About User Account
Why to manage user accounts?
Most of the people never bothered to understand this or they run into
complicated documentation that doesn't clarify things. I will try to
make this as comprehensive as possible, but in the end, you'll be the
one to judge.
Note: I know most of you use the root account for day to day tasks but
this is wrong. I know because I do wrong things too :). Now, we'll need
to login as root to manage user accounts.
Related files
Everything starts with the /etc/passwd file. Here, you can see all the accounts that exist on your Linux system and for each one, there are several fields that describe various stuff. By default, your /etc/passwd file has several entries that are actually users for programs that need to control processes or need "special" access to the filesystem. You'll also see there the root account and perhaps some user accounts that were created at installation time or after that.
Each entry has the following fields:
user:password:UID:GID:comment:home:shell
- user is the username that is used for logging or by programs. The username is case sensitive on Linux systems and it is recommended to keep the special characters out of it.
- password is the field where the encrypted password is stored in. The passwd command encrypts the passwords and stores them in that field. The default encryption algorithm used is considered rather poor today. It is better to choose shadow passwords and, in that case, the field will remain blank and all the passwords will be stored in the /etc/shadow file.
- UID is the user ID. It's a numerical value that is bound to a user. For the root user is always 0. The UID has to be unique and should have a value between 0 and 4 mil. Usually, for users, the UID is greater than 100. All the files in a Linux system have an UID. This UID determines the ownership of files and processes.
- GID is the group ID for the primary group of the user. This is also a numerical value and to root, also has the value 0. For every user, there is at least a GID. This field identifies the primary group to which a user belongs. Note that a user can be assigned to several groups. Both the UID and the GID are very important for filesystem security.
- comment is a field that holds text information about a user. Usually, you add here the name of the user but you can also add the phone number, the e-mail address or whatever you like. Where there are many users to manage, the comment field can really come in handy.
- home defines the home directory of that user. This directory is created automatically by the useradd command. If you want to change it from here, you should keep in mind that it has to exist.
- shell is the shell that will be used by the user. The default should be more than ok most of the time. Accounts created for people will have assigned the bash shell and the accounts created for programs will have no login which is a nice trick for disallowing logins with that user.
As you can see, there are many things stored in a /etc/passwd file. You
can either enter all this information by hand or count on various
commands to aid you in adding, modifying or deleting user accounts.
/etc/group
Now, we should take a look in the /etc/group file
to see how it is structured.The entries in each field are as follows:
name:password:gid:users
I'm not going to dissect those because they are pretty suggestive. I only want to add that in the users’ field, the users should be separated by a comma if you want to add more. The whole purpose of the groups is to contain several users. A group with only one user isn't really a group