TROUBLESHOOTING On Red Hat Enterprise , information about accounts and groups are stored in several text files within the /etc/ directory. When a system administrator creates new user accounts, these files must either be edited manually or applications must be used to the necessary changes. The following section documents the files in the /etc/ directory that store user and group information under Red Hat Enterprise Linux.

/etc/passwd

The /etc/passwd is world-readable and contains a list of users, each on a separate line. On each line is a colon delimited list containing the following information: o Username — The name the user types when logging into the system. o — Contains the encrypted password (or an x if shadow are being used — on this later). o User ID (UID ) — The numerical equivalent of the username which is referenced by the system and applications when determining access privileges. o Group ID (GID ) — The numerical equivalent of the primary group name which is referenced by the system and applications when determining access privileges. o GECOS — GECOS stands for General Electric Comprehensive Operating Supervisor. Named for historical reasons, the GECOS [25] field is optional and is used to store extra information (such as the user's full name). Multiple entries can be stored here in a comma delimited list. Utilities such as finger access this field to provide additional user information. o — The absolute path to the user's home directory, such as /home/juan/ . o — The program automatically launched whenever a user logs in. This is usually a command interpreter (often called a shell ). Under Red Hat Enterprise Linux, the default value is /bin/bash . If this field is left blank, /bin/sh is used. If it is set to a non-existent file, then the user will be unable to log into the system.

/etc/shadow /etc/shadow file is readable only by the root user and contains password (and optional password aging information) for each user. As in the /etc/passwd file, each user's information is on a separate line. Each of these lines is a colon delimited list including the following information: o Username — The name the user types when logging into the system. This allows the login application to retrieve the user's password (and related information). o Encrypted password — The 13 to 24 character password. The password is encrypted using either the (3) library function or the hash algorithm. In this field, values other than a validly-formatted encrypted or hashed password are used to control user logins and to show the password status. For example, if the value is ! or *, the account is locked and

the user is not allowed to log in. If the value is !! a password has never been set before (and the user, not having set a password, will not be able to log in). o Date password last changed — The number of days since January 1, 1970 (also called the epoch ) that the password was last changed. This information is used in conjunction with the password aging fields that follow. o Number of days before password can be changed — The minimum number of days that must pass before the password can be changed. o Number of days before a password change is required — The number of days that must pass before the password must be changed. o Number of days warning before password change — The number of days before password expiration during which the user is warned of the impending expiration. o Number of days before the account is disabled — The number of days after a password expires before the account will be disabled. o Date since the account has been disabled — The date (stored as the number of days since the epoch) since the user account has been disabled. o A reserved field — A field that is ignored in Red Hat Enterprise Linux.

/etc/group The /etc/group file is world-readable and contains a list of groups, each on a separate line. Each line is a four field, colon delimited list including the following information: o Group name — The name of the group. Used by various utility programs as a human- readable identifier for the group. o Group password — If set, this allows users that are not part of the group to the group by using the newgrp command and typing the password stored here. If a lower case x is in this field, then shadow group passwords are being used. o Group ID (GID ) — The numerical equivalent of the group name. It is used by the and applications when determining access privileges. o Member list — A comma delimited list of the users belonging to the group.

/etc/gshadow The /etc/gshadow file is readable only by the root user and contains an encrypted password for each group, as well as group membership and administrator information. Just as in the /etc/group file, each group's information is on a separate line. Each of these lines is a colon delimited list including the following information: o Group name — The name of the group. Used by various utility programs as a human- readable identifier for the group. o Encrypted password — The encrypted password for the group. If set, non-members of the group can join the group by typing the password for that group using the newgrp command. If the value of this field is !, then no user is allowed to access the group using the newgrp command. A value of !! is treated the same as a value of ! —

however, it also indicates that a password has never been set before. If the value is null, only group members can log into the group. o Group administrators — Group members listed here (in a comma delimited list) can add or remove group members using the gpasswd command. o Group members — Group members listed here (in a comma delimited list) are regular, non-administrative members of the group.

/etc/default/useradd

Both Red Hat Enterprise Linux and Debian/Ubuntu have a file called /etc/default/useradd that contains some default user options. Besides using to display this file, you can also use useradd -D.

[root@RHEL4 ~]# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel

/etc/skel/

When using useradd the -m option, the /etc/skel/ directory is copied to the newly created home directory. The /etc/skel/ directory contain some (usually hidden) files that contain profile settings and default values for applications. In this way /etc/skel/ serves as a default home directory and as a default user profile.

