23.2 About Local Oracle Linux Authentication

Unless you select a different authentication mechanism during installation or by using the Authentication Configuration GUI or the authconfig command, Oracle Linux verifies a user's identity by using the information that is stored in the /etc/passwd and /etc/shadow files.

The /etc/passwd file stores account information for each user such as his or her unique user ID (or UID, which is an integer), user name, home directory, and login shell. A user logs in using his or her user name, but the operating system uses the associated UID. When the user logs in, he or she is placed in his or her home directory and his or her login shell runs.

The /etc/group file stores information about groups of users. A user also belongs to one or more groups, and each group can contain one or more users. If you can grant access privileges to a group, all members of the group receive the same access privileges. Each group account has a unique group ID (GID, again an integer) and an associated group name.

By default, Oracle Linux implements the user private group (UPG) scheme where adding a user account also creates a corresponding UPG with the same name as the user, and of which the user is the only member.

Only the root user can add, modify, or delete user and group accounts. By default, both users and groups use shadow passwords, which are cryptographically hashed and stored in /etc/shadow and /etc/gshadow respectively. These shadow password files are readable only by the root user. root can set a group password that a user must enter to become a member of the group by using the newgrp command. If a group does not have a password, a user can only join the group by root adding him or her as a member.

The /etc/login.defs file defines parameters for password aging and related security policies.

For more information about the content of these files, see the group(5), gshadow(5), login.defs(5), passwd(5), and shadow(5) manual pages.