## /etc/passwd The **`/etc/passwd`** file in Linux contains essential information related to user accounts. Let's dive into the details: 1. **File Purpose**: - The **`/etc/passwd`** file is a plain text-based database that stores information for **all user accounts** on the system. - It includes details such as **user ID (UID)**, **group ID (GID)**, **home directory**, and **default shell**. - Ownership: The file is owned by the **root user** and has **644 permissions**. - Access: Only the **root user** or users with **sudo privileges** can modify the file, while it remains readable by all system users. 2. **File Format**: - Each line in the **`/etc/passwd`** file represents a **user account**. - Fields are separated by **colons (:)**. - The typical format of an entry is as follows: ``` username:password:UID:GID:GECOS:home_directory:login_shell ``` 3. **Fields Explained**: - **Username**: The string used when logging into the system. Must be unique and limited to 32 characters. - **Password**: In older Linux systems, the encrypted password was stored here. Modern systems set it to **'x'**, indicating that the actual password is stored in the **`/etc/shadow`** file. - **UID (User Identifier)**: A number assigned to each user, used by the OS to refer to the user. - **GID (Group Identifier)**: Refers to the user's primary group. When a user creates a file, its group is set to this group. - **GECOS**: Contains comma-separated values: - User's full name or application name. - Room number. - Work phone number. - Home phone number. - Other contact information. - **Home Directory**: Absolute path to the user's home directory, where files and configurations reside (usually under **`/home`**). - **Login Shell**: Absolute path to the user's login shell (e.g., **`/bin/bash`**). Manually editing the **`/etc/passwd`** file should be avoided unless you understand its structure. Always use appropriate commands (e.g., **`usermod`** or **`useradd`**) for managing user accounts. ## /etc/shadow In modern Linux systems, user passwords are stored in an encrypted format within the **`/etc/shadow`** file. This file contains essential information related to user accounts, including their password hashes and optional password aging details. Let's break down what you need to know: 1. **`/etc/passwd`** File: - The `/etc/passwd` file stores user account information, such as usernames, home directories, and default shells. - However, it **does not** contain the actual passwords; instead, it holds an **'x'** placeholder for the password field. 2. **`/etc/shadow`** File: - The encrypted passwords and other relevant data are stored in the `/etc/shadow` file. - Each entry in this file corresponds to a user listed in the `/etc/passwd` file. - The fields in a typical `/etc/shadow` entry include: - **Username**: The login name. - **Password**: The encrypted password hash (usually in the format `$id$salt$hashed`). - Common algorithms include MD5, Blowfish, SHA-256, and SHA-512. - **Last password change**: The number of days since January 1, 1970, when the password was last changed. - **Minimum**: The minimum days required between password changes. - **Maximum**: The maximum validity period for the password. - **Warn**: The number of days before password expiration when the user is warned to change it. - **Inactive**: The number of days after password expiration before the account is disabled. - **Expire**: The absolute date when the login may no longer be used. 3. **Access to `/etc/shadow`**: - Only **root users** or commands with the **suid bit** can access the `/etc/shadow` file. - To view the contents of `/etc/shadow`, follow these steps: 1. Log in as the **root user**. 2. Execute the following command: ``` # cat /etc/shadow ``` 3. You'll be prompted to provide the root user password. Remember that handling passwords directly from the `/etc/shadow` file requires caution, as it involves sensitive information. Always follow best practices and security guidelines when managing user accounts and passwords in Linux.. ## /etc/groups Certainly! The **`/etc/group`** file in Linux plays a crucial role in defining user groups. Let's delve into the details: 1. **Purpose of `/etc/group`**: - The **`/etc/group`** file stores information about **user groups** on the system. - Each line in this file represents a **group entry**. - It helps organize users into logical groups, facilitating efficient management and access control. 2. **Format of an Entry**: - Each line in the **`/etc/group`** file consists of several fields separated by colons (":"). - Here's the format: ``` group_name:password:GID:user_list ``` - Fields explained: - **`group_name`**: The name of the group. When you run `ls -l`, this name appears in the group field. - **`Password`**: Generally not used (left empty). It can store an encrypted password for privileged groups. - **`GID` (Group ID)**: A unique numeric identifier assigned to the group. You can find this number in the **`/etc/passwd`** file. - **`user_list`**: A comma-separated list of usernames belonging to the group. 3. **Why User Groups Matter**: - **Sharing Resources**: Groups allow users to share files, directories, or devices with specific permissions. - **User Management**: Managing users becomes easier when they belong to relevant groups. - **Monitoring**: Group membership aids in monitoring user activities. - **Access Control**: Group membership grants special access to files and directories permitted for that group. 4. **Example**: - Consider the following entry: ``` developers:x:1001:tom,jane ``` - **`developers`**: Group name. - **`x`**: Empty password field. - **`1001`**: Group ID. - **`tom, jane`**: Users who are part of this group. - In the example, user **`tom`** can access files associated with both the **`Web developers`** and **`Sales`** groups. 5. **Viewing Group Information**: - To view the current group settings, use one of these commands: - `less /etc/group` - `more /etc/group` - `cat /etc/group` - To find out which groups a user belongs to: ``` groups {username} ``` For instance: ``` groups vivek ``` Sample output: ``` vivek : vivek adm dialout cdrom plugdev lpadmin netdev admin sambashare libvirtd ``` Remember, managing user groups is essential for efficient system administration and access control. Group membership simplifies resource sharing and enhances security. ## Adding or deleting group(s) associated with a user To remove a user from a group in **Linux**, you have a few options. Let's explore them: 1. **Using `gpasswd`**: - The `gpasswd` command allows you to remove a user from a group. Execute the following: ``` gpasswd --delete user group ``` ``` gpasswd --add user group ``` - Note that the new group configuration will take effect at the next login. If the user is currently logged in, the change won't be immediately visible. ## useradd, userdel, passwd Certainly! Let's explore practical examples of using `useradd`, `userdel`, and the `passwd` command in Linux. I'll provide brief explanations along with the commands and flags. 1. **Adding a New User with `useradd`**: - To create a new user named "testuser," use the following command: ``` sudo useradd testuser ``` - This will add "testuser" to the system, creating a new user account with default settings. 2. **Specifying a Home Directory for the New User**: - You can set a custom home directory for the user using the `-d` flag: ``` sudo useradd -d /home/testuser_custom testuser ``` - Replace `/home/testuser_custom` with the desired path. 3. **Creating a User with a Specific User ID (UID)**: - To assign a specific User ID (UID) to "bob," use: ``` sudo useradd -u 1001 bob ``` - Replace `1001` with the desired UID. 4. **Creating a User Without a Home Directory**: - If you want to create a user without a home directory, use the `-M` flag: ``` sudo useradd -M guest ``` 5. **Setting an Expiry Date for the User Account**: - To create a user with an expiry date (e.g., after 30 days), use: ``` sudo useradd -e 2024-05-01 charlie ``` 6. **Adding a Comment to the User Account**: - You can include a comment (description) for the user: ``` sudo useradd -c "Sales Manager" dave ``` 7. **Creating a System User**: - System users are typically used for services and daemons. To create one: ``` sudo useradd -r -s /sbin/nologin nginx ``` 8. **Assigning Multiple Groups to a User**: - To add "emma" to both "developers" and "admins" groups: ``` sudo useradd -G developers,admins emma ``` 9. **Removing a User with `userdel`**: - To delete the user "testuser": ``` sudo userdel testuser ``` 10. **Changing User Passwords with `passwd`**: - To set or change the password for "testuser": ``` sudo passwd testuser ``` - Follow the prompts to set the new password.