Or to false, which according to the manual does nothing unsuccessfully which, depending on how you look at it is either kind of inspirational or somewhat depressing. Usually it'll be set to bash but for some accounts that aren't permitted to login it'll be set to no login, which refuses to let the user enter commands. And the seventh field is the user's default shell. The sixth field shows the path to the user's home directory where their stuff is stored and where they'll start out when they log into the system at the command line. For users added by the system or by software, this field will often have a little bit more descriptive text to help you know what the account it for. You may see some commas separating empty fields if you're not using them. That's called GECOS and we'll get into that more later on. Usually this is where a human friendly name is stored like a full first and last name and it can also contain information like an office or phone number depending on how the standards of your system are set up. The fifth field here is a description or comment field. And the others are listed in the group file that we'll see in just a moment. A user can be a member of more than one group but the primary group is listed here. The fourth field is the numeric group ID, or GID, of the user's primary group. And 1,000 or over are users created by the administrator for people or for some other purpose. So, generally speaking, a user ID less than 1,000 is a system account or an account for some software that was installed. The root user has user ID zero and system accounts start from there. Typically, normal users start at number 1,000 and go up from there as you add more users. The third field in the password file is the UID, or User ID. We'll take a look at the shadow file in a moment. Shadow is only readable by root and members of the shadow group and only root can write to it. The second field, which shows up as an X, represents the fact that the user's password is stored in the shadow file. The first field is the username, what I'd type to login and that can be up to 32 characters long with no spaces. In the etc/password file here, which is readable by everyone in the system but only writeable by root, there are seven fields for each user and they're separated by colons. But let's take a look at the format of these files so we know what they represent and then we'll take a look at making changes to users and groups. We don't edit these directly, but instead we have a selection of tools that let us create, modify and delete users and groups and find out information about them. The list of users is maintained in the etc/password file and the groups are maintained in the etc/group file. When we create a user it becomes the only member of a group with the same name and we can add the user to other groups as well depending on what we want that user to have access to. While our users and groups have human, readable names, the system keeps track of them as numbers with UID's, or User IDs, and GIDs, or Group IDs. These are created by the system or by installed software in order to scope access to particular things rather than having everything running as the root user which would be insecure and messy. Even on a cleanly installed system, you'll notice when you start looking around that there are a handful of users and groups that already exist on your system. Users and groups are at the heart of security in a multi user system. We can set where their data is stored, what shell they use when they login and whether they need to change their password. We can specify whether these users and groups can login to the system or how much storage they can consume or whether they are able to use the super user privileges to make changes to the system. A group is a collection of users defined for a specific purpose. A user corresponds to a human that will use the system or a servicer application that needs its own entity to run as. On a Linux system we can create users and groups in order to more precisely control access to files and resources.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |