Basic Account Administrations-How To-Linux OS

Add existing user called example user <Uyxx> to the wheel group

By default, all users on a Linux distribution can use the su (switch user) command to become another user during a login session. If no username is given, su defaults to becoming the super user. While on other UNIX systems, one must be in the wheel group in order to access the su command.

This tutorial will show you how to restrict the use of su command on Linux so that only users in the wheel group have access to it.

The wheel group is a special user group on Unix-like systems to restrict access to su command. The term wheel comes from the archiaic slang phrase “big wheel” which means an important and influential person.
Edit /etc/pam.d/su config file:

sudo vi /etc/pam.d/su
add the following line:

auth required /lib/security/pam_wheel.so use_uid
or

auth required pam_wheel.so use_uid
Save and close the file.

Now when a user that is not in the wheel group try to use su command, he/she will get a permission denied error, even if the password is typed correctly.

If you want to add a user to the wheel group, use the following command:

sudo usermod -G wheel username
Use the id command to check if the user is in the wheel group

id username

The syntax is:

pw group mod {GROUP-NAME-HERE} -m {USERNAME-HERE}
pw group mod wheel -m Uyxx
If the user named Uyxx already exists add her to the wheel group.

Add new user called sai while creating a new account

The syntax is:

pw user add {USERNAME-HERE} -G {GROUP-NAME-HERE}
pw user add sai -G wheel
The above command creates the sai primary group automatically, and add a user in the wheel group when her account is first created on a FreeBSD unix operating systems.

How do I verify new group membership on a FreeBSD?

The syntax is:

pw groupshow {GROUP-NAME-HERE}
pw groupshow wheel
pw groupshow sai
pw groupshow vivek
## Determine Group Membership Of sai and vivek Users ##
id sai
id vivek

How To Set up New SUDO User-Linux OS 

The sudo command provides a mechanism for granting administrator privileges, ordinarily only available to the root user, to normal users. This guide will show you the easiest way to create a new user with sudo access on CentOS, without having to modify your server’s sudoers file. If you want to configure sudo for an existing user, simply skip to step 3.

Steps to Create a New Sudo User
Log in to your server as the root user.

ssh root@server_ip_address
Use the adduser command to add a new user to your system.

Be sure to replace username with the user that you want to create.

adduser username
Use the passwd command to update the new user’s password.

passwd username
Set and confirm the new user’s password at the prompt. A strong password is highly recommended!

Set password prompts:
Changing password for user username.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Use the usermod command to add the user to the wheel group.

usermod -aG wheel username
By default, on CentOS, members of the wheel group have sudo privileges.

Test sudo access on new user account

Use the su command to switch to the new user account.

su – username
As the new user, verify that you can use sudo by prepending “sudo” to the command that you want to run with superuser privileges.

sudo command_to_run
For example, you can list the contents of the /root directory, which is normally only accessible to the root user.

sudo ls -la /root
The first time you use sudo in a session, you will be prompted for the password of the user account. Enter the password to proceed.

Output:
[sudo] password for username:
If your user is in the proper group and you entered the password correctly, the command that you issued with sudo should run with root privileges.

Image result for ulimit linux

How to set U Limite

How to set ulimit values

How to Check the Ulimit

process IDs (PID) of the specific user you can get the limits for each process with:

cat /proc/<PID>/limits

You can get the number of opened files for each PID with:

ls -l /proc/<PID>/fd | wc -l

And then just compare the value of Max open files with the number of open file descriptors from the second command to get a percentage.

 Environment
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Issue

  • How to set ulimit values

Resolution

  • Settings in /etc/security/limits.conf take the following form:
    # vi /etc/security/limits.conf
    #<domain>        <type>  <item>  <value>
    
    *               -       core             <value>
    *               -       data             <value>
    *               -       priority         <value>
    *               -       fsize            <value>
    *               soft    sigpending       <value> eg:57344
    *               hard    sigpending       <value> eg:57444
    *               -       memlock          <value>
    *               -       nofile           <value> eg:1024
    *               -       msgqueue         <value> eg:819200
    *               -       locks            <value>
    *               soft    core             <value>
    *               hard    nofile           <value>
    @<group>        hard    nproc            <value>
    <user>          soft    nproc            <value>
    %<group>        hard    nproc            <value>
    <user>          hard    nproc            <value>
    @<group>        -       maxlogins        <value>
    <user>          hard    cpu              <value>
    <user>          soft    cpu              <value>
    <user>          hard    locks            <value>
    
