Posted by arlene

Several files are generally associated with the user logon process for Unix systems. These files can be located in different directories, and the fields within some of these files can vary from one implementation to another. However, the following two files are generally used:

• /etc/passwd—This is the password file. It is used to store the username, the password (in encrypted format), and other information specific to the user account. This file has its file protection value set to be world-readable so that anyone can access the file when logging in to the system. It also means that when someone gets into your system, he or she can usually copy this file and then begin to crack the passwords it contains.

• /etc/groups—This file contains a list of user groups and a numerical value associated with each group. A field in the /et c /pas swd file references a group in this file using this value.

The /etc/passwd File

The Unix operating system usually authenticates users by comparing their credentials with those stored in one or more files on the server. This is similar to the method used for the older Novell-based bindery, in which users must authenticate to each server they want to access. The typical username/password exchange is used, and the / etc / pas swd file is the standard file used to store most user information. It is a simple text file that stores data using ASCII characters, and it’s world-readable because access to the file is required during the logon process.

The fields in this file store information such as the username, the home directory, the default shell, and an encrypted password, among other things. This file is one of the most vulnerable and sought- after files by hackers. You might think that it’s a safe file because the password field in this file is encrypted. Not true! After a hacker has access to this file, a large number of utilities can be downloaded from the Internet to run against a password file to decrypt the password. Many hackers just use a dictionary and known encryption techniques and then compare the result with the value found in your / etc / pa sswo rd file. When a match is found, the hacker knows your password for that account.

Keep in mind that this file is world-readable. That means after someone has broken into even the most restricted account, if they can get to a shell command prompt, they can most likely copy this file and use it to further compromise accounts that have been granted much greater access rights to the system.

After the root password is discovered, or the password to any account that has administrator- equivalent privileges is discovered, your system is wide open to attack. This is just one of many reasons why it is very important to use a long, meaningless, and complex password consisting of a mix of letters, numbers, and symbols. Password complexity makes it more difficult to use either dictionary or brute-force attacks to break a password. However, don’t make your password so difficult to remember that you have to write it down.

This is the format for the /etc/passwd file, on most systems: username:password:uid:gid:GECOS:homedir:shell

Note that the colon character (:) is used to separate fields. If a field is to be left blank, you’ll see two colons in a row. The fields in this file are detailed here:

username—The account name used to log in to the account.

• password—The encrypted password for the user account. An asterisk character (*) in this field means that the account is disabled. If this field is left blank, no password is required for the account. Unless you have a very good reason, you should not have any account with a blank password on a networked computer. Any access can usually lead to further penetration by a clever user. An x character in this field generally means that a shadow password file, discussed later, is in use.

• UID—A numerical value that the system gives to the account to identify the user when running processes or evaluating access to files and other system resources. A value of zero for this field is used to indicate the superuser, or a user who has the same privileges as root. On some systems values from 1 to 99 are reserved for use for system processes, such as background daemons.

• GID—A numerical value that identifies a user group to which the account belongs. The file /etc/group contains a listing of user groups and the numbers associated with them. Group membership can be used to make managing access to system resources, such as files and directories, an easier task. Access to a resource can be granted to the group. The alternative method is to grant access individually, which is a time-consuming process when you have a large number of users who access similar resources.

• GECOS—Yet another computer acronym! GECOS stands for General Electric Comprehensive Operating System. It is used to hold comments about the user, such as office and telephone number. This field can also be used to hold text that is used by certain applications, such as the finger utility. If more than one item is included in this field, commas should separate the items. It is common to store the user’s full name in this field.

• homedir—This text field specifies the user’s home directory. When the user logs in to the system, he or she is initially placed in this location in the file system. As with most operating systems, a separate home directory is maintained for each user for storing his or her own files. Home directories also can contain subdirectories to make organizing one’s files a simple task.

• shell—The user on a Unix system interacts with the system using one of the many shell applications available for Unix today. This field in the /etc/passwd file is used to specify the shell program that will be invoked when the user logs in to the system.

A typical entry in the / etc / pa sswd file looks like this:

jdoe:Gfjhjo9UiaSjpo2dYtaGGdsh:223:100:John Doe:/home/jdoe:bash rsmith:HuiTytsm$1d34tTbd9Saa2:119:110:Rob Smith:/home/rsmith:bash

Note that the second field, the password field, appears to have nonsense characters. This is the encrypted password that is highly prized by network intruders.

Possibly related posts: (automatically generated)
Unix and Linux User Administration

• Why Use Unix or Linux?
• Managing on Windows 2000 Server Telnet Server
• Key Differences Between Unix/Linux and NetWare continue...
• Windows Server Support for Unix Protocols and Utilities
• Key Differences Between Unix/Linux and NetWare (Applications)
• Key Differences Between Unix/Linux and NetWare
• The Dynamic Host Configuration Protocol and BOOTP continue...
• Adding or Removing Unix and Linux User Accounts
• New Telnet Server and Client
• UNIX Servers Typical Hardware
• How UNIX File Servers Work