=== passwd, group and ids ===
   There are quite a number of files related to user accounts and their
   associated attributes. This document gives a quick summary of what
   goes where, and does what.
   The passwd file is the central database concerning user accounts. A
   typical line in the passwd file looks like:

   vandys:*:1:0:Andy Valencia:usr.vandys:/vandys:vandys:/vsta/bin/sh

   The first field, "vandys", is the username. This is what you enter to
   the login program.
   The second field, "*", is the password field. Passwords are not
   actually stored in /vsta/etc/passwd, but rather in /vsta/etc/shadow.
   More on this below.
   The third field, "1", is the "user ID". In UNIX, this would define
   what files you can access, but not so in VSTa. Rather, in VSTa, the
   "UID" is simply that: an ID related to one particular logged in user.
   It is used to answer questions like "who created this file?", but not
   "who can read this file?".
   The fourth field, "0", is the "group ID". This ID indicates a specific
   group in /vsta/etc/group (documented below). By being a member of a
   particular group, you get capabilities. So a set of capabilities
   suitable for some particular group of accounts is described in
   /vsta/etc/group for a given group ID. Then, each user account has the
   same group ID, and they all share those capabilities.
   The fifth field, "Andy Valencia", is simply a textual description of
   the person using the account.
   The sixth field, "usr.vandys", lists your initial capability. The
   capability name is hierarchical, and is a reference to the numerical
   counterpart, looked up via /vsta/etc/ids. So after you log in, your  
   capabilities are the sum of this one, plus any additional ones granted
   due to your group ID.
   The seventh field, "/vandys", is your home directory. $HOME gets set
   to this.
   The eighth field, "vandys", is your environment path. Very much unlike
   UNIX, your environment is kept in an external server, which is global
   to the system. A given user's environment variables exist under /env
   with the given name--/env/vandys, in this case. Each variable shows up
   as a simple file within that directory.
   The ninth field, "/vsta/bin/sh", is your default shell. $SHELL will be
   set to it, and after successful login this is what will be launched as
   your command interpreter.
   The shadow file has the same format as the passwd file, but most of
   the fields are left empty. The entry corresponding to passwd's example
   would be:


   Which simply encodes that user account "vandys" has the password  
   "glarfl". The reason these two files exist is so that the shadow file
   can be given file permissions such that the average user can not read
   it. The passwd file is left public so that programs like "ls" can
   convert user ID's to user names.
   ID's and capabilities are very central to protection in VSTa. This
   file describes ID's, mapping from symbolic names to numbers. The
   portion of the file concerning the "vandys" account (usr.vandys) is:


   So if you're "usr.vandys", numerically you're actually "3.1". How are
   these used? See the section "How do capabilities work?" in the file
   The group ID referenced in the passwd file picks a line from this
   file. The line for "vandys"'s group (0) is:


   This gives a name ("root") to group 0, and then lists capabilities   
   which should be granted to any member of this group. In this case, the
   single capability "sys.sys" is granted. So for account "vandys", any  
   file which could be accessed by either "usr.vandys" *or* by "sys.sys"
   will be accessible. There can be zero or more capabilities (separated
   by further colons).