Users & Groups
Linux Standard Base, V0.1 Specification
The enclosed is a draft proposal written by George Kraft IV, gk4@us.ibm.com,
regarding the GNU/Linux User and Group databases with respect to their
data and interfaces.
Users & Groups
A "user name" is a string that is used to identify a user. A "login name"
is a user name that is associated with a system login. A "user id" is a
non negative 32 bit integer, which can be contained in an object of type
uid_t, that is used to identify a system user. When the identity
of a user is associated with a process, a user ID value is referred to
as a real user ID, or an effective user ID. [POSIX 1003.1-1996]
A "group name" is a string that is used to identify a set of users.
A "group id" is a non negative 32 bit integer, which can be contained in
an object of type gid_t, that is used to identify a group of system
users. Each system user is a member of at least one group. When the identity
of a group is associated with a process, a group ID value is referred to
as a real group ID, or an effective group ID. [POSIX 1003.1-1996]
User Database
The user database, "/etc/passwd", consists of newline separated
records, one per user, containing six colon (":") separated fields. Each
field is described in the POSIX.1 header file "pwd.h":
Field |
Type |
API |
Standard |
LSB |
Description |
name |
char * |
pw_name |
POSIX.1 |
Y |
User's login name |
password |
char * |
pw_passwd |
|
Y |
User's encrypted password |
uid |
uid_t |
pw_uid |
POSIX.1 |
Y |
User ID number |
gid |
gid_t |
pw_gid |
POSIX.1 |
Y |
Group ID number |
gecos |
char * |
pw_gecos |
RPM(5) |
Y |
Comma separated subfields consisting of name,
office, work telephone, and home telephone |
home dir |
char * |
pw_dir |
POSIX.1 |
Y |
Initial working directory |
shell |
char * |
pw_shell |
POSIX.1 |
Y |
Initial user program |
The "passwd" user database should only be read and updated from
the following APIs: getpwent(3), setpwent(3), endpwent(3), getpwnam(3),
getpwuid(3), putpwent(3), passwd(5)
If the initial user program field is null, the system default is used.
If the initial working directory field is null, the interpretation of that
field is implementation defined.
Group Database
The group database, "/etc/group", consists of newline separated
records, one per group, containing three colon (":") separated fields.
Each field is described in the POSIX.1 header file "grp.h":
Field |
Type |
API |
Standard |
LSB |
Description |
group |
char * |
gr_name |
POSIX.1 |
Y |
The name of the group |
gid |
gid_t |
gr_gid |
POSIX.1 |
Y |
Group ID number |
member |
char ** |
gr_mem |
POSIX.1 |
Y |
Comma separated list of users who are members
of the group. From the API, a pointer to null-terminated array of "char
*". Each element of the array points to an individual member of the group. |
passwd |
char * |
gr_passwd |
RPM(5) |
N |
Group's encrypted password |
The "group" user database should only be read from the
following APIs: getgrent(3), setgrent(3), endgrent(3).
NOTE: According to JFH, author of shadow-utils, there is no group write
API.
Commands
Command |
Directory |
Standard |
LSB |
Description |
adduser |
/usr/sbin/ |
SSM(8) |
N |
Depricated on Linux and linked to useradd(1).
Missing from Redhat, SuSE |
chage |
/usr/bin/ |
linux |
N |
Change user password expiry information |
chfn |
/usr/bin/ |
URM(1) |
Y |
Change your user's finger(1) information |
chgrp |
/usr/bin/ |
URM(1) |
Y |
Change file group ownership |
chown |
/usr/bin/ |
URM(1) |
Y |
Change file owner and group |
chsh |
/usr/bin/ |
URM(1) |
Y |
Change your user's login shell |
gpasswd |
/usr/bin/ |
linux |
Y |
Administer the /etc/group file |
groupadd |
/usr/sbin/ |
linux |
Y |
Update and create new group info |
groupdel |
/usr/sbin/ |
linux |
Y |
Delete a group |
groupmod |
/usr/sbin/ |
linux |
Y |
Modify a group |
groups |
/usr/bin/ |
URM(1) |
Y |
Print the groups a user is in |
grpck |
/usr/sbin/ |
linux |
Y |
Verify integrity of group files |
id |
/usr/bin/ |
URM(1) |
Y |
Print real and effective UIDs and GIDs |
login |
/bin/ |
URM(1) |
Y |
Sign on to the system |
mkpasswd |
/usr/sbin/ |
linux |
Y |
Update passwd and group database files. Missing
from Caldera |
newgrp |
/usr/bin/ |
linux |
N |
Log in to a new group. URM(1) defines chgrp(1) |
newusers |
/usr/sbin/ |
linux |
Y |
Update and create new users in batch |
passmass |
/usr/bin/ |
linux |
N |
Change password on multiple machines. Missing
from Caldera, TurboLinux |
passwd |
/usr/bin/ |
URM(1) |
Y |
Update a user's authentication tokens |
rpc.rusersd |
/usr/sbin/ |
linux |
Y |
Logged in users server. Missing
from TurboLinux |
rusers |
/usr/bin/ |
linux |
Y |
Who is logged in to machines on local network.
