1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<!--Converted with LaTeX2HTML 96.1-h (September 30, 1996) by Nikos Drakos (nikos@cbl.leeds.ac.uk), CBLU, University of Leeds -->
<HTML>
<HEAD>
<TITLE>/etc/passwd and other informative files</TITLE>
<META NAME="description" CONTENT="/etc/passwd and other informative files">
<META NAME="keywords" CONTENT="sag">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<LINK REL=STYLESHEET HREF="sag.css">
</HEAD>
<BODY LANG="EN" >
<A NAME="tex2html1440" HREF="node90.html"><IMG WIDTH=37 HEIGHT=24 ALIGN=BOTTOM ALT="next" SRC="./next_motif.gif"></A> <A NAME="tex2html1438" HREF="node88.html"><IMG WIDTH=26 HEIGHT=24 ALIGN=BOTTOM ALT="up" SRC="./up_motif.gif"></A> <A NAME="tex2html1432" HREF="node88.html"><IMG WIDTH=63 HEIGHT=24 ALIGN=BOTTOM ALT="previous" SRC="./previous_motif.gif"></A> <A NAME="tex2html1442" HREF="node1.html"><IMG WIDTH=65 HEIGHT=24 ALIGN=BOTTOM ALT="contents" SRC="./contents_motif.gif"></A> <A NAME="tex2html1443" HREF="node114.html"><IMG WIDTH=43 HEIGHT=24 ALIGN=BOTTOM ALT="index" SRC="./index_motif.gif"></A> <BR>
<B> Next:</B> <A NAME="tex2html1441" HREF="node90.html">Picking numeric user and </A>
<B>Up:</B> <A NAME="tex2html1439" HREF="node88.html">Creating a user</A>
<B> Previous:</B> <A NAME="tex2html1433" HREF="node88.html">Creating a user</A>
<BR> <P>
<A NAME="2828"> </A><H2><A NAME="SECTION001021000000000000000"><tt>/etc/passwd</tt> and other informative files</A></H2>
<P>
The basic user database in a Unix system is the text
file, <tt>/etc/passwd</tt><A NAME="2830"> </A> (called the <b>password
file</b>), which lists all valid usernames and their
associated information. The file has one line per
username, and is divided into seven colon-delimited
fields:
<OL>
<LI> Username.
<LI> Password, in an encrypted form.
<LI> Numeric user id.
<LI> Numeric group id.
<LI> Full name or other description of account.
<LI> Home directory.
<LI> Login shell (program to run at login).
</OL>
The format is explained in more detail in <em>passwd</em><A NAME="2833"> </A>(5).
<P>
Any user on the system may read the password file, so that
they can, for example, learn the name of another user.
This means that the password (the second field) is also
available to everyone. The password file encrypts the
password, so in theory there is no problem. However, the
encryption is breakable, especially if the password is weak
(e.g., it is short or it can be found in a dictionary).
Therefore it is not a good idea to have the password in
the password file.
<P>
Many Linux systems have <b>shadow passwords</b>. This is
an alternative way of storing the password: the encrypted
password is stored in a separate file, <tt>/etc/shadow</tt><A NAME="2836"> </A>,
which only <tt>root</tt> can read. The <tt>/etc/passwd</tt><A NAME="2838"> </A>
file only contains a special marker in the second field.
Any program that needs to verify a user is setuid, and
can therefore access the shadow password file. Normal
programs, which only use the other fields in the password
file, can't get at the password.<A NAME="tex2html42" HREF="footnode.html#2816"><IMG ALIGN=BOTTOM ALT="gif" SRC="./foot_motif.gif"></A>
<P>
<BR> <HR>
<P><ADDRESS>
<I>Lars Wirzenius <BR>
Sat Nov 15 02:32:11 EET 1997</I>
</ADDRESS>
</BODY>
</HTML>
|