Traditionally Unix uses the file /etc/passwd
to define who has an
account on the system. The file /etc/passwd
is a plain text file with
one line for each user. The lines have several colon delimited fields. Here is the
format:
username:e-password:UID:GID:info:directory:program
The username is the user's login name. The e-password is the user's password encrypted (actually the password is "hashed" not encrypted but this difference does not concern us here). The UID is the user's ID number. The GID is the ID number of the user's primary group. Info is any arbitrary information about the user that the system administrator wants to record. Typically, the user's full name and office phone extension go here. Directory is the user's home directory—the working directory the user will have when they first log in. Program is the shell program invoked for the user.
For example, Here is a typical /etc/passwd
entry:
pchapin:fEeww9j4mODeI:202:20:Peter Chapin:/u/pchapin:/bin/ksh
Here is the /etc/passwd
entry of the "user" bin. Bin is not a real
user, but bin does own many files on the system. It is common for a multi-user system to
contain several pseudo users for special purposes.
bin:*:2:2::/bin:/bin/sh
The '*' in the e-passwd field means that it's impossible to log in as bin. An account without a password would have an empty e-passwd field.
The /etc/passwd
file is readable by everybody. Several Unix utility
programs use the information in /etc/passwd
. This is because the system
normally deals with user ID numbers and most utilities use /etc/passwd
to convert those numbers into usernames when possible.
The GID specified in the /etc/passwd
file is the user's primary
group. However, users can be in several other groups as well. The groups that exist on the
system are defined by the file /etc/group
. Here is its format
group-name:e-password:GID:logname-list
The group-name is the name of the group. The e-password is not used. The GID is the ID number of the group. The logname-list is a list of lognames that represent the membership of the group.
Every process that runs on a Unix system has two UID numbers associated with it. The "real" UID is the ID number of the user that launched the process (directly or indirectly). The "effective" UID is the ID number of the user for which the process has the same security rights. Normally, the real and effective UIDs of a process are the same. I will describe the situation where they are different a little later.
Every file and directory has an owner. Generally, the owner of a file is the same as the effective UID of the process that created the file.
In addition, every process has a real GID number associated with it. This GID is the
number associated with the real UID in the /etc/passwd
file. Every
process also has an effective GID that is normally the same as the real GID. In addition,
every process has an associated group access list that defines the GIDs of all the groups
that the process is a member. Normally the group access list is taken from the
/etc/group
file at login time.
Every file and directory has a group association. This group is usually the effective GID of the process that created the file. However, under some circumstances the GID of a file may be totally unrelated to the file's UID.