This section covers the following information:
Depending on your site policy, user account and group information can be stored in your local system's /etc files or in a name or directory service as follows:
The NIS name service information is stored in maps
The LDAP directory service information is stored in indexed database files
Most user account information is stored in the passwd file. Password information is stored as follows:
In the passwd file when you are using NIS
In the /etc/shadow file when you are using /etc files
In the people container when you are using LDAP
Password aging is available when you are using LDAP, but not NIS.
Group information is stored in the group file for NIS. For LDAP, group information is stored in the group container.
The fields in the passwd file are separated by colons and contain the following information:
username:password:UID:GID:comment:home-directory:login-shell
For example:
kryten:x:101:100:Kryten Series 4000 Mechanoid:/export/home/kryten:/bin/csh
For a complete description of the fields in the passwd file, see the passwd(1) man page.
The default passwd file contains entries for standard daemons. Daemons are processes that are usually started at boot time to perform some system-wide task, such as printing, network administration, or port monitoring.
The following display shows the contents of a sample passwd file:
root:x:0:0:Super-User:/root:/usr/bin/bash daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico dladm:x:15:65:Datalink Admin:/: netadm:x:16:65:Network Admin:/: netcfg:x:17:65:Network Configuration Admin:/: smmsp:x:25:25:SendMail Message Submission Program:/: gdm:x:50:50:GDM Reserved UID:/var/lib/gdm: zfssnap:x:51:12:ZFS Automatic Snapshots Reserved UID:/:/usr/bin/pfsh upnp:x:52:52:UPnP Server Reserved UID:/var/coherence:/bin/ksh xvm:x:60:60:xVM User:/: mysql:x:70:70:MySQL Reserved UID:/: openldap:x:75:75:OpenLDAP User:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: unknown:x:96:96:Unknown Remote UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: ikeuser:x:67:12:IKE Admin:/: ftp:x:21:21:FTPD Reserved UID:/: dhcpserv:x:18:65:DHCP Configuration Admin:/: aiuser:x:60003:60001:AI User:/: pkg5srv:x:97:97:pkg(5) server UID:/:
The display above shows sample passwd file contents without any explanation. The following table provides a description and the source package information for each daemon in a standard passwd file.
The /etc/shadow file stores encrypted user passwords and related information. The fields in the shadow file are separated by colons and contain the following information:
username:password:lastchg:min:max:warn:inactive:expire
The default password hashing algorithm is SHA256. The password hash for the user is similar to the following:
$5$cgQk2iUy$AhHtVGx5Qd0.W3NCKjikb8.KhOiA4DpxsW55sP0UnYD
For a complete description of the fields in the shadow file, see the shadow(4) man page.
The group file is a local source of group information. The fields in the group file are separated by colons and contain the following information:
group-name:group-password:GID:user-list
For example:
bin::2:root,bin,daemon
For a complete description of the fields in the group file, see the group(4) man page.
The default group file contains the following system groups that support some system-wide tasks such as printing, network administration, or electronic mail. Most of these groups have corresponding entries in the passwd file.
The following displays the contents of a sample group file.
root::0: other::1:root bin::2:root,daemon sys::3:root,bin,adm adm::4:root,daemon
The display above provides sample group file contents without any explanations. The following table provides further information about each group listed in a typical group file.
|
The following table describes the commands that system administrators can use to obtain information about user accounts. This information is stored in various files within the /etc directory. Using these commands to obtain user account information is preferred over using the cat command to view similar information.
|