[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Users & Groups specification proposal, draft 1




After speaking to Dan Quinlan, I took the liberty of drafting a
specification proposal for Users & Groups.   Last June, in "lsb-spec",
there was some discussion regarding hardcoded and embedded uid/gids;
however, no real specification was proposed.

http://www.debian.org/Lists-Archives/lsb-spec-9906/msg00058.html

The enclosed Users & Groups specification proposal covers the "passwd" &
"group" structures, the "passwd" & "group" databases, user commands, admin
commands, APIs, and "user names" & "group names".   When possible, I
attempted to identify SVID, BSD, POSIX, & Linux standards for each item,
then cross referenced those against Redhat, Caldera, SuSE, TurboLinux, and
Debian.

The "LSB" column found in each table has a "Y" or "N" on each row
indicating if an item should be in the specification or not.   Since this
is just a "draft", then those marks are subject to change.  :-)

The attached file is in HTML format, because I wanted to be relatively sure
most everyone could read the proposal.   You will also find attached a
"usersgroups.sh" shell script that I used on the various distributions to
double check for the existence of commands, APIs, files, directories, user
names, and group names.

(See attached file: UsersGroups3.htm)(See attached file: usersgroups.sh)

Sincerely,

George Kraft IV
gk4@us.ibm.com
512-838-2688; t/l 678-2688
IBM Linux Technology Center
Title: Body

Users & Groups

Linux Standard Base, V0.1 Specification

The enclosed is a draft proposal written by George Kraft IV, gk4@us.ibm.com, regarding the GNU/Linux User and Group databases with respect to their data and interfaces.

Users & Groups

A "user name" is a string that is used to identify a user. A "login name" is a user name that is associated with a system login. A "user id" is a non negative 32 bit integer, which can be contained in an object of type uid_t, that is used to identify a system user. When the identity of a user is associated with a process, a user ID value is referred to as a real user ID, or an effective user ID. [POSIX 1003.1-1996]

A "group name" is a string that is used to identify a set of users. A "group id" is a non negative 32 bit integer, which can be contained in an object of type gid_t, that is used to identify a group of system users. Each system user is a member of at least one group. When the identity of a group is associated with a process, a group ID value is referred to as a real group ID, or an effective group ID. [POSIX 1003.1-1996]

User Database

The user database, "/etc/passwd", consists of newline separated records, one per user, containing six colon (":") separated fields. Each field is described in the POSIX.1 header file "pwd.h":
 
Field Type API Standard LSB Description
name char * pw_name POSIX.1 Y User's login name
password char * pw_passwd Y User's encrypted password
uid uid_t pw_uid POSIX.1 Y User ID number
gid gid_t pw_gid POSIX.1 Y Group ID number
gecos char * pw_gecos RPM(5) Y Comma separated subfields consisting of name, office, work telephone, and home telephone
home dir char * pw_dir POSIX.1 Y Initial working directory
shell char * pw_shell POSIX.1 Y Initial user program

The "passwd" user database should only be read and updated from the following APIs: getpwent(3), setpwent(3), endpwent(3), getpwnam(3), getpwuid(3), putpwent(3), passwd(5)

If the initial user program field is null, the system default is used. If the initial working directory field is null, the interpretation of that field is implementation defined.

Group Database

The group database, "/etc/group", consists of newline separated records, one per group, containing three colon (":") separated fields. Each field is described in the POSIX.1 header file "grp.h":
 
Field Type API Standard LSB Description
group char * gr_name POSIX.1 Y The name of the group
gid gid_t gr_gid POSIX.1 Y Group ID number
member char ** gr_mem POSIX.1 Y Comma separated list of users who are members of the group. From the API, a pointer to null-terminated array of "char *". Each element of the array points to an individual member of the group.
passwd char * gr_passwd RPM(5) N Group's encrypted password

The "group" user database should only be read from the following APIs: getgrent(3), setgrent(3), endgrent(3).

NOTE: According to JFH, author of shadow-utils, there is no group write API.

