UNIX System Administration Handbook - Evi Nemeth [55]
bbrowning: brentb
If your site has a global mail alias file, each new login name must be distinct from any alias in this file. If it is not, mail will be delivered to the alias rather than the new user.
If you have more than one machine, login names should be unique in two senses. First, a user should have the same login name on every machine. This rule is mostly for convenience, both yours and the user’s.
Second, a particular login name should always refer to the same person. Some UNIX commands (e.g., rlogin and ssh) can be set up to validate remote users based on their login names. Even if scott@boulder and scott@refuge were two different people, one might be able to log into the other’s account without providing a password if the systems were not set up properly.
See page 660 for a discussion of login equivalence issues.
Experience also shows that duplicate names can lead to email confusion. The mail system might be perfectly clear about which scott is which, but users will often send mail to the wrong address.
Encrypted password
/etc/passwd stores passwords in an encrypted form. Unless you can perform DES encryption in your head (we want to meet you), you must either set the contents of this field by using the passwd command (yppasswd if you use NIS) or by copying an encrypted password string from another account.2
When you edit /etc/passwd to create a new account, put a star (*) in the encrypted password field. The star prevents unauthorized use of the account until you have set a real password. Never leave this field empty—that introduces a jumbo-sized security hole because no password is required to access the account.
On systems that use standard DES passwords, the unencrypted password is limited to 8 characters. Longer passwords are accepted, but only the first 8 characters are significant. The encrypted DES password will be 13 characters long, regardless of the length of the unencrypted password. DES passwords are encrypted with a random 2-character “salt” so that a given password can correspond to many different encrypted forms. If two users happen to select the same password, this fact usually cannot be discovered by inspection of the passwd file.
HP-UX systems in “trusted mode” allow and use passwords of any length. They accomplish this feat by running multiple iterations of the DES algorithm, one for each 8-character segment.
Red Hat Linux and FreeBSD include support for MD5-based passwords, which can also be of any length. Encrypted MD5 passwords are easy to spot because they are 31 characters long and the first 3 characters are always “$1$”.
As computing hardware has become faster, it has become increasingly dangerous to leave encrypted passwords in plain view. Today, most systems allow you to hide the encrypted passwords by placing them in a separate file that is not world-readable. This is known as a shadow password mechanism. See page 656 for a more general discussion of shadow passwords.
On Solaris, shadow passwords are required. You must modify the shadow password file when adding and removing users to keep it consistent with /etc/passwd. The Solaris shadow file is described on page 82.
UID number
On most modern systems, UIDs are 32-bit integers that can represent the values 0 to 2,147,483,647. However, because of interoperability issues with older systems, we suggest limiting the largest UID at your site to 32,767 if possible. Current versions of Linux have a maximum UID of 65,535 due to the size of a UID field in the default filesystem; this state of affairs will certainly change in the future.
By definition, root has UID 0. Most systems also define pseudo-users bin, daemon, and perhaps some others. It is customary to put such fake logins at the beginning of the /etc/passwd file and to give them low UIDs. To allow plenty of room for any nonhuman users you might want to add in the future, we recommend that you assign UIDs to real users starting