[root@RHEL5 ~]# -la /etc/skel/ total 48 drwxr-xr-x 2 root root 4096 Apr 1 00:11 . drwxr-xr-x 97 root root 12288 Jun 24 15:36 .. -rw-r--r-- 1 root root 24 Jul 12 2006 .bash_logout -rw-r--r-- 1 root root 176 Jul 12 2006 .bash_profile -rw-r--r-- 1 root root 124 Jul 12 2006 .bashrc

/etc/login.defs

The /etc/login.defs file contains some default settings for user passwords like password aging and length settings. (You will also the numerical limits of user ids and group ids and whether or not a home directory should be created by default).

root@rhel65:~# ^PASS /etc/login.defs PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7

User Management Command Line Tools

Application Function

/usr/sbin/useradd Adds user accounts. This tool is also used to specify primary and secondary group membership.

/usr/sbin/userdel Deletes user accounts.

/usr/sbin/usermod Edits account attributes including some functions related to password aging. For more fine-grained control, use the passwd command. usermod is also used to specify primary and secondary group membership.

passwd Sets passwords. Although primarily used to change a user's password, it also controls all aspects of password aging.

/usr/sbin/chpasswd Reads in a file consisting of username and password pairs, and updates each users' password accordingly.

chage Changes the user's password aging policies. The passwd command can also be used for this purpose.

chfn Changes the user's GECOS information.

Changes the user's default shell.

Group Management Command Line Tools

Application Function

/usr/sbin/groupadd Adds groups, but does not assign users to those groups. The useradd and usermod programs should then be used to assign users to a given group.

/usr/sbin/groupdel Deletes groups.

/usr/sbin/groupmod Modifies group names or GIDs, but does not change group membership. The useradd and usermod programs should be used to assign users to a given group. gpasswd Changes group membership and sets passwords to allow non-group members know the group password to join the group. It is also used to specify group administrators.

/usr/sbin/grpck Checks the integrity of the /etc/group and /etc/gshadow files.

Permission Management Command Line Tools

Application Function

Changes which group owns a given file.

Changes access permissions for a given file. It is also capable of assigning special permissions.

Changes a file's ownership (and can also change group).

Linux Shadow file in detail

surendra:$6$1aEszVo.gsdPEr:15107:22:99999:207:205:105345 : 1 2 3 4 5 6 7 8 9

1) User login name: This field gives details for user-login 2) Encrypted password: The password is in encryption form8) No of days from Jan 1, 1970 the account was disabled: and its MD5 encrypted form. This field may contain following things

• !! or ! indicates account is present but there is no password set for it. So user can not login if second field set to this values • :*: indicates the account was disable. • :: indicates that user can login with out password. in other words we can say password removed • $6$b93VXzq0$kI55QxFMpXv This example encrypted form indicates password is present and encrypted.

3) Last password change: Indicates when was the last the password changed?. This is the number of days from 1st Jan 1970. To get this number to convert to human readable format please have a look in to our other post how to convert this number.

4) Minimum days need for a password change: This is to make user to change the password only after some days. Suppose if this value is “0”, he can change the password any time. If this value is 15, then the user can change the password only after 15 days. What will happen if he tried to change the password today it self tho this value set to 15? We will get following error

Questions

1) Run a command that displays only your currently logged on user name. 2) Display a list of all logged on users. 3) Display a list of all logged on users including the command they are running at this very moment. 4) Display your user name and your unique user identification (userid). 5) Use to switch to another user account (unless you are root, you will need the password of the other account). And get back to the previous account. 6) Now use su - to switch to another user and notice the difference. 7) Create a user named user2, including home directory, bash shell, a description that reads “user2 ECE Group” all in one single command. 8) Create a file named welcome.txt and make sure every new user will see this file in their home directory. 9) Change the default login shell for the user1 user to /bin/bash. 10) Set the password for user1 to test123 11) Set a password for user1 and then lock the user1 user account with usermod. 12) Use passwd -d to disable the user1 password. Verify the user1 line in /etc/shadow before and after disabling. 13) What is the difference between locking a user account and disabling a user account's password i.e., usermod -L and passwd -d? 14) Make sure user1 has to change her password in 10 days. 15) Make sure every new user needs to change their password every 10 days. 16) Use chsh to list all shells (only works on RHEL/CentOS/Fedora), and compare to cat /etc/shells. 17) Create the groups groupA, groupB and groupC. 18) In one command, make user2 a member of groupA and groupC. 19) Rename the groupB group to groupF. 20) How many users we can create in Linux? How to delete user account in Linux? 21) What is the UID and GID limit in Linux? 22) Why UID and GID is just limited to that number? 23) Can two users in Linux have same UID? 24) How to see what are the shells available in a Linux Box? 25) What are the major files modified when you create a user? 26) How to delete home directories when user is deleted using single command? 27) How to recover deleted /etc/passwd File In RHEL ? 28) How to Change/Reset Root Password In Linux ? 29) How to Verify Integrity Of Password Files? 30) How can user get encrypted password in /etc/passwd back from /etc/shadow file?