Introduction to Users and Groups in Linux

Before you start

Objectives: Learn what is user account, what is passwd and group file, and how are those files structured.

Prerequisites: no prerequisites.

Key terms: Linux, passwd, group, shadow, gshadow, user account, user group.


User Account and User Groups

User account in any OS help us to control who can log on to a system, and which actions can user perform, and which resources can a user access. We can group users with similar needs into user groups, to ease system administration.

User and Group Database

As is usual with other things in Linux, the user database in Linux is actually a text file. The same is with group database. Like other configuration files, we can find files for users and groups in /etc/ directory. User database file is /etc/passwd and Group file is /etc/group.

Traditionally, the passwd is a plain text file, and it used to contain usernames, user ids, passwords, home directories, etc. The password was stored in a hashed format, so it wasn’t just a plain text password, but it still was a potential security risk since everyone can read passwd file and try to decipher passwords. To solve that problem, Linux now has shadow files which hold encrypted password information. They were designed to just store password information. The shadow file for user information is /etc/shadow, and for group information the shadow file is/etc/gshadow (gshadow holds passwords for groups).

The thing is not everyone can read shadow and gshadow files. Only the root  user can read those files, by default, and we should leave it like this. So, usernames, ids, shell information, etc. is stored in one file, and password information is stored in another file which other users can’t access. Shadow files can also contain information about account expiration or password expiration.

File Structure

passwd  and group files consist of number of columns. That is, each piece of information is separated by colon, and in that way the columns are formed. One row means one record for one user. This is how several entries look like in passwd file (Ubuntu 14.04):

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh

The first column in passwd  file is user name. For the first row this is the root. The user name is not unique identifier for users in Linux (as is not in Windows OS). Operating system identifies user by the User ID or UID. The second column would be the user password. The third field is the unique ID for the user. For the user root the ID is always 0. Users which we manually create will have UID starting from 500 and above. The fourth field is the Primary group ID (more on primary groups a bit later). After that we have a comment field, home directory field, and the shell information.

The group  file is similar in structure. This is a snippet from group file in Ubuntu 14.04.

root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:cicnavi

First we have a group name, group password, group ID (GID), and then the list of user IDs that belong to that particular group. Notice that Linux identifies groups using GID, and not group name. In Linux world we differentiate tow types of groups. The first one is called a Primary group or sometimes called Private group. When we create a new user, a corresponding group is also created for that user, and that user is the only member of that group. This group is then used to define the owner of files and directories which that user creates. So, with Primary group the user account specifically identifies the primary group for each user. The second type of groups are Secondary groups. Secondary groups are groups that we manually create. We can then assign users as members of Secondary groups and then control access to computer resources by using permissions.

User ID and group ID are typically automatically assigned by the system, but in some cases we can modify the ID if we have to.