Data Structures specific to a user in kernel

linkaran · 08-02-2012, 01:14 AM

I would like to know if there is a data structure specific to a user which describes its status and other information? For instance,a task structure to a process. The names of users can be extracted from etc/passwd but I am not able to find the data structure created for a user.

sundialsvcs · 08-02-2012, 08:17 PM

Processes, files, and so-forth have a uid (user-id) and gid (group-id) field, both of which are numbers.

Now, one of the reasons why the kernel seems a bit "mum" as to exactly "who you are," is that the dual objectives of authentication and authorization can in fact be quite complicated, as can such issues as regulating file and resource access. Linux has a PAM = Pluggable Authentication Modules infrastructure which allows it to delegate many of these operations in a very generic way. It might be using a password-file, or it might be relying upon an LDAP or a Kerberos corporate-wide (or submarine-wide?) network. When viewed in the general sense, as computers are wot to do, it can become tricky indeed.

linkaran · 08-05-2012, 07:51 AM

Thank you for the reply. The kernel does seem "mum" about the users after all.

sundialsvcs · 08-09-2012, 01:45 PM

The kernel delegates all authentication and authorization tasks to PAM, and it maintains in its data structures only the "tokens" (so to speak...) that are needed by its own internal mechanisms. You see how the "traditional" authentication and authorization mechanisms of Unix have been abstracted away in Linux's present design.

Consider the scenarios of which a particular Linux box might be only a tiny part ... an installation that might have 18,000 computers in it ... serving hundreds of thousands of employees and countless internal service processes. All managed from a single (distributed...) administration source. (And oh by the way, the security grade is "Top Secret: Crypto.") "Password files" and even "shadow files" are but a distant memory. Linux is called-upon to work there, and it does. Seamlessly cooperating with all the other types of computers, 24/7/365, with uptime measured in years. It's quite the thing

to see, I assure you.

linkaran · 08-11-2012, 11:59 PM

From what I read on PAM,I understand that PAM gives a complete control over how users are authenticated. But if you take it a notch down and want to check what a user status is from when it logged out the last time,how can that be done? To be specific,while doing a system resume(from s4 state),I want to check which of the users are in which state(powered off or s3 state or s4 state...).So at what level should I be looking for to extract this kind of information?