DevOps Notes

Home / DevOps Intro & Linux / Lab 02

⚙ Lab 02 — Deep on Linux & User Roles

Lab 02 / 03 — Linux and Bash Scripting Practice Session 2

Lab Objectives

  • Package Management
  • Process & Service Control
  • User Security Tasks
  • File and Directory Permissions

Section 1: Package Management Labs on Ubuntu

1
Basic — Update the package list on your system.
Use apt update to refresh the list of available packages from repositories.
sudo apt update
2
Basic — Upgrade all installed packages to their latest versions.
Use apt upgrade after updating the package list.
sudo apt upgrade -y
3
Basic — Install a package (e.g., tree).
Use apt install followed by the package name.
sudo apt install tree -y
4
Basic — Verify that a package is installed.
Use which or dpkg -l to check if a package is installed.
which tree
# or
dpkg -l | grep tree
5
Intermediate — Remove a package and also remove its configuration files.
Use apt purge instead of apt remove to also delete config files.
sudo apt purge tree -y
6
Basic — Search for a package in the repositories.
Use apt search followed by a keyword.
apt search nginx
7
Basic — Read details about a package (description, version, dependencies).
Use apt show to display full package information.
apt show nginx
8
Basic — List all installed packages on the system.
Use apt list --installed or dpkg -l.
apt list --installed

Section 2: Process & Service Management

1
Basic — List all active services on your system and save the output to a file named active.txt.
Use systemctl list-units --type=service --state=active and redirect with >.
systemctl list-units --type=service --state=active > active.txt
2
Basic — List all failed services and save the output to a file.
Use --state=failed filter with systemctl.
systemctl list-units --type=service --state=failed > failed.txt
3
Basic — Display the status of the ssh service.
Use systemctl status followed by the service name.
systemctl status ssh
4
Intermediate — Display the logs for the ssh service and save them to a file.
Use journalctl -u to view logs for a specific service unit.
journalctl -u ssh > ssh_logs.txt
5
Intermediate — Display only the most recent logs for the ssh service (last 50 lines) and save them.
Use journalctl -u ssh -n 50 to limit the number of log lines.
journalctl -u ssh -n 50 > ssh_recent_logs.txt

Section 3: User & Group Management (Security)

1
Basic — Create a user with a specific User ID (UID).
Use useradd -u <UID> to specify a custom UID.
sudo useradd -u 1500 testuser
id testuser    # verify the UID
2
Basic — Lock a user account (prevent login).
Use usermod -L to lock, or passwd -l.
sudo usermod -L testuser
3
Basic — Unlock a user account.
Use usermod -U to unlock.
sudo usermod -U testuser
4
Intermediate — View user login activities.
Use last to see login history or lastlog for the last login of each user.
last
# or
lastlog
5
Intermediate — Create a user with an expiration date and verify the expiration.
Use useradd -e YYYY-MM-DD to set an expiration. Use chage -l to verify.
sudo useradd -e 2025-12-31 tempuser
sudo chage -l tempuser    # verify expiration date
6
Advanced — Grant a user sudo access.
Add the user to the sudo group using usermod -aG sudo.
sudo usermod -aG sudo testuser
# Verify:
groups testuser

Section 4: File & Directory Permissions

Scenario: You have a directory /home/shared that should be shared between two users: user1 and user2.

1
Intermediate — Both user1 and user2 should be able to read, write, and execute files in the directory.
Create a shared group, add both users to it, set the directory's group ownership, and give group rwx permissions.
# Create the shared directory
sudo mkdir -p /home/shared

# Create a shared group and add both users
sudo groupadd sharedgroup
sudo usermod -aG sharedgroup user1
sudo usermod -aG sharedgroup user2

# Set group ownership
sudo chown :sharedgroup /home/shared

# Give owner and group full permissions (rwx)
sudo chmod 770 /home/shared
2
Intermediate — Other users should not have any access to the directory.
The 770 permission from task 1 already handles this — the last 0 means no permissions for others. Verify with ls -ld.
# Verify permissions (should show drwxrwx---)
ls -ld /home/shared

# The 770 means:
# 7 (rwx) - owner
# 7 (rwx) - group (user1 and user2 via sharedgroup)
# 0 (---) - others (no access)