    • <domain> can be:
      • an user name
      • a group name, with @group syntax
      • the wildcard *, for default entry
      • the wildcard %, can be also used with %group syntax, for maxlogin limit
    • <type> can have the two values:
      • “soft” for enforcing the soft limits
      • “hard” for enforcing hard limits
    • <item> can be one of the following:
      • core – limits the core file size (KB)
      • data – max data size (KB)
      • fsize – maximum filesize (KB)
      • memlock – max locked-in-memory address space (KB)
      • nofile – max number of open files
      • rss – max resident set size (KB)
      • stack – max stack size (KB)
      • cpu – max CPU time (MIN)
      • nproc – max number of processes
      • as – address space limit (KB)
      • maxlogins – max number of logins for this user
      • maxsyslogins – max number of logins on the system
      • priority – the priority to run user process with
      • locks – max number of file locks the user can hold
      • sigpending – max number of pending signals
      • msgqueue – max memory used by POSIX message queues (bytes)
      • nice – max nice priority allowed to raise to values: [-20, 19]
      • rtprio – max realtime priority
  • Exit and re-login from the terminal for the change to take effect.
  • More details can be found from below command:
# man limits.conf

Diagnostic Steps

  • To improve performance, we can safely set the limit of processes for the super-user root to be unlimited. Edit the .bashrc file vi /root/.bashrc and add the following line:
# vi /root/.bashrc
ulimit -u unlimited
  • Exit and re-login from the terminal for the change to take effect.
  • Can also run ulimit -u unlimited at the command prompt instead of adding it to the /root/.bashrc file.

Detail Information

o display all of your current settings you can issue the command: “ulimit -a

 


john@john-desktop:~$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 19868
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 19868
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

 

To display individual parameters you must specify the appropriate flag. “-c” would be for “core file size”: ulimit -c

To display the “Max user Processes”, you could issue the command: ulimit -u

 


john@john-desktop:~$ ulimit -c
0
john@john-desktop:~$ ulimit -u
19868

 

/etc/security/limits.conf

 

As we mentioned earlier, “/etc/security/limits.conf” is the location for the file that contains user limit settings. Below is an example of a “/etc/security/limits.conf” file taken from an “Ubuntu 12.04 LTS” system:

 


john@john-desktop:~$ cat /etc/security/limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#        - NOTE: group and wildcard limits are not applied to root.
#          To apply a limit to the root user, <domain> must be
#          the literal username root.
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#        - chroot - change root to directory (Debian-specific)
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#root            hard    core            100000
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#ftp             -       chroot          /ftp
#@student        -       maxlogins       4

# End of file

 

As you can see from the above, limits are either defined as being “soft” or “hard“. The hard limit is set by the “root” user or a user with the appropriate escalated privileges. This limit can not be exceeded. The soft limit is also set by the “root” user, however, this limit can be overridden by a user using the “ulimit” command.

As an example, imagine as the system administrator you have defined a hard limit of 100 for the “Max user Processes”. This would mean that the user can not go above 100 processes. You might then set a soft limit of 50 for “Max user Processes”. This soft value would stop the user from going over 50 processes. However, as this is only a soft limit, the user could use the ulimit command to increase the number of processes up to the hard limit. This new assigned value would then last for the duration of that particular shell. To raise this value you would issue ulimit -u 75. This would raise my max limit now to “75”. This limit is only for the current shell!

 

Reference
Create New Sudo User Centos
https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-centos-quickstart 

Add User to the Wheel Group
https://www.linuxbabe.com/linux-server/linux-security-control-access-to-the-su-command

How to increase “U Limit” Setting on RHEL
https://access.redhat.com/solutions/61334

Linux Ulimit
http://landoflinux.com/linux_ulimit_command.html


Leave a Reply

Your email address will not be published. Required fields are marked *