Missing from TurboLinux |
rwho |
/usr/bin/ |
URM(1) |
Y |
Show who is logged in on local machines. Missing
from TurboLinux |
useradd |
/usr/sbin/ |
linux |
Y |
Create a new user or update default new user
info. SSM(8) defines adduser(8). |
userdel |
/usr/sbin/ |
linux |
Y |
Delete a user account and related files. SSM(8)
defines rmuser(8). |
usermod |
/usr/sbin/ |
linux |
Y |
Modify a user account |
users |
/usr/bin/ |
URM(1) |
Y |
Print the user names of users currently logged
in |
vipw |
|
SSM(8) |
Y |
|
w |
/usr/bin/ |
URM(1) |
Y |
Show who is logged on and what they are doing. |
who |
/usr/bin/ |
URM(1) |
Y |
Show who is logged in |
whoami |
/usr/bin/ |
URM(1) |
Y |
Print effective userid |
System Files
Files |
Directory |
Standard |
LSB |
Description |
group |
/etc/ |
PRM(5) |
Y |
Group account information |
grp.h |
/usr/include/ |
POSIX.1 |
Y |
Defines the functions that read the group database.
All symbols starting with "gr_". |
gshadow |
/etc/ |
linux |
N |
Secure group information. Missing
from Caldera, TurboLinux |
login.defs |
/etc/ |
linux |
Y |
System-wide settings |
passwd |
/etc/ |
PRM(5) |
Y |
User account information |
passwd |
/etc/pam.d/ |
linux |
Y |
The Pluggable Authentication Module configuration
file |
pwd.h |
/usr/include/ |
POSIX.1 |
Y |
Defines the functions that read the user database.
All symbols starting with "pw_". |
shadow |
/etc/ |
linux |
N |
Secure user account information. Missing
from TurboLinux |
skel |
/etc/ |
PRM(5) |
Y |
Directory containing default user files. adduser(8)
uses /usr/share/skel |
useradd |
/etc/default/ |
|
Y |
Default user account information. Missing
from Caldera, Debian |
utmp |
/var/run/ |
PRM(5) |
Y |
Login record of those currently signed on to
the system |
whod.* |
/var/spool/rwho/ |
linux |
N |
Information about other machines. Missing
from TurboLinux, Debian |
wtmp |
/var/log/ |
linux |
N |
Record of all user login and logouts |
Library Functions
API |
Standard |
LSB |
Description |
fgetgrent |
SVID.3 |
N |
get group file entry |
fgetpwent |
SVID.3 |
N |
get password file entry |
getgid, getegid |
PRM(2), POSIX.1 |
Y |
get group identity |
getgrent, setgrent, endgrent |
PRM(3), SVID.3 |
Y |
get group file entry |
getgrnam, getgrgid |
PRM(3),
SVID.3, POSIX.1 |
Y |
get group file entry |
getgroups |
PRM(2),
SVID,
POSIX.1 |
Y |
get list of supplementary group IDs |
setgroups |
PRM(2) |
Y |
set list of supplementary group IDs |
getlogin, cuserid |
PRM(3), POSIX.1 |
Y |
get user name |
getpwent, setpwent, endpwent |
PRM(3),
SVID.3 |
Y |
get password file entry. (explicitly not POSIX) |
getpwnam, getpwuid |
PRM(3), POSIX.1 |
Y |
get "passwd" structure from file entries in
database "passwd" as described in "pwd.h" |
getresuid, getresgid |
Linux Only |
N |
get real, effective and saved user or group
ID |
getuid |
PRM(2), POSIX.1 |
Y |
get user identity |
geteuid |
RPM(2), POSIX.1 |
Y |
get effective user identity |
initgroups |
RPM(3), SVID.3 |
Y |
initialize the supplementary group access list |
putpwent |
SVID.3 |
Y |
write a password file entry |
setfsgid |
Linux Only |
N |
set group identity used for file system checks |
setfsuid |
Linux Only |
N |
set user identity used for file system checks |
setgid |
RPM(2),
SVID, POSIX.1 |
Y |
set group identity |
setpgid, getpgid, setpgrp, getpgrp |
RPM(2), POSIX.1 |
Y |
set/get process group |
setregid, setegid |
RPM(2) |
Y |
set real and / or effective group ID |
setresuid, setresgid |
Linux Only |
N |
set real, effective and saved user or group
ID |
setreuid, seteuid |
RPM(2) |
Y |
set real and / or effective user ID |
setuid |
RPM(2), POSIX.1 |
Y |
set user identity |
User/Group Names
User |
LSB |
