The Linux programming Interface
Users and Groups
(01) Users and Groups
Every user has a unique login name and an associated numeric user identifier (UID). Users can belong to one or more groups. Each group also has a unique name and a group identifier (GID).
(/etc/passwd) Documents
With the user name, login ID, and other information.
(03) Password file/etc/shadow
The shadow password file,/etc/shadow, is devised as a method of preventing such.
(/etc/group)
Group functions Folder
(05) Obtaining user and group information
#include <pwd.h>
struct passwd *getpwnam (const char *name);
struct passwd *getpwuid (uid_t uid);
Given a login name in name, the Getpwnam () function returns a pointer to a structure of the following type, containing the Corresponding information from the password:
struct passwd {
char *pw_name; /* Login name (username) */
char *pw_passwd; /* Encrypted Password * *
uid_t pw_uid; /* User ID *
/gid_t pw_gid; /* Group ID *
/char *pw_gecos; /* Comment (User information) */
char *pw_dir; /* Initial Working (Home) directory */
char *pw_shell; /* Login Shell *
/};
(a) Getpwnam, Getpwuid, Getgrnam, getgrgid example
Get name through UID, UID by name, and group.
#include <pwd.h> #include <grp.h> #include <ctype.h> #include "ugid_functions.h"/* Declares functions Defined here/* return name corresponding to ' uid ', or NULL On Error */char * USERNAMEFROMID (uid_t uid) {struct PAS
SWD *pwd;
PWD = Getpwuid (UID); return (pwd = NULL)?
null:pwd->pw_name;
}/* return UID corresponding to ' name ', or-1 On Error */uid_t useridfromname (const char *name) {struct passwd;
uid_t u;
Char *endptr;
if (name = = NULL | | *name = = ' return-1 ');
u = strtol (name, &endptr,) if (*endptr = = ' ") return u;
PWD = Getpwnam (name);
if (pwd = = NULL) return-1;
Return pwd->pw_uid;
}/* return name corresponding to ' gid ', or NULL On Error */char *groupnamefromid (git_t gid) {struct Group *grp;
GRP = Getgrpid (GID); return (grp = NULL)?
null:grp->gr_name;
}/* return GID corresponding to ' name ', or-1 On Error */gid_t groupidfromname (const char *name) {struct Group *grp;
gid_t G; Char *endptr;
if (name = = NULL | | *name = = ' return-1 ');
g = strtol (name, &endptr,) if (*endptr = = ' ") return g;
GRP = Getgrnam (name);
if (grp = NULL) return-1;
Return grp->gr_gid;
}
(07) Get all the information
#include <pwd.h>
#include <stdio.h>
int main () {
struct passwd *pwd;
while ((pwd = Getpwent ())!= NULL)
printf ("%-8s%5ld\n", Pwd->pw_name, (long) pwd->pw_uid);
return 0;
}
Output:
wang@wang:~/documents/tlpi-dist/users_groups$./getall
Root 0
Daemon 1
Bin 2
SYS 3
Sync 4
Games 5
Mans 6
LP 7
Mail 8
News 9
UUCP 10
Proxy 13
Www-data 33
Backup 34
List 38
IRC 39
Gnats 41
Nobody 65534
Systemd-timesync 100
Systemd-network 101
Systemd-resolve 102
Systemd-bus-proxy 103
Syslog 104
_APT 105
Messagebus 106
Uuidd 107
LIGHTDM 108
Whoopsie 109
AVAHI-AUTOIPD 110
Avahi 111
DNSMASQ 112
Colord 113
Speech-dispatcher 114
Hplip 115
Kernoops 116
Pulse 117
Rtkit 118
Saned 119
Usbmux 120
Wang 1000
(08) Group
The Getgrent (), Setgrent (), and endgrent () functions perform tasks analogous the group file.
(09) Verify the login, the result is no permissions.
#define _BSD_SOURCE/* get Getpass () declaration from <unisstd.h> */#include <limits.h> #include <PWD.H&G
T #include <shadow.h> #include "tlpi_hdr.h" #define _XOPEN_SOURCE/* Feature_test_macros (7) * * #include
;unistd.h> int main (int argc, char *argv[]) {char *username, *password, *encrypted, *p;
struct passwd *pwd;
struct SPWD *spwd;
Boolean Authok;
size_t Len;
Long Lnmax;
Lnmax = sysconf (_sc_login_name_max);
if (Lnmax = = 1) Lnmax = 256;
Username = malloc (Lnmax);
if (username = = NULL) errexit ("malloc");
printf ("Username:");
Fflush (stdout);
if (fgets (username, Lnmax, stdin) = = NULL) exit (exit_failure);
Len = strlen (username);
if (username[len-1] = = ' \ n ') username[len-1] = ';
PWD = Getpwnam (username);
if (pwd = = NULL) Fatal ("couldn ' t get password a record");
Spwd = Getspnam (username);
if (pwd = = NULL) Fatal ("couldn ' t get password a record");
Spwd = Getspnam (username); if (spwd = = NULL && ERrno = = eacces) Fatal ("no permission to read shadow password file"); /* If there is a shadow password record, use the shadow Password/if (spwd!= NULL) pwd->pw_passwd = spwd->sp_p
Wdp
Password = getpass ("Password:");
/* Encrypt Password and erase cleartext version immediately/encrypted = crypt (password, pwd->pw_passwd);
for (p = password; *p!= ';) *p++ = ';
if (encrypted = = NULL) errexit ("Crypt");
Authok = strcmp (encrypted, pwd->pw_passwd) = = 0;
if (!authok) {printf ("incorrect password\n");
Exit (Exit_failure);
printf ("Successfully authenticated:uid=%ld\n", (long) pwd->pw_uid);
/* Now do authenticated work ... */exit (exit_success);
}
Some sad reminders of output:
wang@wang:~/documents/tlpi-dist/lib$./check_password
Username:wang
Error:no permission to read shadow password file
(10) Summary
Each user has a unique login name and a associated numeric user ID. Users can belong to one or over groups, each of which also has a unique name and a associated numeric. The primary purpose of these identifiers are to establish ownership of various system resources (e.g., files) and Permissi ONS for accessing them.
A user ' s name and ID are defined in THE/ETC/PASSWD file which also contains others about the user. A user ' s group membership are defined by fields in The/etc/passwd/and/etc/group files. A furher file,/etc/shadow, which can be read only by privileged processes, are used to separate the sensitive password inf Ormation from the publicly available user information in/etc/passwd. Various library functions are provided for retrieving information to all of these files.
The crypt () function encrypts a passwd in the same manner as the standard login program, which is useful Need to authenticate users.
(11) Exercise