User Management

Users and groups

Exist soley for access and permissions

home/ username : where each user’s specific files get stored

can vary in different distros

user ids (UID) are used to manage users. The system identifies user by UID.

Groups are also used to manage permissions

sets of users with permissions set by that group

system identifies groups by group ID (GID)

users can be humans or system daemons that run processes to keep the system running

root or superuser

can access any file or start or terminate any process

$ sudo

used to run a command with root access

$ls -la /etc/shadow

views permissions of /etc/shadow

Root

$ su

opens a root shell if no user is specified

/etc/sudoers

lists users who can run sudo

$visudo

to edit the sudoers file

/etc/passwd

to find what users are mapped to what UID, shows list of users and detailed information about them.

$cat /etc/passwd

root:x:0:0;root:/root:/bin/bash

From left to right from above:

Username

User’s password

x means the password is stored in the /etc/shadow file

* means the user doesn’t have login access

blank field means the user doesn’t have a password

user ID

The group ID

GECOS field - comma delimeted field that allows for comments about the user.

User’s home directory

User’s shell

You can edit the /etc/passwd file by hand with the vipw tool but it is best to leave it to useradd and userdel tools

/etc/shadow

$sudo cat/etc/shadow

root:MyEPTEa$6Nonsense:15000:0:99999:7:::

Left to right from above

Username

Encrypted password

Date of last password change - expressed as the number of days since Jan 1, 1970. If 0 then the user should change their password the next time they log in.

Minimum password age - days the user will have to wait before changing their password again.

Maximum password age - Maximum number of days before a user has to change their password.

Password warning period - Number of days before a password is going to expire

Password inactivity period - # of days after a password has expired to allow login with their password.

Account expiration date - date that user will not be able to log in.

Reserved field for future use.

In most distributions today, user authentication doesn’t rely on just the /etc/shadow file, there are other mechanisms in place such as PAM (Pluggable Authentication Modules) that replace authentication.

/etc/group

$ cat /etc/group

root:*:0:pete

left to right from above

Group name

Group Password

Group ID

List of users - you can manually specify users you want in a specific group

User management tools

Used on a single machine:

$ sudo useradd bob

creates an entry in /etc/passwd for Bob. sets up default groups and adds an entry to the /etc/shadow file.

$ sudo userdel bob

to remove a user.

$ passwd bob

to change a password