Managing Users and Groups

When user and Group is  created the properties of tese users added to the configuration files which Linux system refers when needed.

Below are the User and Group configuration files

1. /etc/passwd: This  file keep  users properties like user id, primary group id, Password file locaton, description and shell information.Users created in Linux must have entry created in this file.
2. /etc/shadow: Holding encrypted password of the user and password controls like password expiry, password locked state etc..
3. /etc/group: This file  holding groups and the members of the group details.
4. /etc/gshadow: This file contains group password details.

Important Notes:

• Users and groups are used to control access to files and resources
• Users login to the system by supplying their username and password
• Every file on the system is owned by a user and associated with a group
• Every process has an owner and group affiliation, and can only access the resources its owner or group can access.
• Every user of the system is assigned a unique user ID number ( the UID)
• Users name and UID are stored in /etc/passwd
• User’s  password/etc/shadow is in encrypted stored form.  in
• Users are assigned a home directory and a program that is run when they login (Usually a shell)
• Below properties will be created when user is created 
  • A home directory is created(/home/username)
  • A mail box is created(/var/spool/mail)
  • Unique UID & GID are given to user
  • Group will be created with the name of username and by default the users primary group is the same private group.
  • For Example if a user is created with the name iwayQ , then a primary group for that user will be iwayq only

Explain Format of /etc/passwd & /etc/shadow:

/etc/passwd:

• root =name
• x= link to password file i.e. /etc/shadow
• 500 = UID (user id)
• 500 =GID (group id)
• root or bin = comment (brief information about the user)
• /root or /bin = home directory of the user
• /bin/bash or /sbin/nologin = shell

/etc/shadow:

• iwayq  = User name
• $1$lSChWhxG$W4LLekFfTPbQq4IvEdSK90= Encrypted password
• 16767= Days since that password was last changed.
• 0 = Days after which password must be changed.
• 99999 = Days before password is to expire that user is warned.
• 7 = Days after the password is expires that the user is disabled.
• A reserved field.

Password Complexity Requirements:

• A root user can change password of self and of any user in the system, there are no rules for root to assign a password. Root can assign any length of password either long or short, it can be alphabet or numeric or both. On the whole there is no limitation for root for assigning a password.
• A normal user can change only its password. Valid password for a normal user should adhere to the following rules
• It should be at least 7 characters but not more than 255 characters.
• At least one character should be Upper case
• At least one character should be Lower case
• At least one character should be a symbol, and one character should be a number.
• It should not match the previous password.
• It cannot have a sequence (ex: 123456 or abcdef )
• The login name and the password cannot be same.

The password parameters

• For any user we can set the parameters for the password, like min and max password age, password expiration warnings and a/c expiration date etc. 
• To view the advanced parameters of the user, use

#chage -l  iwayq

• Last password change: When the password was change last time. 
• Password expires: Password expiry date 
• Password inactive: After password expiry grace period before the account gets locked. 
• Account expires: Date on which the account expires. 
• Minimum number of days b/w password change: once the password is changed, it cannot be changed until a min period of specified date. [0] means never.
• Max number of days b/w password change: After changing the password how long it will be valid for.
• Number of days of warning before password expires: start of warnings to change the password, no. of days before the password expires.