| The user's password information is located in a file named /etc/passwd. This is an ASCII file and is readable by everyone, which isn't a problem because all the security information is located elsewhere (as we will see later). For the moment, we'll ignore the default entries that are in the filesuffice it to say that they are required by the system and their use will be explained as we come across them. Let's have a look at what the password file contains: hydrogen# cat /etc/passwd root:x:0:1:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/:/bin/ksh adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: smtp:x:0:0:Mail Daemon User:/: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:37:4:Network Admin:/usr/net/nls: nobody:x:60001:60001:Nobody:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x Nobody:/: hydrogen# We can see from this example that each entry consists of the following seven fields, each separated by a colon (:), some of which may be blank. Field 1: Login Name A user must have a name that he or she will use to access the system. This name is chosen and added to the system files by the system administrator. The restrictions on this name are that: It must be unique. It should contain between two and eight characters, the first being a letter. It can actually be longer, but programs such as pwck (see "Checking the Files" on page 66) will report more than eight as an error. It is often an abbreviation of the user's full name; for example, given name and surname or first initial and surname. This field cannot be empty.
Field 2: Password This originally contained the encrypted password on earlier versions of the operating system. Nowadays, however, it may also contain information that is used in conjunction with the shadow file, which now means the following types of entries are valid: Nothing; it may be an empty field. An "x" to indicate to other programs that the password is located elsewhere (see "Shadow File" on page 43). An encrypted password. This is the "original" format, and may be there for a number of reasons, such as the password has been manually inserted, or the file is from an old machine. The section on pwconf shows how this can be altered to the current format.
Field 3: User ID Number This field contains the UID, which we've already mentioned should be unique. However, multiple login names assigned to a common UID can be used as a way of tracking specific users, as we'll show later with the powerdown user. In summary, this field's restrictions are as follows: The assigned UID should be between 0 and 60,000 for compatibility, but note that some UID numbers are special. For example, in Chapter 1 we showed that a UID number of 0 provides super-user privileges. UIDs between 0 and 99 are reserved for future use, so a good base to start would be 100. This field must have a value.
Field 4: Group ID Number This contains the GID number of the user's primary group; we'll discuss these in more detail a little later. Some default groups are predefined on the system, such as staff, operator, and other. The field restrictions are as follows: Any number of users can be part of a specific group. This field should correspond to an entry in the group file. It must have a valuewe stated earlier that a user must be a member of at least one group. It doesn't have to be unique.
Field 5: Comment Field This field is commonly termed the "gecos" field (it used to contain information used by the system that ran the "General Electric Comprehensive Operating System") and can contain a comment string of some sort. It usually contains the user's full name or some similar relevant piece of information. This is because a number of other programs will read and use the contents of this field; for example, mail in its "From:" line and finger in its "In Real Life" line. This field can also contain an "&," which means "use the login name." For example, if an entry looked like the one shown below: demo::100:100:The users name is &:/home/demo:/bin/ksh then the finger command would contain "The users name is demo" in its output. This field can be empty, in which case any program that tries to use this field will simply output null values. Field 6: The Home Directory Every time the user logs on to the system, various start-up files are read from the home directory (see Chapter 5, "Shells"), after which the user is placed within the filesystem at this location. It is here that users are usually free to create files and directories and store any work. The usual method of creating home directories is to place all the users under a general location, such as /export/home or /home. The field must not be empty. The user should have permission to access the directory specified (see Chapter 4, "Permissions and All That").
Field 7: The Program to Run on Login When users log on to the system, the program that is specified in this field is started on their behalf and continues to run until they logout or exit the program. Normally the program will be a shell (see Chapter 5, "Shells"), but can be any system program. For example, someone who is shutting down the system might run a shutdown program. | 
