[TriLUG] questions about /etc/passwd

Mike Mueller mjm-58 at mindspring.com
Fri Sep 13 14:53:39 EDT 2002


cc'd to dev where this thread  probably is more appropriate.

In answer to my own question I found that the entries are virtual or pseudo 
users.  Examination of the /etc/shadow file shows a '*' in the password field 
which effectivley disables the user account.  These pseudo user accounts are 
part of a secure programming technique that selectively grants access to 
files.

If I have a program should a) be run by a set of users, and b) have full and 
exclusive rights to a set of files, and c) wants to allow the same or another 
group read access some of the files, then I will use the combination of 
techniques that include creating a pseudo user.

Demo:
1. I create the psuedo user - chose "nobody" because it's already there in 
most Linux systems.
2. create this c++ program in t1.cpp:

#include <iostream>

main
{
	cout << "hello world...\n";
	while (1);  // forever loop lets you check UID with ps -axj
}

3. compile with:

g++ t1.cpp -o t1

4. execute in your user account; open another term window; enter:

ps -axj

check that UID is 501 (5xx on most distros, 1xxx on Debian) for t1; terminate 
t1

5. su -l root in one term window;  change dir to your location of t1; enter

chown nobody:nobody t1

then enter:

chmod +s t1

6. go to user account window and run t1; go to root window and run

ps- axj 

this time see that UID is 99; cat /etc/passwd and verify that the uid for 
nobody is 99

I think that some of the entries in /etc/passwd are used for authentication 
but I haven't made the connection yet.  For example, shutdown and halt are in 
the file but they have no executables associated with them:

find / -user shutdown -ls

But /etc/pam.d/shutdown  is evidence that authentication is being done.

Is the entry point for PAM authentication the /etc/passwd file?

On Friday 13 September 2002 10:27, Mike Mueller wrote:
> Why are there so many entries besides root and my user accounts in
> /etc/passwd?  How do they get there? Any suggestions for further reading? 
> I am currently reading the User Authentication HOWTO.
>
> [root at laptop root]# cat /etc/passwd
> root:x:0:0:root:/root:/bin/bash
> bin:x:1:1:bin:/bin:
> daemon:x:2:2:daemon:/sbin:
> adm:x:3:4:adm:/var/adm:
> lp:x:4:7:lp:/var/spool/lpd:
> sync:x:5:0:sync:/sbin:/bin/sync
> shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
> halt:x:7:0:halt:/sbin:/sbin/halt
> mail:x:8:12:mail:/var/spool/mail:
> news:x:9:13:news:/var/spool/news:
> uucp:x:10:14:uucp:/var/spool/uucp:
> operator:x:11:0:operator:/root:
> games:x:12:100:games:/usr/games:
> gopher:x:13:30:gopher:/usr/lib/gopher-data:
> postgres:x:40:41:PostgreSQL Server:/var/lib/pgsql:/bin/bash
> ftp:x:14:50:FTP User:/var/ftp:
> squid:x:23:23::/var/spool/squid:/dev/null
> gdm:x:42:42:GDM User:/var/lib/gdm:
> htdig:x:51:51:HTDIG User:/var/lib/htdig:
> dhcpd:x:19:19:Dhcpd User:/var/dhcpd:
> named:x:25:25:Bind User:/var/named:
> nscd:x:28:28:NSCD Daemon:/:/bin/false
> rpm:x:37:37:RPM User:/var/lib/rpm:/bin/false
> apache:x:48:48:Apache User:/var/www:
> rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false
> rpc:x:32:32:Portmapper RPC user:/:/bin/false
> sympa:x:89:89:Sympa Mailing list manager:/var/lib/sympa:/bin/bash
> ldap:x:93:93:OpenLDAP server:/var/lib/ldap:/bin/false
> nobody:x:99:99:Nobody:/:
> alias:x:400:401:qmail alias user:/var/qmail/alias:/bin/true
> qmaild:x:401:401:qmaild user:/var/qmail:/bin/true
> qmaill:x:402:401:qmaill user:/var/qmail:/bin/true
> qmailp:x:403:401:qmailp user:/var/qmail:/bin/true
> qmailq:x:404:400:qmailq user:/var/qmail:/bin/true
> qmailr:x:405:400:qmailr user:/var/qmail:/bin/true
> qmails:x:406:400:qmails user:/var/qmail:/bin/true
> dnscache:x:410:405:dnscache user:/var/djbdns:/bin/true
> dnslog:x:411:405:dnslog user:/var/djbdns:/bin/true
> tinydns:x:412:405:tinydns user:/var/djbdns:/bin/true
> axfrdns:x:413:405:axfrdns user:/var/djbdns:/bin/true
> xfs:x:414:414:X Font Server:/etc/X11/fs:/bin/false
> mike01:x:501:501:Michael Mueller:/home/mike01:/bin/bash
> mike02:x:1001:1001::/home/mike02:

-- 
mueller, mike

The larger purpose of the economic order, including Wall Street, is to 
support the material conditions for human existence, not to undermine and 
destabilize them.

-Editorial, The Nation, August 19, 2002



More information about the TriLUG mailing list