Unix - UNIX User Account Management

UNIX user account management refers to the process of creating, organizing, securing, and maintaining user accounts on a UNIX-based operating system. Since UNIX is a multi-user operating system, many users can access the same machine simultaneously. To manage this efficiently and securely, UNIX provides a structured system of user identities, permissions, and account administration.

The main goal of user account management is to ensure that each person using the system has appropriate access rights, secure authentication, and controlled access to files, programs, and system resources.

User Accounts in UNIX

A user account in UNIX is an identity assigned to a person or service that interacts with the operating system. Each account has a unique username and an associated numeric identifier called a User ID (UID). The operating system uses the UID internally to identify users.

Each user account includes:

  • Username

  • Password

  • UID

  • Group ID (GID)

  • Home directory

  • Login shell

  • User information

These details are stored in system files that the operating system reads during login and access operations.

Types of User Accounts

UNIX generally supports three types of user accounts.

Regular User Accounts

These are accounts assigned to human users. They are used for everyday tasks such as running commands, editing files, and using applications.

Regular users have limited permissions. They can access their own files but are restricted from modifying system-critical resources.

Root User Account

The root account is the administrative account. It has unrestricted access to the entire system.

The root user can:

  • Create or delete accounts

  • Modify system files

  • Install software

  • Change ownership and permissions

  • Control services and processes

Because of its power, root access must be handled carefully to prevent accidental damage.

System Accounts

These accounts are created for system processes and services.

Examples include accounts used by:

  • Mail services

  • Web servers

  • Database processes

  • Background daemons

They usually do not allow direct user login and are designed for service isolation.

User Information Storage

UNIX stores user account information in specific configuration files.

/etc/passwd File

This is the primary file that stores user account details.

Each line represents one user and contains fields separated by colons.

Example format:

username:x:UID:GID:comment:home_directory:shell

Field explanation:

  • username: Login name

  • x: Placeholder for password

  • UID: User identifier

  • GID: Group identifier

  • comment: User details

  • home_directory: Personal working folder

  • shell: Default command interpreter

Example:

john:x:1001:1001:John User:/home/john:/bin/bash

/etc/shadow File

This file stores encrypted passwords and password-related security settings.

Only privileged users can read this file.

It includes:

  • Encrypted password

  • Password expiration date

  • Password aging information

  • Account lock details

The separation of password storage from /etc/passwd improves security.

User IDs and Group IDs

Every user has a unique UID.

The UID determines the identity used by the kernel.

Common UID categories:

  • 0 = root user

  • 1–999 = system users

  • 1000 and above = regular users

Each user also belongs to one or more groups identified by GID.

Groups simplify permission management by allowing multiple users to share access to resources.

Group Management

A group is a collection of users who share common access rights.

UNIX uses groups to assign permissions collectively rather than individually.

System group information is stored in:

/etc/group

A group entry includes:

  • Group name

  • Group password

  • GID

  • Member list

Example:

developers:x:1010:john,alice

This means both users belong to the developers group.

Creating User Accounts

Administrators create accounts using commands.

useradd Command

This command creates a new user.

Example:

useradd john

This creates the account but may not assign a password immediately.

Setting Password

A password is assigned using:

passwd john

The system prompts for password entry and encryption.

Creating Home Directory

Often used with:

useradd -m john

The -m option creates the user's home directory automatically.

Assigning Default Shell

You can specify a shell:

useradd -s /bin/bash john

This sets the default shell after login.

Modifying User Accounts

User accounts can be updated as requirements change.

usermod Command

This command modifies account settings.

Examples:

Change home directory:

usermod -d /home/newjohn john

Change shell:

usermod -s /bin/ksh john

Change group:

usermod -g developers john

This allows administrators to maintain accounts over time.

Deleting User Accounts

Unused accounts should be removed for security.

userdel Command

Example:

userdel john

To remove user and home directory:

userdel -r john

This deletes all associated user files.

Password Management

UNIX supports strong password control mechanisms.

Administrators can:

  • Set password expiration

  • Force password changes

  • Lock accounts

  • Unlock accounts

  • Disable login

Password Aging

Password aging defines how long a password remains valid.

Configuration includes:

  • Minimum days before change

  • Maximum validity period

  • Warning period before expiration

Example command:

chage john

This configures password aging settings interactively.

Account Locking

An account can be temporarily disabled.

Example:

passwd -l john

Unlock:

passwd -u john

This helps in managing inactive users securely.

Home Directory Management

Every user usually has a personal home directory.

Example:

/home/username

The home directory stores:

  • Personal files

  • Configuration files

  • Scripts

  • Documents

  • Application settings

It is isolated from other users unless permissions allow access.

Shell Assignment

The shell defines how users interact with the system.

Common shells:

  • Bourne shell

  • Bash shell

  • Korn shell

  • C shell

  • Z shell

The assigned shell starts automatically when the user logs in.

Current shell information is stored in /etc/passwd.

Login Process

When a user logs in, UNIX performs several checks.

  1. Accept username

  2. Verify password

  3. Read account files

  4. Set UID and GID

  5. Open shell

  6. Load environment

  7. Start session

If authentication fails, access is denied.

Authentication Mechanism

UNIX authenticates users using encrypted passwords.

Modern systems often use:

  • SHA hashing

  • PAM (Pluggable Authentication Modules)

  • Kerberos integration

  • LDAP services

This strengthens account security.

Permission Association

Each file in UNIX has ownership linked to users.

A file has:

  • Owner

  • Group

  • Permission bits

When users access files, the system compares their UID and GID against file metadata.

This determines whether access is allowed.

Administrative Tasks

User account administration includes regular maintenance.

Typical tasks:

  • Create new users

  • Disable old users

  • Reset passwords

  • Audit accounts

  • Review permissions

  • Monitor login activity

  • Manage groups

  • Backup user data

These tasks help maintain security and organization.

Security Considerations

User account management is critical for system protection.

Poor management may lead to:

  • Unauthorized access

  • Data theft

  • Accidental deletion

  • Privilege misuse

  • Security breaches

Best practices include:

  • Strong passwords

  • Minimal privileges

  • Account auditing

  • Removing inactive users

  • Group-based access

  • Login monitoring

Special Account Files

UNIX also uses related files.

/etc/login.defs

Contains login configuration policies.

/etc/skel

Template files copied into new user home directories.

/var/log/auth.log

Stores authentication activity logs.

These support account administration and auditing.

Role of Superuser

The root user manages all accounts.

Responsibilities include:

  • Creating policies

  • Assigning permissions

  • Enforcing security

  • Monitoring activity

  • Managing groups

  • Restoring accounts

  • Handling authentication issues

Root should only be used when necessary.

Practical Importance

UNIX user account management is essential in:

  • Servers

  • Enterprise systems

  • Multi-user workstations

  • Cloud systems

  • Research environments

  • Educational labs

It ensures secure and organized access for multiple users.

Conclusion

UNIX user account management is a core administrative function that controls how users access and interact with the system. It defines identities, permissions, authentication, and access rights for all system users.

Through structured files, commands, and security controls, UNIX provides a reliable framework for handling users in multi-user environments. Proper account management improves security, system stability, and efficient resource sharing, making it one of the most important aspects of UNIX administration.