In case your goal is to learn (you talk about practice, so I assume it is), here are a few suggestions that will lead you to the answers (and teach you something):
First question: Run the command
man group.
Second question: Run the command
man 5 passwd. Here are the important details:
Code:
Each line of the file describes a single user, and contains seven colon-separated fields:
name:password:UID:GID:GECOS:directory:shell
...
name
This is the user's login name. It should not contain capital letters.
password
This is either the encrypted user password, an asterisk (*), or the letter aqxaq.
(See pwconv(8) for an explanation of aqxaq.)
...
directory
This is the user's home directory: the initial directory where the user is placed after logging in.
The value in this field is used to set the HOME environment variable.
shell
This is the program to run at login (if empty, use /bin/sh).
If set to a nonexistent executable, the user will be unable to login through login(1).
I don't have an answer to the third question. It's ill-designed. You use all of these services together, e.g. you can use PAM to configure shadow (if that can be considered a service), ssh and ldap. You can then use ssh with shadow and/or ldap.