Understanding account database files
An important distinction between
UNIX® systems is how account information is stored.
This affects the interaction of accounts across different
types of UNIX systems, and governs how programs access this data.
The account database files fall into two categories: UNIX system files (those
defined in the System V Interface Definition) and the trusted
facility database files that extend System V security.
These files are supported and maintained by the
system to ensure compatibility with other UNIX systems.
System V files:
/etc/passwd-
This publicly readable file is
present on most UNIX systems and contains both account data
(such as user ID number, login shell)
and (on some systems) an encrypted account password.
Password aging information is also supported.
The format is documented in
passwd(4).
It can be edited by experienced administrators,
but using the Account Manager is the preferred
method for adding and maintaining user accounts --
see
``Editing the /etc/passwd file''.
/etc/shadow-
This file is readable only by
root. It contains the encrypted password otherwise
found in the /etc/passwd file.
The format is documented in
shadow(4).
/etc/default/passwd and /etc/default/login-
These contain default account
information and are documented in
passwd(1)
and
login(1),
respectively.
Trusted facility database files:
/etc/security/ia/master-
This is a non-human readable file containing the same information
found in /etc/passwd and /etc/shadow.
/etc/security/ia/index-
This is a non-human readable file containing a list of user accounts.
/etc/security/tcb/privs-
The file privilege database contains the privileges necessary to run
system commands. See
``A file-Based privilege mechanism''
for more information.
/etc/security/tfm/users/*-
This directory contains the authorizations assigned to each user.
See
``Assigning authorizations''
for information on using the Account Manager and
``Adding commands for a user''
for a description of the command-line interface.
/etc/security/tfm/roles/*-
This directory contains the authorizations assigned to each
administrative role. See
``TFM and administrative roles''
for more information.
Other files:
/usr/lib/scoadmin/account/PrivTable-
This file contains the system
authorizations,
the associated commands or SCOadmin managers, and the requisite
privileges that go with them. See
PrivTable(4)
for more information.
Next topic:
Editing the /etc/passwd file
Previous topic:
Security profiles
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004