Traditionally Unix uses the file /etc/passwd to define who has an account on the system. The file /etc/passwd is a plain text file with one line for each user. The lines have several colon delimited fields. Here is the format:

username:e-password:UID:GID:info:directory:program

The username is the user's login name. The e-password is the user's password encrypted (actually the password is "hashed" not encrypted but this difference does not concern us here). The UID is the user's ID number. The GID is the ID number of the user's primary group. Info is any arbitrary information about the user that the system administrator wants to record. Typically, the user's full name and office phone extension go here. Directory is the user's home directory—the working directory the user will have when they first log in. Program is the shell program invoked for the user.

For example, Here is a typical /etc/passwd entry:

pchapin:fEeww9j4mODeI:202:20:Peter Chapin:/u/pchapin:/bin/ksh

Here is the /etc/passwd entry of the "user" bin. Bin is not a real user, but bin does own many files on the system. It is common for a multi-user system to contain several pseudo users for special purposes.

bin:*:2:2::/bin:/bin/sh

The '*' in the e-passwd field means that it's impossible to log in as bin. An account without a password would have an empty e-passwd field.

The /etc/passwd file is readable by everybody. Several Unix utility programs use the information in /etc/passwd. This is because the system normally deals with user ID numbers and most utilities use /etc/passwd to convert those numbers into usernames when possible.

The GID specified in the /etc/passwd file is the user's primary group. However, users can be in several other groups as well. The groups that exist on the system are defined by the file /etc/group. Here is its format

group-name:e-password:GID:logname-list

The group-name is the name of the group. The e-password is not used. The GID is the ID number of the group. The logname-list is a list of lognames that represent the membership of the group.

Every process that runs on a Unix system has two UID numbers associated with it. The "real" UID is the ID number of the user that launched the process (directly or indirectly). The "effective" UID is the ID number of the user for which the process has the same security rights. Normally, the real and effective UIDs of a process are the same. I will describe the situation where they are different a little later.

Every file and directory has an owner. Generally, the owner of a file is the same as the effective UID of the process that created the file.

In addition, every process has a real GID number associated with it. This GID is the number associated with the real UID in the /etc/passwd file. Every process also has an effective GID that is normally the same as the real GID. In addition, every process has an associated group access list that defines the GIDs of all the groups that the process is a member. Normally the group access list is taken from the /etc/group file at login time.

Every file and directory has a group association. This group is usually the effective GID of the process that created the file. However, under some circumstances the GID of a file may be totally unrelated to the file's UID.