// Jeffrey Reeves

LX0-104 Personal Review

July 29, 2018


These are my sloppy personal notes as I prepare to take the final Linux+/LPIC1 exam. This will be replaced (in time) with better notes.

Display Managers


  • LightDM’s main configuration file is /etc/lightdm/lightdm.conf:
    • The main section is:  [SeatDefaults]
    • Common options within this section include:
      • greeter-session=name — sets a greeter (i.e. a welcome screen).
        • The name value is the name of the *.desktop file in the /usr/share/xgreeters/ directory.
      • user-session=name — sets a user environment (i.e. a desktop environment).
        • The name value is the name of the *.desktop file in the /usr/share/xsessions/ directory.
      • allow-guest=true —  enables guest login.
      • greeter-show-manual-login=true — shows a field to type in a username.
      • greeter-hide-users=true — hides user selection.
      • autologin-user=user  — automatically logs in as user.
      • autologin-user-timeout=30 — automatic logs in after 30 seconds.
    • /etc/lightdm/lightdm.conf.d/ contains many sub-configuration files.


  • Main configuration file is /etc/gdm3/custom.conf:
    • [daemon] section:
      • AutomaticLoginEnable=True — enables automatic login.
      • AutomaticLogin=user — auto login as user.
      • WaylandEnable=false — disables Wayland and uses Xorg X11 instead.
    • [security] section:
      • DisallowTCP=false — re-enables TCP, useful for X11Forwarding without SSH.


  • Protocol is XDMCP (X Display Manager Control Protocol)
    on port 177 UDP incomming and ports 6000-6005 TCP bidirectional.
  • Five XDMCP servers are common:
    • XDM
    • KDM
    • GDM
    • LightDM
    • MDM

xorg.conf file

  • Major sections
    • Module
    • InputDevice
    • Monitor
    • Device
    • Screen
    • ServerLayout
  • Module handles loading X server modules via Load.
    • InputDevice configures the keyboard and mouse.
      • Identifier is a label.
    • Driver is the driver to be used for the device (ex.
      kbd, mouse, Keyboard, evdev, etc.).
    • Option sets various options for the device (ex.
      Device, Protocol, AutoRepeat, etc.).
    • Device is usually one of these:
      • “/dev/input/mice”
      • “/dev/input/mouse1”
      • “/dev/usb/usbmouse”
      • “/dev/ttyS0”
      • “/dev/ttyS1”
    • Protocol is the signal X can expect from
      the mouse movements and button presses.

      • “Auto”
      • “IMPS/2”
      • “ExplorerPS/2”
      • “PS/2”
      • “Microsoft”
      • “Logitech”
  • Monitor section can specify HorizSync, VertRefresh, and
    Modeline of the monitor.

    • Identifier and ModelName can be anything you want.
    • HorizSync is in kilohertz (kHz).
    • VertRefresh is in hertz (Hz).
    • Modeline can be acquired from
      cvt <h-resolution> <v-resolution> <refreshRate>.
    • A new modeline can be added with
      xrandr --newmode <modeline>.
    • Monitor name can be retrieved with `xrandr -q`.
  • Device section typically defines the video card being used.
    • Identifier, VendorName, and BoardName can be anything
      you want.
    • Driver can be any of the modules that exist in
    • VideoRam isn’t necessary to define, but it’s the
      amount of RAM in kilobytes.
  • Screen section defines the combination of monitor and
    video cards being used.

    • Identifier can be anything.
    • Device must match the Identifier from the Device section.
    • Monitor must match the Identifier from the Monitor section.
    • DefaultDepth is the default SubSection to use based on color depth (32 bit is the greatest depth possible).
    • SubSection “Display” defines a display option X may use.
      • Depth is the color depth in bits.
      • Modes is the modeline (generated by `cvt`)
    • EndSubSection completes a subsection.
  • ServerLayout section links all the other sections together.
    • Identifier can be anything you want.
    • Screen is the Identifier(s) in the Screen section.
    • InputDevice is the Identifier(s) in the InputDevice
  • Files section is used to add fonts and font paths.
    • FontPath will define a path to look for fonts.


