Ubuntu: Creating Users

by Mike on June 13, 2010

in Ubuntu Servers

Creating Users
In order to provide access to Ubuntu server resources all users need to have an account set up for them.  The administrator sets up an account using the useradd command and creating a password with the passwd command.  The passwords are kept in the /etc/shadow file to make sure they cannot be viewed by anyone except the root user.

useradd   joe

This creates a user named joe.  However, this does not create a password, a home directory,  or any other options.  Here are several options:

-u  uid             user ID specified
-g  group        specify a group for the user
-G                   lists groups the user is in
-c  comment   describe user
-d  dir             home directory
-m                  make home directory if it does not exist
-k   skel_dir   skeleton home directory
-s  shell         login program, the default is /bin/bash
-e  YYYY-MM-DD   expiration date account disabled
-p password   create password at time of creating user

If you wanted to create joe with a home directory you would use this command:

useradd -m joe

The default home for joe is created in /home/joe.  The /home directory is used for all normal users by default.  If you wanted to create a special directory with the “-d” option for a user you could follow this pattern:

mkdir /sales
useradd -d /sales john

This information is confirmed when you look at john’s entry in/etc/passwd.

john:x:1003:1003::/sales:/bin/sh

One of the advantages of using the passwd command is that it will automatically run chown and chgrp commands to make sure the permissions are set correctly for the user.  If you don’t use useradd you must set these permissions manually.  Another advantage of useradd  is that it is a command that can be used on all Linux systems to add users.

Files When a User is Created
There are six major files or directories  that are  involved in the creation of a user.

/etc/passwd – contains user account information, explained above
/etc/shadow – secure user password stored here, only root can read it
/etc/group – group information for user
/etc/default/useradd – default information for adding all users
/etc/login.defs – system default login in settings
/etc/skel  – default settings for the home directory.

Shadow Passwords
User and group passwords are encrypted in /etc/shadow and /etc/gshadow.  This removes the passwords from the publicly accessible /etc/passwd file.  Only the root user is able to access these two files.  The result  is that users will not be able to attempt to crack other user passwords.

/etc/shadow
When /etc/shadow is used the passwd field in /etc/passwd should have an x, do not leave that space empty as it will allow an account without a password requirement. The /etc/shadow file listed below contains these fields: login name, encrypted password, date of last password change, minimum days between changes, max days between changes, warning advance days, days after password expiration account expires, expiration date, and empty field.  The date fields are based on the days from January 1,1970.
This example shows that two users have encrypted passwords.  The /etc/login.defs file sets the default encryption method as SHA512 illustrated by the start of each password with “$6$”.  Random salt is added to these passwords which means that even if you use the same password for two users it will not look the same as part of each text string representing a password is random.

root$6$iXVPoloN$JCbifzb9KC/ghzp01IuW7wKpjl.9sHqhPT1hkK9Rttz3i1bxq4SqOPlTI7lokHlJBzE/aGs7xrAdnCfAx4KkV1:14691:0:99999:7:::
daemon:*:14691:0:99999:7:::

bin:*:14691:0:99999:7:::
—cut—
libuuid:!:14691:0:99999:7:::
syslog:*:14691:0:99999:7:::
bind:*:14691:0:99999:7:::
landscape:*:14691:0:99999:7:::
mike:$6$610tJ2Jv$OKMNUewb9aKAuZUxWutV8TXhDgeefIPcXArKHXr20Eb8G39TAMGXs2KhGKybaP/

Previous post:

Next post: