Account management

Essential Linux User and Group Management

/etc/passwd

This file contains user account information. Each entry follows this format:

<login>:<password>:<UID>:<GID>:<info>:<homedir>:<shell>

• <login> – Username

• <password> – Usually an 'x' (password stored in /etc/shadow)

• <UID> – User ID

• <GID> – Group ID

• <info> – Optional user description

• <homedir> – Home directory

• <shell> – Default shell

/etc/group

Defines group memberships with the following format:

<group>:<password>:<GID>:<users>

• <group> – Group name

• <password> – Usually an 'x' (password stored in /etc/gshadow)

• <GID> – Group ID

• <users> – List of users in the group

/etc/shadow

When performing penetration testing, gaining write access to /etc/shadow is highly valuable, as it allows direct modification of user or service passwords. This circumvents brute-force or dictionary attacks. This file contains user passwords information:

<user/service>:<$type$salt$hash>:<last change>:<min>:<max>:<warn>:<inactive>:<expire>:<unused>

• <user/service> – Username or system service

• <$type$salt$hash> – Hashed password with type and salt

• <last change> – Days since the last password change (since epoch)

• <min> – Minimum days before changing the password

• <max> – Maximum days before password expiry

• <warn> – Days before expiry to warn the user

• <inactive> – Days after expiry before account deactivation

• <expire> – Absolute expiration date (days since epoch)

• <unused> – Reserved for future use

There are some specific commands to generate password hashes for this file.

mkpasswd -m <hastype> <New password> # Using mkpasswd from whois
openssl passwd -1 -salt <Salt> <New password> # Using openssl

User Management Commands

Adding Users

useradd -m <Username> -c <Comment> -e <YYYY-MM-DD> # Create a new user
passwd <Username> # Set or update the user password
useradd -D # View default user settings
chage -l <Username> # Check password expiration details

An alternative way to add a user interactively:

adduser <Username>

In Linux, a system account is typically used for running system services rather than for interactive login. These accounts usually have a UID (User ID) below 1000 and are restricted from direct login.

useradd -r -s <system_user>

List users

getent passwd | cut -d: -f1 | sort > users_servives.txt
eval getent passwd {$(awk '/^UID_MIN/ {print $2}' /etc/login.defs)..$(awk '/^UID_MAX/ {print $2}' /etc/login.defs)} > users.txt

Group Management Commands

Add new group

groupadd <Group> # Create a new group
usermod -g <Primary Group> <Username> # Change a user’s primary group
usermod -aG <Group> <Username> # Add a user to additional groups

Add sudo privilege to a group

sudo groupadd <Group>
sudo visudo

# /etc/sudoers
%<Group> ALL=(ALL) NOPASSWD: <Command 1>,<Command 2>, ...

newgrp <Group>