The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
Unless you select a different authentication mechanism during
installation or by using the Authentication Configuration GUI or
the authconfig command, Oracle Linux verifies a
user's identity by using the information that is stored in the
/etc/passwd
and /etc/shadow
files.
The /etc/passwd
file stores account information
for each user such as his or her unique user ID (or
UID, which is an integer), user name, home
directory, and login shell. A user logs in using his or her user
name, but the operating system uses the associated UID. When the
user logs in, he or she is placed in his or her home directory and
his or her login shell runs.
The /etc/group
file stores information about
groups of users. A user also belongs to one or more groups, and
each group can contain one or more users. If you can grant access
privileges to a group, all members of the group receive the same
access privileges. Each group account has a unique group ID
(GID, again an integer) and an associated
group name.
By default, Oracle Linux implements the user private group (UPG) scheme where adding a user account also creates a corresponding UPG with the same name as the user, and of which the user is the only member.
Only the root
user can add, modify, or delete
user and group accounts. By default, both users and groups use
shadow passwords, which are cryptographically hashed and stored in
/etc/shadow
and /etc/gshadow
respectively. These shadow password files are readable only by the
root
user. root can set a group password that a
user must enter to become a member of the group by using the
newgrp command. If a group does not have a
password, a user can only join the group by
root
adding him or her as a member.
The /etc/login.defs
file defines parameters for
password aging and related security policies.
For more information about the content of these files, see the
group(5)
, gshadow(5)
,
login.defs(5)
, passwd(5)
,
and shadow(5)
manual pages.