Account Administration

A computer is pretty useless without accounts. So, we need to learn how to administer user accounts, both privileged and non-privileged, as well as service accounts.

To begin with, we need to understand a very important file; /etc/passwd.

Understanding /etc/passwd

The /etc/passwd file is basically a roster of all the user accounts on the system. It's a simple text file that gives out a bunch of details for each account, such as your user ID, the group ID you belong to, where your home directory is, which shell you use, and a few other bits and bobs. Pretty much anyone can read this file since it's used by various system commands to match user IDs with their usernames. But when it comes to writing to this file, that's kept under lock and key, with only root having the authority to make any changes.

The /etc/passwd file contains one entry per line for each account present on the system. All fields are separated by a colon (:) symbol. There are seven fields in total, which generally appears as follows:

Username It is used when user logs in. It should be between 1 and 32 characters in length
Password An x character indicates that encrypted password is stored in another file; the /etc/shadow file. Please note that you need to use the passwd command to change an account passed to ensure that the password typed at the CLI is hashed correctly. We will revisit this mechanism later...
User ID (UID) Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups
Group ID (GID) The primary group ID, stored in /etc/group file
User ID Info (GECOS) The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command
Home directory The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
Command/shell The absolute path of a command or shell (typically /bin/bash). Please note that it does not have to be a shell. For example, sysadmin can use the nologin shell, which acts as a replacement shell for the user accounts. If shell set to /sbin/nologin and the user tries to log in to the Linux system directly, the /sbin/nologin shell closes the connection

PreviousTips for Creating Partitions NextThe root Account

Last updated 1 year ago

Understanding /etc/passwd

Username It is used when user logs in. It should be between 1 and 32 characters in length

Password An x character indicates that encrypted password is stored in another file; the /etc/shadow file. Please note that you need to use the passwd command to change an account passed to ensure that the password typed at the CLI is hashed correctly. We will revisit this mechanism later...

User ID (UID) Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups

Group ID (GID) The primary group ID, stored in /etc/group file

User ID Info (GECOS) The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command

Home directory The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /

Command/shell The absolute path of a command or shell (typically /bin/bash). Please note that it does not have to be a shell. For example, sysadmin can use the nologin shell, which acts as a replacement shell for the user accounts. If shell set to /sbin/nologin and the user tries to log in to the Linux system directly, the /sbin/nologin shell closes the connection