Previous Table of Contents Next

Editing the /etc/passwd File

Before you can use Admintool to edit the local /etc/passwd file, you must be a member of the sysadmin group (GID 14).

If you have the appropriate permissions, you can use Admintool to make changes to the /etc/passwd file on a local system.

You need the following information for each user you plan to add:

  Login name
  User ID (UID)
  Primary group ID (GID)
  Identifying information (name, office, extension, home phone)
  Home directory
  Login shell

User ID Number

A UID is always associated with each user name and is used by systems to identify the owners of files and directories and to identify the user at login. If you create user accounts for a single individual on more than one system, always use the same user name and UID. In that way, the user can easily move and copy files between systems without ownership problems.

A UID must be a whole number less than or equal to 2147483647. The maximum UID was increased from 60000 to 2147483647 starting with the Solaris 2.5.1 release.

UIDs are required for both regular user accounts and special system accounts. Table 7-3 lists the UIDs that are reserved for user accounts and system accounts.

Table 7-3 Reserved UIDs

UIDs Login Accounts Description
0 root Root account
1 daemon Daemon account
2 bin Pseudo--user bin account
3-99 sys, uucp logins, who, tty, and ttytype System accounts
100-60000 Regular users General-purpose accounts
60001 nobody Unauthenticated users
60002 noaccess Compatibility with previous Solaris 2.x and SVR4 releases
60003-2147483647 Regular users General-purpose accounts

CAUTION! Be careful when using UIDs in the 60000 to 2147483647 range. These numbers do not have full functionality and are incompatible with many Solaris features. See Table 7-4 for more information.

Even though UIDs 0 through 99 are reserved for use by system accounts, you can add a user with one of these UIDs. You should not, however, use these UIDs for regular user accounts. Use the numbers 0 through 99 to assign system accounts, uucp logins, and pseudo-user logins.

Large User IDs and Group IDs

Previous Solaris 2.x releases used 32-bit data types to contain UIDs and GIDs. UIDs and GIDs were constrained to a maximum useful value of 60000. The limit on UID and GID values has been raised to the maximum value of a signed integer, or 2147483647 with the Solaris 2.5.1 release. Table 7-4 lists the interoperability issues with Solaris 2.x products and commands.

Table 7-4 Interoperability Issues for UIDs and GIDs over 60000

Category Product/Command Issues/Cautions
NFS Interoperability SunOS 4.x NFS software SunOS 4.x NFS server and client code truncates large UIDs and GIDs to 16 bits. This truncation can create security problems if SunOS 4.x systems are used in an environment where large UIDs and GIDs are being used. SunOS 4.x systems require a patch.
Name Service Interoperability NIS name service
File-based name service
Users with UIDs above 60000 can log in and use the su command on systems running earlier versions of the Solaris 2.x operating environment, however, their UIDs and GIDs are set to 60001 (nobody).
NIS+ name service Users with UIDs above 60000 are denied access on systems running older Solaris 2.x versions and the NIS+ name service.
Printed UIDs/GIDs OpenWindows File Manager Large UIDs and GIDs are not displayed correctly if the OpenWindows File Manager is used with the extended file listing display option.

Table 7-5 summarizes the limitations of using large UIDs and GIDs.

Table 7-5 Limitations of Using UIDs and GIDs over 60000

UID/GID Number Limitation
60003 or greater Users logging in to systems running previous Solaris releases and the NIS or files name service are assigned a UID and GID of nobody.
65536 or greater SunOS 4.x systems running the NFS version 2 software truncate UIDs in this category to 16 bits, creating possible security problems.
Using the cpio command with the default archive format to copy files displays an error message for each file and the UID and GID are set to nobody in the archive.
SPARC systems: SunOS 4.x-compatible applications display EOVERFLOW messages from some system calls and the UID and GID are set to nobody.
x86 systems: SVR3-compatible applications on an x86 system is likely to display EOVERFLOW messages from system calls.
x86 systems: If users create a file or directory on a mounted System V file system, the System V file system returns an EOVERFLOW error.
100000 or greater The ps -l command displays a maximum five-digit UID so the printed column is not aligned when it includes a UID or GID greater than 99999.
2622144 or greater Using the cpio command with -H odc format or the pax -x cpio command to copy files returns an error message for each file and the UIDs and GIDs are set to nobody in the archive.
10000000 or greater Using the ar command sets UIDs and GIDs to nobody in the archive.
2097152 or greater UIDs and GIDs are set to nobody when using the tar command, the cpio -H ustar command, or the pax -x tar command.

Previous Table of Contents Next