Managing other accounts

As a system administrator, you need to add and remove user accounts and groups, manage passwords, and troubleshoot users' problems. You must be logged in as root to do this, because other users don't have permission to modify /etc/passwd, /etc/shadow, and /etc/group.

While it's safe at any time to use the passwd utility to change the password of an existing user who already has a password, it isn't necessarily safe to make any other change to the account database while your system is in active use. Specifically, the following operations may cause applications and utilities to operate incorrectly when handling user-account information:

If it's likely that someone might try to use the passwd utility or update the account database files while you're editing them, lock the password database by creating the /etc/.pwlock file before making your changes.

As described below, you should use the passwd utility to change an account's password. However, you need to use a text editor to:

Note: The changes you make manually to the account files aren't checked for conformance to the rules set in the passwd configuration file. For more information, see the description of /etc/default/passwd in the documentation for passwd in the Utilities Reference.