KNZLABS :: lab01-users-groups

Lab 01 — Users, Groups, and Sudo (RHCSA v9 Domain: Manage users and groups)

Target: rhcsa-node1 or rhcsa-node2 · Time: 20 minutes · Reboot required: yes

Scenario

You're handed a fresh workstation. The team needs three accounts plus a shared project group, with specific privileges. Before you start, ssh in as knzadmin and sudo -i.

Tasks

1. Create user **alice** with UID 1500, GECOS "Alice Backend", login shell `/bin/bash`. Set password expiry: must change password every 60 days, warn 14 days before.
2. Create user **bob** with UID 1501, GECOS "Bob Frontend", `/bin/bash`. Account expires 2026-12-31.
3. Create system user **deploy** with UID 950, no login shell (`/sbin/nologin`), home `/var/lib/deploy`.
4. Create group **engineering** with GID 2000.
5. Add `alice` and `bob` to `engineering` as a supplementary group.
6. Create directory `/srv/engineering`, owned by `root:engineering`, mode `2770` (setgid + group rwx).
7. Configure sudoers so any member of `engineering` can run `/usr/sbin/dnf` and `/usr/bin/systemctl` without password. Use a drop-in under `/etc/sudoers.d/`, not the main file.
8. Lock the root account (password-disabled). Root should still be reachable via `sudo -i` from `engineering` members.

Reboot. Run the grader. Targets persistence.

Grading

chmod +x ~/labs/lab01-users-groups/grader.sh
~/labs/lab01-users-groups/grader.sh