Setting up and using eDirectory to manage Linux access requires you to understand how the Linux operating system manages user logins.
Users who want to log in to a Linux computer must have an existing user account, which consists of properties that allow a user to access files and folders stored on the computer. This account information can be created and stored on the computer itself or on another computer on the network. Accounts stored on the computer are called local user accounts. Accounts stored in eDirectory are called eDirectory user accounts, regardless of whether they are stored on the same computer or another computer. A typical account used to log in to a Linux computer consists of the following information:
When a local user account is created, Linux records the user’s login information and stores the values in the /etc/passwd file on the computer itself. The passwd file can be viewed and edited with any text editor. Each user account has an entry recorded in the following format:
username:password:UID:GID:name:home directory:shell
The username and user ID (UID) identify the user on the system. When a user account is created, it is given a name and assigned a UID from a predetermined range of numbers. The UID must be a positive number and is usually above 500 for user accounts. System accounts usually have numbers below 100.
Each user account has its own password, which is encrypted and stored on the computer itself or on another computer on the network. Local passwords are stored in the /etc/passwd file or /etc/shadow file. When the user logs in by entering a username and password, Linux takes the entered password, encrypts it, and then compares the encrypted value to the value of the password stored in the user account. If the entered value is the same as the value stored in the password field on the computer, the user is granted access.
Administrators often use the /etc/passwd file to hold user account information but store the encrypted password in the /etc/shadow file. When this method is used, the passwd file entry has an x in the password field.
Groups are used to administer and organize user accounts. When rights and permissions are assigned to a group, all user accounts that are part of the group inherit the same rights and permissions. The group has a unique name and identification number (GID). The primary GID and group name are stored as entries in the /etc/passwd file on the computer where user accounts are created or in eDirectory.
Each user has a designated primary (or default) group and can also be a member of additional groups called secondary groups. When users create files or launch programs, those files and programs are associated with a primary or secondary group. A user who is a part of the group can access these file and programs if necessary permissions are available.
Although not strictly part of the user account, secondary groups are also a part of the user login experience. Groups and GIDs are used to manage rights and permissions to other files and folders. Secondary groups for each user are listed as entries in /etc/group on the computer itself.
NOTE:When you use the id command to show user IDs and groups, if case-sensitivity is set to no, you must enter the exact case to display secondary groups. If you enter a different case, you see only the primary groups.
The home directory is a folder used to store a user’s personal documents. In a multi-user environment, each user is assigned a specific directory that is accessible only by the user and the system administrator. In addition, the home directory offers a place to store configuration files unique to the user. Therefore, a user can log in and find his or her environment with the same settings that were used before, even if another user has used the computer. Typically, most computers have all home directories at /home, and then individual directories listed by login name (for example, /home/jsmith). The root user’s home directory is an exception. It is traditionally located at / or /root. Placing home directories under /home is not required, but it makes organizational sense. Some administrators divide the /home directory by function or department and then subdivide the /home directory with users in that department (for example, /home/engineering/jsmith).
Shell is a command language interpreter that executes commands read from the standard input device (keyboard) or from a file. Shell is not part of system kernel, but uses the system kernel for operations such as executing programs or creating files. It is similar to the DOS command.com command interpreter. Several standard shells are available with Linux. The default is usually /bin/bash.