=== passwd, group and ids === There are quite a number of files related to user accounts and their associated attributes. This document gives a quick summary of what goes where, and does what. /vsta/etc/passwd The passwd file is the central database concerning user accounts. A typical line in the passwd file looks like: vandys:*:1:0:Andy Valencia:usr.vandys:/vandys:vandys:/vsta/bin/sh The first field, "vandys", is the username. This is what you enter to the login program. The second field, "*", is the password field. Passwords are not actually stored in /vsta/etc/passwd, but rather in /vsta/etc/shadow. More on this below. The third field, "1", is the "user ID". In UNIX, this would define what files you can access, but not so in VSTa. Rather, in VSTa, the "UID" is simply that: an ID related to one particular logged in user. It is used to answer questions like "who created this file?", but not "who can read this file?". The fourth field, "0", is the "group ID". This ID indicates a specific group in /vsta/etc/group (documented below). By being a member of a particular group, you get capabilities. So a set of capabilities suitable for some particular group of accounts is described in /vsta/etc/group for a given group ID. Then, each user account has the same group ID, and they all share those capabilities. The fifth field, "Andy Valencia", is simply a textual description of the person using the account. The sixth field, "usr.vandys", lists your initial capability. The capability name is hierarchical, and is a reference to the numerical counterpart, looked up via /vsta/etc/ids. So after you log in, your capabilities are the sum of this one, plus any additional ones granted due to your group ID. The seventh field, "/vandys", is your home directory. $HOME gets set to this. The eighth field, "vandys", is your environment path. Very much unlike UNIX, your environment is kept in an external server, which is global to the system. A given user's environment variables exist under /env with the given name--/env/vandys, in this case. Each variable shows up as a simple file within that directory. The ninth field, "/vsta/bin/sh", is your default shell. $SHELL will be set to it, and after successful login this is what will be launched as your command interpreter. /vsta/etc/shadow The shadow file has the same format as the passwd file, but most of the fields are left empty. The entry corresponding to passwd's example would be: vandys:glarfl::::::: Which simply encodes that user account "vandys" has the password "glarfl". The reason these two files exist is so that the shadow file can be given file permissions such that the average user can not read it. The passwd file is left public so that programs like "ls" can convert user ID's to user names. /vsta/etc/ids ID's and capabilities are very central to protection in VSTa. This file describes ID's, mapping from symbolic names to numbers. The portion of the file concerning the "vandys" account (usr.vandys) is: usr:3 vandys:1 jtk:2 So if you're "usr.vandys", numerically you're actually "3.1". How are these used? See the section "How do capabilities work?" in the file /vsta/doc/faq. /vsta/etc/group The group ID referenced in the passwd file picks a line from this file. The line for "vandys"'s group (0) is: root:0:sys.sys This gives a name ("root") to group 0, and then lists capabilities which should be granted to any member of this group. In this case, the single capability "sys.sys" is granted. So for account "vandys", any file which could be accessed by either "usr.vandys" *or* by "sys.sys" will be accessible. There can be zero or more capabilities (separated by further colons).