Creating Users and Groups - Linux


There are two files associated with creating user accounts: the /etc/password file and the /etc/shadow file. You can create users and groups using the many X windows GUIs or you can create them through the command line. Regardless, you should know the contents of the files, where to find them and how to manually create users and groups through the command line interface.

password file

User information is contained in a text file called password that is normally located in the /etc directory. The file is often modified by a program called adduser or something similar. The text file password consists of the following information for each user:

 eblanchard:1v2B3uWaA.8iA:501:237:Eugene Blanchard:/home/eblanchard:/bin/bash

 "eblanchard"   is the username.
 "1v2B3uWaA.8iA"  is the user's encrypted password.
 "501"    is the user's numerical ID (must be unique)
 "237"    is the group numerical ID that the user belongs to.
 "Eugene Blanchard" is the full name of the user.
 "/home/eblanchard"  is the home directory of the user.
 "/bin/bash"   is the shell program that the user uses.

The password file is available to all users to view. This is because some programs require access to the password file.

Note: usernames longer than 8 characters can cause problems in some programs. For example, the username "eblanchard" cannot telnet into a Linux server from a Win95 telnet client. The username is truncated to "eblancha" and the Linux server doesn't recognize it as a valid username.

Changing your password

To change your password, you type the password command. Depending on the flavour of Unix that you are using, it may be one of the following:

  • password
  • passwd
  • passwrd
  • ypasswd (used with NIS)

The password command will prompt you for your existing password (old) then ask you to type in your new password once and then once again to confirm the password. Choose a password that is at least 8 characters long, use alphanumeric characters and a combination of upper and lower case letters. Write down you password in a safe place that you will remember where it is!

group file

The group file is a text file that contains information about the groups that are allowed to use the system. It is located in the directory /etc. Groups are added using a program called addgrp or something similar. Each line in a group file contains four fields:

	instructors:NONE:237:eblanchard,dspurgeon,hsylvan

	"instructors"		is the group name
	"NONE"			indicates that there is no password with this group.
				It is limited to the listed users.
	"237"			is the numerical group ID
	"eblanchard,..		is the list of group members which can be users or other
groups

shadow file

Unix passwords are a maximum of 13 characters long and can be encrypted in 4,096 different ways. There are hacking programs that are able to decode the passwords in the password file. In order to fix this security leak, Unix operating systems that are System V compatible have another file called the shadow file that works with the password file.

The password file does not contain the encrypted passwords, instead it points to the shadow file, which contains the encrypted login passwords. The password file will have a blank space where the encrypted password usually resides.

The password file is still available for all users to view but the shadow file is restricted and only the system administrator can view it. In this manner the security loop-hole has been fixed.

Communicating with Users

You can communicate with other users within Unix by two methods: write and talk.

The write command communicates on the command-line. To finish communicating use "ctrl d".

The talk command splits the screen in two. Top of the screen is the destination's half of the conversation. The bottom is the source's half. To finish communicating use "ctrl d" or break.

To initiate either method, type the command followed by the person's username that you want to communicate with. For example:

	talk blanchas

To stop users from communicating with you, type:

	mesg -n

To allow access:

	mesg -y

To see current status:

	mesg

If this page has helped you, please consider donating $1.00 to support the cost of hosting this site, thanks.

Return to

TelecomWorld 101

Copyright July 2013 Eugene Blanchard