DAY 05: The Keeper of the Keys

Introduction

Welcome to your final day of the week at LabEx Corporation! It's been an incredible journey from your first reconnaissance mission to becoming the Fortress Guardian. Now, the company is promoting you to the ultimate position of trust: Keeper of the Keys for Project Phoenix.

The CTO pulls you aside for a critical briefing: "Project Phoenix is entering its final phase, and we need absolute control over who has access to our systems. We're bringing on a new senior developer, Brenda Smith, who will lead the final push to completion. Unfortunately, we also discovered that John Doe, a contractor from the previous team, had unauthorized access during the security incident you investigated earlier. His access needs to be immediately revoked."

As the Keeper of the Keys, you now control the human gateway to Project Phoenix. Your user management decisions will determine who can contribute to TechNova's most important project and who must be locked out for security reasons.

This is your moment to demonstrate complete mastery of Linux user administration. The future of Project Phoenix depends on your ability to grant access to those who need it and deny it to those who might compromise the system. Let's complete this mission!

Onboarding a New Developer to the System

Your first task is to create a new user account for Brenda Smith, the senior developer who will lead Project Phoenix's final development phase. TechNova's policy dictates that usernames should follow the format of first_initial.last_name.

Tasks

• Create a new user account for Brenda Smith.

Requirements

• The username must be b.smith.
• Use the appropriate command to add a new user to the system. You will need sudo privileges.

Hints

• Which command is used to add a user in Linux? You might want to look into useradd or adduser.
• Remember to use sudo to execute commands with administrative privileges.

Examples

After successfully creating the new user account, you should see the user entry in the system's user database:

$ grep "b.smith" /etc/passwd
b.smith:x:5002:5004::/home/b.smith:/bin/sh

The user account will be created with a system-assigned user ID and group ID. You can verify the account exists and check its details using:

$ id b.smith
uid=5002(b.smith) gid=5004(b.smith) groups=5004(b.smith)

Creating a Dedicated Home Directory for the New User

You've created the user, but you forgot a crucial step! Brenda, as the senior developer leading Project Phoenix's final phase, needs her own secure workspace to store critical project files and development tools. You must ensure that a home directory is created for her.

Tasks

• Create a home directory for the user b.smith located at /home/b.smith.

Requirements

• The home directory must be created for the user b.smith.
• You should use an option with the useradd command to create the home directory automatically. If you have already created the user without a home directory, you may need to delete the user first and then recreate it correctly.

Hints

• To delete a user, you can use the userdel command. For example: sudo userdel b.smith.
• The useradd command has a specific flag to create a home directory for the user. Check the man useradd page for an option like -m or --create-home.

Examples

After creating the user with a home directory, you should see the new directory created in the home directory listing:

$ ls -la /home/
drwxr-xr-x 1 root root 47 Sep 3 16:32 .
drwxr-xr-x 1 root root 62 Sep 3 16:31 ..
-rw-r--r-- 1 root root 58 Jul 18 2024 .zshrc
drwxr-x--- 2 b.smith b.smith 57 Sep 3 16:32 b.smith
drwxr-x--- 2 j.doe j.doe 57 Sep 3 16:31 j.doe
drwxr-x--- 1 labex labex 4096 Sep 3 16:35 labex

The home directory will be owned by the user with restricted permissions (accessible only by the owner and group). To view the contents, you may need appropriate permissions or use sudo:

$ sudo ls -la /home/b.smith/
drwxr-x--- 2 b.smith b.smith 57 Sep 3 16:32 .
drwxr-xr-x 1 root root 47 Sep 3 16:32 ..
-rw-r--r-- 1 b.smith b.smith 220 Sep 3 16:32 .bash_logout
-rw-r--r-- 1 b.smith b.smith 3771 Sep 3 16:32 .bashrc
-rw-r--r-- 1 b.smith b.smith 655 Sep 3 16:32 .profile

Assigning an Initial Password for the New User

The user account b.smith is created, but it's currently locked. Brenda cannot access the Project Phoenix systems to begin her leadership role without a password. Your next task is to set an initial secure password for her account.

