Maintaining UNIX Users – Part 1/2

The relevant UNIX account system configuration files are:

  • /etc/passwd
  • /etc/group
  • /etc/shadow


The /etc/passwd file is the main configuration file for all UNIX users. It contains an entry for each user defined on the system; a single line within this file represents a single user. To view a single account, simply use the grep command to search the file for a specific account. Thus, to view the user account called stevem, do the following:

# grep stevem /etc/passwd
stevem:x:20003:10:Mr. Steve Maxwell:/homes/stevem:/usr/bin/bash

The format of the account entry includes seven fields, which are separated by a colon (:) character. Each field within the file represents one element of the UNIX account entry.

  • Username: This is name of the UNIX account. This is the name that will be shown when the user logs into the system. Ex,stevem
  • Password: This is where the password of the account is stored. If the /etc/shadow file is used, hen this field contains an “x”.
  • Account UID: This is the user identification number. Ex, 20003
  • Group ID: This is the group identification number that indicates the primary group membership for this user. Ex, 10
  • Comment: Comments about the account, which typically contains the real name of the account holder. Ex, Mr Steve Maxwell
  • Home Directory: The default directory where the user store files and will be placed after logging into the system. Ex, /homes/stevem
  • Shell: The program that will be run for the user when logged into the system. Typically, this field contains the desired shell, which acts as the basic command interpreter. Ex, /usr/bin/bash

Hint: When adding new users to the system, it will be important that a scan be done to ensure that no duplicate names are added. To minimize the chance of this happening, use one of the UNIX administrative tools to add the user directly. However, if the account is being added manually, simply use the grep command to ensure that the account doesn’t currently exist.

The /etc/group file contains definitions of groups and their corresponding group members. Groups provide a way to establish collections ofusers that share one or more things in common. For example, the group devel may contain all the users that are responsible in some way for the development of a particular product. If a user must be a member of more than one group, the associated account name can be added to additional groups that are defined within the /etc/group file A sample group, called devel, is shown here:

devel::107:samyu,irinav,anitat,stevem

Each line within this file represents a single group entry and contains four fields. Like the /etc/passwd entries, the fields within the /etc/group file are also separated by the colon (:) character.

  • Group Name: The name of the group. Ex, devel
  • Group Password: The password for the group. Ex, (blank)
  • Group ID: The group identification. Ex, 107
  • Group Members: A comma-separated list of group members are listed in this field. Ex, samyu, irinav, anitat, stevem

Hint: It is entirely reasonable for a UNIX user to be in more than one group at the same time.

The /etc/shadow file is used to store account password information and contains password aging information. In particular, it contains an encrypted password and related parameters that control elements about the password—for example, when the account password should expire. Unlike both the /etc/passwd and /etc/group files, which can be read by any user, the /etc/shadow file is restricted; only the superuser may list the content of the file. The contents of the /etc/shadow includes nine fields separated by colons. A sample password entry for the /etc/shadow file is shown here:

stevem:JcpRL1Irplkuw:11624:::::11615:

  • Account Name: The name of the associated UNIX account as defined within the /etc/passwd file. Ex, stevem
  • Password: This field contains the encrypted password. Ex, JcpRL1Irplkuw
  • Last Changed: When the entry was last modified. The number of days is measured from 1/1/1970. Ex, 11624
  • Min Days: The minimum number of days for the password to be changed. Ex, (blank)
  • Max Days: The maximum number of days that the password will retain value. Ex, (blank)
  • Warn Days: The number of days to warn the user of a pending password expiration. Ex, (blank)
  • Inactive Days: The number of days for the account to be inactive before the account will expire. Ex, (blank)
  • Exipre Date: The date when the account will no longer be accessible by the user. This number is also in the same format as the Last Changed field. Ex, 11615
  • Flag: Reserved for future use and is currently not used. Ex, (blank)