Where User Account and Group Information Is Stored

The following information is described in this section:

Fields in the passwd File
Default passwd File
Fields in the shadow File
Fields in the group File
Default group File
Commands for Obtaining User Account Information

Depending on your site policy, user account and group information can be stored in your local system's /etc files or in a name or directory service as follows:

The NIS name service information is stored in maps.
The LDAP directory service information is stored in indexed database files.

Note - To avoid confusion, the location of the user account and group information is generically referred to as a file rather than as a database, table, or map.

Most user account information is stored in the passwd file. Password information is stored as follows:

In the passwd file when you are using NIS
In the /etc/shadow file when you are using /etc files
In the people container when you are using LDAP

Password aging is available when you are using LDAP, but not NIS.

Group information is stored in the group file for NIS, and files. For LDAP, group information is stored in the group container.

Fields in the `passwd` File

The fields in the passwd file are separated by colons and contain the following information:

username:password:uid:gid:comment:home-directory:login-shell

For example:

kryten:x:101:100:Kryten Series 4000 Mechanoid:/export/home/kryten:/bin/csh

For a complete description of the fields in the passwd file, see the passwd(1) man page.

Default `passwd` File

The default passwd file contains entries for standard daemons. Daemons are processes that are usually started at boot time to perform some system-wide task, such as printing, network administration, or port monitoring.

root:x:0:0:Super-User:/root:/usr/bin/bash
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
dladm:x:15:65:Datalink Admin:/:
netadm:x:16:65:Network Admin:/:
netcfg:x:17:65:Network Configuration Admin:/:
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/var/lib/gdm:
zfssnap:x:51:12:ZFS Automatic Snapshots Reserved UID:/:/usr/bin/pfsh
upnp:x:52:52:UPnP Server Reserved UID:/var/coherence:/bin/ksh
xvm:x:60:60:xVM User:/:
mysql:x:70:70:MySQL Reserved UID:/:
openldap:x:75:75:OpenLDAP User:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
unknown:x:96:96:Unknown Remote UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
ftp:x:21:21:FTPD Reserved UID:/:
dhcpserv:x:18:65:DHCP Configuration Admin:/:
aiuser:x:60003:60001:AI User:/:
pkg5srv:x:97:97:pkg(5) server UID:/:

Table 1-3 Default passwd File Entries

User Name	User ID	Description
`root`	`0`	Reserved for superuser account
`daemon`	`1`	Umbrella system daemon associated with routine system tasks
`bin`	`2`	Administrative daemon associated with running system binaries to perform some routine system task
`sys`	`3`	Administrative daemon associated with system logging or updating files in temporary directories
`adm`	`4`	Administrative daemon associated with system logging
`lp`	`71`	Reserved for the Line printer daemon
`uucp`	`5`	Assigned to the daemon that is associated with `uucp` functions
`nuucp`	`9`	Assigned to another daemon associated with `uucp` functions
`dladm`	`15`	Reserved for datalink administration
`netadm`	`16`	Reserved for network administration
`netcfg`	`17`	Reserved for network configuration administration
`smmsp`	`25`	Assigned to the Sendmail message submission program daemon
`listen`	`37`	Assigned to the Network Listener daemon
`gdm`	`50`	Assigned to the GNOME Display Manager daemon
`zfssnap`	`51`	Reserved for automatic snapshots
`upnp`	`52`	Reserved for UPnP server
`xvm`	`60`	Reserved for xVM user
`mysql`	`70`	Reserved for MySQL user
`openldap`	`75`	Reserved for OpenLDAP user
`webservd`	`80`	Reserved for WebServer access
`postgres`	`90`	Reserved for PostgresSQL access
`svctag`	`95`	Reserved for Service Tag Registry access
`unknown`	`96`	Reserved for unmappable remote users in NFSv4 ACLs
`nobody`	`60001`	Reserved for NFS Anonymous Access user
`noaccess`	`60002`	Reserved for No Access user
`nobody4`	`65534`	Reserved for SunOS 4.x NFS Anonymous Access user
`ftp`	`21`	Reserved for FTP access
`dhcpserv`	`18`	Reserved for DHCP server user
`aiuser`	`60003`	Reserved for AI user
`pkg5srv`	`97`	Reserved for `pkg`(5) depot server

Fields in the `shadow` File

The fields in the shadow file are separated by colons and contain the following information:

username:password:lastchg:min:max:warn:inactive:expire

The default password hashing algorithm is SHA256. The password hash for the user is similar to the following:

$5$cgQk2iUy$AhHtVGx5Qd0.W3NCKjikb8.KhOiA4DpxsW55sP0UnYD

For a complete description of the fields in the shadow file, see the shadow(4) man page.

