The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
You can use the User Manager GUI (system-config-users) to add or delete users and groups and to modify settings such as passwords, home directories, login shells, and group membership. Alternatively, you can use commands such as useradd and groupadd.
Unless you select a different authentication mechanism during
installation or by using the Authentication Configuration GUI or
the authconfig command, Oracle Linux verifies
a user's identity by using the information that is stored in the
/etc/passwd
and
/etc/shadow
files.
The /etc/passwd
file stores account
information for each user such as his or her unique user ID (or
UID, which is an integer), user name, home
directory, and login shell. A user logs in using his or her user
name, but the operating system uses the associated UID. When the
user logs in, he or she is placed in his or her home directory
and his or her login shell runs.
The /etc/group
file stores information about
groups of users. A user also belongs to one or more groups, and
each group can contain one or more users. If you can grant
access privileges to a group, all members of the group receive
the same access privileges. Each group account has a unique
group ID (GID, again an integer) and an
associated group name.
Oracle Linux implements the user private group (UPG) scheme where adding a user account also creates a corresponding UPG with the same name as the user, and of which the user is the only member.
Only the root
user can add, modify, or delete
user and group accounts. By default, both users and groups use
shadow passwords, which are cryptographically hashed and stored
in /etc/shadow
and
/etc/gshadow
respectively. These shadow
password files are readable only by the root
user. root can set a group password that a user must enter to
become a member of the group by using the
newgrp command. If a group does not have a
password, a user can only join the group by
root
adding him or her as a member.
The /etc/login.defs
file defines parameters
for password aging and related security policies.
For more information about the content of these files, see the
group(5)
, gshadow(5)
,
login.defs(5)
, passwd(5)
,
and shadow(5)
manual pages.