KodeKloud 100 Days of DevOps Journey: Day 1 & 2 - User Management and Automation

Day 1 - User Management

"Change is the end result of all true learning." - Leo Buscaglia

Something as simple as configuring a server can trip you up. For example, adding a user to a Linux server is simple, but only if you have the right permissions. It gets a little more tricky if you're setting up another server using one as a "jumphost."

First, you have to get your login credentials right. You need to know what type of user you're setting up and what permissions they have. Linux operates on the principle of least privilege. It also has three great rules to follow:

1. Respect the privacy of others.
2. Think before you type.
3. With great power comes great responsibility.

What is a non-interactive shell? It's a shell where the user isn't allowed to interact with the terminal via the keyboard.

My Approach

For this challenge, I needed to create a user named mark with a non-interactive shell on App Server 1.

1. Create the user:
   I used the useradd command with the --shell /bin/false flag. This sets the user's shell to a program that immediately exits, preventing them from accessing a terminal.
   

   sudo useradd --shell /bin/false mark
   

1. Set a password:
   Next, I set a password for the new user using the passwd command. The system enforced a policy requiring a password of at least 8 characters.
   

   sudo passwd mark
   

2. Verify the setup:
   Finally, I verified that the user was created correctly and had the non-interactive shell assigned by checking the /etc/passwd file.
   

   cat /etc/passwd
   

   The output confirmed that mark was created with /bin/false as the shell.

This task was a great reminder that even simple commands require careful consideration of permissions and security best practices, like the principle of least privilege.

Day 2 - User Management and Automation

"There are times to stay put, and what you want will come to you, and there are times to go out into the world and find such a thing for yourself." – Lemony Snicke

Users are the bane of any systems administration, and you should always adhere to the principle of least privilege. What do you do if you have a user or a contractor who should only have access to the system for a specific amount of time?

Linux helps us by providing tools for systems administration, and one such tool is the -e flag when creating users.

sudo useradd -e YYYY-MM-DD username

Here, the -e flag stands for "expires," and the date after it is when the user's access expires.

That's not all. Linux also provides a useful command called chage to check for expired user accounts and manage their expiration.

sudo chage -l username

chage (change age) allows system administrators to manage account expiration, and the -l flag is used to "list" the account's details.

System administrators can also write scripts to automate these tasks. For example, a simple bash script can list all users in the system and their account expiration dates:

#!/bin/bash
for user in $(cut -d: -f1 /etc/passwd);do
echo "$user:";
sudo chage -l $user | grep 'Account expires';
done

My Approach

For this challenge, I had to create a user named john with an expiration date.

1. Create the user with an expiration date:
   I used the useradd command with the -e flag, setting the expiration date to 2024-04-15.
   

   sudo useradd -e 2024-04-15 john
   

1. Set a password:
   I then set a password for the new user using sudo passwd john, ensuring the password did not contain the username as per the system's policy.

2. Verify the expiration date:
   To confirm that the account expiration was set correctly, I used the chage -l command.
   

   sudo chage -l john
   

The output verified that the "Account expires" field was set to the correct date.

This task demonstrated the power of Linux tools for user management and the importance of automating these processes for better security and efficiency.