User management is a fundamental aspect of Linux administration, allowing for effective control over the system’s access, security, and resources.
This article talks about intricacies of user accounts in Linux, essential files related to users and groups, such as /etc/shadow, /etc/passwd, /etc/group, and /etc/sudoers, and explores the contents and significance of each.
Linux Accounts Overview
Linux distinguishes between different types of accounts for varied purposes. Each account is associated with specific user information such as username, password, user ID (UID), group ID (GID), home directory, and default shell.
Types of Accounts:
-
User Accounts: Regular accounts for everyday users (e.g., bob, michael).
-
Super User Account: Identified by UID=0, it has unrestricted access to the system.
-
System Accounts: Created automatically by the OS for software and services operation, typically having UID less than 100 or between 500-1000 (e.g., ssh, mail).
-
Service Accounts: These are created upon the installation of a new service in Linux.
Important Linux Files for User Management
/etc/passwd
This file is a cornerstone of user management in Linux, storing essential information for each user account. The structure for each entry in this file is as follows:
username:x:UID:GID:User Info:Home Directory:Default Shell
username: The user’s login name.
x: Indicates that the account has a password set, which is stored in /etc/shadow.
UID: The User ID, a unique identifier for each user.
GID: The primary Group ID, which usually matches the UID by default.
User Info: A field for additional user information, often left blank.
Home Directory: The path to the user’s home directory.
Default Shell: The program that runs by default when the user logs in.
Commands like id username and grep -i username /etc/passwd can be used to fetch user-specific information like UID, GID, home directory, and default shell.
/etc/shadow
The /etc/shadow file contains the encrypted user passwords alongside other information related to account security. This file is not accessible to regular users, enhancing the security of password data. An entry in /etc/shadow typically follows this format:
username:encrypted_password:last_change:min:max:warn:inactive:expire:reserved
username: The user’s login name, matching an entry in /etc/passwd.
encrypted_password: The user’s hashed password. If this field is empty, the account has no password; a special value may indicate a locked account.
last_change: The number of days since Jan 1, 1970, that the password was last changed.
min: The minimum number of days required between password changes.
max: The maximum number of days the password is valid.
warn: The number of days before password expiration that the user is warned.
inactive: The number of days after password expiration that the account is disabled.
expire: The date when the account will be disabled, expressed as the number of days since Jan 1, 1970.
reserved: This field is reserved for future use and is usually left blank.
/etc/group
The /etc/group file stores group information, which is crucial for defining permissions and access control lists. Each line in the /etc/group file represents a single group, following this format:
group_name:x:GID:user_list
group_name: The name of the group.
x: A placeholder for a group password, which is rarely used; the presence of an x indicates that the group password is stored in the gshadow file, though this practice is uncommon.
GID: The unique Group ID.
user_list: A comma-separated list of users who are members of the group. This list may be empty if no users are explicitly added to the group.
/etc/sudoers
The /etc/sudoers file dictates which users and groups have permission to execute commands as the superuser or another user, and under what conditions. This file should always be edited with the visudo command to prevent syntax errors. While the /etc/sudoers file can be complex due to its flexibility, a common entry format is:
user_or_group ALL=(ALL:ALL) ALL
user_or_group: Specifies a username or a group (groups are prefixed with %).
ALL=(ALL:ALL) ALL: This directive allows the specified user or group to execute any command on any host as any user and any group. The format and options can be customized extensively to limit or specify command execution permissions.
Switching Between Users
Users can switch between accounts using the sudo command, allowing them to execute commands with superuser or other user privileges. For security, the root user can be restricted from logging in by setting its shell to /usr/sbin/nologin in the /etc/passwd file
. This ensures that direct root access is disabled, promoting the use of sudo for administrative tasks.
Monitoring and Managing User Sessions
Linux provides several commands for monitoring active sessions and login history:
id: Displays the current user’s UID and GID.
who: Shows who is logged in at the moment.
last: Lists the last logins of users, providing a history of user activity and system reboots. Conclusion
Effective user management in Linux involves understanding the purpose and structure of key files like /etc/passwd, /etc/shadow, /etc/group, and /etc/sudoers.
By managing these files and employing best practices for switching between users and monitoring sessions, administrators can ensure a secure and well-organized Linux environment.