PASSWD.ADJUNCT(5) — FILE FORMATS
NAME
passwd.adjunct − user security data file
SYNOPSIS
/etc/security/passwd.adjunct
DESCRIPTION
The passwd.adjunct file contains the following information for each user:
name This is the user’s login name in the system and it must be unique.
password The encrypted password.
minimum label The lowest security level at which this user is allowed to login (not used at C2 level).
maximum label The highest security level at which this user is allowed to login (not used at C2 level).
default label The security level at which this user will run unless a label is specified at login.
always audit flags Flags specifying events always to be audited for this user’s processes; see audit_control(5).
never audit flags Flags specifying events never to be audited for this user’s processes; see audit_control(5).
Field are separated by a colon, and each user from the next by a NEWLINE.
The passwd.adjunct file can also have line beginning with a ‘+’ (plus sign), which means to incorporate entries from the Yellow Pages. There are three styles of ‘+’ entries: all by itself, ‘+’ means to insert the entire contents of the Yellow Pages passwd.adjunct file at that point; +name means to insert the entry (if any) for name from the Yellow Pages at that point; +@name means to insert the entries for all members of the network group name at that point. If a ‘+’ entry has a non-NULL password, it will override what is contained in the Yellow Pages.
EXAMPLE
Here is a sample /etc/security/passwd.adjunct file:
root:q.mJzTnu8icF.::::::::
ignatz:7KsI8CFRPNVXg::b,ap,bp,gp,dp,ic,r,d,l::+dc,+da:-dr:
rex:7HU8UUGRPNVXg:b,ap:b,ap,bp:b,bp::+ad:
+fred:9x.FFUw6xcJBa::::::::
+:
The user root is the super-user, who has no special label constraints nor audit interest. The user ignatz may have any label from the lowest to the level b and any of a large number of categories. ignatz will run at system low unless he specifies otherwise. He is being audited on the system default event classes as well as data creations and access changes, but never for failed data reads. The user rex can function only at the level b and only in the categories ap or ap and bp. By default, he will run at ‘b,bp’. He is audited with the system defaults, except that successful administrative operations are not audited. The user fred will have the labels and audit flags that are specified in the Yellow Pages passwd.adjunct file. Any other users specified in the Yellow Pages will be able to log in on this system.
The user security data file resides in the /etc/security directory. Because it contains encrypted passwords, it does not have general read permission.
FILES
/etc/security/passwd.adjunct
/etc/security
SEE ALSO
login(1), passwd(1), crypt(3), getpwaent(3), getpwent(3), audit_control(5), passwd(5), adduser(8)
Sun Release 4.0 — Last change: 14 December 1987