Getting ready

User information is stored in the /etc/passwd file, a text file that is used as a database for the system user's information. The passwd file is human-readable.

Each line in it corresponds to one user in the system, and it has the following format:

<username>:<password>:<uid>:<gid>:<comment>:<home directory>:<login shell>

Let's see each of the parameters of this format:

  • username: A unique string that identifies the user at login
  • uid: User ID, a number that Linux uses to identify the user
  • gid: Group ID, a number that Linux uses to identify the user's primary group
  • comment: Comma-separated values that describe the account, typically the user's contact details
  • home directory: Path to the user's home directory
  • login shell: Shell that is started for interactive logins

The default passwd file is stored with the base-passwd package and looks as follows:

root::0:0:root:/root:/bin/sh 
daemon:*:1:1:daemon:/usr/sbin:/bin/sh 
bin:*:2:2:bin:/bin:/bin/sh 
sys:*:3:3:sys:/dev:/bin/sh 
sync:*:4:65534:sync:/bin:/bin/sync 
games:*:5:60:games:/usr/games:/bin/sh 
man:*:6:12:man:/var/cache/man:/bin/sh 
lp:*:7:7:lp:/var/spool/lpd:/bin/sh 
mail:*:8:8:mail:/var/mail:/bin/sh 
news:*:9:9:news:/var/spool/news:/bin/sh 
uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh 
proxy:*:13:13:proxy:/bin:/bin/sh 
www-data:*:33:33:www-data:/var/www:/bin/sh 
backup:*:34:34:backup:/var/backups:/bin/sh 
list:*:38:38:Mailing List Manager:/var/list:/bin/sh 
irc:*:39:39:ircd:/var/run/ircd:/bin/sh 
gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh 
nobody:*:65534:65534:nobody:/nonexistent:/bin/sh

All accounts have disabled direct logins, indicated by an asterisk on the password field, except for root, which has no password. This is because, by default, the image is built with the debug-tweaks feature that enables password-less login for the root user, among other things. If the root password were enabled, we would see the encrypted root password.

Do not forget to remove the debug-tweaks feature from production images.

There is a corresponding /etc/group file that is installed at the same time with the information for the system groups.

The core-image-minimal image does not include shadow password protection, but other images, such as core-image-full-cmdline, do. When enabled, all password fields contain an x, and the encrypted passwords are kept in a /etc/shadow file, which is only accessible to the super user.

Any user that is needed by the system, but not included in the list we saw earlier, needs to be created.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset