User Administration in Linux
In Linux/Unix user is one who uses the system. There can be at least one or more than one user in Linux at a time. Users on a system are identified by a username and a userid. The username is something that users would normally refer to, but as far as the operating system is concerned this is referred to using the user id (or uid). The username is typically a user friendly string, such as your name, whereas the user id is a number. The words username and userid are often (incorrectly) used interchangeably. The user id numbers should be unique (one number per user). If you had two usernames with the same user id, effectively there permissions would be the same and the files that they create would appear to have been created by the same user. This should not be allowed and the useradd command will not allow usernames to share the same userid.
Some Important Points related to Users:
- Users and groups are used to control access to files and resources.
- Users login to the system by supplying their username and password.
- Every file on the system is owned by a user and associated with a group.
- Every process has an owner and group affiliation, and can only access the resources its owner or group can access.
- Every user of the system is assigned a unique user ID number ( the UID).
- Users name and UID are stored in /etc/passwd.
- User’s password is stored in /etc/shadow in encrypted form.
- Users are assigned a home directory and a program that is run when they login (Usually a shell).
- Users cannot read, write or execute each other’s files without permission.
Types of Users in Linux
In Linux there are Three Types of Users.
1. Super user or root user
Superuser or the root user is the most powerful user. He is the administrator user.
2. System user
System users are the users created by the software or applications. For example, if we install Apache it will create a user apache. These kinds of users are known as system users.
3. Normal user
Normal users are the users created by the root user. They are normal users like Rahul, Musab, etc. Only the root user has the permission to create or remove a user.
Whenever a user is created in Linux things created by default:-
- A home directory is created(/home/username).
- A mail box is created(/var/spool/mail).
- unique UID & GID are given to user.
Linux uses UPG (User Private Group) scheme.
- It means that whenever a user is created is has its own private group.
- For Example if a user is created with the name Rahul, then a primary group for that user will be Rahul only.
There are two important files a user administrator should be aware of.
Each of the above mentioned files have specific formats.
[ root@geeks ~ ]# head /etc/passwd
root : x : 0 : 0 : root : /root : /bin/bash
bin: x : 1 : 1 : bin : /bin : /sbin/nologin
The above fields are
- root =name
- x= link to password file i.e. /etc/shadow
- 0 or 1= UID (user id)
- 0 or 1=GID (group id)
- root or bin = comment (brief information about the user)
- /root or /bin = home directory of the user
- /bin/bash or /sbin/nologin = shell
The above fields are
- root = User name
- $1fdsfsgsdfsdkffefje = Encrypted password
- 14757 = Days since that password was last changed.
- 0 = Days after which password must be changed.
- 99999 = Days before password is to expire that user is warned.
- 7 = Days after the password is expires that the user is disabled.
- A reserved field.
Password Complexity Requirements:
- A root user can change password of self and of any user in the system, there are no rules for root to assign a password. Root can assign any length of password either long or short, it can be alphabet or numeric or both. On the whole there is no limitation for root for assigning a password.
- A normal user can change only its password. Valid password for a normal user should adhere to the following rules.
- It should be at least 7 characters but not more than 255 characters.
- At least one character should be Upper case.
- At least one character should be Lower case.
- At least one character should be a symbol, and one character should be a number.
- It should not match the previous password.
- It cannot have a sequence (ex: 123456 or abcdef ).
- The login name and the password cannot be same.
Note: For security reasons don’t keep the password based on date of birth because it can easily be hacked.