This article explains what a user account is and how it is managed in the Linux system. Learn the different types of users and their accounts (such as root or super user account, regular or normal user account and service user account) along with the files in which these accounts are managed.
What is a user account?
A user account is a systematic approach to track and monitor the usage of system resources. Each user account contains two unique identifiers; username and UID.
When a user account is created, its username is mapped to a unique UID.
Username is flexible. It can be changed as per requirement. Regardless it is selected first time or changed later; it must be unique in system. Two users can’t use the same username.
UID is fixed. It cannot be changed. Once assigned, it always remains the same for that user account.
Username is used to access the user account. Username is also known as login name. UID is used to authenticate, track and monitor the activity of user account. Username is used by the user while the UID is used by the system.
Types of user
There are three types of user in linux: – root, regular and service.
The root user account
This is the main user account in Linux system. It is automatically created during the installation. It has the highest privilege in system. It can do any administrative work and can access any service. This account is intended for system administration and should be used only for this purpose. It should not be used for routine activities. It can’t be deleted. But if require, it can be disabled.
The regular user account
This is the normal user account. During the installation, one regular user account is created automatically. After the installation, we can create as many regular user accounts as we need. This account has moderate privilege. This account is intended for routine works. It can perform only the tasks for which it is allowed and can access only those files and services for which it is authorized. As per requirement, it can be disabled or deleted.
The service account
Service accounts are created by installation packages when they are installed. These accounts are used by services to run processes and execute functions. These accounts are neither intended nor should be used for routine work.
User management systems
There are two ways to manage the user accounts; centralized and standalone.
Centralized user management
In centralized management, user accounts of all systems are managed in a centralized server system. In server system, a directory service such as LDAP and ADS is used for user management and authentication.
In this model, the local system sends the user\’s login information to the server system. Based on the information stored in the directory service, server system authenticates whether the user is allowed to login or not.
In standalone management, users\’ accounts are managed in local system. To store users\’ accounts detail, text files are used.
In this model, depending on the locally stored login information, the local system itself authenticates that the user is allowed to login or not.
Both centralized and standalone are the complex user management models. Due to complexity, I will explain both them individually. In this tutorial, I will only focus on the standalone model. I will explain centralized model in another tutorial separately.
User authentication process
When a user enters username and password, depending on type of user management model is used, following steps are performed in local system or in remote system.
If centralized model is used, following steps are performed in centralized system through directory service otherwise same steps are performed in local system through those text files which contain user login details.
- System checks whether the user account exists or not.
- If user account exists, it checks whether the user is allowed to login from that particular location where username and password are entered or not.
- If user is allowed to login, it checks the supplied password.
- If supplied password is incorrect, it checks the threshold value for retries.
- If threshold value is exceeded, it locks the account.
- If threshold value is not exceeded, it allows user to retype the correct password.
- If supplied password is correct, it checks the password expiry date.
- If password is expired, it forces user to update his password.
- If password is about to expire, it shows a configured warning message which prompts user to change his password before expiry date.
If supplied username and password are correct and all above conditions are satisfied, user is allowed to login.
User management files
In standalone user management model, to store user information, four text files named passwd, shadow, group and gshadow are used.
These files are stored in /etc directory.
Since the entire user management system is controlled through these files, Linux itself maintain and update a back copy of each file in same directory.
The back copy is stored with the original name. To distinguish the backup copy from original copy,
a hyphen sign is used as prefix in the name of the backup copy.
Following table lists the name of backup file along with original file.
|Original file name||passwd||shadow||group||gshadow|
|Backup file name||passwd-||shadow-||group-||gshadow-|
The /etc/group file
In Linux every user must be a member of at least one group. While we create a user account, shell automatically creates a group and adds created user in it. This group is known as user’s primary group. Unless we manually change or update a user’s primary group name, it matches with the username. For example, if username is john, his default primary group name will also be john. Besides primary group, additional groups can be setup as per requirement.
The file /etc/group stores group information. Each line in this file stores one group entry.
Each line contains following four fields separated by colons.
Group name, group password, GID, group members
This field is used to store the group name. There are three essential rules for group name.
- Each group name must be unique.
- A group name must be less than 255 characters in length.
- A group name must be start with a letter.
If the group password is used, this field stores a place holder character, to indicate that the password is stored in a separate file. If the group password is not used then this field is kept blank.
This field stores the GID of group.
This field stores the username of group members.
Since a group may contain several members and a user can be the member of several groups, a user’s primary group information can’t be revealed from this file. To reveal a user’s primary group information, always the /etc/passwd file should be used.
The /etc/gshadow file
This file stores group password and other password related information.
Password information of each group is stored in an individual line. There are four fields in each line.
Group name, group password, group admin, group members
This field stores the name of group.
If group password is used, this field stores it in encrypted form. If group password is not used, this field is kept blank to indicate that password is not assigned.
This field stores the username of group admin.
This field stores the username of group members.
The /etc/passwd file
This file contains a list of all user accounts. Each user account is stored in an individual line. Each line contains following seven fields separated by colons.
- Placeholder character for password
- Home directory
- Login shell
The /etc/shadow file
This file stores users’ password and password related information. Just like /etc/passwd file,
this file also uses an individual line for each entry. Each line contains following nine fields.
- Encrypted password
- Number of days when password was last changed
- Number of days before password can be changed
- Number of days after password must be changed
- Number of days before password expiry date to display the warning message
- Number of days to disable the account after the password expiry
- Number of days since the account is disabled
- Reserved field
Since the /etc/passwd and the /etc/shadow files are highly tested in RedHat exams and heavily used in user management, I will explain both files and their fields in detail in next parts of this tutorial.
That’s all for this part. In next part we will learn the /etc/passwd file and its field in detail. If you like this tutorial, please don’t forget to share it through your favorite social channel.
Full Version EX300 Dumps
Try EX300 Dumps Demo