Depending on your site policy, you can store user account and group information in a name service or a local system's /etc files. In the NIS+ name service, information is stored in tables, and in the NIS name service, information is stored in maps.
To avoid confusion, the location of the user account and group information is generically referred to as a file rather than a file, table, or map.
Most of the user account information is stored in the passwd file. However, password encryption and password aging is stored in the passwd file when using NIS or NIS+ and in the /etc/shadow file when using /etc files. Password aging is not available when using NIS.
Group information is stored in the group file.
The fields in the passwd file are separated by colons and contain the following information:
username:password:uid:gid:comment:home-directory:login-shell |
For example:
kryten:x:101:100:Kryten Series 4000 Mechanoid:/export/home/kryten:/bin/csh |
The table below describes the passwd file fields.
Table 2-6 Fields in the passwd File
Field Name |
Description |
---|---|
username |
Contains the user or login name. User names should be unique and consist of 1-8 letters (A-Z, a-z) and numerals (0-9). The first character must be a letter, and at least one character must be a lowercase letter. User names cannot contain underscores or spaces. |
password |
Contains an x, a placeholder for the encrypted password. The encrypted password is stored in the shadow file. |
uid |
Contains a user identification (UID) number that identifies the user to the system. UID numbers for regular users should range from 100 to 60000. All UID numbers should be unique. |
gid |
Contains a group identification (GID) number that identifies the user's primary group. Each GID number must be a whole number between 0 and 60002 (60001 and 60002 are assigned to nobody and noaccess, respectively). |
Usually contains the full name of the user. (This field is informational only.) It is sometimes called the GECOS field because it was originally used to hold the login information needed to submit batch jobs to a mainframe running GECOS (General Electric Computer Operating System) from UNIX systems at Bell Labs. |
|
home-directory |
Contains user's home directory path name. |
login-shell |
Contains the user's default login shell, which can be /bin/sh, /bin/csh or /bin/ksh. Table 2-13 contains a description of shell features. |
The default Solaris passwd file contains entries for standard daemons, processes usually started at boot time to perform some system-wide task, such as printing, network administration, and port monitoring.
root:x:0:1:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:37:4:Network Admin:/usr/net/nls: nobody:x:60001:60001:Nobody:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x Nobody:/: |
User Name |
User ID |
Description |
---|---|---|
root |
0 |
Superuser account |
daemon |
1 |
Umbrella system daemon associated with updating calendars, and so forth |
bin |
2 |
Administrative daemon associated with running system binaries to perform some routine system task |
sys |
3 |
Administrative daemon associated with system logging or updating files in temporary directories |
adm |
4 |
Administrative daemon associated with system logging |
|
71 |
Line printer daemon |
uucp |
5 |
uucp daemon |
nuucp |
6 |
uucp daemon |
listen |
37 |
Network listener daemon |
nobody |
60001 |
Anonymous user account, assigned by an NFS server when a request is received from an unauthorized root user. The nobody user account is assigned to software processes that do not need nor should have any special permissions. |
noaccess |
60002 |
Account assigned to a user or a process that needs access to a system through some application but without actually logging in. |
nobody4 |
65534 |
SunOS 4.0 or 4.1 version of nobody user account. |
The fields in the shadow file are separated by colons and contain the following information:
username:password:lastchg:min:max:warn:inactive:expire |
For example:
rimmer:86Kg/MNT/dGu.:8882:0::5:20:8978 |
The table below describes the shadow file fields.
Table 2-8 Fields in the shadow File
The fields in the group file are separated by colons and contain the following information:
group-name:group-password:gid:user-list |
For example:
bin::2:root,bin,daemon |
The table below describes the group file fields.
Table 2-9 Fields in the group File
The default Solaris group file contains the following system groups that support some system-wide task, such as printing, network administration, and electronic mail. Many of these having corresponding entries in the passwd file.
root::0:root other::1: bin::2:root,bin,daemon sys::3:root,bin,sys,adm adm::4:root,adm,daemon uucp::5:root,uucp mail::6:root tty::7:root,tty,adm lp::8:root,lp,adm nuucp::9:root,nuucp staff::10: daemon::12:root,daemon sysadmin::14:root nobody::60001: noaccess::60002: nogroup::65534: |
Group Name |
Group ID |
Description |
---|---|---|
root |
0 |
Superuser group |
other |
1 |
|
bin |
2 |
Administrative group associated with running system binaries |
sys |
3 |
Administrative group associated with system logging or temporary directories |
adm |
4 |
Administrative group associated with system logging |
uucp |
5 |
Group associated with uucp functions |
|
6 |
Electronic mail group |
tty |
7 |
Group associated with tty devices |
|
8 |
Line printer group |
nuucp |
9 |
Group associated with uucp functions |
staff |
10 |
General administrative group |
daemon |
12 |
Daemon group |
sysadmin |
14 |
Administratve group associated with Admintool and Solstice AdminSuite tools |
nobody |
60001 |
Anonymous group assigned by an NFS server when a request is received from an unauthorized root user |
noaccess |
60002 |
|
nogroup |
65534 |
|