A Developer's Guide to User Management Systems

A Developer's Guide to User Management Systems

Building Secure and Scalable User Management Systems

User Management -

  • Types of Users
  1. Root User

  2. System User

  3. Regular User

  1. Root User (Administrator/ Super User)

—> All permission for all files

—> Package management

—> More power comes with more responsibility

—> Complete user management

—> User Identification ID(UID) - 0 and Group Identification ID(GID) - 0

  1. System User

—> Manages system process, Services, Applications

—> Process Isolation

—> Database servers, web servers, logging daemons and networking services

—> Non-login accounts

—> Reserved UID, Range: -1 to 999

—> Limited privileges

  1. Regular Users (Normal User)

—> General day-to-day operations

—> Isolated home directories

—> UID, Range: 1000 and above

—> Home Directory: /home/username

—> Login Shell: /bin/bash


Few Important Files and Folders-

—> /etc/passwd

—> /etc/shadow

—> /etc/login.defs

—> /etc/default/useradd

—> /etc/skel

  1. /etc/passwd file

    /etc/passwd
    The /etc/passwd file is a critical component in Linux user management. It stores information about all user accounts on the system, including system, service, and regular user accounts.

    Note: We do not delete or modify this file.

eg:- visudotech:x:1000:1000:visudotech:/home/visudotech:/bin/bash

  • visudotech = User name

  • x = password

  • 1000 = UID

  • 1000 = GID

  • visudotech = GECOS(General Electric Comprehensive Operating System) or

    Comment

  • /home/visudotech = Home directory

  • /bin/bash = shell(Interactive or non-interactive)

  1. /etc/shadow

    /etc/shadow
    It is a critical file for user management, containing encrypted password information and account-related details for system users. It enhances security by storing sensitive data in a more restricted manner compared to the older /etc/shadow system.

    Note: We do not delete or modify this file.

    eg:- john:$6$abcdefgh$G4Xks6k7ZgGASuPNU3bvl9....:19200:0:99999:7:::

Explanation:

  • john: Username.

  • $6$abcdefgh$G4Xks6k7ZgGASuPNU3bvl9....: Hashed password (using SHA-512 in this case).

  • 19200: Last password change (days since 1 Jan 1970).

  • 0: Minimum password age (0 = no restriction).

  • 99999: Maximum password age (99999 = no expiration).

  • 7: Warning period (7 days before expiration).

  • ::: No account expiration or inactive period set.

Aspect/etc/passwd/etc/shadow
PurposeStores general user information.Stores sensitive password information.
AccessibilityReadable by all users.Restricted to root users.
SecurityDoes not store actual password.Stores encrypted password.
  1. /etc/login.defs
/etc/login.defs
The /etc/login.defs file in Linux is a configuration file used to define default settings for user account creation and authentication. It plays a critical role in user management by specifying system-wide policies such as password aging, UID/GID ranges, and home directory creation
  • Controls default settings for user account and password.

  • Used by utilities like useradd, usermod and passwd.

  • Consists of key value pairs, with one setting per line.

  1. /etc/default/useradd
/etc/default/useradd
The /etc/default/useradd file in Linux is a configuration file used to define the default settings for the useradd command. These settings are applied when new user accounts are created, unless overridden by command-line options.
  • Sets system-wide defaults for new user accounts, such as shell, home directory, and expiration date.

  • Reduces repetitive configurations when creating multiple users.

  • Contains key-value pairs, one setting per line, with comments prefixed by #.

  1. /etc/skel
/etc/skel
The /etc/skel directory in Linux is a template directory used during the creation of new user accounts. It contains default configuration files and directories that are copied into a new user's home directory when their account is created.
  • Provides a standard set of files and directories for new user accounts.

  • Ensures every new user starts with pre-configured settings.

Note: One of the directories from which some default files are copied to the home directory of a newly created user.

FilePurpose
.bashrcContains user-specific aliases and shell configurations for interactive bash sessions.
.bash_profileExecuted at login to set environment variables like $path.
.bash_logoutExecuted when a user logs out, allowing for cleanup tasks.

These three files will be created whenever you create new fille.


/User management in Linux is an essential administrative task that involves creating, managing, and maintaining user accounts and permissions. It ensures that users have appropriate access to system resources and maintains security and organization in multi-user environments.

I have mentioned the rest of the user management commands and additional details in my documents. Feel free to refer to them for a more comprehensive understanding of user management in Linux.