Fields in the `group` File

The fields in the group file are separated by colons and contain the following information:

group-name:group-password:gid:user-list

For example:

bin::2:root,bin,daemon

For a complete description of the fields in the group file, see the group(4) man page.

Default `group` File

The default group file contains the following system groups that support some system-wide task, such as printing, network administration, or electronic mail. Most of these groups have corresponding entries in the passwd file.

root::0:
other::1:root
bin::2:root,daemon
sys::3:root,bin,adm
adm::4:root,daemon
uucp::5:root
mail::6:root
tty::7:root,adm
lp::8:root,adm
nuucp::9:root
staff::10:
daemon::12:root
sysadmin::14:
games::20:
smmsp::25:
gdm::50:
upnp::52:
xvm::60:
netadm::65:
mysql::70:
openldap::75:
webservd::80:
postgres::90:
slocate::95:
unknown::96:
nobody::60001:
noaccess::60002:
nogroup::65534:
ftp::21
pkg5srv::97:

Table 1-4 Default group File Entries

Group Name	Group ID	Description
`root`	`0`	Superuser group
`other`	`1`	Optional group
`bin`	`2`	Administrative group associated with running system binaries
`sys`	`3`	Administrative group associated with system logging or temporary directories
`adm`	`4`	Administrative group associated with system logging
`uucp`	`5`	Group associated with `uucp` functions
`mail`	`6`	Electronic mail group
`tty`	`7`	Group associated with `tty` devices
`lp`	`8`	Line printer group
`nuucp`	`9`	Group associated with `uucp` functions
`staff`	`10`	General administrative group.
`daemon`	`12`	Group associated with routine system tasks
`sysadmin`	`14`	Administrative group that is useful for system administrators
`smmsp`	25	Daemon for Sendmail message submission program
`gdm`	50	Group reserved for the GNOME Display Manager daemon
`upnp`	`52`	Group reserved for UPnP server
`xvm`	`60`	Group reserved for xVM user
`netadm`	`65`	Group reserved for network administration
`mysql`	`70`	Group reserved for MySQL user
`openldap`	`75`	Reserved for OpenLDAP user
`webservd`	`80`	Group reserved for WebServer access
`postgres`	`90`	Group reserved for PostgresSQL access
`slocate`	`95`	Group reserved for Secure Locate access
`unknown`	`96`	Group reserved for unmappable remote groups in NFSv4 ACLs
`nobody`	`60001`	Group assigned for anonymous NFS access
`noaccess`	`60002`	Group assigned to a user or a process that needs access to a system through some application but without actually logging in
`nogroup`	`65534`	Group assigned to a user who is not a member of a known group
`ftp`	`21`	Group assigned for FTP access
`pkg5srv`	`97`	Group assigned to `pkg`(5) depot server

Commands for Obtaining User Account Information

The following table describes the commands that system administrators can use to obtain information about user accounts. This information is stored in various files within the /etc directory. Using these commands to obtain user account information is preferred over using the cat command to view similar information.

Table 1-5 Commands to Use to Obtain Information About Users

Command	Description	Man Page Reference
`auths`	Lists and manages authorizations.	`auths`(1)
`getent`	Gets a list of entries from the administrative database. The information generally comes from one or more of the sources that are specified for the `/etc/nsswitch.conf` database.	`getent`(1M)
`logins`	Displays information about users, roles, and system logins. The output is controlled by the command options that are specified and can include user, role, system login, UID, `passwd` account field value, primary group, primary group ID, multiple group names, multiple group IDs, home directory, login shell, and password-aging parameters.	`logins`(1M)
`profiles`	Lists and manages rights profiles.	`profiles`(1)
`roles`	Displays the roles that are assigned to a user.	`roles`(1)
`userattr`	Displays the first value that is found for `attribute_name`. If a user is not specified, the user is taken from the real user ID of the process. Attribute names are defined in `user_attr`(4) and `prof_attr`(4). Note - This command is new in Oracle Solaris 11.	Example 2–1

Skip Navigation Links
Exit Print View
	Managing User Accounts and User Environments in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library