Users gain access to the system only after the system administrator
has created user accounts for them. These accounts are more than just a
user name and password; they also define the environment
the user works under,
including the level of access he or she has.
Users are added to Linux
systems in one of two ways. You could create the necessary entries in the
appropriate file, create the directories, and copy the start-up files manually.
Or, you could use the adduser command, which does that for you.
Adding a user to a Linux system is often referred to as "creating a user" or
"creating a user account".
The terms "user" and "user account" are often interchanged in different contexts.
For the most part, the term "user" is used for the person actually working on the system
and "user account"
is used to refer to the files and programs that
create the user's environment
when he or she logs in. However, these two phrases
can be interchanged and people will know what you are referring to.
When an account is created, a
shell is assigned along with the default configuration
files that go with that shell. Users are also assigned a
home directory, which is their default directory when they
login, usually in the form /home/<username>. Note that
the parent of the user's home directories may be different.
When user accounts are created, each user is assigned a User
Name (login name or logname), which is associated with a User ID (UID). Each is
assigned to at least one group, with one group designated as their login
group. Each group has an associated Group ID (GID). The UID
is a number used to identify the user. The GID
is a number used to identify the login group of
that user. Both are used to keep track of that user and determine what files he
or she can access.
In general, programs and commands that interact with
us humans report information about the user by logname
or group name. However,
most identification from the operating system's point of view is done through the
GID. The UID is associated with the user's
logname. The GID is associated
with the user's login group. In general, the group a user is a part of is only
used for determining access to files.
User accounts are defined in /etc/passwd and groups are
defined in /etc/group.
If you look on your system, you will
see that everyone can read both of these files. Years ago, my first reaction was
that this was a security
problem, but when I was told what this was all about, I
realized that this was necessary. I was also concerned that the password be
accessible, even in encrypted format. Because I know what my password is, I can
compare my password to the encrypted version and figure out the encryption
mechanism, right? Nope! Its not that easy.
At the beginning of each
encrypted password is a seed. Using this seed, the system creates the
encrypted version. When you login,
the system takes the seed from the encrypted
password and encrypts the password that you input. If this matches the encrypted
password, you are allowed in. Nowhere on the system is the
unencrypted password stored, nor do any of the utilities or commands generate
Next, lets talk about the need to be able to access this information.
Remember that the operating system
knows only about numbers. When we talked
about operating system
basics, I mentioned that the information about the owner
and group of a file was stored as a number in the inode.
However, when you do a
long listing of a file (ls -l), you don't see the number, but rather, a name.
For example, if we do a long listing of /bin/mkdir, we get:
-rwxr-xr-x 1 root root 7593 Feb 25 1996 /bin/mkdir
The entries are:
permissions links owner group size date filename
Here we see
that the owner and group of the file is root. Because the owner and group are
stored as numerical values in the inode
table, the system must be
translating this information before it displays it on the screen. Where does it
get the translation? From the /etc/passwd and
/etc/group files. You can see what
the "untranslated" values are by entering
ls -ln /bin/mkdir
which gives us:
-rwxr-xr-x 1 0 0 7593 Feb 25 1996 /bin/mkdir
If we look in /etc/passwd, we see that the 0 is the UID
for root, and if we look in /etc/group, we see that 0 is also the GID
for the group
root, which are the numbers we got above. If the /etc/passwd
files were not readable by everyone, then no translation could be made like this
without some major changes to most of the system commands and utilities.
On a number of occasions, I have talked to customers who claimed to have
experienced corruption when transferring files from one system to another.
Sometimes it's with cpio, sometimes it's tar. In every case, files have arrived on
the destination machine and have had either "incorrect" owners or
groups and sometimes both. Sometimes, the "corruption" is so bad that
there are no names for the owner and group, just numbers.
say? Isn't that how the system stores the owner and group information for the
files? Exactly. What does it use to make the translation from these numbers to
the names that we normally see? As I mentioned, it uses /etc/passwd and
/etc/group. When you transfer files from one system to another, the only owner
information that is transferred are the numbers. When the file arrives on the
destination machine, weird things can happen. Lets look at an example.
work, my user name
was jimmo and I had UID
12709. All my files were stored with
12709 in the owner field of the inode.
Lets say that I create a user on my
machine at home, also named jimmo. Because there are far fewer users on my
system at home than at work, jimmo ended up with UID
500. When I transferred
files from work to home, the owner of all "my" files was 12709. That
is, where there normally is a name when I do a long listing, there was the
number 12709, not jimmo.
The reason for this is that the owner of the
file is stored as a number in the inode.
When I copied the files from my system
at work, certain information from the inode
was copied along with the file,
including the owner. Not the user's name, but the numerical value in the
inode. When the files were listed on the new system, there was no user with UID
12709, and therefore no translation could be made from the number to the name.
The only thing that could be done was to display the number.
sense because what if there were no user jimmo on the other system? What value
should be displayed in this field? At least this way there is some value and you
have a small clue as to what is going on.