  • Font paths can be added in the xorg.conf file using the Files section, appended with xset fp+ </font/directory>, or prepended with xset +fp </font/directory>.
  • To have linux re-examine the font path, use xset fp rehash.
  • Available fonts may be checked using the xfontsel command.
  • Font servers can be added to the xorg.conf File section (ex. FontPath "tcp/").
  • Default fonts can be adjusted in KDE by typing systemsettings in a terminal.


  • AccessX was the common method for enabling/editing accessibility options. It has been deprecated but is specifically mentioned on the exam.
    • Sticky keys make modifier keys “stick” when pressed, and affect the next regular key to be pressed.
      • Can be enabled on GNOME by pressing shift key five times in a row.
    • Toggle keys play a sound when the locking keys are pressed.
    • Mouse keys enables the numpad to act as a mouse.
    • Bounce/Debounce keys prevent accidentally pressing a single key multiple times.
    • Slow keys require a key to be held longer than a set period of time for it to register a key press.
    • Keyboard Repeat Rate determines how quickly a key repeats when held down.
    • Time Out sets a time to stop accessibility options automatically.
    • Simulated Mouse Clicks can simulate a mouse click whenever the cursor stops moving, or simulate a double click whenever the mouse button is pressed for an extended period.
    • Mouse Gestures activate program options by moving your mouse in a specific pattern.
  • GNOME On-Screen Keyboard (GOK) was the onscreen option for GNOME desktop, but has been replaced with Caribou.
  • Default fonts can be adjusted in KDE by typing systemsettings in a terminal.
  • kmag can be used to start the KMag on-screen magnifier.
  • Speech synthesizers for Linux include:
    • Orca — integrated in GNOME 2.16+.
    • Emacspeak — similar to Orca. 
  • The BRLTTY project provides a Linux daemon to redirect text-mode console output to a Braille display.
  • Since kernel 2.6.26, direct support for Braille displays exists on Linux.

Cron Jobs

  • Syntax is:
    • Minute of hour (0-59)
    • Hour of day (0-23)
    • Day of month (1-31)
    • Month of year (1-12)
    • Day of week (0-7)
      • 0 and 7 are both Sunday.
    • Note: Values may be separated by commas or divided by a number (ex. */15 or 0,15,30,45).
  • /etc/cron.allow determines which users are allowed to create cron jobs.
  • /etc/cron.deny blocks listed users from creating cron jobs. 
  • System cron jobs are run from the /etc/crontab file.
    • Crontab syntax is:
      moh hod dom moy dow user command
  • Scripts can be placed within the following directories to be automatically processed by the entries in the crontab file:
    • /etc/cron.hourly/
    • /etc/cron.daily/
    • /etc/cron.weekly/
    • /etc/cron.monthly/
  • On Debian systems, any files within the /etc/cron.d/ directory are treated as additional crontab files.
  • User cron jobs are stored in a file at /var/spool/cron/crontabs/user.
  • Use the crontab command to edit the jobs in the /var/spool/cron/crontabs/ directory.
    • -u specifies the user.
    • -l lists all current jobs.
    • -e edits the crontab file.
    • -r removes the current crontab.
    • -ir interactive prompts for removal


