This chapter includes:
This chapter explains how user accounts work, how users can change their password by using the passwd utility, and how system administrators can use the passwd utility and edit account database files to create and maintain users' accounts.
|In embedded systems, the designer may choose to eliminate the account-related files from the system, disabling logins and references to users and groups by name, even though the system remains fully multiuser and may have multiple numeric user IDs running programs and owning system resources. If your system is configured this way, most of this chapter won't be relevant to you.|
A user account associates a textual user name with a numeric user ID and group ID, a login password, a user's full name, a home directory, and a login shell. This data is stored in the /etc/passwd and /etc/shadow files, where it's accessed by login utilities as well as by other applications that need user-account information.
|User names and passwords are case-sensitive.|
User accounts let:
Groups are used to convey similar permissions to groups of users on the system. Entries in /etc/passwd and /etc/group define group membership, while the group ID of a running program and the group ownership and permission settings of individual files and directories determine the file permission granted to a group member.
When you log in, you're in the group specified in /etc/passwd. You can switch to another of your groups by using the newgrp utility.
Once you've logged in, the numeric user ID of your running programs and system resources determines your programs' ability to access resources and perform operations, such as sending signals to other processes. Textual names are used only by utilities and applications that need to convert between names and numeric IDs.
|Changing user names, groups, user IDs, and so on in the account database has no effect on your permission to access files, etc. until you next log in.|
The root user (user ID 0) has permission to do nearly anything to files, regardless of their ownership and permission settings. For more information, see “File ownership and permissions” in Working with Files.
|When the shell interprets a ~username
pathname, it gets the user's home directory from /etc/passwd.
If you remove or change a user's account, any
shell running in the system that had previously accessed that user's home
directory via ~username
may be using the old home directory
information to determine the actual path, because the shell
caches the data.
New shells read the data afresh from /etc/passwd. This may be a problem if a shell script that uses ~username invokes another shell script that also uses this feature: the two scripts would operate on different paths if the home directory information associated with the user name has changed since the first shell looked the information up.
You typically start a session on the computer by logging in (see Logging In, Logging Out, and Shutting Down); the configuration of your account determines what happens then.
When you log in, the system creates a user session led by a process that runs under your user ID and default group ID, as determined from your account entry in /etc/passwd.
The user ID and group ID determine the permission the process has to access files and system resources. In addition, if the process creates any files and directories, they belong to that user and group. Each new process that you start inherits your user ID and group ID from its parent process. For more information about file permissions, see “File ownership and permissions” in Working with Files.
|For more information on characteristics that programs inherit from their parent programs, see spawn() in the Neutrino Library Reference. For more information on sessions and process groups, see IEEE Std 1003.1-2001 Standard for Information Technology Portable Operating System Interface.|
The text-mode login (login) handles a user's login shell differently from the graphical login (phlogin2 or phlogin):
However, the graphical login doesn't start your login shell as an interactive program; it runs your login shell with the arguments -c /usr/bin/ph.
|If your login shell is something other than /bin/sh or /bin/ksh, you might not be able to log in at all using phlogin2 or phlogin.|
The ph command launches the Photon desktop environment. From the Photon desktop, you can start a command-line interpreter (i.e. shell) in a pterm window. This shell is the one identified by the SHELL environment variable.
The account database consists of the following files (listed with the appropriate access permissions):
|/etc/passwd||root||root||rw- r-- r--|
|/etc/group||root||root||rw- r-- r--|
|/etc/shadow||root||root||rw- --- ---|
|/etc/.pwlock||root||root||rw- r-- r--|
Note that anyone can read /etc/passwd. This lets standard utilities find information about users. The encrypted password isn't stored in this file; it's stored in /etc/shadow, which only root has permission to read. This helps prevent attempts to decrypt the passwords.
|To protect the security of your user community, make sure you don't change these permissions.|
Each line in /etc/passwd is in this format:
The fields are separated by colons and include:
|You can't specify any arguments to the login program.|
Here's an sample entry from /etc/passwd:
fred:x:290:120:Fred L. Jones:/home/fred:/bin/sh
Each line in /etc/group is in this format:
The fields are separated by colons and include:
Here's a sample entry:
Each line in /etc/shadow is in this format:
The fields are separated by colons and include:
The passwd utility creates /etc/.pwlock to indicate to other instances of passwd that the password file is currently being modified. When passwd finishes, it removes the lock file.
If you're the system administrator, and you need to edit the account files, you should:
As a regular (non-root) user, you can change your own password. You can also customize your environment by modifying the configuration files in your home directory; see Configuring Your Environment.
To change your password, use the passwd utility; if you're using Photon, you can use phuser. Either utility prompts you for your current password and then for a new one. You have to repeat the new password to guard against typographical errors. In phuser, you can also choose an icon to represent yourself when you log in.
Depending on the password rules that the system administrator has set, passwd may require that you enter a password of a certain length or one that contains certain elements (such as a combination of letters, numbers, and punctuation). If the password you select doesn't meet the criteria, passwd asks you to choose another.
If other users can access your system (e.g. it's connected to the Internet, has a dial-in modem, or is physically accessible by others), be sure to choose a password that will secure your account from unauthorized use. You should choose passwords that:
For more information on system security, see Securing Your System.
If you forget your password, ask the system administrator (root user) to assign a new password to your account. Only root can do this.
