Linux GECOS information demystified
GECOS information might be one of the last great mysteries of modern computing. Why is GECOS such a unicorn topic for Linux folk? I think it's because sysadmins refer to it as GECOS without knowing the acronym's meaning or its original purpose. Sysadmins refer to this
/etc/passwd file information as the User Comment field. User comment makes it sound like something that is user-editable and is open to change on a whim. Neither of those is true. This field is not user-editable, and the field is generally used to hold an account's purpose (for system or service accounts) or the user's full name and other information.
[ You might also enjoy: Managing Linux users with the passwd command ]
If you look at your own
/etc/passwd file, the GECOS field might be blank, contain a user's full name, or contains the name of some daemon or service account description.
Look at this excerpt from my
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
The GECOS field is the one just after the group number and just before the user's shell as shown below.
Much farther down in the
/etc/passwd file is my user account's listing. As you can see below, my user account's GECOS field has my name, Ken Hess, in it.
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rngd:x:984:980:Random Number Generator Daemon:/var/lib/rngd:/sbin/nologin dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin dovenull:x:983:979:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin bsmith:x:1000:1000:Bob Smith:/home/bsmith:/bin/bash khess:x:1001:1001:Ken Hess:/home/khess:/bin/bash
So, what's the big mystery? Good question. And that's where this story really begins.
I'm not 100 percent sure that any single person remembers the whole story of how this got started, but here's what I've gleaned through searches and reading through some old UNIX class notes. In the dark ages of computing, there was something called the General Electric Comprehensive Operating System (GECOS). I think from that alone you can see where this is going, but I'll continue anyway. Later, GECOS became General Comprehensive Operating System (GCOS). UNIX programmers used GECOS/GCOS systems for print spooling and other services. The GECOS/GCOS field was added to the UNIX
/etc/passwd file to denote the service name and then later became the home for a user's full name, plus some additional, optional information.
It became standard practice to use the GECOS field for names, phone numbers, building numbers, and email addresses. Remember that UNIX began in a lab, and everyone was trusted at the time, so home phone numbers and other bits of information weren't kept as private as they are now. Each bit of information in that field was separated by commas to look like the following:
:Ken Hess, Building 300, 212-555-0000, 212-555-1234, firstname.lastname@example.org:
Some people think because GECOS has five letters and the GECOS field has five placeholders that each letter somehow stands for that part of the information. It doesn't. It's just a coincidence that GECOS and the field both have five places. I've also seen all sorts of theories as to what GECOS stands for in those five places. The GECOS field is also the fifth field in the
/etc/passwd file. All of these things lead to one conclusion: It happened over time and out of necessity, it works and hasn't been changed. And that's cool with me. A rose by any other name, right?
On some Linux distributions, the
adduser command is a symbolic link to
useradd. However, this is not true on other distributions. On those distributions, the
adduser command is actually a Perl script that steps you through creating a new user account. See below for the interesting details of running this script. I ported this
adduser script to my system with ease. Stay tuned to Enable Sysadmin for an article describing how I did that.
# adduser jhill Adding user `jhill' ... Adding new group `jhill' (1003) ... Adding new user `jhill' (1003) with group `jhill' ... Creating home directory `/home/jhill' ... Copying files from `/etc/skel' ... New password: Retype new password: passwd: password updated successfully Changing the user information for jhill Enter the new value, or press ENTER for the default Full Name : Jill Hill Room Number : 828 Work Phone : 212-555-0000 Home Phone : 212-555-3456 Other : email@example.com Is the information correct? [Y/n] Y
Do you see where this command prompts you for the GECOS information?
/etc/passwd file confirms the GECOS field.
All of Jill's information has been inserted into the
/etc/passwd file's GECOS field. Being a Perl script, you can customize those prompts to read as you wish. I'm going to edit mine to query for email address rather than for random information under the Other prompt.
[ Want to test your sysadmin skills? Take a skills assessment today. ]
Referring to the GECOS field simply as the User Comment field is partially accurate but I'd rather think of it as the User Information field. But, regardless of how you or I refer to it, it's intended to hold a description of the account's owner or purpose.