A Linux User Reference

Search tips
  • search ignores words that are less than 4 characters in length
  • searches are case insensitve
  • if a search does not return anything try it in Boolean mode then Query expansion mode by checking the appropriate radio button e.g. searching for 'cron' in just the Administration category returns nothing - presumably because the 50% threshold is reached. Boolean mode ignores this threshold so a search for 'cron' returns several hits
  • in Boolean mode preceding a word with a '+' means the result must include that word, a '-' means it must not
  • in Boolean mode '+crontab -anacron' means match articles about crontab that DO NOT mention anacron
  • to match a phrase e.g. 'manage system' check the Boolean mode radio button and enclose the phrase in quotes "some phrase ..."
  • in Query expansion mode the search context is expanded beyond the keywords you entered - relevancy of hits may well be degraded


Users & groups

  • User profile template files

    A directory containing templates of user profile files. Used to populate a default user account.

    Possible contents

  • User and group IDs
    • Some newer systems start user IDs at 1000 rather than 500.
    • Values of 1000 (or 500) and greater normally signify ordinary users.
    • Values below 1000 (or 500) are reserved for system users.

    Maximum and minimum UIDs, GIDs are defined in /etc/login.defs

    UID_MIN        1000
    UID_MAX        60000
    GID_MIN        1000
    GID_MAX        60000

    This file is the configuration file for the login program and also for the Shadow Suite as a whole. It also contains:

    • settings that control what the prompts will look like
    • flags that control the amount of logging that takes place
    • pointers to other configuration files
    • default assignments for things like password aging, expiration ...
  • Create, update a user account

    Add a user with default settings using '/etc/skel'

    # useradd jbloggs

    Add user, create home dir, GECOS field and 'tcsh' as login shell

    # useradd -mc "John Doe" -s /bin/tcsh jdoe

    Display current account-creation defaults

    $ useradd -D                                  
  • More user and group account commands

    Delete a user account - /usr/sbin/userdel

    userdel [options] user

    Modify a user account - /usr/sbin/usermod

    usermod [options] user

    Create a group account - /usr/sbin/groupadd

    groupadd [options] group 

    Delete a group account - /usr/sbin/groupdel

    groupdel group

    Modify a group account - /usr/sbin/groupmod

    groupmod [options] group

    Change a group ID - /usr/bin/newgrp

    newgrp [-] group

    Changes the current group ID during a login session. If '-' option is used the user's environment is reinitialised as though the user had just logged in.

  • Modify a user account password

    Display status of user mark's password

    # passwd -S mark
    Mark P 2007-11-09 0 99999 7 -1

    Change own passwd

    $ passwd

    You are prompted for current password, then new one then confirmation of new one

    Change another user's password

    # passwd mark                       (as root)
    $ sudo passwd mark  
  • Change user password expiration details

    The date may also be expressed in the format YYYY-MM-DD

    List user's account aging information

    # chage -l mark
    Last password change                       : Nov 09, 2007
    Password expires                           : never
  • User account password file

    Plain text, readable by all, no passwords in it if shadow passwd compiled in. Passwords of 'x', '!', '*' or 'blank/null' is a space filler. This prevents someone from being able to determine if a password has been set or not.

    Sample entries -/etc/passwd

    # Format:
    # username:password:UID:GID:comments:home dir:default shell

    An 'x' in 2nd. field indicates that shadow ('/etc/shadow') passwd file is being used.

  • User account shadow password file

    Plain text, readable by root, contains encrypted passwords omitted from /etc/passwd. A password that is not a valid 'crypt' string or has not been set, can be '!', 'x' or '*'.

    Sample entries - /etc/shadow

    # Format: 
    # username:encrypted password:"info :on:password:ageing":::
  • Group account password file

    Plain text, readable by all. The password field can be 'blank/null', '!' or 'x' depending on the implementation, may indicate whether a password is set or not. Commonly it is set to 'x', and one should not be able to determine if a password is set by looking into this file.

    Sample entries - /etc/group

    # Format:
    # grp name:grp password:grp ID:members list
  • Group account shadow password file

    Plain text, readable by root, contains encrypted group passwords omitted from /etc/group. If the password field is '!', 'x' or a non valid 'crypt' string it means that the group password is not set.

    Sample entries - /etc/gshadow

    # Format:
    # grp name:encrypted password:administrators list:members list
  • The Shadow Suite

    Shadow configuration involves the installation of the 'shadow suite of programs' (pretty much the default these days). They provide an extra layer of security to the original /etc/passwd and /etc/group files. Passwords are removed from these files and are encrypted and stored in shadow files.

    Account management programs (as above i.e. useradd, userdel ...) are written to operate on both sets of files.

    On debian systems front-ends to these commands such as adduser, deluser ... also exist. Their default behaviour is controlled by configuration files such as /etc/adduser.conf, /etc/deluser.conf ...

  • Manage group account file

    Allows for the administration of the /etc/group file (and /etc/gshadow file).

    Every group can have administrators, members and a password. When called by a group administrator with group name only 'gpasswd' prompts for the group password.

    If a password is set, group members can still 'newgrp' without a password, non-members must supply the password.

    Command usage

    gpasswd [options] group

    Assign user mark as an administrator for the 'sambashare' group

    $ sudo gpasswd -A mark sambashare

    Change a group password

    $ gpasswd sambashare
    Changing the password for group sambashare
    New Password: 
    Re-enter new password:
  • Convert files to, from shadow system
    /usr/sbin/pwconv, pwunconv, grpconv, grpunconv

    The commands have no options. Their behaviour is configured via variables in /etc/login.defs.

    Variable that alters the behaviour of 'grpconv' and grpunconv'


    Variables that alter the behavior of 'pwconv'

  • Verify integrity of password files

    Verifies the integrity of the system authentication information. All entries in the /etc/passwd and /etc/shadow are checked to see that the entry has the proper format and valid data in each field

    Report errors only – no warnings reported

    pwck [-q] [passwd [ shadow ]]

    Execute command in read only mode

    pwck [-q] [-r] [passwd shadow]

    All questions are defaulted to 'no'. User receives no prompts to make changes.

    '-s' sort entries by UID

  • Verify integrity of group files

    Verifies the integrity of the system authentication information. All entries in the /etc/group and /etc/gshadow are checked to see that the entry has the proper format and valid data in each field

    Comand usage

    grpck [-r] [group [ shadow ]]
    grpck [-s] [group [ shadow ]]

    Options same as for 'pwck'.