etcmaster.passwd


/etc/master.passwd

This file contains usernames and passwords. When you log in, the password you type is compared with the encrypted hash of your password in this file. As such, this file is absolutely vital for system security.

If you're considering editing this file directly, stop. Go back to Chapter 7. Read it again. See if there's another way to make your desired change. Damaging /etc/master.passwd can prevent people from logging in at all and might render your system unusable. If you must edit the password file directly, there's a special program just for that. Vipw(8) calls up the text editor from $EDITOR, allows you to make changes, and checks the file syntax before saving it. Vipw(8) also updates /etc/passwd and the password databases /etc/pwd.db and /etc/ spwd.db. This prevents many of the more basic mistakes and helps ensure data consistency, but if you're really bent on corrupting /etc/master.passwd, vipw(8) will make your task more difficult but won't stop you.

Many programs need access to the information in /etc/master.passwd — for example, shells and home directories must be public information. Rather than allowing anyone to read this file and try to reverse-engineer the hashed password, OpenBSD (and most other UNIXes) provide globally readable bits of this file in /etc/passwd, and a database of this data in /etc/pwd.db.

Fields

Each line in /etc/master.passwd contains ten fields, separated by colons. These are described next.

Username

The first field in a line is the username. This is either an account created by the administrator and used by a real user, or a user created to provide some system user. OpenBSD includes a variety of system accounts such as "named," "nobody," "_portmap," and so on. Various programs run as these other users.

Hashed Password

The second field is the hashed password. System users don't generally have a password, so you can't log in as them. User accounts have a string of random-looking characters here.

One simple way to temporarily disable a user account is to edit the password file and put an asterisk(*) in front of the password. While the account will still be active, nobody will be able to log in to it. I've used this to great effect when a client is behind on a bill; while they ignore overdue payment notices, they call quite quickly when they cannot check their mail. To re-enable the account with the same password they had before, just remove the asterisk.

User ID Number

The third field is the user ID number, or UID. Every user has a unique UID.

Group ID Number

Similarly, the fourth field is the group ID number, or GID. This is the user's primary group, as discussed in Chapter 7. Usually, this is the same as the UID, and the group has the same name as the username.

User's Class

The next field is the user's class, as defined in /etc/login.conf (Chapter 7). You can change a user's class by using chsh(1) or vipw(8).

Password Expiration Date

The expiration date is given in the number of seconds since midnight, January 1, 1970. (This is the "epoch" of UNIX, considered the Beginning of Time, and many different programs use it.) You can convert dates to seconds by using date(1).

Account Expiration Date

This is the number of seconds since the epoch until the system account expires.

Gecos

The gecos field contains the user's real name, office number, work phone number, and home phone number, all separated by commas. Do not use colons in this field; colons are reserved specifically for separating fields in /etc/master.passwd itself.

User's Home Directory

The ninth field is the user's home directory. While this defaults to being under /home, you can move this anywhere you like. You'll just need to move the actual directory when you change this field in /etc/master.passwd.

User's Shell

Finally, the tenth field gives the user's shell. If this field is empty, the user gets boring old /bin/sh.




Absolute Openbsd(c) Unix for the Practical Paranoid
Absolute OpenBSD: Unix for the Practical Paranoid
ISBN: 1886411999
EAN: 2147483647
Year: 2005
Pages: 298

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net