Commands

Command Directory Standard LSB Description
adduser /usr/sbin/ SSM(8) N Depricated on Linux and linked to useradd(1). Missing from Redhat, SuSE
chage /usr/bin/ linux N Change user password expiry information
chfn /usr/bin/ URM(1) Y Change your user's finger(1) information
chgrp /usr/bin/ URM(1) Y Change file group ownership
chown /usr/bin/ URM(1) Y Change file owner and group
chsh /usr/bin/ URM(1) Y Change your user's login shell
gpasswd /usr/bin/ linux Y Administer the /etc/group file
groupadd /usr/sbin/ linux Y Update and create new group info
groupdel /usr/sbin/ linux Y Delete a group
groupmod /usr/sbin/ linux Y Modify a group
groups /usr/bin/ URM(1) Y Print the groups a user is in
grpck /usr/sbin/ linux Y Verify integrity of group files
id /usr/bin/ URM(1) Y Print real and effective UIDs and GIDs
login /bin/ URM(1) Y Sign on to the system
mkpasswd /usr/sbin/ linux Y Update passwd and group database files. Missing from Caldera
newgrp /usr/bin/ linux N Log in to a new group. URM(1) defines chgrp(1)
newusers /usr/sbin/ linux Y Update and create new users in batch
passmass /usr/bin/ linux N Change password on multiple machines. Missing from Caldera, TurboLinux
passwd /usr/bin/ URM(1) Y Update a user's authentication tokens
rpc.rusersd /usr/sbin/ linux Y Logged in users server. Missing from TurboLinux
rusers /usr/bin/ linux Y Who is logged in to machines on local network. Missing from TurboLinux
rwho /usr/bin/ URM(1) Y Show who is logged in on local machines. Missing from TurboLinux
useradd /usr/sbin/ linux Y Create a new user or update default new user info. SSM(8) defines adduser(8).
userdel /usr/sbin/ linux Y Delete a user account and related files. SSM(8) defines rmuser(8).
usermod /usr/sbin/ linux Y Modify a user account
users /usr/bin/ URM(1) Y Print the user names of users currently logged in
vipw SSM(8) Y
w /usr/bin/ URM(1) Y Show who is logged on and what they are doing.
who /usr/bin/ URM(1) Y Show who is logged in
whoami /usr/bin/ URM(1) Y Print effective userid

System Files

Files Directory Standard LSB Description
group /etc/ PRM(5) Y Group account information
grp.h /usr/include/ POSIX.1 Y Defines the functions that read the group database. All symbols starting with "gr_".
gshadow /etc/ linux N Secure group information. Missing from Caldera, TurboLinux
login.defs /etc/ linux Y System-wide settings
passwd /etc/ PRM(5) Y User account information
passwd /etc/pam.d/ linux Y The Pluggable Authentication Module configuration file
pwd.h /usr/include/ POSIX.1 Y Defines the functions that read the user database. All symbols starting with "pw_".
shadow /etc/ linux N Secure user account information. Missing from TurboLinux
skel /etc/ PRM(5) Y Directory containing default user files. adduser(8) uses /usr/share/skel
useradd /etc/default/ Y Default user account information. Missing from Caldera, Debian
utmp /var/run/ PRM(5) Y Login record of those currently signed on to the system
whod.* /var/spool/rwho/ linux N Information about other machines. Missing from TurboLinux, Debian
wtmp /var/log/ linux N Record of all user login and logouts

Library Functions

API Standard LSB Description
fgetgrent SVID.3 N get group file entry
fgetpwent SVID.3 N get password file entry
getgid, getegid PRM(2), POSIX.1 Y get group identity
getgrent, setgrent, endgrent PRM(3), SVID.3 Y get group file entry
getgrnam, getgrgid PRM(3),

SVID.3, POSIX.1

Y get group file entry
getgroups PRM(2),

SVID,

POSIX.1

Y get list of supplementary group IDs
setgroups PRM(2) Y set list of supplementary group IDs
getlogin, cuserid PRM(3), POSIX.1 Y get user name
getpwent, setpwent, endpwent PRM(3),

