Linux System Administration

0 of 77 lessons complete (0%)

Managing User Accounts

User and Password Fundamentals

You don’t have access to this lesson

Please register or sign in to access the course content.

User & Password Fundamentals

1. The Password File (`/etc/passwd`)

The /etc/passwd file is a critical system file in Linux that stores information about all registered user accounts on the system. Each line in this file represents a single user and contains seven colon-separated fields.

Structure of a `passwd` entry:

username:password_placeholder:UID:GID:GECOS:home_directory:shell

Field Descriptions:

FieldDescription
usernameThe user’s login name.
password_placeholderHistorically, this field contained the encrypted password. For security, it now typically holds an ‘x’ or ‘*’ indicating that the actual encrypted password is stored in the /etc/shadow file.
UIDUser ID. A unique numerical identifier for the user. UIDs below 1000 are typically reserved for system accounts.
GIDPrimary Group ID. The numerical ID of the user’s primary group.
GECOSGeneral Electric Comprehensive Operating System. This field is for optional user information like full name, office location, and contact number.
home_directoryThe absolute path to the user’s home directory (e.g., /home/username).
shellThe absolute path to the user’s default login shell (e.g., /bin/bash, /bin/sh, /sbin/nologin).

Example:

A typical entry in /etc/passwd might look like this:

john:x:1001:1001:John Doe,,,:/home/john:/bin/bash

This indicates a user named ‘john’ with UID 1001, primary GID 1001, full name “John Doe”, home directory /home/john, and default shell /bin/bash. The ‘x’ signifies the password is in /etc/shadow.

You can view the contents of this file using:

$ cat /etc/passwd

2. Password Security

Password security is paramount in Linux to protect user accounts and system integrity. Weak passwords are a major vulnerability.

Key Aspects of Password Security:

  • Complexity: Passwords should be a mix of uppercase and lowercase letters, numbers, and special characters.
  • Length: Longer passwords are more secure. Aim for at least 12-16 characters.
  • Uniqueness: Do not reuse passwords across different accounts or systems.
  • Avoid Obvious Choices: Do not use personal information (birthdays, names), common words, or simple sequences (e.g., “123456”, “password”).
  • Regular Changes: While less emphasized now with strong passwords, periodic changes can still add a layer of security.
  • Hashing Algorithms: Linux stores passwords as cryptographically hashed values, not plain text. Modern systems use strong hashing algorithms like SHA-512.

Example:

A strong password example: P@$$w0rdS3cur3!2025

A weak password example: user123 or myname

Linux systems often enforce password policies through modules like PAM (Pluggable Authentication Modules), which can check for complexity, length, and history.

3. Shadow Files (`/etc/shadow`)

The /etc/shadow file is a highly sensitive file that stores the actual encrypted passwords and password aging information for user accounts. It is readable only by the root user, which significantly enhances security by preventing unauthorized access to password hashes.

Structure of a `shadow` entry:

username:encrypted_password:last_changed:min_days:max_days:warn_days:inactive_days:expiration_date:reserved

Field Descriptions:

FieldDescription
usernameThe user’s login name, matching an entry in /etc/passwd.
encrypted_passwordThe cryptographically hashed password. This is the most critical field. An asterisk (*) or exclamation mark (!) here means the account is locked or has no password set.
last_changedThe number of days since January 1, 1970, that the password was last changed.
min_daysThe minimum number of days required between password changes. User cannot change password again before this period.
max_daysThe maximum number of days a password is valid. After this, the user will be forced to change it.
warn_daysThe number of days before password expiration that the user will be warned.
inactive_daysThe number of days after password expiration that the account will be disabled.
expiration_dateThe date (days since Jan 1, 1970) when the account will expire.
reservedA reserved field, currently unused.

Example:

A typical entry in /etc/shadow might look like this:

john:$6$rounds=40000$abcdefghijklmn$oPqRsTuVwXyZ0123456789ABCDEFGH.IJKLMN:19800:0:99999:7:::

Here, $6$... indicates a SHA-512 hashed password. The 19800 means the password was last changed 19800 days after Jan 1, 1970. 0:99999:7 means no minimum days between changes, password valid for 99999 days, and a warning 7 days before expiration.

You can view the contents of this file (as root) using:

$ sudo cat /etc/shadow

4. Group and Group Files (`/etc/group`)

Groups are a fundamental concept in Linux for managing permissions and access control. Users can be members of one or more groups, and permissions can be assigned to groups rather than individual users, simplifying administration.

The /etc/group file stores information about all defined groups on the system.

Structure of a `group` entry:

group_name:password_placeholder:GID:member_list

Field Descriptions:

FieldDescription
group_nameThe name of the group.
password_placeholderHistorically, this field was for a group password. It typically contains an ‘x’ or is empty. Group passwords are rarely used.
GIDGroup ID. A unique numerical identifier for the group.
member_listA comma-separated list of usernames that are members of this group. Users whose primary group is this group are not listed here.

Example:

A typical entry in /etc/group might look like this:

users:x:100:john,jane
sudo:x:27:john

This shows a group named ‘users’ with GID 100, and ‘john’ and ‘jane’ are secondary members. The ‘sudo’ group (GID 27) has ‘john’ as a secondary member, allowing him to use sudo.

You can view the contents of this file using:

$ cat /etc/group

To see which groups a user belongs to:

$ groups john
john : john sudo users

5. Default Files (`/etc/skel`)

The /etc/skel directory (short for “skeleton”) contains a set of default configuration files and directories that are copied to a new user’s home directory when their account is created. This ensures that new users have a consistent and basic environment setup.

Common files/directories in `/etc/skel`:

  • .bashrc: Configuration for the Bash shell.
  • .profile: General user environment settings, sourced on login.
  • .bash_logout: Commands executed when a Bash login shell exits.
  • .config/: Directory for user-specific configuration files (often empty or contains default subdirectories).
  • .local/: Directory for user-specific data that should persist.

Example:

When you create a new user, say ‘newuser’, using useradd, the contents of /etc/skel are copied to /home/newuser/.

You can see the contents of the skeleton directory using:

$ ls -a /etc/skel/
.  ..  .bash_logout  .bashrc  .profile  .config

If you want all new users to have a specific alias or a custom prompt, you would add that configuration to the relevant file (e.g., .bashrc) within /etc/skel.