  • at will execute commands at a specified time.
    • Do not directly pass a command to the at command.
      • First enter the at command with a specified time.
      • An interactive at> prompt will appear.
      • Enter all commands desired.
      • Press ^d to send the EOF input to complete the job submission. 
    • Accepts the following time strings:
      • now|hh am|hh pm + value minutes|hours|days|weeks
      • today
      • tomorrow
      • HHMM
      • HH:MM
      • MMDD[CC]YY
      • MM/DD/[CC]YY
      • DD.MM.[CC]YY
      • [CC]YY-MM-DD
      • Examples:
        • at 4pm + 3 days
        • at 10am Jul 31
        • at 1am tomorrow
    • -m send mail to the user when the job completes.
    • -M never mail the user.
    • -f read the job from a file.
    • -t run the job at a specific time.
      • [[CC]YY]MMDDhhmm[.ss]
    • -l list all jobs queued.
      • Alias for atq.
    • -r remove a job.
      • Alias for atrm.
    • -d delete a job.
      • Alias for atrm.
  • atq queries and lists all jobs currently scheduled and their job IDs.
  • atrm removes jobs by ID.
  • Access to the at command can be restricted with /etc/at.allow and /etc/at.deny.


  • Similar to cron but runs periodically when available, rather than at specific times. This makes it useful for systems that are not running continuously.
  • /var/spool/anacron is where timestamps from anacron jobs are stored.
  • When anacron is executed, it reads a list of jobs from a configuration file at /etc/anacrontab.
    • Each job specifies:
      • Period in days
        • @daily
        • @weekly
        • @monthly
        • numeric value 1-30
      • Delay in minutes
      • Unique job identifier name
      • Shell commands
      • Example: 
        • 1 5 cron.daily run-parts --report /etc/cron.daily
        • 7 10 cron.weekly run-parts --report /etc/cron.weekly
        • @monthly 15 cron.monthly run-parts --report /etc/cron.monthly
    • -f forces execution of jobs, regardless of timestamps.
    • -u updates the timestamps without running.
    • -s serialize jobs — a new job will not start until the previous one is finished.
    • -n now — run jobs immediately (implies -s as well).
    • -d don’t fork to background — output informational messages to STDERR, as well as syslog. 
    • -q quiet messages to STDERR when using -d.
    • -t specify a specific anacrontab file instead of the default.
    • -T tests the anacrontab file for valid syntax.
    • -S specify the spooldir to store timestamps in. Useful when running anacron as a regular user.


  • Executes scripts within a directory.
  • Used often in crontab and anacrontab to execute scripts within the cron.daily, cron.weekly, cron.monthly, etc. directories.


  • Linux uses Coordinated Universal Time (UTC) internally.
    • UTC is the time in Greenwich, England, uncorrect for daylight savings time.


  • Linux uses the /etc/localtime file for information about its local time zone.
    • /etc/localtime is not a plain-text file, and is typically a symlink to a file in /usr/share/zoneinfo/.
      • Example: $ ll /etc/localtime
        lrwxrwxrwx 1 root root 35 Jun 24 03:02 /etc/localtime -> /usr/share/zoneinfo/America/Phoenix
  • Debian based distributions also use /etc/timezone to store text-mode time zone data.
  • Redhat based distributions also use /etc/sysconfig/clock to store text-mode time zone data.
  • A user can set their individual timezone using the TZ environment variable.
    • export TZ=:/usr/share/zoneinfo/timezone
    • std offset can be used in place of :/usr/share/zoneinfo.
      • When daylight savings is not in effect.
        • std offset 
        • Ex. MST+3 
      • When daylight savings is in effect:
        • std offset dst[offset],start[/time],end[/time]
        • Ex. MST+3EST,M1.19.0/12,M4.20.0/12


  • A locale is a way of specifying the machine’s/user’s language, country, and other information for the purpose of customizing displays.
    • Locales take the syntax of:

      • language is typically a two or three-letter code (en, fr, ja, etc.)
      • territory is typically a two letter code (US, FR, JP, etc.).
      • codeset is often UTF-8, ASCII, etc.
      • modifier is a locale-specific code that modifies how it works.
  • The locale command can be used to view your current locale.
    • LC_ALL is kind of like a master override — if it is set, all other LC_* variables are overridden by it. 
    • LANG will be used as a default for any LC_* variables that are not set.
      • Setting LANG=C prevents programs from passing their output through locale translations.
    • locale -a shows all available locales on the system.
  • The iconv command can be used to convert between character sets.
    • iconv -f encoding [-t encoding] [inputfile]...
      • -f is the source encoding.
      • -t is the destination encoding.
    • Ex. iconv -f iso-8859-1 -t UTF-8 german-script.txt


