Linux is a [multi user](https://en.wikipedia.org/wiki/Multi-user_software) operating system.
For an end user's perspective this means we can have multiple accounts on one machine.
For example, one for each member of your household or company.
User can log in, out or switch accounts when seated at the computer or do multiple simultaneous logins via `ssh` or remote desktop software.
From a more internal point of view, Linux uses different accounts to do perfrom different tasks on the system.
These accounts are often called [system accounts](https://unix.stackexchange.com/questions/80277/whats-the-difference-between-a-normal-user-and-a-system-user).
We can list all know accounts with the following command.
We can also **remove** a user via the graphical interface.
![GNOME add user](../assets/add_user_05.png)
### command line
This why you're here no?
To learn how to manager a Linux system like a pro.
So let's look into how to add and remove users via the command line.
As it's an *administrative* task we'll need to prove we have to right to do so.
This implies the use of `sudo`.
```
waldek@debian:~$ sudo add
addgroup addpart add-shell adduser
waldek@debian:~$ apropos adduser
adduser.conf (5) - configuration file for adduser(8) and addgroup(8) .
adduser (8) - add a user or group to the system
waldek@debian:~$ sudo adduser
[sudo] password for waldek:
adduser: Only one or two names allowed.
waldek@debian:~$
```
The `adduser` program takes one or two arguments.
The behaviour changes quite dramatically depending on the number of arguments.
When you give *one* argument, the program will add a user to the system.
When using *two* arguments the program will add a user to a group.
```
waldek@debian:~$ sudo adduser ilies
Adding user `ilies' ...
Adding new group `ilies' (1001) ...
Adding new user `ilies' (1001) with group `ilies' ...
Creating home directory `/home/ilies' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for ilies
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
waldek@debian:~$ tail -1 /etc/passwd
ilies:x:1001:1001:,,,:/home/ilies:/bin/bash
waldek@debian:~$ su ilies
Password:
ilies@debian:/home/waldek$
```
If we want to add `ilies` to the group of administrators we can use the same program but with **two** arguments, first the user, then the group in question.
```
ilies@debian:~$ sudo apt update
[sudo] password for ilies:
ilies is not in the sudoers file. This incident will be reported.
1 package can be upgraded. Run 'apt list --upgradable' to see it.
ilies@debian:/home/waldek$
```
`ilies` is now a user account with full administrator rights!
An important detail you should know is that a user's groups are only loaded upon login.
This has as a side effect that when you add a user to a group, they need to log out and back in order for the changes to take effect.
There are [tricks](https://superuser.com/questions/272061/reload-a-linux-users-group-assignments-without-logging-out) to bypass the behaviour though but I must say I always log out and back in myself.
Removing a user is done with the `deluser` program.
Unix like systems differ greatly from a Windows system because they are not just *multi tasking* but also *multi user*.
Users and groups imply [permissions](https://en.wikipedia.org/wiki/File-system_permissions#Notation_of_traditional_Unix_permissions), meaning **who** is allowed to do **what** on a system.
Permissions are tied to a **file system**, either real or virtual, but can't exist outside of this context.
When we list the files in a directory, we can add the `-l` flag to see more information.
In the example below I create a file called `helloworld` and show it's details with `ls -l`.
```
waldek@debian:~$ touch helloworld
waldek@debian:~$ ls -l
total 0
-rw-r--r-- 1 waldek waldek 0 May 16 10:32 helloworld
waldek@debian:~$
```
Next up I create a directory to store my pictures in.
```
waldek@debian:~$ mkdir photos
waldek@debian:~$ ls -l
total 4
-rw-r--r-- 1 waldek waldek 0 May 16 10:32 helloworld
drwxr-xr-x 2 waldek waldek 4096 May 16 10:33 photos
waldek@debian:~$
```
The file and directory above points us to suite a bit of information.
Let's break it down.
The table below slices each individual element apart.
The first column indicates the *type* of file.
This can be a directory, link, block device, character device, among others.
Have a look [here](https://en.wikipedia.org/wiki/Unix_file_types) for an elaborate explanation of all possible types in Linux.
| type | owner | group | others | nr links | owner | group | size | mod date | name |
Each file or folder in Linux has one **owner** and one **group**.
