Organizes the basic user database for efficient searches.
The mkpasswd generates indexes over certain security files. These indexes are used by the getpwnam, getpwuid, getuserattr, and putuserattr library subroutines.
This approach significantly enhances performance for large user base systems. The following indexes, defined in /usr/include/usersec.h, are created:
Item | Description |
---|---|
/etc/passwd.nm.idx: | Index over /etc/passwd file using username as key. |
/etc/passwd.id.idx: | Index over /etc/passwd file using userid number as key. |
/etc/security/passwd.idx: | Index over /etc/security/passwd file. |
/etc/security/lastlog.idx: | Index over /etc/security/lastlog file. |
Notes:
- Modifying the security files over which indexes are built by an editor disables the use of indexing mechanism.
- Indexed read of a data file is automatically done if a corresponding index exists over the file and is not older than it (except for lastlog index) .
- In order for indexed mechanism to be used at login, the mkpasswd command must have generated indexes.
- The indexing mechanism replaces the previous hashing mechanism which used dbm files.
Item | Description |
---|---|
-v | Reports progress if index built. |
-f | Forces building of all indexes. |
-d | Deletes all indexes. |
-c | Checks all indexes and rebuilds the ones that look suspicious. |
indexname | Forces building of a particular index. |
Access Control: Only the root user and members of the security group should have execute (x) access to this command. The command should be setuid to the root user so the command has access to the user database. Members of the security group should have access to all the files listed in the Files section. This command should have the trusted computing base attribute.
Files Accessed:
Item | Description |
---|---|
Mode | File |
r | /etc/passwd |
rw | /etc/passwd.nm.idxnnnn.tmp and /etc/passwd.id.idxnnnn.tmp
where nnnn is the process id. |
r | /etc/security/passwd |
rw | /etc/security/passwd.idx |
rw | /etc/security/passwd.idxnnnn.tmp where nnnn is the process id |
r | /etc/security/lastlog |
rw | /etc/security/lastlog.idx |
rw | /etc/security/lastlog.idxnnnn.tmp where nnnn is the process id |
mkpasswd -f
mkpasswd /etc/security/passwd.idx
mkpasswd -c
Item | Description |
---|---|
/usr/sbin/mkpasswd | Contains the mkpasswd command. |
/etc/passwd | Contains basic user attributes. |
/etc/security/passwd | Contains user password attributes |
/etc/security/lastlog | Contains lastlog related attributes |