  • hwclock is used to synchronize the hardware clock with the system clock.
    • -r / --show will show the current hardware clock time:
      • Thu 02 Aug 2018 01:46:09 AM MST -0.329414 seconds
    • -s / --hctosys will set system time from hardware clock.
    • -w / --systohc will set the hardware clock from system time.


  • date displays the current date and time.
  • Accepted datetime format is MMDDhhmm[[CC]YY][.ss]] 
    • -d / --date= sets the date and time.
      • Defaults to now if not used.
    • -s / --set= sets time to provided value.
    • -u / --utc / --universal print or set time in Coordinated Universal Time (UTC).
  • Output can be formatted with date +"%format":
    • %a – abbreviated weekday name (Mon)
    • %A – non-abbreviated weekday name (Monday)
    • %b – abbreviated month name (Jan)
    • %B – non-abbreviated month name (January)
    • %c – locale’s date and time (Thu Aug 2 00:10:29 2018)
    • %C – century (20)
    • %d – day of month (01)
    • %D – date; same as %m/%d/%y (8/2/18)
    • %e – day of month with space padding; same as %_d ( 01)
    • %F – full date; same as %Y-%m-%d (2018-8-2)
    • %H – hour (00 - 23)
    • %I – hour (01 - 12)
    • %j – day of year (001 - 366)
    • %k – hour with space padding; same as %_H ( 21)
    • %l – hour with space padding; same as %_I ( 09)
    • %m – month (01 - 12)
    • %M – minute (00 - 59)
    • %n – newline
    • %N – nanoseconds
    • %p – locale’s equivalent of AM/PM
    • %P – same as %p, but lowercase
    • %q – quarter of year (1 - 4)
    • %r – locale’s 12 hour clock (12:16:43 AM)
    • %R – 24 hour clock; same as %H:%M (00:16)
    • %s – seconds since January 1st, 1970 UTC
    • %S – second (00 - 60)
    • %t – tab
    • %T – time; same as %H:%M:%S (00:23:53)
    • %u – day of week (1 - 7); 1 is Monday
    • %U – week number of year, starting on Sunday (00 - 53)
    • %w – day of week (0 - 6); 0 is Sunday
    • %W – week number of year, starting on Monday (00 - 53)
    • %x – locale’s date representation (8/2/18)
    • %X – locale’s time representation (00:19:43
    • %y – last two digits of year (00 - 99)
    • %Y – year
    • %z – +hhmm numeric time zone (-0400)
    • %Z – time zone abbreviation (MST)
    • Example:
      • date +"%A %B %d, %Y - %I:%M:%S %p"
        Thursday August 02, 2018 – 12:30:45 AM


  • The NTP daemon is responsible for querying NTP servers listed in /etc/ntp.conf.
    • Example:
      server iburst
      server iburst
      server iburst
      server iburst
  • The ntpdate command synchronizes time with the NTP servers but is deprecated in favor of ntpd -gq.
    • Note: ntpd must be stopped in order for ntpd -gq to work:
      • ntpd: time slew -0.011339s
  • The ntp.drift file is responsible for adjusting the system’s clock as clock drift occurs, and is typically stored in /var/lib/ntp/ or /etc/.
  • The ntpq command opens an interactive mode for ntpd, with an ntpq> prompt.
    • ntpq> peers shows details about the NTP servers in use.
      • refid is the server to which each system is synchronized.
      • st is the stratum number of the server.
      • Note: ntpq -p / ntpq --peers functions the same without being in an interactive prompt.


  • ssh-add is used to add an RSA/DSA key to the list maintained by ssh-agent (ex. ssh-add ~/.ssh/id_rsa).
  • Enabled port tunneling with ‘AllowTcpForwarding yes‘.