In general, no one can retrieve your old password from the /etc/shadow file. If your password is short or a single word, your system administrator — or a hacker — can easily figure it out, but you're better off with a new password.
If you're the system administrator, and you've forgotten the password for root, you need to find an alternate way to access the /etc/passwd and /etc/shadow files in order to reset the root password. Some possible ways to do this are:
As a system administrator, you need to add and remove user accounts and groups, manage passwords, and troubleshoot users' problems. You must be logged in as root to do this, because other users don't have permission to modify /etc/passwd, /etc/shadow, and /etc/group.
|While it's safe at any time to use the passwd utility
to change the
password of an existing user who already has a password, it isn't necessarily
safe to make any other change to the account database while your system is in
active use. Specifically, the following
operations may cause applications and utilities to operate incorrectly when
handling user-account information:
If it's likely that someone might try to use the passwd utility or update the account database files while you're editing them, lock the password database by creating the /etc/.pwlock file before making your changes.
As described below, you should use the passwd utility to change an account's password. However, you need to use a text editor to:
If you're using Photon, you can use phuser, which provides a graphical front end to passwd and also lets you choose an icon or shell for a user and edit the groups.
|The changes you make manually to the account files aren't checked for conformance to the rules set in the passwd configuration file. For more information, see the description of /etc/default/passwd in the documentation for passwd in the Utilities Reference.|
|Make sure that the user name is no longer than 14 characters; otherwise, that user won't be able to log in.|
If you specify a user name that's already registered, passwd assumes you want to change their password. If that's what you want, just type in the new password and then confirm it. If you don't wish to change the user's password, type Ctrl-C to terminate the passwd utility without changing anything.
If the user name isn't already registered, passwd prompts you for account information, such as the user's group list, home directory, and login shell. The /etc/default/passwd configuration file specifies the rules that determine the defaults for new accounts. For more information, see the description of this file in the documentation for passwd.
The prompts include:
|The passwd utility doesn't add the new user to the group's entry in the /etc/group file; you need to do that manually using a text editor. See “Defining Groups” for more details.|
|You can specify any program as the login shell, but you can't pass command-line arguments to it. Also, the phlogin2 or phlogin graphical login fails if the login shell is anything but a POSIX-compatible shell.|
Instead of specifying a custom program within the account entry, you should customize the user's .profile file in their home directory; /bin/sh runs this profile automatically when it starts up. For more information, see Configuring Your Environment.
Instead of removing a user, you can disable the account by using the passwd utility to change the account's password. In this way, you can tell which system resources the former user owned, since the user ID-to-name translation still works. When you do this, the passwd utility automatically handles the necessary locking and unlocking of the account database.
If you ever need to log into that account, you can either use the su (“switch user”) utility to switch to that account (from root), or log in to the account. If you forget the password for the account, remember that the root user can always change it.
What should you do with any resources that a former user owned? Here are some of your options:
find / -user user_name_or_ID -chown new_username
find / -user user_name_or_ID | pax -wf archivefile
find / -user user_name_or_ID -remove!
|If you remove a user's account in the account database but don't remove or change the ownership of their files, it's possible that a future account may end up with the same numeric user ID, which would make the new user the owner of any files left behind by the old one.|
A user's account entry in /etc/passwd solely determines which group the user is part of on logging in, while the groups a user is named in within the /etc/group file solely determine the groups the user may switch to after logging in (see the newgrp utility). As with user names and IDs, the numeric effective group ID of a running program determines its access to resources.
For example, if you have a team of people that require access to /home/projects on the system, but you don't want the other users to have access to it, do the following:
chgrp -R projects /home/projects chmod -R g+rw /home/projects
chmod -R o-rwx /home/projects
For more details on permissions, see “File ownership and permissions” in Working with Files.
For more information about the fields, see “/etc/group,” earlier in this chapter.
|Do this work at a time when the system is idle. As your text editor writes the /etc/group file back, any application or utility that's trying to simultaneously read the /etc/group file (e.g. ls -l, newgrp) might not function correctly.|
Each time you add a new user to a group (e.g. when you use passwd to create a new user account), you need to edit the /etc/group file and add the user to the appropriate group entry. For instance, if you have an existing group techies and want to add zeke to the group, change:
You should do this at a time when you're certain no users or programs are trying to use the /etc/group file.
Here are some problems you might encounter while working with passwords and user accounts:
If the system crashes during the update, and /etc/.pwlock still exists, passwd refuses to work until the system administrator removes the file.
If the password files are left in an inconsistent state as a result of the crash, the system administrator should also copy the backup files, /etc/oshadow and /etc/opasswd, to /etc/shadow and /etc/passwd to prevent additional problems.
In either case, see your system administrator for help.
To avoid giving clues to unauthorized users, login doesn't tell you whether it's the user name or the password that's wrong. If you can't resolve the problem yourself, your system administrator (root user) can set a new password on your account.
This symptom can also occur if one or more password-related files are missing. If the system administrator is in the middle of updating the files, it's possible that its absence will be temporary. Try again in a minute or two if this might be the case. Otherwise, see your system administrator for help.
If you are the system administrator and can't access the system, try accessing it from another Neutrino machine using Qnet, from a development machine using the qconn interface, or boot and run from the installation CD-ROM to gain shell access to examine and repair the necessary files.