A password assigned to the group. This is rarely used, because it's just as easy to add a user into a group as it is to give her the password. The actual password values have been moved to /etc/gshadow .

group ID

The numeric value assigned to the group. This file is used to cross-reference group IDs to group names.

supplementary members

The username of each user in this group, except users who have this group as their primary group (field 4 in /etc/passwd ).

The /etc/gshadow file contains the actual passwords, plus group administrator information:

root:::root

bin:::root,bin,daemon

daemon:::root,bin,daemon

sys:::root,bin,adm

adm:::root,adm,daemon

...(Lines snipped)...

fax:x::

nut:x::

privoxy:x::

chris:!:500::fen

diane:!:501::

jane:!:502::

richard:!:503::

audit:!:504:jane:jane,richard,audrey,matthew

soccer:!:505:richard,jake:richard,jake,wilson,audrey,shem,mike,olgovie,newton

toronto:!:506:ed:matthew,jake,wilson,richard,audrey,shem,mike,olgovie,newton,ed

...(Lines snipped)...

The group administrators are in field 4 and group members are in field 5 in this fileso in this case, jane is the group administrator for audit , and jane , richard , andrew , and matthew are group members.

kuser is a KDE program that provides an alternative to system-config-user . The two programs are functional duplicates, but I think system-config-user looks better.

It is possible but must be done carefully to avoid leaving the system in an unusable state.

The vipw and vigr scripts provide the most convenient way of editing these files; vipw edits /etc/passwd and /etc/shadow , and vigr edits /etc/group and /etc/gshadow . In both cases, the files will be locked to prevent concurrent changes by another program, and the vi editor will be used for editing (the EDITOR environment variable can be used to specify another editor if you'd prefer).

The pwck command can be used to check and repair /etc/passwd and /etc/shadow :

# pwck

user adm: directory /var/adm does not exist

user gopher: directory /var/gopher does not exist

user ident: directory /home/ident does not exist

user torrent: directory /var/spool/bittorrent does not exist

invalid password file entry

delete line \Q'? y

pwck: the files have been updated

grpck performs similar checks on /etc/group and /etc/gshadow :

# grpck

invalid group file entry

delete line \Q'? y

invalid group file entry

delete line \Qascasdcasdarg asdfasdf'? y

grpck: the files have been updated

 The manpages for passwd, useradd, usermod, userdel, groupadd, groupmod, groupdel, vipw, vigr, pwconv, grpconv, crypt (3), passwd (5), shadow (5), group (5), and gshadow (5)

All Linux and Unix systems use file permissions or modes to control access to files. Fedora extends this with the user-private-group scheme, which simplifies the configuration of permissions for collaboration.

There are three basic file permissions:

read (r)

Grants permission to access the contents of a file. There are no restrictions on what can be done with the file contents, so read permission includes permission to view or process the contents of the file, as well as permission to copy the file. On a directory, read permission enables the display of the list of files in the directory; without read permission, you can access a file contained in the directory only if you know the exact name of the file.

write (w)

Grants permission to write to a file; this includes overwriting existing information, append to the end of the file, and truncate (shorten) the file. On a directory, write permission enables the creation and deletion of files within that directory.

execute (x)

Grants permission to execute the file. If the file is a binary, it can be executed by the kernel; if it is a text file, it is treated as a script. On a directory, execute permission grants access to the contents of the directory (some people refer to execute permission on a directory as search , or passthrough , permission).

Remember the order: r w x .

Each of these three permissions is granted or denied to users in three different communities :

user (u)

The user who owns the file. Initially, this is the user who created the file; it may be changed by the superuser ( root ).

group (g)

All members of the group that owns the file. Normally, this starts off as the group of the user who created the file. A file's owner may change the group ownership to any group to which she belongs; e.g., if Jane owns the file foo and is a member of the audit and toronto groups, she can make either group own the file.

other (o)

Everyone else.

The order is significant here, too; you'll want to memorize it: u g o .

This gives a total of nine permissions for each file and directory:

 read, write, and execute for the user

 read, write, and execute for the group

 read, write, and execute for other

There are also three special file permissions, as outlined in Table 4-13 .