When you create a new file or folder, the owner will be you and the group will be your [primary group](https://www.cyberciti.biz/faq/howto-linux-add-user-to-group/).
*Most* of the time this will default to your username for both user and group.
We can however change the owner and the group of a file of folder.
This is done with `chown`, ch(ange)own(ership).
Let's try this out.
```
waldek@debian:~$ touch waldek_file
waldek@debian:~$ ls -l
total 0
-rw-r--r-- 1 waldek waldek 0 May 16 14:37 waldek_file
waldek@debian:~$ tail -1 /etc/passwd
ilies:x:1002:1002:,,,:/home/ilies:/bin/bash
waldek@debian:~$ chown ilies:ilies waldek_file
chown: changing ownership of 'waldek_file': Operation not permitted
When you create a **new** file of directory, there are created with default permissions according to the `umask`.
```
waldek@helloworld:~$ whatis umask
umask (2) - set file mode creation mask
waldek@helloworld:~$ umask
0022
waldek@helloworld:~$ touch new_file && ls -l new_file
-rw-r--r-- 1 waldek waldek 0 Jun 15 15:02 new_file
waldek@helloworld:~$ mkdir new_folder && ls -la new_folder
total 8
drwxr-xr-x 2 waldek waldek 4096 Jun 15 15:03 .
drwxr-xr-x 59 waldek waldek 4096 Jun 15 15:03 ..
waldek@helloworld:~$
```
The `new_file` has a octal permission of `644` and the `new_folder``755`.
I can change my `umask` as follows.
```
waldek@helloworld:~$ rm -r new_f*
waldek@helloworld:~$ umask 000
waldek@helloworld:~$ touch new_file && ls -l new_file
-rw-rw-rw- 1 waldek waldek 0 Jun 15 15:08 new_file
waldek@helloworld:~$ mkdir new_folder && ls -la new_folder
total 8
drwxrwxrwx 2 waldek waldek 4096 Jun 15 15:08 .
drwxr-xr-x 59 waldek waldek 4096 Jun 15 15:08 ..
waldek@helloworld:~$
```
The permissions changed!
The `new_file` now has a octal permission of `666` and the `new_folder``777`.
Do you see a pattern here?
The `umask` value is subtracted from the [POSIX](https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap01.html#tag_17_01_01_04) defined base permissions which are `666` for a file and `777` for a directory.
One more example to drive it home.
```
waldek@helloworld:~$ rm new_f*
rm: cannot remove 'new_folder': Is a directory
waldek@helloworld:~$ rm -r new_f*
waldek@helloworld:~$ umask 777
waldek@helloworld:~$ touch new_file && ls -l new_file
---------- 1 waldek waldek 0 Jun 15 15:11 new_file
waldek@helloworld:~$ mkdir new_folder && ls -la new_folder
ls: cannot open directory 'new_folder': Permission denied
waldek@helloworld:~$
```
Can you explain me why we get a `Permission denied` message?
Some of you might have noticed the `umask` returns **4** digits.
This is because there is an additional permission bit we have not covered yet.
If you want to dig into it I suggest [this](https://wiki.debian.org/Permissions#Section_2:_UNIX_permissions_explained) page on the Debian wiki where I got the following quote from.
> The first of the 4 octal digits which represent permissions contains the setuid and setgid bits. These can be used to override some of the defaults described above but it is not worth getting into details other than to note that the user private groups project collaboration idiom (see below) depends on the behavior of the setgid bit.
You now have enough comprehension of Linux to play a [wargame](https://en.wikipedia.org/wiki/Wargame_(hacking)).
Over at [over the wire](https://overthewire.org/wargames/) there are quite a few very good wargames to solidify your knowledge of the command line, the Linux kernel, web exploits, among others.
We'll start off with [bandit](https://overthewire.org/wargames/bandit/).
> The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. If you notice something essential is missing or have ideas for new levels, please let us know!
It's a game you play over `ssh` which drops you in a `bash` shell where the goal is to find the password for the next level.
Once you find the password you can log out and back in as the next user.
The entire game revolves around permissions.
This is the cycle:
1. log **in** as user `banditX` to the server
1.**find** the hidden password for the user `banditX+1`