Setting up and using eDirectory to manage Linux access requires you to understand how the Linux operating system manages user logins.
Users who want to log in to a Linux computer must have an existing user account, which consists of properties that allow a user to access files and folders stored on the computer. This account information can be created and stored on the computer itself or on another computer on the network. Accounts stored on the computer are called local user accounts. Accounts stored in eDirectory are called eDirectory user accounts, regardless of whether they are stored on the same computer or another computer. A typical account used to log in to a Linux computer consists of the following information:
When a local user account is created, Linux records the user-login information and stores the values in the etc/passwd file on the computer itself. The passwd file can be viewed and edited with any text editor. Each user account has an entry recorded in the following format:
username:password:UID:GID:name:home directory:shell
The username and user ID (UID) identify the user on the system. When a user account is created, it is given a name and assigned a UID from a predetermined range of numbers. The UID must be a positive number and is usually above 500 for user accounts. System accounts usually have numbers below 100.
Each user account has its own password, which is encrypted and stored on the computer itself or on another computer on the network. Local passwords are stored in the /etc/passwd file or /etc/shadow file. When the user logs in by entering a username and password, Linux takes the entered password, encrypts it, and then compares the encrypted value to the value of the password stored in the user account. If the entered value is the same as the value stored in the password field on the computer, the user is granted access.
Administrators often use the /etc/passwd file to hold user account information but store the encrypted password in the /etc/shadow file. When this method is used, the passwd file entry has an x in the password field.
Groups are used to administer and organize user accounts. When rights and permissions are assigned to a group, all user accounts that are part of the group receive the same rights and permissions. The group has a unique name and identification number (GID). The primary GID and group name are stored as entries in the /etc/passwd file on the computer itself or in eDirectory.
Each user has a designated primary (or default) group and can also belong to additional groups called secondary groups. When users create files or launch programs, those files and programs are associated with one group as the owner. A user can access files and programs if he or she is a member of the group, with permissions to allow access. The group can be the user’s primary group or any of his or her secondary groups.
Although not strictly part of the user account, secondary groups are also a part of the user login experience. Groups and GIDs are used to manage rights and permissions to other files and folders. Secondary groups for each user are listed as entries in /etc/group on the computer itself.
NOTE:When you use the id command to show user IDs and groups, if case-sensitivity is set to no, you must enter the exact case to display secondary groups. If you enter a different case, you see only the primary groups.
The home directory is a folder used to store a user’s personal documents. In addition, it offers a place to store configuration files unique to the user. Therefore, a user can log in and find his or her environment with the same settings that were used before, even if another user has used the computer. Typically, most computers have all home directories at /home, and then individual directories listed by login name (for example, /home/jsmith). The root user’s home directory is an exception. It is traditionally located at / or /root. Placing home directories under /home is not required, but it makes organizational sense. Some administrators divide the /home directory by function or department and then subdivide the /home directory with users in that department (for example, /home/engineering/jsmith).
A shell is a program designed to accept and execute commands typed at a prompt. It is similar to the DOS command.com command interpreter. Several standard shells are available with Linux. The default is usually /bin/bash.