Users, Accounts, Passwords, SU and SUDO

Users, Accounts, Passwords

/etc/password contains the following fields (© 2022 edX Inc. All rights reserved): 

Field Name	Details	Remarks
Username	User login name	Should be between 1 and 32 characters long
Password	User password (or the character x if the password is stored in the /etc/shadow file) in encrypted format	Is never shown in Linux when it is being typed; this stops prying eyes
User ID (UID)	Every user must have a user id (UID)	UID 0 is reserved for root user UID's ranging from 1-99 are reserved for other predefined accounts UID's ranging from 100-999 are reserved for system accounts and groups Normal users have UID's of 1000 or greater
Group ID (GID)	The primary Group ID (GID); Group Identification Number stored in the /etc/group file	Is covered in detail in the chapter on Processes
User Info	This field is optional and allows insertion of extra information about the user such as their name	For example: Rufus T. Firefly
Home Directory	The absolute path location of user's home directory	For example: /home/rtfirefly
Shell	The absolute location of a user's default shell	For example:/bin/bash

There are 4 types of accounts:

• root
• System
• Normal
• Network

Granting the minimum privileges possible and necessary to accounts, and removing inactive accounts is advised for security purposes. Last utility can help to identify inactive accounts.

When logged or acting as a root, the prompt shell is '#' to warn.

Operations that do not require Root privilege	Examples of this operation
Running a network client	Sharing a file over the network
Using devices such as printers	Printing over the network
Operations on files that the user has proper permissions to access	Accessing files that you have access to or sharing data over the network
Running SUID-root applications	Executing programs such as passwd

(© 2022 edX Inc. All rights reserved)

SUID - Set owner User ID upon execution is a special file permission given provides temporary permissions to a user to run a program which has the permissions of another user/owner (root too).

SUDO and SU

SUDO configuration files:

• /etc/sudoers
  One only file containing all information related to all users, and a complete guide
• /etc/sucoers.d
  A directory containing one file per user, system more and more used.

Those configuration file can be edited by using visudo tool, with /var/log/auth.log under the Debian distribution family, and in /var/log/messages and/or /var/log/secure permissions.

Depending on the distribution, the log files for sudo are the following:

• /var/log/secure
• /var/log/messages
• /var/log/auth.log

If someone tries to execute sudo by entering the wrong password, this will be reported in in a way similar to the following:

<user name> : user NOT in sudoers ; TTY=pts/4 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/tail secure