Basic User and Group Management

Basic User and Group Management

Everyone on a Linux system needs a user account. Every account has rights and privileges that vary depending on the command and the directory. Linux user accounts are organized into groups. While default users are the only member of their default groups, you can organize users into new groups, and you can configure rights and privileges that vary differently by group.

In Red Hat Linux, user accounts are organized in /etc/passwd . Their passwords are made more secure in /etc/shadow . For Red Hat Linux groups, the analogous files are /etc/group and /etc/gshadow .

When creating a new account, the default parameters are configured in /etc/login.defs; configuration files are normally copied to the new user s home directory from the /etc/skel directory.

Note  

Regular users will want their own accounts, and generally , you want to minimize risks by keeping them away from root user privileges. However, if you re the administrator for your Linux computer, you may want to sign in as the root user, for the reasons discussed in Chapter 06 .

/etc/passwd

Linux users can be classified into three groups: administrative, service, and regular users. Every user has rights and privileges. Regular and administrative users have usernames, passwords, and home directories. All users are configured through a line in the /etc/passwd file, as shown in Figure 9.1.

click to expand
Figure 9.1: /etc/passwd      

The last two lines in this figure contain entries for regular users. As you can see, usernames are associated with services such as ftp , apache , and squid . Each entry includes seven columns delineated by colons (:). Table 9.1 describes each of these columns .

/etc/shadow

Red Hat Linux includes the /etc/shadow file for additional password security. By default, this file is readable only to the root user. If you use standard commands to create new users, basic information is also added to this file, based on the defaults in /etc/login.defs (which we discuss later in this chapter). Take a look at /etc/shadow in Figure 9.2.

Table 9.1: /etc/passwd Entries

Column

Function

Comment

1

Username

Login name .

2

Password

If this field contains an x , the encrypted password is stored in /etc/shadow .

3

User ID

Red Hat User IDs start at 500.

4

Group ID

Red Hat Group IDs normally match User IDs.

5

Extra information

Commonly used for a user s real name.

6

Home directory

Normally /home/ username .

7

Default shell

The shell a user sees after logging in.

click to expand
Figure 9.2: /etc/shadow      

As you can see, the last two lines contain entries for the same regular and service users that were shown in /etc/passwd . In this case, each user entry includes eight columns delineated by colons (:). Table 9.2 describes each of these columns.

Table 9.2: /etc/shadow Entries

Column

Function

Comment

1

Username

Login name.

2

Password

Encrypted password.

3

Number of days

Last time the password was changed, in days, after January 1, 1970.

4

Minimum password life

You can t change a password for at least this amount of time, in days.

5

Maximum password life

You have to change a password after this period of time, in days.

6

Warning period

You get a warning this many days before your password expires .

7

Disable account

If you don t use your account this many days after your password expires, you can t log in.

8

Account expiration

If you don t use your account by this date, you won t be able to log in. May be in YYYY-MM-DD format, or in the number of days after January 1, 1970.

/etc/group

The Red Hat Linux group configuration file is simpler than those for users; they include only four columns. In Figure 9.3, you can see the same two regular usernames in /etc/group that you saw in /etc/passwd and /etc/shadow . In /etc/group , they are group names . You may note that the group


Figure 9.3: /etc/group      

ID for groups mj and jm matches the user IDs for the users with the same names in the previous two configuration files.

Note the final entry, the Sharing group. As you can see, users mj and jm are members of that group. Table 9.3 describes the columns in /etc/group .

Table 9.3: /etc/group Entries

Column

Function

Comment

1

Group name

By default, Red Hat users are members of groups with the same name.

2

Password

If you see an x in this column, see /etc/gshadow for the actual encrypted password.

3

Group ID

By default, Red Hat users have the same ID as their groups.

4

Members

Includes the usernames of others that are members of the same group.

/etc/gshadow

The Red Hat Linux /etc/gshadow configuration file for groups is analogous to the /etc/shadow file for users. It specifies an encrypted password for applicable groups, as well as administrators with privileges for a specific group. A sample /etc/gshadow file is shown in Figure 9.4.

click to expand
Figure 9.4: /etc/gshadow      

Note the differences from /etc/group with respect to the Sharing group. Table 9.4 describes the columns in /etc/shadow .

Table 9.4: /etc/shadow Entries

Column

Function

Comment

1

Group name

You can create additional groups.

2

Password

The encrypted group password, added with the gpasswd command.

3

Group administrator

The user allowed to manage users in that group.

4

Group members

Includes the usernames that are members of the same group.

/etc/skel

Users have a default set of configuration files and directories. You examined some of these files as they related to the bash shell in Chapter 08 . The default list of these files is located in the /etc/skel directory, which you can easily inspect with the ls -la /etc/skel command, as shown in Figure 9.5. The list changes depending on what you have installed.

click to expand
Figure 9.5: Default home files in /etc/skel
Tip  

If you have a list of standard files, such as corporate policies for new users, you may want to copy them to /etc/skel . All new users will get a copy of these files in their home directories.

/etc/login.defs

When you create a new user, the basic parameters come from the /etc/login.defs configuration file. The version included with Red Hat Linux includes settings for e-mail directories, password aging, user ID and group ID numbers , and creating a home directory. The default variables in this file are almost self-explanatory:

 MAIL_DIR   /var/spool/mail   # Default mail directory PASS_MAX_DAYS 99999          # Password max life PASS_MIN_DAYS 0              # Password min life PASS_MIN_LEN 5               # Min password length PASS_WARN_AGE 7              # Warning before expiration UID_MIN     500              # Lowest User ID number UID_MAX   60000              # Highest User ID number GID_MIN     500              # Lowest Group ID number GID_MAX   60000              # Highest Group ID number CREATE_HOME                  yes 

Needless to say, these settings can be further refined through other configuration files. For example, you can manage the allowed lifetime settings for passwords by editing /etc/shadow . You can review a copy of this file in Figure 9.6.

click to expand
Figure 9.6: /etc/login.defs      
 


Mastering Red Hat Linux 9
Building Tablet PC Applications (Pro-Developer)
ISBN: 078214179X
EAN: 2147483647
Year: 2005
Pages: 220

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net