Linux Unleashed, Third Edition:Users and Logins





-->















Previous
Table of Contents
Next




Passwords
The system stores the user’s encrypted password in this field. (Actually, the password is encoded, not encrypted, although the convention has always been to use the term encrypted.) This field is very sensitive to changes, and any modification whatsoever can render the login useless until the system administrator performs a password change. A user’s password can only be changed by the system administrator by using the passwd command when logged in as root (or by the user himself).

Note:  Some versions of UNIX do not keep the passwords in the /etc/passwd file because of potential security problems. If the password fields on your system are all set to x, then another file (called a shadow password file) is in use. However, all versions of Linux currently available do use this field normally.
Systems running either Yellow Pages or NIS (Network Information Service), both of which rely on a central file of usernames and passwords, do not use this field. However, few Linux systems use either YP or NIS, so this distinction can be ignored for the moment.


When a user logs in, the login program logically compares the password that the user types to a block of zeros and then compares that result to the entry in the password field. If they match, the user is granted access. Any deviation causes login to refuse access.
This field can be used to restrict access to the system. If you want a login to never be used for access, such as a system login like lp or sync, place an asterisk between the two colons for this field. This restricts all access. In the example /etc/passwd file shown earlier, you can see that many system logins have an asterisk as their password, effectively blocking access.
This field can also be used to allow unrestricted access by leaving it blank. If there is no password, anyone using the username is granted access immediately, with no password requested. This is a very bad habit to get into! Do not leave passwords open unless you are using your Linux system strictly for your own pleasure and have nothing of value on the file system.
Don’t attempt to put a password in the password field—you cannot re-create the encryption method, and you’ll end up locking the user out. At this point, only the system administrator is able to change the password and allow access.
User ID
Every username has an associated, unique user ID. The user ID, also called the UID, is used by Linux to identify everything associated with the user. The user ID is preferable to the username because numbers are easier to work with than the characters in a name, and they take up much less space. Linux tracks all processes started by a user, for example, by the user ID and not the username. A translation can take place in some utilities to display the username, but the utility generally examines the /etc/passwd file to match the UID to the name.
The user ID numbers are usually assigned in specific ranges. Most UNIX systems, for example, allocate the numbers from 0 to 99 for machine-specific logins, and the user ID numbers from 100 and up for users. This is a good working model and makes your system consistent with others. In the example /etc/passwd file shown earlier, you can see that root has a UID of 0, while the other system-created logins have numbers ranging upward. The login “nobody” is a special login used for NFS (Network File System) and has a UID of –1, an invalid number. When you assign user ID numbers, it is a good idea to assign them sequentially, so the first user is 100, the second 101, and so on.
Group ID
The group ID (GID) is used to track the user’s startup group (in other words, the ID of the group the user belongs to when they log in). A group, as you will see later, is used for organization purposes to set file permissions, although many organizations don’t bother with them. Group ID numbers range from zero on up. Linux systems assign a group called users with the group number 100 for this purpose.

The GID is used by the system when tracking file permissions, access, and file creation and modification specifications. If your system has only a single user group, then you need not worry about the GID. If you work with several groups (as might be implemented on a large system), then you need to examine the /etc/group file.
Comments
This field is used for the system administrator to add any information necessary to make the entry more self-explanatory. Typically, this area is used to enter the user’s full name, although some system administrators like to add department or extension numbers for convenience. (This field is sometimes called the GECOS field, after the operating system that first used it.)
The comment field is used by some utilities to display information about users, so make sure you don’t place any sensitive information there. Electronic mail systems, for example, can access this field to show who is sending mail. While you don’t have to use the field, on larger systems it can make things much easier for administrators and other users when they can discover the real name of the person the username belongs to.
Home Directory
The home directory field indicates to the login process where to place users when they log in. This is usually their home directory. Each user on the system should have her own dedicated home directory, and then the startup files will initialize the environment variable HOME to this value. The directory indicated in this field is the user’s initial working directory only and places no restrictions on the user (unless file permissions have been set to restrict movement).
For the most part, user home directories are located in a common area. Linux tends to use the /home directory, so you will find home directories such as /home/tparker, /home/ychow, and so on. Other versions use /usr, /user, or /u as user home directories. In some cases where the system administrator has experience with another type of UNIX that uses an alternate directory structure, you may find the home directories changed to make life easier (and more familiar) for that administrator. As far as Linux is concerned, it doesn’t care what the name of the home directory is, as long as it can be entered.



Previous
Table of Contents
Next