  • Generated keys are stored in ~/.gnupg.


  • Ghostscript translates PostScript into forms that can be understood by your printer.
  • The print queue is managed by the Common Unix Printing System (CUPS).
  • Users can submit print jobs using lpr.
  • Typically a print queue is located in /var/spool/cups.
  • lpq -a to display all pending print jobs on local and remote printers.


  • qmail and Postfix are modular servers.
  • newaliases command converts the aliases file to a binary format.


  • logrotate can be used to manage the size of log files.
  • logger is the command used to record to the system log.
  • Start syslogd with the -r option to enable acceptance of remote machine logs.


  • /etc/profile is the global configuration file for the bash

Network Addresses

  • IP addresses can be broken into a network address and a computer address based on a netmask / subnet mask.
    • Network address is a block of IP addresses that are used by one physical network.
    • Computer address identifies a particular computer within that network.
  • IPv4 addresses.
    • 32 bits (4 bytes), binary.
    • Represented as four groups of decimal numbers separated by dots
    • Classes are address ranges determined by a binary value of the leftmost digit.
      • 00000001 - 01111111  1 - 127 — Class A
      • 10000000 - 10111111 = 128 - 191 — Class B
      • 11000000 - 11011111 = 192 - 223 — Class C
      • 11100000 - 11101111 = 224 - 239 — Class D
      • 11110000 - 11110111 = 240 - 255 — Class E
      • If it starts with a 0 = Class A, 1 = Class B, 11 = Class C, 111 = Class D, 1111 = Class E
    • Reserved private address spaces / RFC 1918 addresses are:
      • Class A — -
      • Class B — -
      • Class C — -
    • Network Address Translation (NAT) routers can substitute their own IP address on outgoing packets from machines within a reserved private address space; effectively allowing any number of computers to hide behind a single IP address.
    • Address Resolution Protocol (ARP) can be used to convert between MAC and IPv4 addresses.
  • IPv6 addresses.
    • 128 bits (16 byte), hexadecimal.
    • Represented as eight groups of 4-digit hexadecimal values separated by colons
      (ex. 2001:4860:4860:0000:0000:0000:0000:8888).
    • Two types of network addresses:
      • Link-Local
        • Nonroutable — can only be used for local network connectivity. 
        • fe80:0000:0000:0000: is the standard for IPv6 interfaces.
      • Global
        • Uses a network address advertised by a router on the local network.
    • Neighbor Discovery Protocol (NDP) can be used to convert between MAC and IPv6 addresses.
  • Netmasks / subnet masks are binary numbers that identify which portion of an IP address is a network address and which part is a computer address.
    • 1 = part of the network address.
    • 0 = part of the computer address. 
    • They can be represented using dotted quad notation or Classless Inter-Domain Routing (CIDR) notation:
      • Dotted Quad:
        • 255 = 11111111 — all eight bits are the network address.
        • 0 = 00000000 — all eight bits belong to a computer address.
      • CIDR:
        • The number after the forward slash represents the number of bits belonging to the network address.
      • To convert from CIDR to dotted quad netmask:
        1. 27 represents the number of bits with a value of 1, starting from the left-most digit:
          • 11111111 11111111 11111111 11100000
        2. Convert the binary values of each byte to decimal values:
          • 11111111 = 128+64+32+16+8+4+2+1 = 255
          • 11100000 = 128+64+32 = 224
        3. Put all of the decimal values in a dotted quad format:
      • To convert from dotted quad to CIDR:
        1. Convert the decimal values to binary values:
          • 255 = 11111111
          • 192 = 11000000
            • Math Tip
              1. Take 255 and subtract 192 to get 63.
              2. Since 63 is 1 less than 64, all bits below the 64th are 1
                (i.e. 001111111).
              3. Subtract 11111111 (binary 255) by this value 00111111, to get 11000000.
          • 0 = 00000000
        2. Place the binary values into one 32 bit string:
          • 11111111 11111111 11000000 00000000
        3. Count the number of digits from the left with a value of 1:
          • 18
          • So the IP would be represented as in CIDR notation.
  • Media Access Control (MAC) addresses represent unique hardware addresses.
    • 48 bits (6 bytes), hexadecimal.
  • A broadcast query is sent out to all computers on a local network and asks a machine with a given IP address to identify itself. If the machine is on the network it will respond with its hardware address, so the TCP/IP stack can direct traffic for that IP to the machine’s hardware address.
  • Dynamic Host Configuration Protocol (DHCP).
  • ip and ifconfig can both be used to add a new IPv6 address to a network interface.
  • ifconfig promisc configures the interface to run in promiscuous mode — receiving all packets from the network regardless of the packet’s intended destination.

