The /etc/passwd file
Things to consider:
- This should follow some pattern based on the actual name.
- Names are limited to eight characters, must start with a letter, and
contain alphanumeric characters their after.
- Login names are case sensitive!
- Try to keep accounts consistent across machines. This can be a
problem in a multi-OS environment.
Things to consider:
- Passwords are stored as encrypted strings. Thus editing a password
field is futile unless you can do DES encryption in your head.
- Placing an asterisk in the string will disable access to the account.
- Pick strong passwords and enforce choosing strong passwords. The
npasswd utility is a good alternative to traditional passwords.
- Consider alternatives such as shadow passwords or kerberos. Shadow
passwords are described below.
Shadow password support is now fairly common on Unix. The idea is to remove
the encrypted passwords from the /etc/passwd file and store them in a
file that doesn't allow world:read access. Shadow passwords are stored
in the file /etc/shadow. The shadow password file can be created
with the
command
pwconv. This will extract the passwords from the password file
and create the /stc/shadow file.
Shadow passwords work on a single system but don't offer much protection
in a NIS environment. In that environment somethng like kerberos is a
better tool at protecting passwords. We will discuss this when we review
security.
The UID is used by the file system to control who owns a file and who
has access to a file. The UID value of 0 is consider a special
value and signifies the account holder should have unrestricted access
to the system. Since UID's control access to files and determine ownership
it is best to assign each person a unique UID value. Things to consider
include:
- UID's generally range from 0 to 32767 although some systems now allow
UID's to range up 65534.
- Often the first 30 UID's are used as place holders for different
system functions.
- When we discuss NFS you will see that it is critical to coordinate
UID's across system boundaries.
- If you change someone's UID you must change the ownership of their
existing files.
The group field controls group ownership and access to files.The group ID
in the password file is the default group to use for ownership of files.
- Values must range between 0 and 32767.
- Values of 0 and 1 should be reserved.
- Each user can belong to a limited number of groups. Usually this
limit is either 8 or 16.
The gecos field takes it's name from an old batch operating system. It's
function is to provide some demographic information about the account. The
finger command uses this field to display information about the
user specified. In order for the finger command to properly display
the information the field uses commas to seperate the information. Finger
assumes the following format:
fullname, Office Location, Office Phone, Home Phone
If a field is missing just leave it empty and use the comma to move to the
next field.
To change this value Berkeley systems offer the chfn command. Systems
running NIS can use the ypchpass command to update the information
on themselves. If you are using this field to keep demographic info on
users then you may want to disable the commands that allow updates.
This is your default directory when you log in. Some systems
will not allow you to log in if your home directory is not present.
This is a nice feature, without this the users are placed in the root
directory. While this isn't (shouldn't) a security problem it will
create confusion when the user finds many utilities don't work.
Naming strategy for directorys depend on the number of accounts and size
of filesystems. Your best bet is to create a strategy that allow
flexibility down the road. We will discuss this later when we review NFS.
This is the command interpreter to use for your account. General choices
are /bin/csh, /bin/ksh, and /bin/sh. In addition,
other choices include /bin/tcsh and /bin/bash. Many systems
limit the shells you can use to those listed in the file /etc/shells.
One useful feature for the shell field is creating a shell script that
notifies someone their account has been disabled.