Archive:Docs/Drafts/AdministrationGuide/UserAccounts/AccountCreationProcess

= User Accounts =

Process of Account Creation
This section explains what happens when a new user is added to a Fedora system.

When the system administrator executes

/usr/sbin/useradd dan

from the command line, the following steps occur:

1 . A new line is appended to the /etc/passwd file and it looks similar to:

dan:x:502:502::/home/dan:/bin/bash

It consists of seven colon delimited fields, with the following meaning:
 * dan - this is the username
 * x - this is the password field; x signifies an empty field and that an encrypted (shadow) password will be placed in  file
 * first 502 - this is the uid (username identifier)
 * second 502 - this is the gid (group identifier) of the user's primary group
 * blank field - this is the "comment" field; the user's full name usually goes here
 * /home/dan - this is the location of the user's home directory in the file system
 * /bin/bash - this is the user's default shell

2 . A new line is appended to the /etc/shadow file and it looks similar to:

dan:!!:13490:0:99999:7:::

It consists of eight colon delimited fields, with the following meaning:


 * dan - this is the username
 * !! - two exclamation marks indicate that the password has not been set yet and the account is locked
 * 13490 - represents the number of days (since January 1, 1970) since the password was last changed
 * 0 - represents the number of days before the password may be changed (0 indicates it may be changed at any time)
 * 99999 - represents the number of days after which the password must be changed (99999 indicates user can keep his or her password unchanged for 274 years
 * 7 - represents the number of days remaining before the users password expires (7 means a full week)
 * first blank field - represents the number of days after the password expires that the account will be disabled
 * second blank field - represents the number of days since January 1, 1970 that an account has been disabled
 * third blank field - reserved field for possible future use

3 . A new line is appended to the /etc/group file. It looks similar to:

dan:x:502:

The new line consists of three colon delimited fields, with the following meaning:


 * dan - this is the group name
 * x - this is the group password field; x indicates that the system is using shadow passwords
 * 502 - this is the gid and it matches the value of uid of the user with the same name

4 . A new line is appended to the /etc/gshadow file. It looks similar to:

dan:!::

The colon delimited fields in this line indicate:


 * dan - this is group name
 * ! - this is group password field in which ! indicates that the group account is locked

5 . The home directory for user dan is created as /home/dan. It has ownership of user dan and group dan but only user dan has read, write and execute permissions on directory. All the other permissions are denied.

6 . Files from the /etc/skel directory are copied to the user's home directory (for example the .bashrc and .bash_profile files which control user's default shell environment).

7 . The system administrator can now run the   command to set the user's password, this unlocks the user's account giving the user the ability to logon and use the system.