Network Configuring




Network Diagnostics




netcat / nc



traceroute / traceroute6

ping / ping6


  • Provides a human-friendly mapping between internet services, their ports, and protocol types.
  • Each line describes one service:
    • service-name port/protocol [aliases ...]

Ports & Services

  • SNMP listens on port 162 by default.

User and Group Files


  • Contains information about users, their IDs, and basic settings like home directory and default shell.
  • One line for each user account, with seven fields separated by colons.
    1. Username
    2. Password
      • x means the password is encrypted in the /etc/shadow file.
    3. UID
    4. GID
    5. Comment
      • the user’s real name is generally stored here
    6. Home directory
    7. Default shell
  • Examples: 
    • root:x:0:0:root:/root:/bin/bash
    • jeff:x:1000:1000:jeff,,,:/home/jeff:/bin/bash


  • Contains encrypted passwords and information related to password/account expirations.
  • One line for each user account, with nine fields separated by colons.
    1. Username
    2. Encrypted password
      • * means the account does not accept logins. 
      • ! means the account has been locked from logging in with a password.
      • !! means the password hasn’t been set yet.
    3. Last day the password changed (in days since January 1st, 1970).
    4. Min number of days to wait before a password change is allowed.
    5. Max number of days a password is valid for before a change is required.
      • Password expiration occurs after this date.
      • An expired password means the user must change their password to gain access again.
    6. Number of days to start showing warnings before the max date is reached.
    7. Number of inactive days allowed after password expiration.
      • Account deactivation occurs after the inactive day is passed.
      • A deactivated account requires a system admin to reinstate the account.
    8. Day when account expiration will occur (in days since January 1st, 1970).
    9. Reserved field that hasn’t been used for anything.
  • Examples:
    • jeff:$9$eNcrYpt3D.23534e/ghlar2k.:17706:0:99999:7:::
    • sshd:*:17706:0:99999:7:::


  • Contains information about groups, their ID, and their members.
  • One line per group, with four fields separated by colons.
    1. Group name
    2. Password
      • x means the password is encrypted in the /etc/gshadow file.
    3. GID
    4. User list (comma separated)
  • Examples: 
    • jeff:x:1000:
    • sambashare:x:126:jeff

User & Group Commands

  • The first 100 UID and GIDs are reserved for system use.
    • 0 typically corresponds to root.
  • The first normal user account is usually assigned a UID of 500 or 1000.
  • User and group numbering limits are set in the /etc/login.defs file.
    • UID_MIN and UID_MAX defines the minimum and maximum UID value for an ordinary user.
    • GID_MIN and GID_MAX work similarly for groups.


  • chage can set the password expiration information for a user.
    • -l lists current account aging details. 
    • -d / --lastday sets the day that the password was last changed
      (without actually changing the password).