To keep things straight, I had
to do one of two things. Either I create a shell script that changed the owner
on all my files when I transferred them or I figure out some way to give jimmo
12709 on my system at home. So I decided to give jimmo UID
Here, too, there are two ways I can go about it. I could create
12208 users on my system so the 12709th would be jimmo. (Why 12208? By default,
the system starts with a UID
500 for normal users.) This bothered me though,
because I would have to remove the user jimmo with UID
500 then create it again.
I felt that this would be a waste of time.
The other alternative was to
change the system files. Now, there is nothing that Linux provides that would do
that. I could change many aspects of the user jimmo; however, the UID
one of them. After careful consideration, I realized that there was a tool that
Linux provided to make the changes: vi. Because this information is kept in
files, you can use a text editor to change them. After reading the
remainder of this chapter, you should have the necessary information to make the
One thing I would like to point out is that vi is not
actually the tool you should use. Although you could use it, something could
happen while you are editing the file and your password file could get trashed.
Linux provides you with a tool (that's actually available on many systems)
specifically designed to edit the password file: vipw (for "vi
What vipw does is create a copy of the password file,
which is what you actually edit. When you are finished editing, vipw replaces
the /etc/passwd with that copy. Should the system go down while you are editing
the file, the potential for problems is minimized. Note that despite its name,
the editor that is called is defined by your
EDITOR environment variable.
On many systems, the adduser program is used to add users (what
else?). Note that when you create a user, you are assigned a value for the UID,
usually one number higher than the previously assigned UID.
Because adduser is a shell script, you can change the algorithm used, if you really want
When the first customer called with the same situation, I could
immediately tell him why it was happening, how to correct it, and assure him
that it worked.
You can also change a user's group if you want. Remember,
however, that all this does is change the GID
for that user in /etc/passwd.
Nothing else! Therefore, all files that were created before you make the change
will still have the old group.
You can change your UID
while you are
working by using the su command. What does su stand for? Well, that's a good
question. I have seen several different translations in books and from people on
the Internet. I say that it means "switch UID,
" as that's what it does.
However, other possibilities include "switch user" and
"super-user." This command sets your UID
to a new one. The syntax is
where <user_name> is the logname
the user whose UID
you want to use. After running the command, you have a UID of
The shortcoming with this is that all that is changed is the
UID and GID; you still have the environment
of the original user. If you want
the system to "pretend" as though you had actually logged in, include
a dash (-). The command would then be
actually happening is that you are running a new shell
as that user. (Check the
ps output to see that this is a new process.) Therefore, to switch back, you
don't need to use su again, but just exit that shell.
We need to remember
that a shell
is the primary means by which users gain access to the system. Once
they do gain access, their ability to move around the system (in terms of
reading files or executing programs) depends on two things: permissions
In general, there is no need to switch groups. A user can be
listed in more than one group in /etc/group and the system will grant access to
files and directories accordingly.
Permissions are something that most
people are familiar with if they have ever worked on an Linux (or similar)
system before. Based on what has been granted, different users have different
access to files, programs, and directories. You can find out what permissions
particular file has by doing a long listing of it. The permissions
represented by the first 10 characters on the line. This is something that we
covered in a fair bit of detail in the section on shell
basics, so there is no
need to repeat it here.
Removing users is fairly straightforward.
Unfortunately, I haven't found a utility that will remove them as simply as you
can create them. Therefore, you will need to do it manually. The simplest way is
to use vipw to remove the users entry from /etc/passwd and to remove its home
directory and mailbox.
However, this is not necessarily the best
approach. I have worked in companies where once a user was created, it was never
removed. This provides a certain level of accountability.
the owner is simply a number in the inode
table. Converting this number to a
name is done through the entry in /etc/passwd. If that entry
is gone, there can
be no conversion. If a new user were to get the UID
of an old, removed user, it
may suddenly have access to a file that it shouldn't (i.e., a file owned by the
old user that it now owns).
Even if no new users get that UID,
you do if you find an "unowned" file on your system, that is, one with
just a number as the owner and without associated entry in /etc/passwd? What you
do is up to your company, but I think it is safer to "retire" that
You could remove its home directory
and mailbox. However, change its
password to something like NOLOGIN. This password is shorter than an encrypted
password, so it is impossible that any input password will encrypt
this. Then change its login
to something like /bin/true. This closes one
more door. By making it /bin/true, no error message
will be generated to give a
potential hacker a clue that there is "something" about this account.
Alternatively, you could replace the login
with a message to say that the
account has been disabled and the owner should report to have it re-activated.
This helps to dissuade would-be hackers.
Another useful tool for
thwarting hackers is password shadowing. With this, the encrypted password
not kept in /etc/passwd, but rather /etc/shadow. This is useful when someone
decides to steal your password file. Why is this a problem? I will get into
details about it later, but lets say now that the password file could be used to
crack passwords and gain access to the system.
Because you must have the
/etc/passwd file word-readable to make translations from UID
to user name,
you cannot protect it simply by changing the permission. However, the
password, where the real password is stored, is not readable by regular users
and therefore is less of a security
risk. (I say "less" because if an intruder gets in as root, all bets are off).