Wednesday, August 3, 2011

/etc/passwd : AIX - User administration related files

The /etc/passwd file contains basic user attributes. This is an ASCII file that contains an entry for each user. Each entry defines the basic attributes applied to a user. When you use the mkuser command to add a user to your system, the command updates the /etc/passwd file.

An entry in the /etc/passwd file has the following form with all attributes separated by a colon(:).

Name:Password: UserID:PrincipleGroup:Gecos: HomeDirectory:Shell

Password attributes can contain an asterisk (*) indicating an incorrect password or an exclamation point (!) indicating that the password is in the /etc/security/passwd file. Under normal conditions, the field contains an exclamation point (!). If the field has an asterisk (*) and a password is required for user authentication, the user cannot log in. The shell attribute specifies the initial program or shell (login shell) that is started after a user invokes the login command or su command. The Korn shell is the standard operating system login shell and is backwardly compatible with the Bourne shell. If a user does not have a defined shell, /usr/bin/sh, the system default shell (Bourne shell) is used. The Bourne shell is a subset of the Korn shell.

The mkuser command adds new entries to the /etc/passwd file and fills in the attribute values as defined in the /usr/lib/security/mkuser.default file. The Password attribute is always initialized to an asterisk (*), which is an invalid
password. You can set the password with the passwd or pwdadm commands. When the password is changed, an exclamation point (!) is added to the /etc/passwd file indicating that the encrypted password is in the /etc/security/passwd file.

Use the chuser command to change all user attributes except Password. The chfn command and the chsh command change the Gecos attribute and Shell attribute, respectively. To display all the attributes in this file, use the lsuser command. To remove a user and all the user's attributes, use the rmuser command. 

The contents of /etc/passwd file in Figure below shows that the Password attributes for two users (john and bob) are ! and *, respectively, which implies that user bob cannot login, as it has an invalid password.

Contents of /etc/passwd file

No comments:

Post a Comment