Summary of "sudo = POWER!! (managing users in Linux) // Linux for Hackers // EP4"

Brief summary

Hands-on tutorial (Linux for Hackers, Ep.4) covering Linux user and group management using a browser lab from Hack The Box Academy. An Avengers/Thanos story is used as a narrative device to demonstrate creating, modifying, and deleting users/groups and granting sudo (superuser) privileges.

Core technical concepts

Users and accounts
- Linux represents accounts in /etc/passwd. Password hashes are stored in /etc/shadow.
UIDs and GIDs
- Numeric user ID (UID) and primary group ID (GID) are recorded in /etc/passwd.
Home directories and default shells
- User home directories typically live at /home/username. Login shell examples: /bin/bash.
adduser vs useradd
- adduser is interactive and prompts for details.
- useradd is more minimal/non-interactive but accepts flags for behavior.
Password management
- passwd username to set or change a user’s password.
Modifying accounts
- usermod can change shell, rename users, and append supplemental groups.
Groups and /etc/group
- Create groups, inspect membership, and assign privileges by group membership.
sudo vs su
- sudo (“super user do”) runs a single command with elevated privileges.
- su switches user accounts (requires the target user’s password unless using sudo).
Sudoers and visudo
- /etc/sudoers defines who can use sudo. Edit with visudo to avoid syntax errors.
- Group-based sudo (e.g., %sudo) and NOPASSWD options are commonly used.
Principle of least privilege
- Grant sudo rights only when necessary and remove privileges when finished.

Best practices: - Don’t routinely log in as root; prefer sudo. - Use visudo to edit the sudoers file to avoid breaking sudo with syntax errors. - Follow the principle of least privilege when granting access.

Commands and flags (quick reference)

whoami — show current user
cat /etc/passwd — list users and account fields
sudo cat /etc/shadow — view hashed passwords (requires root)
adduser username — interactive user creation
useradd username — non-interactive user creation
useradd -m username — create user and home directory
passwd username — set/change password
usermod --shell /bin/bash username — change default shell
usermod -l newname oldname — rename user
usermod -aG groupname username — append user to supplemental group
su - username — switch to another user (requires that user’s password)
sudo su - — become root (uses your sudo privilege)
sudo visudo (or sudo vi /etc/sudoers) — edit sudoers file safely (visudo recommended)
sudo userdel username — delete user
sudo groupadd groupname — create group
cat /etc/group — view groups and memberships
sudo gpasswd -d username groupname — remove user from group
sudo groupdel groupname — delete a group

Tutorial / guide elements & resources

Live demo available in a free Hack The Box Academy browser lab (Linux Fundamentals → User Management module).
Step-by-step actions demonstrated:
1. Create users (e.g., Thor, Iron Man), set passwords.
2. Inspect /etc/passwd and /etc/shadow.
3. Create groups and view /etc/group.
4. Edit sudoers to grant sudo rights to a group.
5. Add/remove users to/from groups.
6. Delete users and groups.
Advice reiterated throughout:
- Prefer sudo over logging in as root.
- Use visudo for editing /etc/sudoers.
- Remove elevated privileges when they are no longer needed.
Additional materials:
- HTB Academy course page includes a command summary and a quiz.
- Video description links to a free quiz and the HTB Academy lab.
- HTB Academy offers a student subscription and some modules provide CPE credits.

Main speakers / sources

Video presenter: host of the “Linux for Hackers” series, who demonstrates commands and concepts.
Hack The Box Academy: sponsor and provider of the browser-based Linux lab and course materials.