Administering user accounts

Understanding account database files

An important distinction between UNIX® systems is how account information is stored. This affects the interaction of accounts across different types of UNIX systems, and governs how programs access this data. The account database files fall into two categories: UNIX system files (those defined in the System V Interface Definition) and the trusted facility database files that extend System V security. These files are supported and maintained by the system to ensure compatibility with other UNIX systems.

System V files:

This publicly readable file is present on most UNIX systems and contains both account data (such as user ID number, login shell) and (on some systems) an encrypted account password. Password aging information is also supported. The format is documented in passwd(4). It can be edited by experienced administrators, but using the Account Manager is the preferred method for adding and maintaining user accounts -- see ``Editing the /etc/passwd file''.

This file is readable only by root. It contains the encrypted password otherwise found in the /etc/passwd file. The format is documented in shadow(4).

/etc/default/passwd and /etc/default/login
These contain default account information and are documented in passwd(1) and login(1), respectively.

Trusted facility database files:

This is a non-human readable file containing the same information found in /etc/passwd and /etc/shadow.

This is a non-human readable file containing a list of user accounts.

The file privilege database contains the privileges necessary to run system commands. See ``A file-Based privilege mechanism'' for more information.

This directory contains the authorizations assigned to each user. See ``Assigning authorizations'' for information on using the Account Manager and ``Adding commands for a user'' for a description of the command-line interface.

This directory contains the authorizations assigned to each administrative role. See ``TFM and administrative roles'' for more information.

Other files:

This file contains the system authorizations, the associated commands or SCOadmin managers, and the requisite privileges that go with them. See PrivTable(4) for more information.

Next topic: Editing the /etc/passwd file
Previous topic: Security profiles

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004