DevOps

Linux Accounts

Michael L. Collard, Ph.D.

Department of Computer Science, The University of Akron

Accounts

  • Superuser (“root”) - created during installation
  • Programs, e.g., web server, backup, ssh server, etc. – created during program installation
  • Users – created as needed by superuser

/home/username

  • Home directory of username
  • Created during adduser
  • Not the only place to place home directories
  • Especially on larger systems, or with “legacy accounts” from other Unix systems
  • May be an alias for the actual location

Non-local Accounts

  • Accounts on multiple systems are typically administered from a central location
  • Home directories may be shared across machines
  • Direct access to account information files is discouraged, e.g., /etc/passwd

root

  • Superuser account, privileged user
  • First account in system (userID of 0)
  • No restrictions on what command can be performed or what program can be run
  • Home directory (recommended): /root – “root on root”
  • Not in /home directory with other accounts
  • Used to be in “/”
  • “root in root”
  • Also has its own group

Using root

  • Security problems when unauthorized program gets root status
  • Recommended: minimize use of root, i.e., su to root
  • Ubuntu, OS X do not enable (default) root access
  • sudo
  • Fine-grain permission to users to run programs, access files
  • Log kept of access
  • Login required (5 minute timespan)
  • Notifies root (email) when unauthorized command is entered

User Account files and directories

  • /home/
  • /etc/passwd
  • /etc/shadow
  • /etc/group
  • /etc/gshadow
  • Typically created using adduser or useradd command

/etc/passwd

  • Main account attributes: username, password, userID (uid), groupID (gid), gecos, home directory, default shell
  • Colon (“:”) separated file
  • Empty attribute “::”
  • Any user can view
  • Modify using usermod

/etc/shadow

  • Purpose: hide passwords
  • Restricted to root
  • Attributes: username, password (encrypted), password aging information
  • One-way encryption algorithm, based on DES – crypt() function

/etc/group

  • Accounts (e.g., users) belong to groups
  • Serves as a way of sharing files and directories with a subset of all users
  • Default group created for each user (during adduser)
  • Create additional groups using addgroup

/etc/gshadow

  • Purpose: hide group passwords
  • “man gshadow”
  • Groups also have a password, and an administrator (will revisit later)