---|---|---|---|---|
| Alejandro | Rosalez | arosalez | Sales Manager | P@ssword1234! |
| Efua | Owusu | eowusu | Shipping | P@ssword1234! |
| Jane | Doe | jdoe | Shipping | P@ssword1234! |
| Li | Juan | ljuan | HR Manager | P@ssword1234! |
| Mary | Major | mmajor | Finance Manager | P@ssword1234! |
| Mateo | Jackson | mjackson | CEO | P@ssword1234! |
| Nikki | Wolf | nwolf | Sales Representative | P@ssword1234! |
| Paulo | Santos | psantos | Shipping | P@ssword1234! |
| Sofia | Martinez | smartinez | HR Specialist | P@ssword1234! |
| Saanvi | Sarkar | ssarkar | Finance Specialist | P@ssword1234! |
I made sure I was spelling the user IDs correctly so that these users could use default credentials to log in.
First, I validated that I was in the home folder of my current user by typing pwd and pressing ENTER.
To add the first user from the list above, Alejandro Rosalez, I entered sudo useradd arosalez and pressed Enter. This step created the user arosalez.
I entered sudo passwd arosalez and pressed Enter. I was required to enter the password twice. I used the password P@ssword1234!
To validate that users had been created, I entered sudo cat /etc/passwd | cut -d: -f1 and pressed Enter to look at the contents of the /etc/passwd file.
I used the sudo useradd <User ID> and sudo passwd <User ID> commands to add the remaining users from the table. I replaced <User ID> with each User ID in the table at the beginning of this task.
To validate that all users had been created, I entered sudo cat /etc/passwd | cut -d: -f1 and pressed Enter.
In this section I created groups of users and added users to the groups.
Once I created these groups, I added the users to the proper groups based on the information provided in the table in Task 2.
To validate that I was in the home folder of my current user, I entered pwd and pressed Enter.
To create the Sales group, I entered sudo groupadd Sales and pressed Enter.
To verify that the group was added, I entered cat /etc/group and pressed Enter.
I used the sudo groupadd <Group> command to add the remaining groups. I replaced <Group> with HR, Finance, Shipping, and Managers and CEO to create these groups.
To verify that all the groups were added, I entered cat /etc/group and pressed Enter.
To add the user arosalez to the Sales group, I entered sudo usermod -a -G Sales arosalez into the terminal and pressed Enter.
To verify that the user was added, I entered cat /etc/group and pressed Enter.
I used the sudo usermod -a -G <Group Name> <User ID> command to add the remaining users to the appropriate groups. Using the information in the following table, I replaced <Group Name> with the Group Name, and replaced <User ID> with each user ID in the User IDs columns.
| Group Name | User IDs | Group Name | User IDs | Group Name | User IDs |
|---|---|---|---|---|---|
| Sales | arosalez nwolf |
HR | ljuan smartinez |
Finance | mmajor ssarkar |
| Shipping | eowusu jdoe psantos |
Managers | arosalez ljuan mmajor |
CEO | mjackson |
I also added ec2-user to all groups.
To check the group memberships, I entered sudo cat /etc/group into the terminal and pressed Enter.
Now that I had some users in my machine, I could log in as a new user. I also saw what a sudoer is, what this enables, and how commands issued using sudo are logged in the /var/log/secure file.
I entered su arosalez
For the password, I entered P@ssword1234! and pressed Enter. I was now logged in as arosalez.
The trailing ec2-user indicated that I was located in the ec2-user home directory, /home/ec2-user.
I entered pwd and pressed Enter to ensure that I was in the /home/ec2-user directory.
I entered touch myFile.txt and pressed Enter.
I received this message because the user arosalez did not have permission to write files to the ec2-user home folder.
Then I tried as an admin using the sudo command. I entered sudo touch myFile.txt and pressed Enter.
I entered the password P@ssword1234! and pressed Enter.
I received this message because the user arosalez is not on the list of the sudoers file. Sudoers are users who have special rights to run commands that require root rights. Only a few users should receive this permission.
I entered exit and pressed Enter to switch to the previous user, ec2-user.
Now I visualized the content of the /var/log/secure file. I entered sudo cat /var/log/secure and pressed Enter to display the content of the secure file. I scrolled to the bottom of the file using the down arrow:
I could see how a sudo and not permitted action was logged into the /var/log/secure file.