UNIX: Users and Groups
-
UNIX systems share a common user and group structure that is somewhat similar to, but always rather different than that used by Windows. In UNIX systems we have the concept of a user, the concept of a group, the concept of group membership and the concept of a user's primary group.
First, users. UNIX systems, by default, keep the basic information about their users in the /etc/passwd text file. Most importantly the username, user ID (UID), home directory, display name, primary group and default shell are all stored here. We will learn more about the shell and home directory later. For now we care about the username, UID and primary group.
It is important to understand that this is by default, UNIX systems can and do use external directory services just as Windows does. Users may be kept in a NIS database, LDAP server, Active Directory or other. There are many choices here, including custom build solutions. So while we are learning the standard configuration here, be aware that other options do exist.
Username: Every UNIX user gets a username. This is no different than on any other operating system.
UID: The User ID field, the numerical representation of the user.
Primary Group: Each user gets a primary group assignment. This is the group that, by default, the user is presented as being a member of. We will learn more about this as we progress, but suffice it to say, each user gets one primary group and, for the most part, UNIX works as a one group platform. Mostly.
Users work as you would suspect. You have already logged into a UNIX system using the root user, at the very least.
Next up, groups. UNIX groups are maintained by the /etc/group file. This file looks a lot like the /etc/passwd file. Here the key fields are the group name, group ID (GID) and a list of users that have these are secondary groups (more on primary and secondary later.) What is important to note is that while the /etc/group file is the master list of the groups themselves, all users listed in the /etc/group file are purely users who have those groups in a secondary mode.
Group Name: Same as a username, but for a group.
GID: Same as UID but for groups. The numerical identifier of the group.
Users: The list of users who are members of the group (but for whom the group is not their primary group.)
UNIX uses groups as a security mechanism to "group" users together. This is used for different security mechanisms but is typically tied to file permissions or user escalation rights.
The last file that we will learn about now is the /etc/shadow file. This file is where the encrypted passwords of users with local logins are kept. We will not need to look at or modify this file ourselves for now. This file will be managed by the system.
Changing Passwords. A user can change their own password using the passwd command. This is an interactive command and requires no additional information.
If you are root, you can change passwords on behalf of users by using the syntax:
# passwd usernameIt is not uncommon for system administrators to work with the /etc/passwd and /etc/group files by hand. They are easy to read and easy to edit. Most UNIX systems have simple utilities to make working with them even easier. It is important to understand what they contain and how they work. But typically we will use tools to modify them. /etc/shadow is almost exclusively managed by other commands as there is encrypted data involved within it.
Part of a series on Linux Systems Administration by Scott Alan Miller
