A Developer's Guide to User Management Systems
Building Secure and Scalable User Management Systems
User Management -
- Types of Users
Root User
System User
Regular User
- Root User (Administrator/ Super User)
—> All permission for all files
—> Package management
—> More power comes with more responsibility
—> Complete user management
—> User Identification ID(UID) - 0 and Group Identification ID(GID) - 0
- System User
—> Manages system process, Services, Applications
—> Process Isolation
—> Database servers, web servers, logging daemons and networking services
—> Non-login accounts
—> Reserved UID, Range: -1 to 999
—> Limited privileges
- Regular Users (Normal User)
—> General day-to-day operations
—> Isolated home directories
—> UID, Range: 1000 and above
—> Home Directory: /home/username
—> Login Shell: /bin/bash
Few Important Files and Folders-
—> /etc/passwd
—> /etc/shadow
—> /etc/login.defs
—> /etc/default/useradd
—> /etc/skel
/etc/passwd file
/etc/passwd
The /etc/passwd file is a critical component in Linux user management. It stores information about all user accounts on the system, including system, service, and regular user accounts.Note: We do not delete or modify this file.
eg:- visudotech:x:1000:1000:visudotech:/home/visudotech:/bin/bash
visudotech = User name
x = password
1000 = UID
1000 = GID
visudotech = GECOS(General Electric Comprehensive Operating System) or
Comment
/home/visudotech = Home directory
/bin/bash = shell(Interactive or non-interactive)
/etc/shadow
/etc/shadow
It is a critical file for user management, containing encrypted password information and account-related details for system users. It enhances security by storing sensitive data in a more restricted manner compared to the older /etc/shadow system.Note: We do not delete or modify this file.
eg:- john:$6$abcdefgh$G4Xks6k7ZgGASuPNU3bvl9....:19200:0:99999:7:::
Explanation:
john
: Username.$6$abcdefgh$G4Xks6k7ZgGASuPNU3bvl9....
: Hashed password (using SHA-512 in this case).19200
: Last password change (days since 1 Jan 1970).0
: Minimum password age (0 = no restriction).99999
: Maximum password age (99999 = no expiration).7
: Warning period (7 days before expiration).::
: No account expiration or inactive period set.
Aspect | /etc/passwd | /etc/shadow |
Purpose | Stores general user information. | Stores sensitive password information. |
Accessibility | Readable by all users. | Restricted to root users. |
Security | Does not store actual password. | Stores encrypted password. |
- /etc/login.defs
/etc/login.defs
Controls default settings for user account and password.
Used by utilities like useradd, usermod and passwd.
Consists of key value pairs, with one setting per line.
- /etc/default/useradd
/etc/default/useradd
Sets system-wide defaults for new user accounts, such as shell, home directory, and expiration date.
Reduces repetitive configurations when creating multiple users.
Contains key-value pairs, one setting per line, with comments prefixed by #.
- /etc/skel
/etc/skel
Provides a standard set of files and directories for new user accounts.
Ensures every new user starts with pre-configured settings.
Note: One of the directories from which some default files are copied to the home directory of a newly created user.
File | Purpose |
.bashrc | Contains user-specific aliases and shell configurations for interactive bash sessions. |
.bash_profile | Executed at login to set environment variables like $path. |
.bash_logout | Executed when a user logs out, allowing for cleanup tasks. |
These three files will be created whenever you create new fille.
/User management in Linux is an essential administrative task that involves creating, managing, and maintaining user accounts and permissions. It ensures that users have appropriate access to system resources and maintains security and organization in multi-user environments.
I have mentioned the rest of the user management commands and additional details in my documents. Feel free to refer to them for a more comprehensive understanding of user management in Linux.