Lab Report: Managing Users and Groups

Lab Summary

Connected via PuTTY (as described in Lab 225). Created 10 users with default passwords, organized them into 7 groups based on job roles, and tested permissions by switching users with su and attempting sudo commands.

User Creation

Created 10 users with useradd and set their passwords with passwd.

Group Management

Created 7 groups and assigned users based on their job roles using usermod -a -G.

Permissions & Sudoers

Logged in as a non-sudo user and observed how unauthorized sudo attempts are denied and logged.

Step-by-Step Walkthrough

Detailed record of each task performed during the lab.

SSH Connection

Connected to the EC2 instance via PuTTY following the process described in Lab 225.

Create Users

Ran pwd to confirm the current directory was /home/ec2-user.
Created the first user with sudo useradd arosalez and set the password with sudo passwd arosalez using P@ssword1234!.
Repeated for all 10 users from the table below.
Verified all users were created with sudo cat /etc/passwd | cut -d: -f1.

First Name	Last Name	User ID	Job Role
Alejandro	Rosalez	`arosalez`	Sales Manager
Efua	Owusu	`eowusu`	Shipping
Jane	Doe	`jdoe`	Shipping
Li	Juan	`ljuan`	HR Manager
Mary	Major	`mmajor`	Finance Manager
Mateo	Jackson	`mjackson`	CEO
Nikki	Wolf	`nwolf`	Sales Representative
Paulo	Santos	`psantos`	Shipping
Sofia	Martinez	`smartinez`	HR Specialist
Saanvi	Sarkar	`ssarkar`	Finance Specialist

Each password was P@ssword1234!. When typing the password, nothing appears on screen, which is normal Linux behavior for password inputs.

Create Groups and Assign Users

Created the Sales group with sudo groupadd Sales and verified it with cat /etc/group.
Repeated for the remaining groups: HR, Finance, Shipping, Managers, and CEO.

Terminal showing all groups created — Terminal: All 7 groups created, verified with cat /etc/group

Added users to groups with sudo usermod -a -G Sales arosalez and repeated for all users according to the group assignments below.
Added ec2-user to all groups.
Verified all assignments with sudo cat /etc/group.

Group	Members
Sales	`arosalez`, `nwolf`
HR	`ljuan`, `smartinez`
Finance	`mmajor`, `ssarkar`
Shipping	`eowusu`, `jdoe`, `psantos`
Managers	`arosalez`, `ljuan`, `mmajor`
CEO	`mjackson`

Some users belong to multiple groups. For example, arosalez is in both Sales and Managers because managers are personnel but not all personnel are managers.

Terminal showing groups with assigned users — Terminal: Groups with users assigned, verified with sudo cat /etc/group

Log In as a Different User

Switched to user arosalez with su arosalez and entered the password P@ssword1234!.
Ran pwd to confirm the current directory was still /home/ec2-user.
Ran touch myFile.txt, and received Permission denied because arosalez cannot write to the ec2-user home folder.
Ran sudo touch myFile.txt, and received the message "arosalez is not in the sudoers file. This incident will be reported."

Terminal showing permission denied and sudoers error — Terminal: touch denied, sudo attempt denied (user not in sudoers file)

Ran exit to return to ec2-user.
Ran sudo cat /var/log/secure to view the security log. Confirmed the unauthorized sudo attempt was logged with the user, command, and timestamp.

Terminal showing /var/log/secure with logged sudo attempt — Terminal: /var/log/secure showing the logged sudo denial for arosalez

Command Reference

Commands used in this lab for user and group management.

cmd

`useradd`

Creates a new user account.

sudo useradd <username> : Create a user with default settings

cmd

`passwd`

Sets or changes a user's password.

sudo passwd <username> : Set the password for a specific user

cmd

`groupadd`

Creates a new group.

sudo groupadd <group> : Create a group

cmd

`usermod`

Modifies a user account, including group memberships.

-a : Append the user to the group (don't remove from other groups)
-G <group> : Specify the group to add the user to

cmd

`su`

Switches to another user account.

su <username> : Switch to the specified user (prompts for password)

cmd

`cat`

Displays the contents of a file.

cat /etc/passwd : View all user accounts
cat /etc/group : View all groups and their members
cat /var/log/secure : View the security/authentication log

cmd

`touch`

Creates an empty file or updates the timestamp of an existing file.

Key Learnings

What Was Learned

✓

How to create users with useradd and set passwords with passwd.

✓

How to create groups with groupadd and assign users with usermod -a -G.

✓

Users can belong to multiple groups simultaneously.

✓

Non-sudoer users cannot run sudo commands, and attempts are logged in /var/log/secure.

✓

The /etc/passwd and /etc/group files store user and group information respectively.

Technical Conclusion

This lab covered the fundamentals of user and group management in Linux. The key takeaway is the relationship between users, groups, and permissions: organizing users into groups simplifies access control, and the sudoers mechanism ensures only authorized users can perform administrative tasks.

The security logging in /var/log/secure demonstrates how Linux tracks authentication events and unauthorized privilege escalation attempts. This is essential for system auditing and troubleshooting access issues.