Where User Account and Group Information Is Stored
Depending on your site policy, you can store user account and group information in a name service
or a local system's /etc files. In the NIS+ name service, information is stored in
tables, and in the NIS name service, information is stored in maps.
Note - To avoid confusion, the location of the user account and group information will be generically referred
to as a file rather than a file, table,
or map.
Most of the user account information is stored in the passwd file. However,
password encryption and password aging is stored in the passwd file when using NIS
or NIS+ and in the /etc/shadow file when using /etc files. Password
aging is not available when using NIS.
Group information is stored in the group file.
Fields in the passwd File
The fields in the passwd file are separated by colons and contain the following
information:
username:password:uid:gid:comment:home-directory:login-shell
|
For example:
kryten:x:101:100:Kryten Series 4000:/export/home/kryten:/bin/csh
|
Table 1-6 describes the passwd
file fields.
Table 1-6 Fields in the
passwd File
|
Field Name
|
Description
|
|
username
|
Contains the user or login name. User names should be unique and consist of 1-8 letters (A-Z, a-z) and
numerals (0-9). The first character must be a
letter, and at least one character must be a lowercase letter. User names cannot contain underscores or
spaces.
|
|
password
|
Contains an x, a placeholder for the encrypted
password. The encrypted password is stored in the shadow file.
|
|
uid
|
Contains a user identification (UID) number that
identifies the user to the system. UID numbers for regular users should range from 100 to 60000. All UID
numbers should be unique.
|
|
gid
|
Contains a group identification (GID)
number that identifies the user's primary group. Each GID number must be a whole number between 0 and
60002 (60001 and 60002 are assigned to nobody and noaccess, respectively).
|
|
comment
|
Usually contains the full name of the user. (This field is informational only.) It is sometimes called
the GECOS field because it was originally used to hold the login information needed to submit batch jobs
to a mainframe running GECOS (General Electric Computer Operating System) from UNIX systems at Bell Labs.
|
|
home-directory
|
Contains user's home directory path name.
|
|
login-shell
|
Contains
the user's default login shell, which can be /bin/sh, /bin/csh
or /bin/ksh. Table 62-8 on page 918 contains a description of shell features.
|
Fields in the Shadow File
The fields in the shadow file are separated by colons and contain the following
information:
username:password:lastchg:min:max:warn:inactive:expire
|
For example:
rimmer:86Kg/MNT/dGu.:8882:0::5:20:8978
|
Table 1-7 describes the shadow
file fields.
Table 1-7 Fields in the
shadow File
|
Field Name
|
Description
|
|
username
|
Contains the user or login name.
|
|
password
|
May contain the
following entries: a 13-character encrypted user password; the string *LK*, which
indicates an inaccessible account; or the string NP, which indicates no password
for the
account.
|
|
lastchg
|
Indicates the number of
days between January 1, 1970, and the last password modification date.
|
|
min
|
Contains
the minimum number of days required between password changes.
|
|
max
|
Contains the maximum
number of days the password is valid before the user is prompted to specify a new password.
|
|
inactive
|
Contains the number of days a user account can be inactive before being locked.
|
|
expire
|
Contains the absolute date when the user account
expires. Past this date, the user cannot log in to the system.
|
Fields in the Group File
The fields in the group file are separated by colons and contain the following
information:
group-name:group-password:gid:user-list
|
For example:
Table 1-8 describes the group
file fields.
Table 1-8 Fields in the
group File
|
Field Name
|
Description
|
|
group-name
|
Contains the name
assigned to the group. For example, members of the chemistry department in a university may be called chem. Group names can have a maximum
of nine characters.
|
|
group-password
|
Usually contains an asterisk or is empty. The group-password field
is a relic of earlier versions of UNIX. If a group has a password, the newgrp command prompts users to enter it. However, there is no utility to set the password.
|
|
gid
|
Contains the group's GID number. It must be unique on the local system, and should be unique across the
entire
organization. Each GID number must be a whole number between 0 and 60002. Numbers under 100 are reserved
for system default group accounts. User defined groups can range from 100 to 60000. (60001 and 60002 are
reserved and assigned to nobody and noaccess, respectively.)
|
|
user-list
|
Contains a list of groups and a comma-separated list of user names, representing the
user's secondary group memberships. Each user can belong to a maximum of 16 secondary groups.
|
UNIX User Groups
By default, all Solaris 2.x systems have these groups:
root::0:root
other::1:
bin::2:root,bin,daemon
sys::3:root,bin,sys,adm
adm::4:root,adm,daemon
uucp::5:root,uucp
mail::6:root
tty::7:root,tty,adm
lp::8:root,lp,adm
nuucp::9:root,nuucp
staff::10:
daemon::12:root,daemon
sysadmin::14:
nobody::60001:
noaccess::60002:
nogroup::65534:
|
