Skip to content
Linux Academy by Uirá Ribeiro

Basic security and identification of user types

Managing user accounts on Linux is relatively easy. User accounts are saved in a special file called /etc/passwd. Passwords are saved in /etc/shadow and user groups in /etc/group.

Learn much more with our online Linux security course

/etc/passwd user account file

Data such as user login, password, identifier, group to which the user belongs, user name, home directory and shell are saved in this file.

The passwd format is:

Login:Password:UID:GID:Comment:Home:Shell

Each element that constitutes the content of the /etc/passwd file is separated by a colon, in the following sequence:

Login: The login is the identification that the user will use in the system. This must be unique, without spaces and generally an abbreviation of the name. Some applications require their own user who will define security permissions;

Password: The x represents the user’s password. In the early days of Linux, the encrypted password was written in this field instead of the x. But since several applications and utilities must have access to the content of the passwd file, it must have reading permissions for everyone. It was soon realized that it was not very secure, and the encrypted password was placed in another special file called shadow with read-only permissions for root. If the password does not contain any characters (empty), login may be allowed without asking for a password;

User ID (UID): This ID is unique numeric for each user account. By definition, ID zero (0) is designated for the root user, who enables their powers as system administrator. By convention, IDs from 1 to 99 are used for administrative use and user accounts used by system services;

Group ID (GID): This is the numeric ID of the group to which the user belongs. Users can join workgroups to facilitate information sharing and system security management. The Group ID - GID must be registered in the /etc/group group control file;

Username or comment: This alphanumeric field accepts spaces and is reserved for the user’s name or any other relevant observation;

Home Directory: The home directory is the default directory for the user account. It is in this directory that the account owner has special privileges. In this field of the passwd file you must enter the full path of the home directory;

Shell: This field designates the shell executable that each user uses. The default is the Bourne Again Shell /bin/bash. Other executables can be used, such as /bin/sh, /bin/tcsh, or any other program that will be executed shortly after the user’s login process. There are special files such as /bin/false. This program simply does nothing, prohibiting the account user from logging into the system interactively. Another possibility is the /sbin/nologin file. This program also does not allow the user to enter the system interactively, but displays a message that can be configured in the /etc/nologin.txt file

User accounts containing a false shell such as /bin/false or /sbin/nologin are generally used as special accounts, used by programs, such as to provide limited access to files. For example, the Apache web server uses the “Apache” user account to delimit which files the httpd program may be able to write to.

The root superuser account, on the other hand, has special features, such as UserID is zero and group zero. This gives the account superpowers and unlimited access to all system resources.

See an example of user accounts in /etc/passwd:

root:x: 0:0:root: /root: /root: /bin/bash apache:x: 48:Apache: /var/www: /sbin/nologin openvpn:x: 219:497:openVPN: /etc/openvpn: /sbin/nologin zabbix:x: 500:501: :/home/zabbix: /bin/bash uira:x: 501:501: :/home/uira: /bin/bash

/etc/shadow password file

Formerly, Linux kept passwords encrypted in the second field of the /etc/password file. Since several programs need access to system accounts, the passwords were moved to the /etc/shadow file, which is not allowed to read by anyone.

In addition, if everyone has access to the file with the encrypted passwords, a brute force attack can be carried out, generating combinations of words, numbers, and symbols that are encrypted and compared with the encrypted passwords, until a comparison is positive. Therefore, the fact that only root has access to /etc/shadow makes this attack difficult.

$ ls -l passwd shadow -rw-r--r-- 1 root root 1573 out 15 02:12 passwd ---------- 1 root root 760 out 15 02:12 shadow

Passwords in Linux are encrypted in a way that is not recoverable using reverse engineering.

Group archive /etc/group

To facilitate the administration of access permissions to system resources and files, Linux makes use of the concept of workgroups. Each user is part of at least one workgroup, defined in /etc/passwd through the Group ID field.

Workgroups and their respective Group IDs are defined in the /etc/group file:

Group name: Password: GID: list of members

Each column separated by a colon in the file has the following meaning:

Group name: The group name must be unique in the system.

Group Password: Like user accounts, groups can also make use of a password so that a user can join it. Group passwords were encrypted and moved to the /etc/gshadow file. This field currently contains an “x”;

Group ID (GID): Each group needs a unique positive integer numeric ID. This ID is referenced in the /etc/passwd file;

Member List: User groups can contain one or more members and a user can be a member of more than one group. This field contains a list of user logins that are part of a group.

Some distributions such as Redhat create a user group for each user created on the system. Other distributions such as SuSE use the users group (GID 100) for all users.

Here’s an example from /etc/group:

root:x:0:root daemon:x:10:wwwrun, sendmail, squid users:x:500:uira, Carla

Are you an IT professional, support professional, or developer, have you ever considered learning Linux for real?

Is it still bad to get an LPI Linux Essentials certification from breaking?

And even better, with the best online course for Linux?

[RICH_REVIEWS_SHOW CATEGORY=“Course” num=“all “]

Do like these people and create your account now.

Here you have everything you need to succeed in the LPI exams

  • Practical Classes at Shell
  • Flashcards for memorization
  • Crossword Games
  • 06 virtual servers on Amazon just for you
  • Mind Maps
  • Video Glossary
  • Preparatory simulation for the exams
  • Personalized class schedule
  • Guided exercises — Real Laboratories
  • Lesson Resources (notes and others)

Do you want to know if a certification is worthwhile? Learn why salaries are good, and why companies are looking for Linux professionals.

You’ll understand that the benefits far outweigh the sacrifice.

And if you’ve made up your mind, check out our Certification Guide.

And if you want to know where to take the tests, check the list of cities.

If you want to know the language of the exams, check out this post.

Learn much more about Linux in our online course. You can register here. If you already have an account, you can log in here.