Dbdump

From CobaltFAQs

On regular Linux systems, the password and group files are /etc/passwd (or /etc/shadow) and /etc/group. Under Sausalito, this information is now contained in Berkeley DB files /var/db/passwd.db and /var/db/group.db. This was done for scaling purposes, as the plain /etc/passwd system could have race issues, etc. on systems with hundreds or thousands of users.

This is a list of all the .db files on the system:

freegids.db
freeuids.db
group.db
gshadow.db
passwd.db
shadow.db

The downside to this change is that you can't just look at the users list. But you can use this Perl script to see the contents:

#!/usr/bin/perl

use strict;
use DB_File;
use vars qw(%hash $key $value) ;

tie %hash, "DB_File", $ARGV[0], O_RDONLY, 0640, $DB_BTREE or
 die "Cannot open file: $ARGV[0]: $!\n";

while (($key, $value) = each %hash) {
 print "$key -> $value\n"
}

untie %hash;

Name it something like dbdump, make it executable, and use it like:

/path/to/dbdump /var/db/passwd.db

You will see something like this:

.SITE1-logs -> SITE1-logs:x:501:500:www.example.com:/home/.sites/28/site1/logs:/bin/badsh
=501 -> SITE1-logs:x:501:500:www.example.com:/home/.sites/28/site1/logs:/bin/badsh

So the old /etc/passwd style record is still there, it's just the value for a keyed record where .SITEx-logs or =uid is the key.

Here are example contents of the .db files in /var/db:

# cd /var/db
# ~/dbdump freegids.db
506 -> 1

# ~/dbdump freeuids.db
505 -> 1
506 -> 1

# ~/dbdump group.db
.site1 -> site1:*:500:admin
.site2 -> site2:*:501:admin
.site3 -> site3:*:504:admin
=500 -> site1:*:500:admin
=501 -> site2:*:501:admin
=504 -> site3:*:504:admin

# ~/dbdump gshadow.db
.site1 -> site1:*::admin
.site2 -> site2:*::admin
.site3 -> site3:*::admin

# ~/dbdump passwd.db
.SITE1-logs -> SITE1-logs:x:501:500:www.example.com:/home/.sites/28/site1/logs:/bin/badsh
.SITE2-logs -> SITE2-logs:x:502:501:www.example.net:/home/.sites/143/site2/logs:/bin/badsh
.SITE3-logs -> SITE3-logs:x:503:504:www.example.org:/home/.sites/106/site3/logs:/bin/badsh
=501 -> SITE1-logs:x:501:500:www.example.com:/home/.sites/28/site1/logs:/bin/badsh
=502 -> SITE2-logs:x:502:501:www.example.net:/home/.sites/143/site2/logs:/bin/badsh
=503 -> SITE3-logs:x:503:504:www.example.org:/home/.sites/106/site3/logs:/bin/badsh

# ~/dbdump shadow.db
.SITE1-logs -> SITE1-logs:*:12507:0:99999:7:-1:-1:0
.SITE2-logs -> SITE2-logs:*:12767:0:99999:7:-1:-1:0
.SITE3-logs -> SITE3-logs:*:12767:0:99999:7:-1:-1:0