Tux Training

I decided to write this as a subsection of Root, Superuser, and User Management Basics as that was getting rather lengthy. There is a bit more to understand about managing users, groups, and super-user permissions. We’ve already covered how to add a user, delete a user, add a group, delete a group, rename a group, and how to reset a user’s password. Now what we didn’t go into depth was, all of this information is controlled by a number of files and these commands modify these files. These files can be manually editted though to accomplish the same thing or for more detailed management.

/etc/passwd

It stores essential information required during login i.e. user account information. It contains one entry per line for each user (or account) of the system. All fields are separated by a colon (:) symbol. There are a grand total of seven fields per line. Generally speaking, a passwd file entry looks as follows

1. Username: This is the name for a user when a user logs in. It should be between 1 and 32 characters in length.
2. Password: An x character indicates that encrypted password is stored in /etc/shadow file. (See Below)
3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
4. Group ID (GID): The primary group ID (stored in /etc/group file). It tells the system which group this user belongs to.
5. User ID Info: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command.
6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
7. Command/shell: The absolute path of the default shell (usually /bin/bash).

/etc/shadow

The /etc/passwd file can be readable by other uses on the system. Even though an encrypted password can be used in the /etc/passwd file, it is safer practice to place an x in the password field, telling /etc/password to look in the /etc/shadow file for the encrypted password. In the /etc/shadow file there will be a line for every user and they’re encrypted password. Only a user with root privileges can view this file.

finger

The finger command reads the /etc/password file and displays information of a user. It is executed like below

finger username

It will tell you a user’s name (if given in comments), home directory, default shell, and if they’re on the system and if so, for how long.

chfn

The chfn command changes finger information and extends what is provide in /etc/passwd. You use it like follows:

chfn -option username

The “-options” for chfn are as follows:

-f Assigns a full name to the user

-o Allows the assignment of a location of a office

-p Assigns an office phone number

-h Assigns a home phone number

chsh

This changes the default shell for a user.

You can switch the shell you use by typing “chsh -s /usr/bin/fish” to change to the fish shell for instance. The -s option tells chsh that you are changing the shell.

chsh -l will list the available shells found in the file /etc/shells

/etc/group

/etc/group is a file that defines the groups to which users belong. In Linux multiple users can be categorized into groups. Linux file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, printers, and other peripherals.

It stores group information or defines the user groups i.e. it defines the groups to which users belong. There is one entry per line, and each line has the format (all fields are separated by a colon (:)

1. group_name: It is the name of group. If you run ls -l command, you will see this name printed in the group field.
2. Password: Generally password is not used, hence it is empty/blank. It can store encrypted password. This is useful to implement privileged groups.
3. Group ID (GID): Each user must be assigned a group ID. You can see this number in your /etc/passwd file.
4. Group List: It is a list of user names of users who are members of the group. The user names, must be separated by commas.

Users on Linux systems are assigned to one or more groups for following reasons:

• To share files or other resource with a small number of users
• Ease of user management
• Ease of user monitoring
• Group membership gives you or your user special access to files and directories or devices which are permitted to that group

/etc/gshadow

Like /etc/shadow, /etc/gshadow contains secure group account information only readable by the root account such as group passwords.

/etc/skel/

The /etc/skel directory contains files and directories that are automatically copied over to a new user’s home directory when such user is created by the useradd program. If you browse this directory, you’ll notice it looks exactly the same as your home directory when you first installed your system.
/etc/sudoers

This file specifies which group has access to the “sudo” command so that a user can perform an access with higher privileges.  If you wish to add a user to sudoers you can simply check which group has sudo capability in this file, and then add that user to that group.

There’s much more to user and group administration but this as well as Root, Superuser, and User Management Basics covers the very basics.

Related Posts

• Linux password policies
• A reminder about the proper way to invoke root in Ubuntu
• Viewing system information in the Commandline
• User Management Basics

Tags: /etc/default/useradd, /etc/group, /etc/gshadow, /etc/passwd, /etc/shadow, /etc/skel, chsh, finger, sudo, sudoers

This entry was posted on Thursday, March 13th, 2008 at 1:34 am and is filed under Basics, Linux+. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.