The Linux user account is a way for users to log in to their system and perform various tasks. This is just as it was in UNIX. The /etc/passwd file stores all user accounts and information about that user. The /home directory, the username and user ID #.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:998:996:User for polkitd:/:/sbin/nologin libstoragemgmt:x:997:995:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin chrony:x:996:994::/var/lib/chrony:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin _lldpd:x:995:993:LLDP daemon:/var/run/lldpd:/bin/false named:x:25:25:Named:/var/named:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin dovenull:x:994:992:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin mailnull:x:47:47:Exim:/var/spool/mqueue:/bin/false mailman:x:993:990:GNU Mailing List Manager:/usr/local/cpanel/3rdparty/mailman:/bin/bash cpanelroundcube:x:201:201::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell cpanelphpmyadmin:x:992:989:phpMyAdmin for cPanel & WHM:/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell cpanelphppgadmin:x:991:988:phpPgAdmin for cPanel & WHM:/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell cpanel:x:202:202::/var/cpanel/userhomes/cpanel:/usr/local/cpanel/bin/noshell cpanelcabcache:x:203:203::/var/cpanel/userhomes/cpanelcabcache:/usr/local/cpanel/bin/noshell cpanelrrdtool:x:204:204::/var/cpanel/userhomes/cpanelrrdtool:/usr/local/cpanel/bin/noshell mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false cpanellogin:x:990:987::/var/cpanel/userhomes/cpanellogin:/usr/local/cpanel/bin/noshell cpaneleximfilter:x:989:986::/var/cpanel/userhomes/cpaneleximfilter:/usr/local/cpanel/bin/noshell cpaneleximscanner:x:988:985::/var/cpanel/userhomes/cpaneleximscanner:/usr/local/cpanel/bin/noshell cpanelconnecttrack:x:987:984::/var/cpanel/userhomes/cpanelconnecttrack:/usr/local/cpanel/bin/noshell cpanelanalytics:x:986:983::/var/cpanel/userhomes/cpanelanalytics:/usr/local/cpanel/bin/noshell cpses:x:985:982::/var/cpanel/cpses:/sbin/nologin afrunique:x:1000:1002::/home/afrunique:/bin/bash dealerlytics180:x:1003:1005::/home/dealerlytics180:/bin/bash fusionmediasoft:x:1004:1006::/home/fusionmediasoft:/bin/bash liberialink:x:1005:1007::/home/liberialink:/bin/bash onyxcy:x:1006:1008::/home/onyxcy:/bin/bash smtalt:x:1007:1009::/home/smtalt:/bin/bash taxlinkrol:x:1008:1010::/home/taxlinkrol:/bin/bash cpanelsolr:x:984:980:Solr Search Server for Dovecot:/home/cpanelsolr:/bin/false cannaboish:x:1011:1013::/home/cannaboish:/bin/bash lldpd:x:983:978:Used by the lldpd daemon:/var/lib/lldpd:/sbin/nologin uabnlink:x:1012:1014::/home/uabnlink:/bin/bash gemicap:x:1013:1015::/home/gemicap:/bin/bash _imunify:x:982:976::/home/_imunify:/bin/bash |
The /etc/shadow file contains the actual encrypted passwords used by that user. Below is a sample of this file. You can see the SHA512 encrypted passwords in this file. They are encrypted using a salt value, this is the first part of the hash.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | geoclue:*:17554:0:99999:7::: dnsmasq:*:17625:0:99999:7::: libvirt-qemu:!:17625:0:99999:7::: libvirt-dnsmasq:!:17625:0:99999:7::: gnome-initial-setup:*:17681:0:99999:7::: cups-pk-helper:*:17686:0:99999:7::: debian-tor:*:17741:0:99999:7::: landscape:*:17780:0:99999:7::: xrdp:!:17794:0:99999:7::: gpsd:*:17811:0:99999:7::: wims:*:17812:0:99999:7::: nowims:*:17812:0:99999:7::: test5:$6$ME.NPp5c$rAXZfDuex8s9Cfl.hb1P45fo5v.1ZLoXewwrnREaWlOqj6UWzlnYVsoUZSoNTisZczTRv63/GVk5dJNb69hqB/:18327:0:5:3::: rootnew:$6$iODdhenn$kzFBoKWjDX2VNJJLY2JKMdH87V/stzC9DizvCbWm4hs7duM9Db9.VdEh3V3pRVQfSUSR.etXaEkj.ZGr3nP7M1:18273:0:99999:7:3:18107: test6:$6$KtfjjmuH$Dukv88ZIugozIxyWMYuwR17/6Fp3.iLGgdFd1IaVGOZqjhyL1RB1C2IHYTUuLMWkF2NDp6cTNkDzWyQ9SO7sL0:18303:0:99999:7:3:1: sddm:*:18336:0:99999:7:3:18107: festival:*:18393:0:99999:7:3:18107: mdatp:!:18437:::::: tss:*:18445:0:99999:7:3:18107: tcpdump:*:18445:0:99999:7:3:18107: _rpc:*:18445:0:99999:7:3:18107: _flatpak:*:18445:0:99999:7:3:18107: systemd-coredump:!!:18445:::::: |
This is an example.
1 2 3 | (Salt value) : (Password encrypted with SHA512). $6$iODdhenn $ kzFBoKWjDX2VNJJLY2JKMdH87V/stzC9DizvCbWm4hs7duM9Db9.VdEh3V3pRVQfSUSR.etXaEkj.ZGr3nP7M1 |
This is a pretty good way of storing user passwords.
When you log in to your system, it compares the hash of your entered password against the hash of the stored password, and then it lets you in if they match. The $6 value at the start means that it is using SHA512 encryption.
It is possible to see how this works using this command. Use the mkpasswd -m sha-512
command and supply a password and a salt value, this will generate an encrypted string that should match a value in the /etc/shadow file.
┌─[jason@jason-desktop]─[/etc] └──╼ $mkpasswd -m sha-512 "beamup" 6Kkc/gtgE/Olz1ac $6$6Kkc/gtgE/Olz1ac$hAfyfKtknvmju.Z3l7r3lW1sS9kMPPXGJE9IYBbAh8plN4S/DN7RyxPC2/l5C0iL0fGu665jE268l0g.VB2Ui. |
Get the salt value of a password string and then the known password, and you may see that the generated password has is exactly the same.
This matches the string for the user “kirk”.
kirk:$6$6Kkc/gtgE/Olz1ac$hAfyfKtknvmju.Z3l7r3lW1sS9kMPPXGJE9IYBbAh8plN4S/DN7RyxPC2/l5C0iL0fGu665jE268l0g.VB2Ui.:18560:0:99999:7::: |
Ubuntu 20.04 uses a longer salt value than Ubuntu 18.04 did, this might provide more security. I have discovered that on Ubuntu 20.04 at least, you can not create a username with an uppercase character in it. This gives an error and you can not continue.
Below is the error message I got when I tried to add a user with an uppercase character in the username.
┌─[jason@jason-desktop]─[~] └──╼ $sudo adduser Kirk [sudo] password for jason: adduser: Please enter a username matching the regular expression configured via the NAME_REGEX[_SYSTEM] configuration variable. Use the `--force-badname' option to relax this check or reconfigure NAME_REGEX. |
This makes sense I guess from a system standpoint.