vitalnix user management suite 3.2.0


Description

The shadow database driver provides access to the traditional UNIX file-based user database in /etc/passwd, /etc/shadow and /etc/group. The additional Vitalnix specific database from /etc/vxshadow is also supported.

Configuration file

The following variables are recognized in the configuration file:

PASSWD_DB Path to the passwd file, usually /etc/passwd
SHADOW_DB Path to the shadow file, usually /etc/shadow
GROUP_DB Path to the group file, usually /etc/group
VXSHADOW_DB Path to the optional Vitalnix database, usually /etc/vxshadow

The Shadow driver also reads /etc/vitalnix/autouid.conf to source UID/GID boundaries for automatic UID/GID generation.

Database storage architecture

Within the Shadow storage mechanism, account data is spread over three plain-text files, /etc/passwd, /etc/shadow and /etc/group. Group shadow information in /etc/gshadow) has always been rarely used (the file disappeared from default installs during the openSUSE Linux lifetime), and Vitalnix does not support it at all.

passwd

/etc/passwd is a text file, comprising zero or more users, each separated by newline. In each line, fields are separated by a colon (:). The different fields are:

In a typical shadow system, the 2nd field always contains an "x", which indicates to look into /etc/shadow for the password instead. Access to the shadow file is restricted to mode 0640(root,shadow). Any fields after the command interpreter are marked as reserved. The Shadow driver preserves them for you.

The GECOS field itself can have multiple fields, separated by comma (,). You can freely assign any text to it, though it is normally used to store the name of the user there. Other details added there are Room Number, Work Phone, Home Phone and Other. An other document says that the initial values for nice, umask and ulimit can be set there, but usually no application will use these fields nowadays. If the Command Interpreter field is empty, it is interpreted as /bin/sh, however, the empty string is preserved.

Vitalnix does not care too much about the extra GECOS fields like room number, but handles the whole GECOS field as one entity, like most other tools. The only special handling of this field is in vxfinger(1), where there is an option to search only part or all of the GECOS field.

A file entry from a passwd file might look like:

jengelh:x:1500:100:Jan Engelhardt:/home/jengelh:/bin/bash

shadow

The /etc/shadow file, which is free to not exist, is also composed of newlines and colons:

A line from a shadow file might be:

jengelh:$2a$05$xWG3SMLJ.dbFtkstUPp4feI1eMm3qoijsEO3YXrSzisuYXKrARrIS:13051:0:10000:0:::

group

The group database is also stored in a plain-text file, /etc/group. Its fields are:

A typical line is (this group has no extra users):

users:x:100:

vxshadow

/etc/vxshadow contains data specific to Vitalnix and is also not essential for the Shadow VXDB driver to function properly. It is also composed like the other files (i.e. plain-text with newlines and colons); the fields are:

Default permissions

The default permissions for the database files should be as follows:

/etc/passwd 0644(root,shadow)
/etc/shadow 0640(root,shadow)
/etc/group 0644(root,shadow)
/etc/vxpasswd 0644(root,shadow)
/etc/vxshadow 0640(root,shadow)