[TriLUG] questions about /etc/passwd
Mike Mueller
mjm-58 at mindspring.com
Fri Sep 13 14:53:39 EDT 2002
cc'd to dev where this thread probably is more appropriate.
In answer to my own question I found that the entries are virtual or pseudo
users. Examination of the /etc/shadow file shows a '*' in the password field
which effectivley disables the user account. These pseudo user accounts are
part of a secure programming technique that selectively grants access to
files.
If I have a program should a) be run by a set of users, and b) have full and
exclusive rights to a set of files, and c) wants to allow the same or another
group read access some of the files, then I will use the combination of
techniques that include creating a pseudo user.
Demo:
1. I create the psuedo user - chose "nobody" because it's already there in
most Linux systems.
2. create this c++ program in t1.cpp:
#include <iostream>
main
{
cout << "hello world...\n";
while (1); // forever loop lets you check UID with ps -axj
}
3. compile with:
g++ t1.cpp -o t1
4. execute in your user account; open another term window; enter:
ps -axj
check that UID is 501 (5xx on most distros, 1xxx on Debian) for t1; terminate
t1
5. su -l root in one term window; change dir to your location of t1; enter
chown nobody:nobody t1
then enter:
chmod +s t1
6. go to user account window and run t1; go to root window and run
ps- axj
this time see that UID is 99; cat /etc/passwd and verify that the uid for
nobody is 99
I think that some of the entries in /etc/passwd are used for authentication
but I haven't made the connection yet. For example, shutdown and halt are in
the file but they have no executables associated with them:
find / -user shutdown -ls
But /etc/pam.d/shutdown is evidence that authentication is being done.
Is the entry point for PAM authentication the /etc/passwd file?
On Friday 13 September 2002 10:27, Mike Mueller wrote:
> Why are there so many entries besides root and my user accounts in
> /etc/passwd? How do they get there? Any suggestions for further reading?
> I am currently reading the User Authentication HOWTO.
>
> [root at laptop root]# cat /etc/passwd
> root:x:0:0:root:/root:/bin/bash
> bin:x:1:1:bin:/bin:
> daemon:x:2:2:daemon:/sbin:
> adm:x:3:4:adm:/var/adm:
> lp:x:4:7:lp:/var/spool/lpd:
> sync:x:5:0:sync:/sbin:/bin/sync
> shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
> halt:x:7:0:halt:/sbin:/sbin/halt
> mail:x:8:12:mail:/var/spool/mail:
> news:x:9:13:news:/var/spool/news:
> uucp:x:10:14:uucp:/var/spool/uucp:
> operator:x:11:0:operator:/root:
> games:x:12:100:games:/usr/games:
> gopher:x:13:30:gopher:/usr/lib/gopher-data:
> postgres:x:40:41:PostgreSQL Server:/var/lib/pgsql:/bin/bash
> ftp:x:14:50:FTP User:/var/ftp:
> squid:x:23:23::/var/spool/squid:/dev/null
> gdm:x:42:42:GDM User:/var/lib/gdm:
> htdig:x:51:51:HTDIG User:/var/lib/htdig:
> dhcpd:x:19:19:Dhcpd User:/var/dhcpd:
> named:x:25:25:Bind User:/var/named:
> nscd:x:28:28:NSCD Daemon:/:/bin/false
> rpm:x:37:37:RPM User:/var/lib/rpm:/bin/false
> apache:x:48:48:Apache User:/var/www:
> rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false
> rpc:x:32:32:Portmapper RPC user:/:/bin/false
> sympa:x:89:89:Sympa Mailing list manager:/var/lib/sympa:/bin/bash
> ldap:x:93:93:OpenLDAP server:/var/lib/ldap:/bin/false
> nobody:x:99:99:Nobody:/:
> alias:x:400:401:qmail alias user:/var/qmail/alias:/bin/true
> qmaild:x:401:401:qmaild user:/var/qmail:/bin/true
> qmaill:x:402:401:qmaill user:/var/qmail:/bin/true
> qmailp:x:403:401:qmailp user:/var/qmail:/bin/true
> qmailq:x:404:400:qmailq user:/var/qmail:/bin/true
> qmailr:x:405:400:qmailr user:/var/qmail:/bin/true
> qmails:x:406:400:qmails user:/var/qmail:/bin/true
> dnscache:x:410:405:dnscache user:/var/djbdns:/bin/true
> dnslog:x:411:405:dnslog user:/var/djbdns:/bin/true
> tinydns:x:412:405:tinydns user:/var/djbdns:/bin/true
> axfrdns:x:413:405:axfrdns user:/var/djbdns:/bin/true
> xfs:x:414:414:X Font Server:/etc/X11/fs:/bin/false
> mike01:x:501:501:Michael Mueller:/home/mike01:/bin/bash
> mike02:x:1001:1001::/home/mike02:
--
mueller, mike
The larger purpose of the economic order, including Wall Street, is to
support the material conditions for human existence, not to undermine and
destabilize them.
-Editorial, The Nation, August 19, 2002
More information about the TriLUG
mailing list