Manual page for PASSWD.ADJUNCT(5)
passwd.adjunct - user security data file
SYNOPSIS
/etc/security/passwd.adjunct
DESCRIPTION
The
passwd.adjunct
file contains the following information for each user:
name:password:min-label:max-label:default-label:always-audit-flags:never-audit-flags:
- name
-
The user's login name in the system and it must be unique.
- password
-
The encrypted password.
- min-label
-
The lowest security level at which this
user is allowed to login
(not used at C2 level).
- max-label
-
The highest security level at which this
user is allowed to login
(not used at C2 level).
- default-label
-
The security level at which this user will
run unless a label is specified at login.
- always-audit-flags
-
Flags specifying events always to be audited
for this user's processes; see
audit_control.5
- never-audit-flags
-
Flags specifying events never to be audited
for this user's processes; see
audit_control.5
Field are separated by a colon, and
each user from the next by a
NEWLINE.
The
passwd.adjunct
file can also have line beginning with a
`+'
(plus sign), which means to incorporate
entries from the
Network Information Service
(NIS).
There are three styles of
`+'
entries: all by itself,
`+'
means to insert the entire contents
of the
NIS
passwd.adjunct
file at that point;
+name
means to insert the entry (if any) for
name
from the
NIS
service at that point;
+@name
means to insert the entries for all
members of the network group
name
at that point. If a
`+'
entry has a non-null
password, it will override what is contained
in the
NIS
service.
EXAMPLE
Here is a sample
/etc/security/passwd.adjunct
file:
-
root:q.mJzTnu8icF.::::::
ignatz:7KsI8CFRPNVXg::b,ap,bp,gp,dp,ic,r,d,l::+dc,+da:-dr:
rex:7HU8UUGRPNVXg:b,ap:b,ap,bp:b,bp::+ad:
+fred:9x.FFUw6xcJBa::::::
+:
The user
root
is the super-user, who has no special label
constraints nor audit interest. The user
ignatz
may have any label from the lowest to the level
b
and any of a large number of categories.
ignatz
will run at system low unless he specifies otherwise.
He is being audited on the system default event
classes as well as data creations and access
changes, but never for failed data reads.
The user
rex
can function only at the level
b
and only in the categories
ap
or
ap
and
bp.
By default, he will run at
`b,bp'.
He is audited with the system defaults,
except that successful administrative
operations are not audited. The user
fred
will have the labels and audit flags that are specified
in the
NIS
passwd.adjunct
file.
Any other users specified in the
NIS
service will be able to log in on this system.
The user security data file resides in the
/etc/security
directory.
Because it contains encrypted passwords,
it does not have general read permission.
FILES
- /etc/security/passwd.adjunct
-
- /etc/security
-
SEE ALSO
login.1
passwd.1
crypt.3
getpwaent.3
getpwent.3v
audit_control.5
passwd.5
adduser.8
NOTES
The Network Information Service
(NIS)
was formerly known as Sun Yellow Pages
(YP).
The functionality of the two remains the same;
only the name has changed.
Created by unroff & hp-tools.
© somebody (See intro for details). All Rights Reserved.
Last modified 11/5/97