Linux User Accounts

---

Linux is a multiuser OS, which means that multiple individuals can use the computer. Each user has an account.

Account Features

• account features are described in /etc/passwd
  • consists of colon-delimited lines for each account
    • e.g., rich:x:1001:1001:Richard Blum:/home/rich:/bin/bash
  • Username
    • name of the account
    • consists of lowercase letters and numbers, and potentially underscores and dashes
  • Password
    • Account is protected by a password
    • password is stored in /etc/shadow
  • UID
    • username is just a label that the computer displays for humans
    • the computer uses a user identification (UID) number to track accounts
    • begins with 0 (root account)
    • most distributions start user account UIDs at 1000
      • reserve lower numbers for system accounts
  • GID
    • accounts are tied to one or more groups
    • each account is tied directly to a primary group via a group ID (GID) number
    • groups are used to specify permissions to multiple accounts
  • Comment Field
    • normally holds the user’s full name
      • but can hold other information too
  • Home Directory
    • a home directory is an account’s home base
    • ownership belongs to the account
  • Default Shell
    • a default shell is associated with every account
    • normally Bash
      • but can be changed
    • most non-root system accounts set default shell to /usr/sbin/nologin as a security measure
      • this program displays a message stating that the account is not available
• account passwords are stored in /etc/shadow
  • ordinary users cannot read
  • file associates salted and hashed password, and other info, with an account
  • e.g., rich:$6$E/moFkeT5UnTQ3KqZUoA4Fl2tPUoIc[...]:18114:5:30:14:-1:-1:
    • Username
    • Password
      • password is salted and hashed
      • * or ! denotes an account with no password
        • common for system accounts
    • Last Password Change
      • 18114 is the data of the last password change
      • stored as the number of days since January 01, 1970
    • Days Until a Change is Allowed
      • next field is the number of days before a password change is allowed
      • used to prevent users from changing passwords then changing them back to original
    • Days Before a Change is Required
      • This field is the number of days before another password change is required
    • Days of Warning Before Password Expiration
      • if system is configured to expire passwords
      • may set a warning to users when an expiration date is approaching
      • default value of 7
    • Days Between Expiration and Deactivation
      • Linux allows a gap between when the account expires and when it is deactivated
      • expired account requires a user change the password immediately after logging in
      • a deactivated account’s password is erased and cannot be used until reactivated by a system admin
      • -1 indicates this feature is disabled
    • Expiration Date
      • shows the date on which the account will expire
      • -1 indicates the feature is disabled
    • Special Flag
      • field is reserved

Identifying Accounts

1. Can use the Users and Groups tool from the Menu GUI
   • has limited use
   • does not display system accounts
2. Viewing the /etc/passwd file
   • reveals all accounts, both system and user
   • can grep a specific user accounts information
   • can use gentent command to retrieve entries from admin databases
     • e.g., getent passwd rich to display account info
     • uses both local accounts and network server accounts

Understanding Groups

Groups are collections of accounts defined in the /etc/group file.

• contains colon-delimited lines, each defining a single group
• e.g., users:x:100:games,christine
• fields include:
  • Group Name
    • first field is the name of the group
    • can be used with most commands that access or manipulate group data
  • Password
    • groups can have passwords
    • a value of x means that the password is defined elsewhere
    • empty field means there is no password
  • GID
    • Linux uses GID values internally
  • User List
    • specifies which users belong to the group in a comma-delimited list
• identifying members of a group:
  1. Specifying the group’s GID in user’s individual /etc/passwd entry
     • user only has one GID in the entry, which is the default/primary group
  2. Specifying usernames in the user list in the /etc/group file
     • single user can appear in multiple group entries
     • single group can have multiple groups
• files created by an account are associated with its primary group
  • to associate with a different group:
    • newgrp project1 makes project1 the account’s current group
    • files created will now be associated with that group

Account Tools

• whoami command displays current user account
• id displays UID, GID, and all group memberships of the current user account
  • can specify a different user
• who to view all users logged in, whether via SSH or virtual terminal
  • shows:
    • username
    • terminal identifier
    • login data and time
    • remote host
  • pulls data from /var/run/utmp file
  • -q (--count) provides a more compact summary of the information
• w is similar to who but produces more verbose output

Root Account

The root account has full privileges to manage the computer.

• aka super user or administrator
• used to perform administrative tasks
  • include:
    • installing new software
    • preparing a new disk
    • managing ordinary user accounts
• can read and write every file on the computer

Acquire Root Privileges

1. Log in as root
   • via shell or ssh
   • login via GUI is typically blocked
2. su enables you to change identity within a shell
   • su name changes identity to that user account
   • no option assumes root
   • must know the target account password
   • exit to quit
   • use -c option to run a single command
   • use su - user to run a user’s login scripts
     • important for environment variables
3. sudo runs one command