-->
Previous Table of Contents Next


User Accounts: /etc/passwd

Even if you are the only user on your Linux system, you should know about user accounts and managing users. This is because you should have your own account (other than root) for your daily tasks. You therefore need to be able to create a new user. If your system lets others access the operating system, either directly or through a modem, you should create user accounts for everyone who wants access. You may also want a more generic guest account for friends who just want occasional access.

Every person using your Linux system should have his or her own unique username and password. The only exception is a guest account or perhaps an account that accesses a specific application, such as a read-only database. By keeping separate accounts for each user, your security is much tighter, and you have a better idea of who is accessing your system and what they are doing. A one-to-one correspondence between users and accounts makes tracking activities much easier.

All the information about user accounts is kept in the file /etc/passwd. The /etc/passwd file should be owned only by root and have the group ID set to zero (usually root or system group, as defined in the /etc/group file). The permissions of the /etc/passwd file should be set to allow write access only by root, but all others can have read access. (We deal with groups and permissions later in this section.) The lines in the /etc/passwd file are divided into a strict format:


username:password:user ID:group ID:comment:home directory:login command

This format can best be seen by looking at a sample /etc/passwd file. The /etc/passwd file created when a Linux system is newly installed is shown in Listing 35.1.

Listing 35.1. The /etc/passwd file created when Linux is first installed.


root::0:0:root:/root:/bin/bash

bin:*:1:1:bin:/bin:

daemon:*:2:2:daemon:/sbin:

adm:*:3:4:adm:/var/adm:

lp:*:4:7:lp:/var/spool/lpd:

sync:*:5:0:sync:/sbin:/bin/sync

shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown

halt:*:7:0:halt:/sbin:/sbin/halt

mail:*:8:12:mail:/var/spool/mail:

news:*:9:13:news:/usr/lib/news:

uucp:*:10:14:uucp:/var/spool/uucppublic:

operator:*:11:0:operator:/root:/bin/bash

games:*:12:100:games:/usr/games:

man:*:13:15:man:/usr/man:

postmaster:*:14:12:postmaster:/var/spool/mail:/bin/bash

nobody:*:-1:100:nobody:/dev/null:

ftp:*:404:1::/home/ftp:/bin/bash

Each line in the /etc/passwd file is composed of seven fields, separated by a full colon. If there is nothing to be entered in a field, the field is left blank, but the colons are retained to make sure each line has seven fields (which also means each line will have six colons). The seven fields (from left to right on each line) are as follows:

username A unique identifier for the user
password The user’s password (encrypted and therefore not readable by users)
user ID (UID) A unique number that identifies the user to the operating system
group ID (GID) A unique number that identifies the user’s group (for file permissions)
comment Usually the user’s real name, but sometimes phone numbers, departments, and so on
home directory The directory in which the user is placed when they log in
login command The command executed when the user logs in, normally a shell

Let’s look at each field in a little more detail. You should know what each field does and how it is used by other programs on your Linux system. Note that this type of user file is used with almost every UNIX system in the world, so once you know it for Linux, you know it for most UNIX versions.

Usernames

The username is a single string, usually eight characters or less, that uniquely identifies each user. Since the username is the basis of most communications between users and other machines, the username you use (or assign to others) should be simple and obvious. Usually, this means a permutation of the user’s real name. A typical username may be a combination of the user’s first and last names, such as tparker or timp. The former example, composed of the first initial and last name, is fairly common in large networks.

Note that the characters in these examples are all lowercase. Case is important in Linux (as with all UNIX versions), so tparker and Tparker are two different logins. Since most Linux commands are lowercase, convention is to also keep usernames lowercase. Underscores, periods, numbers, and some special characters are allowed, but should be avoided.

Small systems, such as on a single machine, may use more familiar names, such as the user’s first name only. A small system may have users with the names tim, bill, yvonne, and so on. If two users have the same name, then there must be some method found to differentiate between the two (such as bill and billy).

A few users like to create cryptic usernames that reflect their hobbies, nicknames, pets, lifestyle, or personality. You may find usernames such as vader, grumpy, wizard, and hoops. This type of naming is fine on small systems that are used by one or two users, but quickly becomes awkward on larger systems where other users may not know their coworkers’ usernames. On the whole, if your system is used by more than a couple of people, discourage this type of username.


Previous Table of Contents Next