Quote:
Originally Posted by geekslinux
BTW I haven't created a new user, I did usermod -a -G sudo cdrom sap lpadmin sambashare plugdev sapp muser then rebooted the system.
|
When working on the cli it is a good idea to keep in mind one important thing. White space is important.
At the prompt you give commands.
The first commnad is the application that is being called to do the work. Then there is a space.
After that space comes what you want done, in this case options a and G which would be written as -aG. Then white space again.
Next would be modifiers such as the groups you want included which are listed in this fashion (from "man usermod");
Code:
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no
intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option.
which would look like this;
sudo,cdrom,sap,lpadmin,sambashare,plugdev,sapp
And then a white space before indicating the user "muser".
As written in your post this is not going to give much result and would hopefully generate a good bit of output in the way of errors. If it didn't do that then there are some deeper problems with your install.
If this is an example of your work in cli I would say that using LVM and Encryption, particularly encryption, is not a real good idea.
Data recovery should always be kept in mind on any type of storage device on any OS. Things happen. Do you have the needed keys to decrypt a copy of your removed data? If not you are wasting your time recovering the data.
I don't know how many people access this server but if you have a /home/<user name> on there I would assume there are other users. You can, if you don't want other users accessing your data smply use chmod to set your /home directory to 700 so that only the owner can access it.
A system can be also hardened a number of ways. It is really only after all other security measures are taken and still for some reason don't fit the use case that encryption should be considered.
In all things you need to balance ease of use, which should always take into consideration, particularly without daily backups, recovery of critical data. Encryption makes that recovery somewhat more iffy. All hardening also has draw backs in just time to get into the system.
Having a good grounding in hardening, however, will make you more articulate in expressing what you have done and better at doing those things. This in turn will make using encryption more of a tool to protect your data and less of a way to ensure absolute loss of data.