Update Users and Accounts.md

NextGenSec-Github · web-flow · commit c9ef7ee1ab82 · 2024-04-19T04:31:37.000+05:00
diff --git a/DFIR/Digital Forensics/Linux/Users and Accounts.md b/DFIR/Digital Forensics/Linux/Users and Accounts.md
@@ -1,4 +1,4 @@
-# User Accounts (/etc/passwd)
+## User Accounts (/etc/passwd)
 The /etc/passwd file is a fundamental system file in Unix-like operating systems, including Linux. It stores essential information about user accounts on the system. Each line in the file represents a user account and is formatted with several fields separated by colons (:). Here's a typical structure of a line in /etc/passwd:
 
 ```bash
@@ -14,7 +14,7 @@ username:password:UID:GID:GECOS:home_directory:login_shell
 | home_directory   | The user's home directory, where they are placed upon login.                                                     |
 | login_shell      | The default shell for the user, which determines the command interpreter environment when the user logs in.     |
 
-# Groups
+## Groups Information (/etc/group)
 The `/etc/group` stores information about groups on the system, including group names and their associated group IDs (GIDs), as well as the list of users who belong to each group. Similar to /etc/passwd, each line in /etc/group represents a group and is formatted with several fields separated by colons (:). Here's the typical structure of a line in /etc/group:
 ```bash
 group_name:password:GID:user_list
@@ -25,3 +25,25 @@ group_name:password:GID:user_list
 | password     | Historically, this field used to store the encrypted group password. However, it's rarely used nowadays, and an 'x' character is typically placed here to indicate that the actual password is stored in the /etc/gshadow file. |
 | GID          | The numerical Group ID, a unique identifier for the group.                                                       |
 | user_list    | A comma-separated list of usernames that are members of the group.                                                |
+
+## Sudoers List (/etc/sudoers)
+The `/etc/sudoers`controls who can run what commands as root (or as any other user) on a system with the sudo command. The sudo command allows a permitted user to execute a command as the superuser (root) or another user, as specified in the /etc/sudoers file. The /etc/sudoers file can be edited only by users with root privileges and should be modified with care to avoid inadvertently granting excessive permissions. The file uses a specific syntax that allows specifying rules and configurations for sudo access.
+
+```sql
+# User privilege specification
+root    ALL=(ALL:ALL) ALL
+
+# Members of the admin group may gain root privileges
+%admin  ALL=(ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo   ALL=(ALL:ALL) ALL
+
+# Allow users in wheel group to execute any command
+%wheel  ALL=(ALL) ALL
+
+# Allow user john to execute /bin/ls as root without a password
+john    ALL=(ALL) NOPASSWD: /bin/ls
+```
+
+
