etc/passwd contains the user account information(for human or non-human users). Non-human users like sshd also owns files and run processes.
Format:
username:password:userid:groupid:GECOS:homedirectory:loginshell
e.g:
diane:x:1000:1000:Diane Palo,,,:/home/diane:/bin/bash
sshd:x:115:65534::/var/run/sshd:/usr/sbin/nologin
All added users will have a userid of greater than or equall to 1000.
To suspend an account, replace the login shell to bin/false or sbin/nologin to prevent the user from logging in to the machine. Setting the login shell to bin/false or sbin/nologin is used to create limited accounts.
/etc/shadow contains user password information.
Format:
username
:password
:days since Jan 1, 1970 that password was last changed
:days before password may be changed
:days after which password must be changed
:days before password is to expire that user is warned
:days after password expires that account is disabled
:days since Jan 1, 1970 that account is disabled
:a reserved field
e.g:
diane:$6$CnGqE0NA$iLrquxZUS6bqnAbffVNtS/BRy2CB/abthemvhyUHm9A5EK8YdZtj0fSAEhUg8B2YConm0hXCuJsaItAr6RU5R1:15165:0:99999:7:::
Password is encypted, a hash of the password.
Add ‘!’ to disable an account temporarily or sudo passwd -l username.
Remove ‘!’ to enable the account or sudo passwd -u username.
To change user password expiry information, use chage username.
Commands:
passwd – change password
syntax:
passwd password
pwconv – moves all user password information from /etc/
passwd to /etc/shadow
syntax:
pwconv
pwunconv – moves all password information from /etc/shadow to /etc/passwd then deletes /etc/shadow
syntax:
pwunconv
useradd – create an account
syntax:
adduser username
userdel – delete an account
syntax:
userdel username
usermod – modify an account
syntax:
usermod username
Other Commands:
finger – display user’s information.
syntax:
finger username
chfn – change user’s information.
syntax:
chfn username