Manualshelf

Datasheet

ManualsBrandsWiley Manualsbooks978-0-470-08348-2
21222324252627282930
30
Phase 1
Working on the Command Line
Understanding the Basics of Account Management
Linux and Unix systems have traditionally stored account information in the /etc/passwd
file. This file consists of a series of lines, each of which represents a single account, as in:
dsmith:x:512:100:Dale Smith:/home2/dsmith:/bin/bash
This line consists of a series of colon-delimited fields that contain the account’s username,
password, UID number, group ID (GID) number, a free-form comment, home directory, and
default shell. Note that in this example the password field contains a single x. This is a code
that means the password is encoded in another file, /etc/shadow. Most Linux systems today
use this shadow password system as a way of increasing security; the /etc/passwd file must
be world-readable to enable programs to access information such as the user’s default shell
and the comment field. Even an encrypted password could be broken if it were readable, so the
shadow password system locks this sensitive data, as well as additional account information,
in /etc/shadow, which is readable only by root. The format of the /etc/shadow file is sim-
ilar to that of /etc/passwd in that it consists of colon-delimited fields. The first two fields
contain the username and encrypted password, while remaining fields contain account aging
and other advanced information.
Account management involves creating, deleting, or modifying the information in /etc/
passwd and /etc/shadow. In principle, this can be done with a text editor, and in fact some
extraordinarily street-savvy administrators work this way. Most administrators, though, use
command-line or GUI tools to help manage the task. These tools obviate the need to remember
what fields hold what data and minimize the risk of encountering problems from typos, such
as accidentally deleting a colon.
The basic Linux account management tools are useradd, userdel, and usermod. These
tools add, delete, and modify existing user accounts, respectively. Linux also provides groupadd,
groupdel, and groupmod tools to perform similar tasks with groups, although some of the
details of operation differ.
Adding User Accounts
To add an account, you use the useradd command. At its simplest, you can use this command
followed by the username you want to use:
# useradd tbrown
This command creates an account called tbrown, using defaults for various account param-
eters. On most systems, the user’s home directory will be /home/tbrown, the shell will be
/bin/bash, the comment field will be empty, and the UID and GID will be assigned based on
the lowest available numbers for both. Most importantly, the account’s password will be dis-
abled (more on that shortly).
Some systems give each user a unique GID, and create an appropriate group
to go with it, as a default policy. Other systems assign new users to an exist-
ing group, typically users, as a default policy.
83484.book Page 30 Monday, September 18, 2006 8:58 AM