      • Accepts a single number (representing the number of days since Jan 1st, 1970) or a value formatted in YYYY-MM-DD .
      • 0 will force the user to change their password on the next login. 
    • -m / --mindays sets the number of days that must pass before a password can be changed.
      • 0 disables any waiting period.
    • -M / --maxdays sets the number of days before a password change is required.
      • Accepts a single value for the number of days.
      • -1 disables checking for password validity.
    • -W / --warndays sets when to start to displaying a warning message that a required password change is coming.
    • -I / --inactive sets the number of days a password must be expired for the password to be marked inactive.
      • Accepts a single number.
      • -1 removes an account’s inactivity.
    • -E / --expiredate sets the account expiration date.
      • Accepts a single number or YYYY-MM-DD value.
      • -1 removes the expiration date.
  • If no options are provided to chage, it will interactively prompt for input to the various values it can set.

useradd / adduser (Debian)

  • Doesn’t work as intended in Debian based distributions (because they’ve had a bug since forever and would rather you use a completely new command than get on board with standards… /rant), use adduser instead.
  • Creates new users or updates default new user details.
    • -D / --defaults use Default values for anything not explicitly specified in options.
      • Execute useradd -D without any other options to display the current defaults.
        • GROUP=100
    • -d / --home-dir specify home directory.
    • -e / --expiredate sets the expiration date of the account.
      • YYYY-MM-DD
      • Similar to chage -E
    • -f / --inactive sets the number of days before making an account inactive after password expires.
      • Similar to chage -I
    • -g / --gid group name or number for the user’s initial login group. 
      • The group must already exist.
    • -G / --groups supplementary groups to add the user to.
      • Groups are separated by commas with no white space.
    • -m / --create-home creates the user’s home directory if it does not already exist.
    • -M / --no-create-home explicitly specifies not to create the home directory for the user.
      • Overrides the CREATE_HOME=yes value in /etc/login.defs, if set.
    • -k / --skel specifies the skeleton directory to use.
      • The -m option must be used for this to work.
      • Without this option, it defaults to the SKEL variable value in /etc/default/useradd.
    • -K / --key sets UID_MIN, UID_MAX, UMASK, etc. KEY=VALUE option in the /etc/login.defs file.
    • -N / --no-user-group do not create a group with the same name as the user, but add the user to the group specified by the -g option.
    • -o / --non-unique allow creation of a user account with a duplicate UID
      • Must use the -u option to specify the UID to use.
    • -p / --password the encrypted password to use, as returned by the crypt command.
      • Not recommended to use due to plaintext password appearing in history.
    • -r / --system create a reserved system account.
      • No aging information in /etc/shadow, UID/GID are generated in reserved range.
    • -s / --shell specifies the user’s default shell. –
      • Default value is the SHELL variable in /etc/default/useradd.
    • -u / --uid specify the UID.
    • -U / --user-group explicitly create a group with the same name as the user.



groupadd / addgroup (Debian)





  • getent displays the contents of various Name Service Switch (NSS) libraries.
    • Supported libraries:
      • ahosts
      • ahostsv4
      • ahostsv6
      • aliases
      • ethers
      • group
      • gshadow
      • hosts
      • initgroups
      • netgroup
      • networks
      • passwd
      • protocols
      • rpc
      • services
      • shadow


  • Access to the sudo command is configured in the /etc/sudoers file.
  • visudo is the recommended command to edit the /etc/sudoers file — as it locks the file from other’s editing it at the same time.
  • Syntax for entries in the sudoers file:
    • username hostname = TAG: /command1, /command2, [...]
    • Example:
      • ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
    • Tags:
      • PASSWD / NOPASSWD — require or not require the user to enter their password to use sudo.
      • EXEC / NOEXEC — allow or prevent executables from running further commands itself.
        • Example, shell escapes will be unavailable in vi with NOEXEC.
      • FOLLOW / NOFOLLOW — allow or prevent opening a symbolic link file.
      • MAIL / NOMAIL — whether or not mail is sent when a user runs a command.
      • SETENV  / NOSETENV — use the values of setenv or not on a per-command basis.
  • Use of the sudo command is logged via syslog by default.