The passwd and group files

City College of San Francisco - CS260A
Unix/Linux System Administration
Module: Users and Authentication

The passwd, group files

Possibly the most important configuration files on the system are the passwd file (/etc/passwd) and the group file (/etc/group). The existence of a user on the system is defined by the existence of an entry in the passwd file. Similarly, the existence of a group on the system is defined by an entry in the group file.

The /etc/group file

Remember, each user on a Unix or linux system is a member of one or more groups. One of these groups is the user's default (or primary) group: that is the group that is assigned to any new data created by the user. The world-readable group file defines the groups available to place users (and files) in. Entries have the format

gname:gpass:gid:members

where

gname is the unique group name. It should be limited to lowercase letters and digits. A group name cannot begin with a digit.
gpass is supposedly the encrypted group password or empty if none. I have never seen a group password used and have no idea what it means if it is present.
gid is the unique numeric group id. The great majority of times the group file is read it is done simply to translate a group name to a group id.
members is a comma-separated list of usernames who are members of this group. Usually, this list does not include those users whose default group is this group - only users who have this group as one of their secondary groups. This means that there may be many members of the group that are not listed in the members list of the entry in the group file.

Some systems use an enhanced package for group management called gshadow. It uses the group password to create group administrators who can alter group members and keeps additional information (including the passwords) in the /etc/gshadow file. We will not cover gshadow. The interested reader is referred to the linux man page on gpasswd(1).

The /etc/passwd file

Arguably the most important file on the system, each user is defined by the existence of an entry in the passwd file. Entries have this format:

uname:password:uid:gid:gecos:home:shell

where

uname is the name of the user account. Traditionally this is limited to eight characters consisting of lowercase letters and digits. An account name cannot begin with a digit.
password traditionally was the encrypted password. Since the /etc/passwd file is world-readable, the password is usually moved to a shadow file that is only readable by root. On linux the shadow file is kept in /etc. In this case, the password field in the passwd file is replaced with a one-character marker to indicate 'use the shadow file'. This is currently a lower-case x. The appearance of any other characters in the password field disables the account. Note: if this field is empty, the account may not need any password at all! (The shadow file and passwords are the subject of the next section.) The contents of the password field (or the password that is kept in the shadow file) is set by the user by running the program passwd.
uid is the unique integer user id that uname is translated to.
gid is the integer group id of the user's default group.
gecos is a legacy field originally used to share information with the General Electric Comprehensive Operating System. It is now used for the finger information field, and contains many pieces of information used by finger.The default contents of this field, and the first piece of finger information, is the user's real name. If more finger information has been entered (by running chfn) the individual pieces appear as comma-delimited subfields in the gecos field.
home is the absolute path of the user's home directory. If this directory cannot be found, the user will be connected to the root directory /
shell is the absolute path of the program that is executed when the user logs in. The user remains 'logged on' as long as this program executes. When the program exits, the user logs off. In actuality, the shell field may contain the path to any executable, including a shell script. Typically, however, its contents is limited to one of a list of 'sanctioned shell programs' that are listed in the shells file, which on linux is in /etc. The user may change their shell to any of these shells using the program chsh(1).

Non-local accounts

Note: currently our linux network at CCSF uses accounts on NIS. On these systems special tools must be used to change your shell, password, and finger information. They are named the same as the standard programs with the prefix yp - yppasswd, ypchsh, ypchfn. (The yp prefix comes from the old name for NIS (yellow pages)). In addition, ypcat is used to access the network NIS account databases. ypcat is a multi-function program, but, our purposes, it is most useful to display the NIS passwd and group file:

local command	NIS counterpart
cat /etc/passwd	ypcat passwd.byname
cat /etc/group	ypcat group.byname

If you are looking for a particular item, just use grep to filter the output.

NOTE: NIS often allows normal uses to display encrypted passwords from the server's shadow file in this manner! In other words, ypcat passwd.byname will display shadow passwords if NIS is not configured carefully!

We will discuss non-local accounts more completely in the section on authentication.

Preview question: How do you create a password for yourself when you visit a new site on the Internet? Do you use the same scheme when you are creating a linux password? Would you use the same scheme (or even the same password(!) for the root account? How do you keep track of all these passwords?

This page was made entirely with free software on linux:
the Mozilla Project and Openoffice.org