Local User and Group Information Storage
Unless you specify a different authentication mechanism, Oracle Linux
verifies a user's identity by using the information stored in the
/etc/passwd
and /etc/shadow
files.
The /etc/passwd
file stores account information for each user such as
their unique user ID (or UID, which is an integer), username, home directory, and login
shell. A user signs in with their username, but the OS uses the associated UID. When the user
signs in, they're placed in their home directory and their login shell runs.
The /etc/shadow
file contains a cryptographic hash of the user's password
that can only be viewed by an administrator.
The /etc/group
file stores information about groups of users. A user
belongs to one or more groups, and each group can contain one or more users. If you grant
access privileges to a group, all members of the group receive the same access privileges.
Each group account has a unique group ID (GID, also an integer) and an associated group
name. The administrator can set a group password that a user must enter to become a member of
the group. If a group doesn't have a password, a user can only join the group if the
administrator adds that user as a member. A cryptographic hash of the group password is stored
in /etc/gshadow
.
By default, Oracle Linux implements the user private group (UPG) scheme where adding a user account also creates a corresponding group with the same name as the user, which the user is the only member of.
A user can use the newgrp command to override their current primary
group. If the user has a password, they can add group membership on a permanent basis. See the
newgrp(1)
manual page.
The /etc/login.defs
file defines parameters for password aging and
related security policies.
For more information about the content of these files, see the group(5)
,
gshadow(5)
, login.defs(5)
, passwd(5)
, and
shadow(5)
manual pages.