Friday, January 22, 2010

User and Group Files

Ordinarily, it’s a good idea to let the Ubuntu graphical utilities do all the hard work on the workstation, but user and group management is one of those areas where it helps to know what’s happening under the hood. You may run into situations where you have only the command line available, and it helps to know how to manually add or modify a user account or group.

The Users File
Ubuntu uses a system called shadow passwords to keep the encrypted passwords for each user in a secure location. This system requires using two separate files to track user account information.

The /etc/passwd File
The primary user account file is the /etc/passwd file. Despite what it says, that’s not where user account passwords are stored. This file is set to be readable by every account on the system, because applications often need to know the users on the system.
A sample entry in the /etc/passwd file is
rblum:x:506:506:Rich Blum:/home/rich:/bin/bash

The entry contains seven data fields, each separated by a colon:
• The username
• A placeholder for the password
• The user ID number
• The group ID number
• The full name of user
• The home folder of the user
• The default shell

In the original days of Linux, the /etc/passwd file contained the actual encrypted version of the user’s password. However, the /etc/passwd file must be readable to all users on the system so that the system can validate them. This requirement left the user passwords vulnerable to brute-force attacks using password-cracking software.

The solution to the problem was to hide the actual passwords in a separate file that’s not readable by any user.

The /etc/shadow File
The /etc/shadow file is a secure file where Ubuntu stores the actual user account password, along with some other information about the account. Just like the /etc/passwd file, the /etc/shadow file contains a separate line for each user account.

A sample line from the /etc/shadow file looks like this:

The shadow password file contains eight data fields, each separated by a colon:
• The username
• The encrypted password
• The number of days since the password was last changed
• The number of days before the password may be changed
• The number of days after which the password must be changed
• The number of days to warn the user of an upcoming password change
• The number of days since January 1, 1970, that the account has been disabled
• Reserved data field that’s not used

The Groups File
Ubuntu keeps track of all the group information in the /etc/group file. This file has each group on a separate line, using the format:

The group file contains four data fields, each separated by a colon:
• The group name
• A password, if assigned to the group
• The group ID value
• A comma-separated list of user accounts that belong to the group

Source of Information : Wiley Ubuntu Linux Secrets

No comments: