Where Linux User Accounts Are Stored

Where Linux User Accounts Are Stored


If your system is going to participate on a network where lots of different users will need access
to your system, you may want to consider using LDAP, NIS, or Windows Domain authentication.
For our purposes here, we’re going to focus on the Local option.

For your LPIC-1/Linux+ exam, you need to be concerned with the Local option. All Linux distributions can use the /etc/passwd and /etc/ shadow files for authentication.

This option stores user and group information in the following files in the file system:

• /etc/passwd
  This file contains the user account information for your system.
  Here’s an example:

  ksanders:x:1002:100:Kimberly Sanders:/home/ksanders:/bin/bash

  Here’s what these fields contain:
    • Username
      The Username field simply identifies the username the user will supply
      when logging in to the system. In this example, it is ksanders.
    • Password
      This is a legacy field. At one time, the user’s password was stored in
      encrypted form in this field in the passwd file. However, for security reasons, the
      password has been moved from /etc/passwd to /etc/shadow. (We’ll look at this file in
      more detail later.) Therefore, only the character x is shown in this field.
    • UID
      This is the user ID for the user account. We discussed the UID earlier in this
      chapter. In this example, the UID for the ksanders account is 1002.
    • GID
      This field references the group ID number of the user’s default group. In this
      example, the GID for the ksanders account is 100. As you’ll see later in this chapter, this
      references the users group.
    • Full_Name
      This field contains the user’s full name. In this example, it’s Kimberly
      Sanders.
    • Home_Directory
      This field contains the path to the user’s home directory. In this case,
      the home directory is /home/ksanders.
    • Default_Shell
      This field specifies the shell that will be used by default. For ksanders,
      this is /bin/bash (the Bourne-Again SHell).


• /etc/shadow
  This file contains passwords for your user accounts.
  For example, the record for ksanders is as follows:
  ksanders:$2a$05$KL1DbTBqpSEMiL.2FoI3ue4bdyR.eL6GMKs7MU6.nZl5SCC7/
  REUS:15043:0:99999:7:::
  Here’s what each of these fields contains:
    • Username
      This is the user’s login name from /etc/passwd.
    • Password
      This is the user’s password in encrypted format. In the preceding example,
      the password for ksanders is M3linux273. However, to prevent someone from accessing
      the /etc/shadow file and grabbing the user passwords from it, it is stored in encrypted
      format. You may notice that all of the system user accounts have a simple asterisk in this
      field (*). This indicates that these accounts aren’t allowed to log in to the system. For
      example, if I tried to log in to my system as ftp, I would be denied access even though the
      ftp user account exists.
    • Last_Modified
      This field displays the number of days since January 1, 1970, that the
      password was last changed. In this example, it has been 15,043 days.
    • Min_Days
      This field displays the minimum number of days required before a password
      can be changed. In this example, it is set to 0 days.
    • Max_Days
      This field displays the maximum number of days before a password must
      be changed. In this example, it is set to 99,999 days. Effectively, this means a password
      change isn’t required.
    • Days_Warn
      This field displays the number of days prior to password expiration that
      the user will be warned of the pending expiration. In this case, it’s set to 7 days.
    • Disabled_Days
      This field displays the number of days to wait after a password has
      expired to disable the account. In this example, it’s set to a null value.
    • Expire
      This field displays the number of days since January 1, 1970, after which the
      account will be disabled. In this example, it is set to a null value, indicating the account
      never expires.
• /etc/group
   This file contains your system’s groups.
  As with the /etc/passwd and the /etc/shadow files, each line in /etc/group is a single record that
  represents one group. Each record is composed of the following four fields:
  Group:Password:GID:Users




  For example, in the preceding example the record for the video group reads as follows:

  video:x:33:gdm,hsaez,jsanders

    • Group
      Specifies the name of the group. In the example, the name of the group is “video.”
    • Password
      Specifies the group password, if one is assigned.
    • GID
      Specifies the group ID (GID) number of the group. In this example, the GID of
      the video group is 33.
    • Users
      Lists the members of the group. In this case, the gdm, hsaez, and jsanders users
      are members of the video group.


LX0-104 Exam Objectives (K)