LINUX TIPS AND TRICKS --- August 10, 2001

Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
_________________________________________________________________

Passwd and Shadow Files
By Danny Kalev

A user account consists of a valid username and password, a home 
directory, and a default shell. When the user attempts to log 
in, Linux examines the passwd file to ensure that these 
requirements are met. The passwd file, located in the /etc 
directory, contains user account records each consisting of 7 
fields separated by colons. Here's an example of a passwd file:

    root:x:0:0:root:/root:/bin/bash
    bin:x:1:1:bin:/bin:
    james:x:600:600:201-234-5678:/home/james:/bin/bash

Let's parse the last entry and learn what each field means.

    * The user's username.
    * The second field traditionally stores the user's password 
      in an encrypted form. However, newer Linux distributions 
      use a shadowing system (I will discuss shadowing shortly).
      Such systems merely store a placeholder in this field and
      keep the passwords in a different file.
    * UID. This number is attached to the user's processes and 
      thus enables the sysadmin to associate the currently 
      active processes to their users. Although you can assign 
      arbitrary UIDs to users, restricting these numbers to a 
      range (e.g., 600-699) is advisable. Remember that UID 0 
      is reserved for root.
    * GUID. A user may belong to several groups but has only one
      native group. This field stores the native group value.
    * The fifth field is called the General Electric 
      Comprehensive Operating System field (GECOS). 
      Traditionally, it stores the user's real name. However, 
      you can store any other value in this field such as the 
      user's telephone number. This field is mostly used for 
      reporting purposes such as Finger queries. In this 
      example, the field contains the user's telephone number.
    * User's home directory. In this example, the users home 
      directory is /home/james.
    * User's default shell. The default shell is the one that 
      Linux invokes when the user has logged into the system. 
      Although bash is the most common shell, other options are 
      available -- namely ash, csh, ksh, tcsh, and zsh.

Shadowing
Shadowing systems store users' password and associated rules in 
a special file called /etc/shadow. When a shadowing system is 
in use, the passwd file remains readable but it doesn't contain 
passwords anymore. Instead, the password field is filled with a 
placeholder. A shadow file looks like this:

    root:HDJIKW1.PA:11015:0::7:7::
    james:7aNicVa5rg9B:11015:0:-1:7:-1:-1:

A shadow file contains 9 fields separated by colons (the values 
in parentheses are taken from the last entry of the above 
shadow file):

    * Username (james)
    * Password in an encrypted form (7aNicVa5rg9B)
    * Number of days since 1/1/1970 that the password was last 
      modified (11015)
    * Number of days left before the user is allowed to change 
      his password (0)
    * Number of days left before the user is forced to change 
      his password (-1)
    * Number of days in advance that the user is prompted to 
      change his password (7)
    * Number of days left before disabling the account unless 
      the user changes his password (-1)
    * Number of days since 1/1/1970 that the account has been 
      disabled (-1)
    * Reserved


About the author(s)
-------------------
Danny Kalev is a system analyst and software engineer with more 
than 10 years of experience, specializing in C++ and 
object-oriented analysis and design on various platforms 
including VMS, DOS, Windows, Unix, and Linux. His technical 
interests involve code optimization, networking, and 
distributed computing. He is also a member of the ANSI C++ 
standardization committee and the author of ANSI/ISO C++ 
Professional Programmer's Handbook (Que, 1999). Danny can be 
reached at linuxnl@excite.com.
_________________________________________________________________

ADDITIONAL RESOURCES

User Accounts
http://witten.hartwick.edu/cisc/projects/sysadmin/
useraccounts.html

User and Group Management
http://www.algonquincollege.com/~ayalac/cst8286/material/w1.htm

Linux Tips and Tricks Newsletter Archive
http://www.itworld.com/nl/lnx_tip/
_________________________________________________________________

ITWORLD.COM SERVICES

ITworld.com's RFP Exchange is the place to go for all your 
outsourcing needs!

Post an RFP for FREE and receive proposals from qualified IT 
providers. Go to the RFP Exchange and get your projects 
started today! http://itworld.newmediary.com/itw0608nwsltrb
_________________________________________________________________

CUSTOMER SERVICE

SUBSCRIBE/UNSUBSCRIBE:
- Go to: http://www.itworld.com/newsletters
- Click on "View my newsletters" to log in and manage your
  account
- To subscribe, check the box next to the newsletter
- To unsubscribe, uncheck the box next to the newsletter 
- When finished, click submit

Questions? Please e-mail customer service at: 
mailto:support@itworld.com
_________________________________________________________________

CONTACTS

* Editorial: Andrew Santosusso, Associate Editor, Newsletters, 
  andrew_santosusso@itworld.com

* Advertising: Clare O'Brien, Vice President of Sales, 
  clare_obrien@itworld.com

* Recruitment advertising: Jamie Swartz, Eastern, Regional Sales 
  Manager, jamie_swartz@itworld.com or Paul Duthie, Western
  Regional Sales Manager, paul_duthie@itworld.com

* Other inquiries: Jodie Naze, Senior Product Marketing Manager, 
  jodie_naze@itworld.com
_________________________________________________________________

PRIVACY POLICY
http://www.itworld.com/Privacy/

Copyright 2001 ITworld.com, Inc., All Rights Reserved.
http://www.itworld.com
