Перейти к содержанию

Users

su, sudo

System can have multiply users. su command allow to change user to run some program from his name. By default, su not change environment, not re-read ~/.bash_profile file.

Run su command with - before target username, allow to read ~/.bash_profile file of target username and thus change environment.

Also we can change users which will be run the program by using sudo command. By default, mechanism of sudo use for run some command from root user, but with -u key, possibly to run command from particular user.

Instead by su, sudo allow to input password of currently user.

In addition, sudo allow to run only some commands defined in /etc/sudoers file.

/etc/sudoers file shall edit through visudo command and has next keys:

NOEXEC - prevent dynamicly-linked executable from running further command itself.

NOPASSWD - allow to run commands without authenticating himself

By default sudo write down log file in /var/log/secure. In addition, for more comfortable reading the sudo logs we can use sudoreplay command.

For enable sudoreplay in /etc/sudoers file shall write down next commands: Default log_output

Defaluts log_input

/etc/passwd

Information about all users store in /etc/passwd file. It contains the following columns:

  1. username
  2. xxx (earlier there was hash of passwords)
  3. user id (uid). root has uid 0, base service users less than 100, other service >100 and <999, uid of regular users starts from 1000
  4. group id (gid)
  5. comment about user (full name, phone number and so on)
  6. user home directory path

  7. user command shell.

    For service users instead name of shell there is a "nologin". If somebody try to log with that username, system display standart text or text from /etc/nonlogin.txt. Also here can be /bin/false - program which do nothing but display error.

/etc/groups

Information about groups are stored in /etc/group. It contains the following columns:

  1. groupname
  2. x (earlier there was hash of passwords)
  3. gid
  4. users in group separeted by comma

Groups in system may have an administrator who can add users to they own group without a root with gpasswd command

/etc/shadow

Information about passwords are store in /etc/shadow. It contains the following columns:

  1. username
  2. hash of password. If user bloked here we are * or !!
  3. information about when password was changed and so on...