Tasks

• Set a password for the user b.smith.

Requirements

• Use the standard Linux command to change a user's password.
• You will be prompted to enter and confirm the new password. You can use any simple password, for example, password123.

Hints

• The command to set or change passwords is passwd.
• Since you are changing the password for another user, you will need sudo privileges. The syntax is sudo passwd <username>.

Examples

After setting the password successfully, the user account should have a password hash in the shadow file. You can verify this by checking the shadow file (note: this requires root privileges):

$ sudo grep "^b.smith:" /etc/shadow
b.smith:$y$j9T$XbJLH9LJgY518Th4qcd1V0$NrfHOJ2MGm/1OhLGfpfMQkvPasV23Eenhwl9bA0i8O4:20334:0:99999:7:::

Adding the New Developer to the "developers" Group

To ensure Brenda has access to the Project Phoenix files and repositories you've been securing all week, she must be added to the developers group. This is the same group you've been working with throughout your time at TechNova, and it has the special permissions needed for the project.

Tasks

• Add the user b.smith to the developers group.

Requirements

• The user b.smith must be a member of the developers group.
• The user's existing group memberships should not be removed.

Hints

• The usermod command is used to modify a user account.
• Look for the -a (append) and -G (groups) flags. Using them together ensures you add the user to a new group without removing them from existing ones.

Examples

After successfully adding the user to the developers group, you should see the group membership reflected in the user's group list:

$ groups b.smith
b.smith : b.smith developers

You can also verify using the id command to see more detailed group information:

$ id b.smith
uid=5002(b.smith) gid=5004(b.smith) groups=5004(b.smith),5003(developers)

The user should now have access to files and directories that are accessible to the developers group. You can check the group file to confirm the group exists:

$ grep "^developers:" /etc/group
developers:x:5003:b.smith

Notice that b.smith appears in the list of group members. This confirms the user has been successfully added to the group while preserving their existing group memberships.

Temporarily Disabling a Departing Employee’s Account

Now for your final task of the week—and the most critical security action for Project Phoenix. John Doe (j.doe) was identified during your earlier investigation as having potentially unauthorized access during the security incident. The CTO has ordered his immediate removal from all TechNova systems. However, legal and compliance teams need his files preserved for the ongoing security audit, so you must lock the account rather than delete it entirely.

Tasks

• Lock the user account for j.doe to prevent logins.

Requirements

• The user account j.doe must be locked.
• Do not delete the user or their home directory.

Hints

• You can use the usermod command with the -L (lock) option.
• Alternatively, the passwd command has a -l (lock) flag that achieves the same result.
• Remember to use sudo.

Examples

You can verify the account is locked by checking the shadow file:

$ sudo grep "^j.doe:" /etc/shadow
j.doe:!:20334:0:99999:7:::

Notice the exclamation mark (!) at the beginning of the password field - this indicates the account is locked. The original password hash is preserved after the ! for potential future unlocking.

Summary

Congratulations, Keeper of the Keys! You have successfully completed your incredible first week at LabEx Corporation and secured Project Phoenix for its final push to completion.

Throughout this transformative week, you've evolved from a new junior system administrator into a trusted guardian of TechNova's most critical systems. In your final challenge, you mastered essential user management commands:

• Created a new user account for the senior developer leading Project Phoenix's completion.
• Configured secure home directories for critical team members.
• Implemented robust password policies using passwd.
• Managed group memberships to ensure proper access to Project Phoenix resources.
• Secured the system by disabling unauthorized access while preserving audit trails.

From initial reconnaissance to digital architecture, log investigation, security implementation, and finally user management—you've demonstrated the complete skill set of a professional System Administrator. The CTO has confirmed your permanent position and is already discussing promotion opportunities.

Project Phoenix is now in safe hands, and TechNova's future is secure thanks to your dedication and expertise!