D1 |
D2 |
D3 |
D4 |
D5 |
root |
root |
root |
root |
root |
root |
root |
bin |
bin |
bin |
bin |
bin |
bin |
bin |
daemon |
daemon |
daemon |
daemon |
daemon |
daemon |
daemon |
adm |
adm |
adm |
adm |
|
adm |
|
lp |
lp |
lp |
lp |
lp |
lp |
lp |
sync |
sync |
root |
root |
|
root |
|
shutdown |
shutdown |
root |
operator |
|
root |
|
halt |
halt |
root |
root |
|
root |
|
mail |
mail |
mail |
mail |
|
mail |
mail |
news |
news |
news |
news |
news |
news |
news |
uucp |
uucp |
uucp |
uucp |
uucp |
uucp |
uucp |
operator |
root |
root |
root |
|
root |
operator |
games |
users |
users |
users |
users |
users |
users |
gopher |
gopher |
gopher |
gopher |
|
gopher |
|
ftp |
ftp |
ftp |
ftp |
daemon |
ftp |
staff |
man |
man |
|
man |
daemon |
|
users |
majordom |
madordom |
|
majordom |
See mdom |
|
majordom |
gdm |
gdm |
gdm |
|
shadow |
gdm |
|
postgres |
database |
|
database |
daemon |
|
postgres |
mysql |
database |
|
mysql |
|
|
mysql |
nobody |
nobody |
nobody |
nobody |
nobody |
nobody |
|
|
sys |
sys |
sys |
|
sys |
sys |
|
tty |
tty |
tty |
tty |
tty |
|
|
disk |
disk |
disk |
disk |
disk |
|
|
mem |
mem |
mem |
|
mem |
|
|
kmem |
kmem |
kmem |
kmem |
kmem |
|
|
wheel |
wheel |
wheel |
wheel |
wheel |
|
|
games |
games |
games |
|
games |
|
|
dip |
dip |
dip |
|
dip |
|
|
utmp |
utmp |
utmp |
|
utmp |
|
|
floppy |
floppy |
|
|
floppy |
|
cyrus |
|
|
|
mail |
|
|
postfix |
|
|
|
postfix |
|
|
nps |
|
|
|
users |
|
|
skyrix |
|
|
|
wheel |
|
|
dbmaker |
|
|
|
dbmaker |
|
|
firewall |
|
|
|
xok |
|
|
informix |
|
|
|
modem |
|
|
named |
|
|
|
named |
|
|
virtuoso |
|
|
|
users |
|
|
db2fenc1 |
|
|
|
db2fadm1 |
|
|
db2inst1 |
|
|
|
db2iadm1 |
|
|
db2as |
|
|
|
db2asgrp |
|
|
fnet |
|
|
|
uucp |
|
|
wwwrun |
|
|
|
nogroup |
|
|
squid |
|
|
|
nogroup |
|
|
fax |
|
|
|
uucp |
|
|
gnats |
|
|
|
nogroup |
|
gnats |
amanda |
|
|
|
disk |
|
|
at |
|
|
|
at |
|
|
lnx |
|
|
|
lnx |
|
|
mdom |
|
|
|
mdom |
|
|
yard |
|
|
|
yard |
|
|
|
|
man |
|
|
|
|
|
|
xfs |
|
|
|
|
|
|
console |
|
|
|
|
|
|
pppusers |
|
|
pppusers |
|
|
|
slipusers |
|
|
slipusers |
|
|
|
slocate |
|
|
slocate |
|
|
|
popusers |
|
|
popusers |
|
|
|
|
|
wwwadmin |
|
|
|
|
|
|
mail |
|
|
|
|
|
|
news |
|
|
|
|
|
|
dialout |
|
|
|
|
|
|
dosemu |
|
|
|
|
|
|
firewall |
|
|
|
|
|
|
public |
|
|
|
|
|
|
video |
|
|
|
|
|
|
informix |
|
|
|
|
|
|
game |
|
|
|
|
|
|
trusted |
|
|
|
|
|
|
nogroup |
|
|
|
|
|
|
|
popusers |
|
proxy |
|
|
|
|
|
proxy |
www-data |
|
|
|
|
|
www-data |
backup |
|
|
|
|
|
backup |
msql |
|
|
|
|
|
msql |
list |
|
|
|
|
|
list |
irc |
|
|
|
|
|
irc |
RATIONAL: The different numeric values of uid and gid between systems
should be reconciled via NIS, rdist(1), rsync, or ugidd(8). Only a minimum
working set of "user names" and their corresponding "user groups" should
be defined.
NOTE: There are some conflicts whether a user is in the same group as
the other users (i.e.., umask 022) on the system, or if each user has his/her
own group (i.e.., umask 002). Most follow the scheme where a user is in
the same group (i.e.., users) as the other users (i.e.., mask 022). If
this is to be specified, then this is proposed.
Distributions
The GNU/Linux distributions that were surveyed where:
Linux |
D1 |
D2 |
D3 |
D4 |
D5 |
Distribution |
Redhat |
Caldera |
SuSE |
TurboLinux |
Debian |
Release |
6.1 |
2.3 |
6.2 |
4 |
|
Kernel |
2.2.12-20smp |
2.2.10 |
2.2.10 |
2.2.10 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Contributors
Contributor |
Email |
Company |
George Kraft IV |
gk4@us.ibm.com |
IBM |
Dan Quinlan |
quinlan@transmeta.com |
Transmeta |
Dale Scheetz |
dwarf@polaris.net |
Debian |
Last updated: Wed, Jan 26, 2000
|