The Linux Programming Interface

(nextflipdebug5) #1

154 Chapter 8


In order, these fields are as follows:

z Login name: This is the unique name that the user must enter in order to log in.
Often, this is also called the username. We can also consider the login name to
be the human-readable (symbolic) identifier corresponding to the numeric
user identifier (described in a moment). Programs such as ls(1) display this
name, rather than the numeric user ID associated with the file, when asked to
show the ownership of a file (as in ls –l).
z Encrypted password: This field contains a 13-character encrypted password,
which we describe in more detail in Section 8.5. If the password field contains
any other string—in particular, a string of other than 13 characters—then logins
to this account are disabled, since such a string can’t represent a valid
encrypted password. Note, however, that this field is ignored if shadow pass-
words have been enabled (which is typical). In this case, the password field in
/etc/passwd conventionally contains the letter x (although any nonempty charac-
ter string may appear), and the encrypted password is instead stored in the
shadow password file (Section 8.2). If the password field in /etc/passwd is
empty, then no password is required to log in to this account (this is true even
if shadow passwords are enabled).

Here, we assume that passwords are encrypted using Data Encryption Stan-
dard (DES), the historical and still widely used UNIX password-encryption
scheme. It is possible to replace DES with other schemes, such as MD5, which
produces a 128-bit message digest (a kind of hash) of its input. This value is
stored as a 34-character string in the password (or shadow password) file.

z User ID (UID): This is the numeric ID for this user. If this field has the value 0,
then this account has superuser privileges. There is normally one such account,
with the login name root. On Linux 2.2 and earlier, user IDs are maintained as
16-bit values, allowing the range 0 through to 65,535; on Linux 2.4 and later,
they are stored using 32 bits, allowing a much larger range.

It is possible (but unusual) to have more than one record in the password file
with the same user ID, thus permitting multiple login names for the same user
ID. This allows multiple users to access the same resources (e.g., files) using
different passwords. The different login names can be associated with differ-
ent sets of group IDs.

z Group ID (GID): This is the numeric ID of the first of the groups of which this
user is a member. Further group memberships for this user are defined in the
system group file.
z Comment: This field holds text about the user. This text is displayed by various
programs, such as finger(1).
z Home directory: This is the initial directory into which the user is placed after
logging in. This field becomes the value of the HOME environment variable.
z Login shell: This is the program to which control is transferred once the user is
logged in. Usually, this is one of the shells, such as bash, but it can be any pro-
gram. If this field is empty, then the login shell defaults to /bin/sh, the Bourne
shell. This field becomes the value of the SHELL environment variable.
Free download pdf