SVID.3

Y get password file entry. (explicitly not POSIX)
getpwnam, getpwuid PRM(3), POSIX.1 Y get "passwd" structure from file entries in database "passwd" as described in "pwd.h" 
getresuid, getresgid Linux Only N get real, effective and saved user or group ID
getuid PRM(2), POSIX.1 Y get user identity
geteuid RPM(2), POSIX.1 Y get effective user identity
initgroups RPM(3), SVID.3 Y initialize the supplementary group access list 
putpwent SVID.3 Y write a password file entry
setfsgid Linux Only N set group identity used for file system checks
setfsuid Linux Only N set user identity used for file system checks
setgid RPM(2),

SVID, POSIX.1

Y set group identity
setpgid, getpgid, setpgrp, getpgrp RPM(2), POSIX.1 Y set/get process group 
setregid, setegid RPM(2) Y set real and / or effective group ID
setresuid, setresgid Linux Only N set real, effective and saved user or group ID
setreuid, seteuid RPM(2) Y set real and / or effective user ID
setuid RPM(2), POSIX.1 Y set user identity

User/Group Names

User LSB D1 D2 D3 D4 D5
root root root root root root root
bin bin bin bin bin bin bin
daemon daemon daemon daemon daemon daemon daemon
adm adm adm adm adm
lp lp lp lp lp lp lp
sync sync root root root
shutdown shutdown root operator root
halt halt root root root
mail mail mail mail mail mail
news news news news news news news
uucp uucp uucp uucp uucp uucp uucp
operator root root root root operator
games users users users users users users
gopher gopher gopher gopher gopher
ftp ftp ftp ftp daemon ftp staff
man man man daemon users
majordom madordom majordom See mdom majordom
gdm gdm gdm shadow gdm
postgres database database daemon postgres
mysql database mysql mysql
nobody nobody nobody nobody nobody nobody
sys sys sys sys sys
tty tty tty tty tty
disk disk disk disk disk
mem mem mem mem
kmem kmem kmem kmem kmem
wheel wheel wheel wheel wheel
games games games games
dip dip dip dip
utmp utmp utmp utmp
floppy floppy floppy
cyrus mail
postfix postfix
nps users
skyrix wheel
dbmaker dbmaker
firewall xok
informix modem
named named
virtuoso users
db2fenc1 db2fadm1
db2inst1 db2iadm1
db2as db2asgrp
fnet uucp
wwwrun nogroup
squid nogroup
fax uucp
gnats nogroup gnats
amanda disk
at at
lnx lnx
mdom mdom
yard yard
man
xfs
console
pppusers pppusers
slipusers slipusers
slocate slocate
popusers popusers
wwwadmin
mail
news
dialout
dosemu
firewall
public
video
informix
game
trusted
nogroup
popusers
proxy proxy
www-data www-data
backup backup
msql msql
list list
irc irc

RATIONAL: The different numeric values of uid and gid between systems should be reconciled via NIS, rdist(1), rsync, or ugidd(8). Only a minimum working set of "user names" and their corresponding "user groups" should be defined.

NOTE: There are some conflicts whether a user is in the same group as the other users (i.e.., umask 022) on the system, or if each user has his/her own group (i.e.., umask 002). Most follow the scheme where a user is in the same group (i.e.., users) as the other users (i.e.., mask 022). If this is to be specified, then this is proposed.

Distributions

The GNU/Linux distributions that were surveyed where:
Linux D1 D2 D3 D4 D5
Distribution Redhat Caldera SuSE TurboLinux  Debian
Release 6.1 2.3 6.2 4
Kernel 2.2.12-20smp 2.2.10 2.2.10 2.2.10

Contributors

Contributor Email Company
George Kraft IV gk4@us.ibm.com IBM
Dan Quinlan quinlan@transmeta.com Transmeta
Dale Scheetz dwarf@polaris.net Debian

Last updated: Wed, Jan 26, 2000

Attachment: usersgroups.sh
Description: Binary data


Reply to: