Account management
Essential Linux User and Group Management
/etc/passwd
/etc/passwd
This file contains user account information. Each entry follows this format:
<login>:<password>:<UID>:<GID>:<info>:<homedir>:<shell>
<login>
– Username<password>
– Usually an 'x' (password stored in/etc/shadow
)<UID>
– User ID<GID>
– Group ID<info>
– Optional user description<homedir>
– Home directory<shell>
– Default shell
/etc/group
/etc/group
Defines group memberships with the following format:
<group>:<password>:<GID>:<users>
<group>
– Group name<password>
– Usually an 'x' (password stored in/etc/gshadow
)<GID>
– Group ID<users>
– List of users in the group
/etc/shadow
/etc/shadow
When performing penetration testing, gaining write access to /etc/shadow
is highly valuable, as it allows direct modification of user or service passwords. This circumvents brute-force or dictionary attacks. This file contains user passwords information:
<user/service>:<$type$salt$hash>:<last change>:<min>:<max>:<warn>:<inactive>:<expire>:<unused>
<user/service>
– Username or system service<$type$salt$hash>
– Hashed password with type and salt<last change>
– Days since the last password change (since epoch)<min>
– Minimum days before changing the password<max>
– Maximum days before password expiry<warn>
– Days before expiry to warn the user<inactive>
– Days after expiry before account deactivation<expire>
– Absolute expiration date (days since epoch)<unused>
– Reserved for future use
There are some specific commands to generate password hashes for this file.
mkpasswd -m <hastype> <New password> # Using mkpasswd from whois
openssl passwd -1 -salt <Salt> <New password> # Using openssl
User Management Commands
Adding Users
useradd -m <Username> -c <Comment> -e <YYYY-MM-DD> # Create a new user
passwd <Username> # Set or update the user password
useradd -D # View default user settings
chage -l <Username> # Check password expiration details
An alternative way to add a user interactively:
adduser <Username>
In Linux, a system account is typically used for running system services rather than for interactive login. These accounts usually have a UID (User ID) below 1000 and are restricted from direct login.
useradd -r -s <system_user>
List users
getent passwd | cut -d: -f1 | sort > users_servives.txt
eval getent passwd {$(awk '/^UID_MIN/ {print $2}' /etc/login.defs)..$(awk '/^UID_MAX/ {print $2}' /etc/login.defs)} > users.txt
Group Management Commands
Add new group
groupadd <Group> # Create a new group
usermod -g <Primary Group> <Username> # Change a user’s primary group
usermod -aG <Group> <Username> # Add a user to additional groups
Add sudo privilege to a group
sudo groupadd <Group>
sudo visudo
# /etc/sudoers
%<Group> ALL=(ALL) NOPASSWD: <Command 1>,<Command 2>, ...
newgrp <Group>
Last updated