19.4 The Group File (etcgroup)

19.4 The Group File (/etc/ group )

Like the /etc/passwd file, the /etc/group file also contains fields separated by a colon character (:). Figure 19-2 shows the format of this file.

The second field is the Group Password field and is usually empty. Group List contains a list of users who are members of this group. A sample /etc/passwd file follows .

 root::0:root other::1:root,boota bin::2:root,bin sys::3:root,uucp adm::4:root,adm daemon::5:root,daemon mail::6:root lp::7:root,lp tty::10: nuucp::11:nuucp users::20:root nogroup:*:-2: 

Restricted User Access

Restricted user access is made possible with the help of a special command shell known as the restricted shell ( rsh ). It provides the same functionality as a normal POSIX shell except the following restrictions.

1. A user can't change directories.

2. A user can't set or change the environment variables SHELL , PATH , or ENV .

3. A command cannot be issued that starts with /.

4. I/O redirection is disabled.

Verifying Consistency of Password and Group Files

To check the consistency of the /etc/passwd and /etc/group files, you can use the pwck and grpck commands, respectively. The pwck command checks consistency of the password files and reports incorrect or incomplete entries. It also reports if you have used group IDs that don't exist in the /etc/group file. It will also show if it does not find any home directory for a user. The grpck command checks the /etc/group file and lists anything wrong in it. It also verifies that the user names used in the group membership are present in the /etc/passwd file. It lists any missing users on your terminal screen.

To manually edit the /etc/passwd file, use the vipw editor instead of vi or another editor. The vipw is a special editor that puts a lock on the file so that users may not change their passwords during the time that root is in the editing process. If you use some other editor, inconsistencies may occur if someone else also makes changes to the file during that time.