In another blog post I talked about how to control file permissions but I never talked about users and groups. In linux users groups and passwords are stored in files. You can directly modify these files but it’s a better idea to use the built in commands.
Users information is stored in /etc/passwd in the following format (fields seperated by :):
bob:x:3002:302:Bob Bobo's account:/home/bob:/bin/bash
- Username: It is used when user logs in. It should be between 1 and 32 characters in length.
- Password: An x character indicates that encrypted password is stored in /etc/shadow file.
- User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
- Group ID (GID): The primary group ID (stored in /etc/group file)
- User ID Info: The comment field.
- Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
- Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
Users actual password is stored in /etc/shadow in the following format:
bob:asdk1324E@#$Fsa:324:0:99999:7
1. User name : It is your login name 2. Password: It your encrypted password. 3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed 4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password 5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password) 6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed 7. Inactive : The number of days after password expires that account is disabled 8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used
The groups are stored in /etc/group (your Primary group will not show up here that’s in /etc/passwd)
power_users:x:3009:bob,tom,bill 1. group_name: It is the name of group. 2. Password: Generally password is not used, hence it is empty/blank. 3. Group ID (GID): Each user must be assigned a group ID. 4. Group List: It is a list of user names of users who are members of the group. The user names, must be separated by commas.
So now how to we interact with these:
To add a user … useradd :
useradd -u 3002 -d /home/bill -m -c "Bill Thomas" -s /bin/bash -G 3002 bill (-u uid)(-d home dir -m to create)(-c comment)(-s shell)(-G primary group)
To delete a user:
userdel username
This will not delete their home directory you have to do this manually.
To add a group:
groupadd -g 4021 name (-g group id)
To delete a group
groupdel name_or_gid
To add a user to a group as primary group (When you create a file it will be group owned by your primary group)
usermod -G gid username_or_uid
To add a user to a group as a secondary group (user has permissions but does not create files as this group)
usermod -g gid username_or_uid
To change your new users password just type the following
passwd username