Updated on Noc 2017!
We will use this post to share all the useful linux commands used in other entries.

Managing linux user and group accounts

The system administrator has many responsibilities including configuring user and group accounts, scheduling tasks using the system log daemon and solving problems. In this quick memorandum we will see the basic linux commands to manage user accounts and groups. We will use the low level utilities useradd and groupadd.

Add a group

Let’s say we are sharing our computer with a few friends, add a new group called mates

userk@dopamine ~$ sudo groupadd -g 1024 mates

This command adds a new entry to /etc/group. Unless you use the -g option to assign a group ID, the system will pick up the next available number > 1000.

If you mistyped the name of the group you can rename it with groupmod the option -n

userk@dopamine ~$ sudo groupmod -n newName oldName

To delete use groupdel nameGroup.

Add a user

Now, let’s add a new user account to the system with the useradd utility. The following command adds new entries to /etc/passwd and /etc/shadow files, creates the user’s home directory, adds gabry to the mates group and assigns the next highest unused Id to the new account. Then set the new password.

userk@dopamine ~$ sudo useradd -G mates -d /home/gabry/ -m gabry
userk@dopamine ~$ sudo passwd gabry

You will be asked for a new password and few general details. Now login with the newly created account and try to update.

userk@dopamine ~$ su gabry
Password: 

Ok you are now logged in.

gabry@dopamine ~$ sudo apt-get update

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for gabry: gabry is not in the sudoers file. This incident will be reported. gabry@dopamine ~$

I love this message! Before executing commands with sudo you need to add Gabry in the sudoers file. So exit the session and run the following command.

gabry@dopamine ~$ exit
userk@dopamine ~$ sudo usermod -a -G sudo gabry
userk@dopamine ~$ su gabry
Password: 
gabry@dopamine ~$ sudo apt-get update

Fast way to encrypt a string for linux like OS

Let’s say we want to encrypt a string like ‘Esprit Open Source’. We can use the gpg command, which is an encryption and signing tool for Linux/UNIX like operating system. Let’s encrypt the message using AES256 insead of the default option. (check this useful question )

userk@dopamine ~$ echo 'Esprit Open Source' | gpg -c --cipher-algo AES256 --no-use-agent | base64 
Enter passphrase: userk
jA0ECQMCpRRMo9+LOHNg0kgBajtQ//qqjeljfEbiqwVbTmbZt3iJ2Npeyj57anazz8tlRovlIbON
dcqbXviIyS/1iDGxxsBikxocmmw8SsOXZyeLxgZoXQ8=

Ok the encrypted string is ‘jA0ECQMCpRRMo9+LOHNg0kgBajtQ//qqjeljfEbiqwVbTmbZt3iJ2Npeyj57anazz8tlRovlIbON
dcqbXviIyS/1iDGxxsBikxocmmw8SsOXZyeLxgZoXQ8=’.
Now let us try to decrypt it using the passphrase ‘userk’.

userk@dopamine ~$ echo -n 'jA0ECQMCpRRMo9+LOHNg0kgBajtQ//qqjeljfEbiqwVbTmbZt3iJ2Npeyj57anazz8tlRovlIbONdcqbXviIyS/1iDGxxsBikxocmmw8SsOXZyeLxgZoXQ8=' | base64 --decode | gpg -d --cipher-algo AES256 --no-use-agent
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
Esprit Open Source

Change the hostname

If you want to change the name of your computer or device you have to change the name saved in the following file

userk@dopamine ~$ cat /etc/hostname
dopamine

Change it to whatever you want and reboot. If you get an error like ‘sudo: unable to resolve host’ try to reboot in recovery mode and change the hostname associated with localhost as described in this question.

Custom ssh banner

In order to modify the banner showed during the authentication process using ssh, we need to modify the configuration file as follows:

userk@dopamine ~$ sudo vim /etc/ssh/sshd_config

Remove the ‘#’ before Banner /etc/issue.net

userk@dopamine ~$ sudo vim /etc/issue.net

and insert the welcome message you want to show. If you now try to login with ssh you will see your message and the password request but at the end there will be a message like the following

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

We don’t want these lines to be shown in the welcome message. So, as reported by Olivier Lalonde in this answer, all we need to do is:

userk@dopamine ~$ touch ~/.hushlogin


Network Setting basics

If you want to set a static ip in order to obtain the same address, first check yout actual ip address netmask and gateway:

userk@dopamine ~$ ifconfig
[...]
wlp3s0    Link encap:Ethernet  HWaddr a4:db:30:a2:19:58  
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::51d4:151b:1970:12d6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

So in my case, the ip address is 192.168.0.10 and the netmask 255.255.255.0. Check your gateway ip with:

userk@dopamine ~$ ip route show
default via 192.168.43.1 dev wlp3s0  proto static  metric 600

Ok we have all the ingredients. Now let’s say we want to set the static ip to 192.168.0.8, modify the /etc/network/interfaces file.

userk@dopamine ~$ sudo vim /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)

auto lo
iface lo inet loopback


auto eth0
iface eth0 inet static
        address 192.168.1.8
        gateway 192.168.1.1
        netmask 255.255.255.0

#allow-hotplug wlan0
#iface wlan0 inet manual
    #wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Then restart network-manager

userk@dopamine ~$ sudo service network-manager restart


Common issues

If you get a the following error:

RTNETLINK answers: File exists
Failed to bring up eth0

You might have to flush the eth0 device before ifup and ifdown.

userk@dopamine ~$ sudo ip addr flush dev eth0

Ping : Operation not permitted

If you are getting an error like the following while executing ping

Ping: icmp open socket: Operation not permitted

Check to ensure that the ping binary is setuid root:

userk@dopamine ~$ ls -l `which ping`
-rwxr-xr-x 1 root root 38844 Feb 12  2014 /bin/ping

The next command will do the trick:

userk@dopamine ~$ sudo chmod u+s `which ping`

Then you will be allowed to ping as anyone. Hope this helps