ptg10805159
182 System Data Files and Information Chapter 6
The only two mandatory fields arethe user’s login name and encrypted password.
The other fields control how often the password is to change — known as ‘‘password
aging’’—and how long an account is allowed to remain active.
The shadow passwordfile should not be readable by the world. Only a few
programs need to access encrypted passwords —login( 1 ) and passwd( 1 ),for
example — and these programs areoften set-user-ID root. With shadow passwords, the
regular passwordfile,/etc/passwd,can be left readable by the world.
On Linux 3.2.0 and Solaris 10, a separate set of functions is available to access the
shadow passwordfile, similar to the set of functions used to access the passwordfile.
#include <shadow.h>
struct spwd *getspnam(const char *name);
struct spwd *getspent(void);
Both return: pointer if OK,NULLon error
void setspent(void);
void endspent(void);
On FreeBSD 8.0 and Mac OS X 10.6.8, there is no shadow passwordstructure. The
additional account information is stored in the passwordfile (refer back to Figure6.1).
6.4 Group File
The UNIX System’s group file, called the group database by POSIX.1, contains the fields
shown in Figure6.4. These fields arecontained in agroupstructurethat is defined in
<grp.h>.
struct group FreeBSD Linux Mac OS X Solaris
Description member POSIX.1 8.0 3.2.0 10.6.8 10
group name char *gr_name •• • • •
encrypted password char *gr_passwd ••••
numerical group ID int gr_gid •• • • •
array of pointers to individualchar **gr_mem •• • • •
user names
Figure 6.4 Fields in/etc/groupfile
The fieldgr_memis an array of pointers to the user names that belong to this group.
This array is terminated by a null pointer.
We can look up either a group name or a numerical group ID with the following
two functions, which aredefined by POSIX.1.
#include <grp.h>
struct group *getgrgid(gid_tgid);
struct group *getgrnam(const char *name);
Both return: pointer if OK,NULLon error