User and Group system files
All Linux distributions keep their user and group dates in the same place. Below are the common locations of system account files:
| /etc/passwd | - User account information |
| /etc/shadow | - Secure user account information |
| /etc/group | - Group information |
Format of /etc/passwd
The /etc/passwd files are generally configured with the same general format across Linux platforms. This file gives a listing of the users that have accounts on the system. Users can be directly added to the file when edited by root, but users are typically added using the adduser(Debian) or useradd commands.
username:password:uid:gid:user_info:home_directory:shell_type
| username | - The name the person logs in with |
| password | - Typically x to indicate a password is set |
| uid | - The system number assigned to a user to indicate which files they own or have access to. |
| gid | - The group id number which is the principle group they belong to. |
| user_info | - Information about user separated by a comma. Possible information includes: Full name, Room number, Work number, Home phone, and Other |
| home_directory | - The directory that the user owns. Typically /home/username |
| shell_type | - The default shell setting is /bin/bash. |
Format of /etc/shadow
The /etc/shadow file is the encrypted password file. This file is not typically directly edited.
username:encrypted password:11843:0:99999:7:::
| username | - The name the person logs in with |
| encrypted password | - Typically x to indicate a password is set |
| #:#:#:#::: | - Contains information about the number of days since the password was changed, when it expires or is disabled. |
Format of /etc/group
The /etc/group files are configured with the same general format across platforms. It lists the groups that have been created on the system and who is in each group. Groups can be managed by creating new lines in the file following the convention, users can be added to an already existing group by adding the new username to the end of the other usernames or after the semicolon of the gid if there are no other members.
username:password:gid:username1,username2,username3
| username | - The name the person logs in with |
| password | - An x indicates a password is set and if left blank no password has been set. |
| gid | - The group id number which is the principle group they belong to. |
| usernames | - Members of the group separated by a comma |
Format of /etc/shadow - encrypted Samba password file
login name:encrypted password:information about days since password changed and when expired or disabled
User Account Management
Adding users to a system
useradd
The universal command to add users to a Linux system is useradd login and is commonly used with the option as explained below. An explanation of the other options can be found at man useradd
useradd -D login - It will add the user with any specified command line options in addition to the default settings on the system.
adduser - Debian specific
An option on Debian is to use the command adduser. It has a more user friendly interface than useradd. The program prompts for the username, user ID, Group ID, Home directory, and shell.
Removing users from a system Some times it is necessary to delete users from a computer. There is a similar command to useradd that will delete the user. Below is a short explanation of userdel.
userdel
The common command to delete users from a system is userdel. When used with the option it will remove the login's home directory and all files in it along with the user's mail spool.
userdel -r login
Deletes entries in the system account files that refer to the login
deluser - Debian specific
A different front end to the userdel. It can remove the home directory, or all files on the system owned by the user based on the options specified.
| Command | Action |
| deluser | Does not remove the home directory, mail spool, or any files owned by the user |
| deluser --remove-home user | Removes the home directory and mail spool |
| deluser --remove-all-files user | Removes all files on the system owned by the user |
Group Management
groupadd - Adding Groups
groupadd - using default values from the system and command line specified values groupadd creates groups on the system.
the specified gid should be unique.
addgroup - Debian specific Adding Groups
addgroup - friendlier front ends - the group is created with no users, two non-option arguments will add an existing user addgroup --system group common options
delgroup - Debian specific
This command will delete a system group that is not the primary group of a user. A system group would be one created with the addgroup command.
groupmod - Tool to modify groups
Once groups are created on the computer they will need to be modified and edited at some point. The groupmod command will change the group id associated with a group or the name of the group.
-
-g gid group's numerical identification number. [any files which the old group ID is the file group ID must have the file group ID changed manually.
-
-n groupname - this option changes the name of the group from the initial group name to the groupname specified in the command
| Example command | Resulting action |
| groupmod -g 120 example | Changes the group id number to 120 for group "example" |
| groupmod -n group2 group | Changes the group name of group to group2 |
Groups can be added and modified by directly access in the /etc/groups folder and modifying it. If a group is modified in this manner, chmod should be run to change the group attributes of files that were associated with the group ID.
smbpasswd - Samba account mangagement
When run as an ordinary user smbpasswd will prompt for old samba password and then twice for the new password. In order for the command to work the smbd daemon must be running. The password of the user logged in will change
When smbpasswd is run as root it allows new users to be added or deleted to smbpasswd file. The command accesses the local smbpasswd file directly. The commands used as roots are:
Options:
- -a following username should be added to the local smbpasswd file
- -x following username should be deleted from local smbpasswd file