Posted: . At: 9:20 AM. This was 4 years ago. Post ID: 14733
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


Linux user accounts. How they are setup and how they work.

by

The Linux user account is a way for users to log in to their system and perform various tasks. This is just as it was in UNIX. The /etc/passwd file stores all user accounts and information about that user. The /home directory, the username and user ID #.

/etc/passwd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:998:996:User for polkitd:/:/sbin/nologin
libstoragemgmt:x:997:995:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
chrony:x:996:994::/var/lib/chrony:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
_lldpd:x:995:993:LLDP daemon:/var/run/lldpd:/bin/false
named:x:25:25:Named:/var/named:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:994:992:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
mailnull:x:47:47:Exim:/var/spool/mqueue:/bin/false
mailman:x:993:990:GNU Mailing List Manager:/usr/local/cpanel/3rdparty/mailman:/bin/bash
cpanelroundcube:x:201:201::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
cpanelphpmyadmin:x:992:989:phpMyAdmin for cPanel & WHM:/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
cpanelphppgadmin:x:991:988:phpPgAdmin for cPanel & WHM:/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
cpanel:x:202:202::/var/cpanel/userhomes/cpanel:/usr/local/cpanel/bin/noshell
cpanelcabcache:x:203:203::/var/cpanel/userhomes/cpanelcabcache:/usr/local/cpanel/bin/noshell
cpanelrrdtool:x:204:204::/var/cpanel/userhomes/cpanelrrdtool:/usr/local/cpanel/bin/noshell
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false
cpanellogin:x:990:987::/var/cpanel/userhomes/cpanellogin:/usr/local/cpanel/bin/noshell
cpaneleximfilter:x:989:986::/var/cpanel/userhomes/cpaneleximfilter:/usr/local/cpanel/bin/noshell
cpaneleximscanner:x:988:985::/var/cpanel/userhomes/cpaneleximscanner:/usr/local/cpanel/bin/noshell
cpanelconnecttrack:x:987:984::/var/cpanel/userhomes/cpanelconnecttrack:/usr/local/cpanel/bin/noshell
cpanelanalytics:x:986:983::/var/cpanel/userhomes/cpanelanalytics:/usr/local/cpanel/bin/noshell
cpses:x:985:982::/var/cpanel/cpses:/sbin/nologin
afrunique:x:1000:1002::/home/afrunique:/bin/bash
dealerlytics180:x:1003:1005::/home/dealerlytics180:/bin/bash
fusionmediasoft:x:1004:1006::/home/fusionmediasoft:/bin/bash
liberialink:x:1005:1007::/home/liberialink:/bin/bash
onyxcy:x:1006:1008::/home/onyxcy:/bin/bash
smtalt:x:1007:1009::/home/smtalt:/bin/bash
taxlinkrol:x:1008:1010::/home/taxlinkrol:/bin/bash
cpanelsolr:x:984:980:Solr Search Server for Dovecot:/home/cpanelsolr:/bin/false
cannaboish:x:1011:1013::/home/cannaboish:/bin/bash
lldpd:x:983:978:Used by the lldpd daemon:/var/lib/lldpd:/sbin/nologin
uabnlink:x:1012:1014::/home/uabnlink:/bin/bash
gemicap:x:1013:1015::/home/gemicap:/bin/bash
_imunify:x:982:976::/home/_imunify:/bin/bash

The /etc/shadow file contains the actual encrypted passwords used by that user. Below is a sample of this file. You can see the SHA512 encrypted passwords in this file. They are encrypted using a salt value, this is the first part of the hash.

/etc/shadow
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

geoclue:*:17554:0:99999:7:::
dnsmasq:*:17625:0:99999:7:::
libvirt-qemu:!:17625:0:99999:7:::
libvirt-dnsmasq:!:17625:0:99999:7:::
gnome-initial-setup:*:17681:0:99999:7:::
cups-pk-helper:*:17686:0:99999:7:::
debian-tor:*:17741:0:99999:7:::
landscape:*:17780:0:99999:7:::
xrdp:!:17794:0:99999:7:::
gpsd:*:17811:0:99999:7:::
wims:*:17812:0:99999:7:::
nowims:*:17812:0:99999:7:::
test5:$6$ME.NPp5c$rAXZfDuex8s9Cfl.hb1P45fo5v.1ZLoXewwrnREaWlOqj6UWzlnYVsoUZSoNTisZczTRv63/GVk5dJNb69hqB/:18327:0:5:3:::
rootnew:$6$iODdhenn$kzFBoKWjDX2VNJJLY2JKMdH87V/stzC9DizvCbWm4hs7duM9Db9.VdEh3V3pRVQfSUSR.etXaEkj.ZGr3nP7M1:18273:0:99999:7:3:18107:
test6:$6$KtfjjmuH$Dukv88ZIugozIxyWMYuwR17/6Fp3.iLGgdFd1IaVGOZqjhyL1RB1C2IHYTUuLMWkF2NDp6cTNkDzWyQ9SO7sL0:18303:0:99999:7:3:1:
sddm:*:18336:0:99999:7:3:18107:
festival:*:18393:0:99999:7:3:18107:
mdatp:!:18437::::::
tss:*:18445:0:99999:7:3:18107:
tcpdump:*:18445:0:99999:7:3:18107:
_rpc:*:18445:0:99999:7:3:18107:
_flatpak:*:18445:0:99999:7:3:18107:
systemd-coredump:!!:18445::::::

This is an example.

1
2
3

(Salt value) : (Password encrypted with SHA512).
 
$6$iODdhenn $ kzFBoKWjDX2VNJJLY2JKMdH87V/stzC9DizvCbWm4hs7duM9Db9.VdEh3V3pRVQfSUSR.etXaEkj.ZGr3nP7M1

This is a pretty good way of storing user passwords.

When you log in to your system, it compares the hash of your entered password against the hash of the stored password, and then it lets you in if they match. The $6 value at the start means that it is using SHA512 encryption.

It is possible to see how this works using this command. Use the mkpasswd -m sha-512 command and supply a password and a salt value, this will generate an encrypted string that should match a value in the /etc/shadow file.

┌─[jason@jason-desktop][/etc]
└──╼ $mkpasswd -m sha-512 "beamup" 6Kkc/gtgE/Olz1ac
$6$6Kkc/gtgE/Olz1ac$hAfyfKtknvmju.Z3l7r3lW1sS9kMPPXGJE9IYBbAh8plN4S/DN7RyxPC2/l5C0iL0fGu665jE268l0g.VB2Ui.

Get the salt value of a password string and then the known password, and you may see that the generated password has is exactly the same.

This matches the string for the user “kirk”.

kirk:$6$6Kkc/gtgE/Olz1ac$hAfyfKtknvmju.Z3l7r3lW1sS9kMPPXGJE9IYBbAh8plN4S/DN7RyxPC2/l5C0iL0fGu665jE268l0g.VB2Ui.:18560:0:99999:7:::

Ubuntu 20.04 uses a longer salt value than Ubuntu 18.04 did, this might provide more security. I have discovered that on Ubuntu 20.04 at least, you can not create a username with an uppercase character in it. This gives an error and you can not continue.

Below is the error message I got when I tried to add a user with an uppercase character in the username.

┌─[jason@jason-desktop][~]
└──╼ $sudo adduser Kirk
[sudo] password for jason: 
adduser: Please enter a username matching the regular expression configured
via the NAME_REGEX[_SYSTEM] configuration variable.  Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.

This makes sense I guess from a system standpoint.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.