Skip to main content

Linux GECOS information demystified

If you ever wanted to know what GECOS is and why it's important to you, here are the answers
Image
GECOS information demystified

Photo by Guillermo Arroyo from Pexels

GECOS information might be one of the last great mysteries of modern computing. Why is GECOS such a unicorn topic for Linux folk? I think it's because sysadmins refer to it as GECOS without knowing the acronym's meaning or its original purpose. Sysadmins refer to this /etc/passwd file information as the User Comment field. User comment makes it sound like something that is user-editable and is open to change on a whim. Neither of those is true. This field is not user-editable, and the field is generally used to hold an account's purpose (for system or service accounts) or the user's full name and other information.

[ You might also enjoy: Managing Linux users with the passwd command ]

If you look at your own /etc/passwd file, the GECOS field might be blank, contain a user's full name, or contains the name of some daemon or service account description.

Look at this excerpt from my /etc/passwd file:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin

The GECOS field is the one just after the group number and just before the user's shell as shown below.

Much farther down in the /etc/passwd file is my user account's listing. As you can see below, my user account's GECOS field has my name, Ken Hess, in it.

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rngd:x:984:980:Random Number Generator Daemon:/var/lib/rngd:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:983:979:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
bsmith:x:1000:1000:Bob Smith:/home/bsmith:/bin/bash
khess:x:1001:1001:Ken Hess:/home/khess:/bin/bash

So, what's the big mystery? Good question. And that's where this story really begins.

GECOS history

I'm not 100 percent sure that any single person remembers the whole story of how this got started, but here's what I've gleaned through searches and reading through some old UNIX class notes. In the dark ages of computing, there was something called the General Electric Comprehensive Operating System (GECOS). I think from that alone you can see where this is going, but I'll continue anyway. Later, GECOS became General Comprehensive Operating System (GCOS). UNIX programmers used GECOS/GCOS systems for print spooling and other services. The GECOS/GCOS field was added to the UNIX /etc/passwd file to denote the service name and then later became the home for a user's full name, plus some additional, optional information.

It became standard practice to use the GECOS field for names, phone numbers, building numbers, and email addresses. Remember that UNIX began in a lab, and everyone was trusted at the time, so home phone numbers and other bits of information weren't kept as private as they are now. Each bit of information in that field was separated by commas to look like the following:

:Ken Hess, Building 300, 212-555-0000, 212-555-1234, khess@example.com:

Some people think because GECOS has five letters and the GECOS field has five placeholders that each letter somehow stands for that part of the information. It doesn't. It's just a coincidence that GECOS and the field both have five places. I've also seen all sorts of theories as to what GECOS stands for in those five places. The GECOS field is also the fifth field in the /etc/passwd file. All of these things lead to one conclusion: It happened over time and out of necessity, it works and hasn't been changed. And that's cool with me. A rose by any other name, right?

GECOS today

On some Linux distributions, the adduser command is a symbolic link to useradd. However, this is not true on other distributions. On those distributions, the adduser command is actually a Perl script that steps you through creating a new user account. See below for the interesting details of running this script. I ported this adduser script to my system with ease. Stay tuned to Enable Sysadmin for an article describing how I did that.

# adduser jhill
Adding user `jhill' ...
Adding new group `jhill' (1003) ...
Adding new user `jhill' (1003) with group `jhill' ...
Creating home directory `/home/jhill' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for jhill
Enter the new value, or press ENTER for the default
	Full Name []: Jill Hill
	Room Number []: 828
	Work Phone []: 212-555-0000
	Home Phone []: 212-555-3456
	Other []: jhill@example.com
Is the information correct? [Y/n] Y

Do you see where this command prompts you for the GECOS information?

Checking the /etc/passwd file confirms the GECOS field.

jhill:x:1003:1003:Jill Hill,828,212-555-0000,212-555-3456,jhill@example.com:/home/jhill:/bin/bash

All of Jill's information has been inserted into the /etc/passwd file's GECOS field. Being a Perl script, you can customize those prompts to read as you wish. I'm going to edit mine to query for email address rather than for random information under the Other prompt.

[ Want to test your sysadmin skills? Take a skills assessment today. ]

Wrap up

Referring to the GECOS field simply as the User Comment field is partially accurate but I'd rather think of it as the User Information field. But, regardless of how you or I refer to it, it's intended to hold a description of the account's owner or purpose.

Check out these related articles on Enable Sysadmin

Topics:   Linux  
Author’s photo

Ken Hess

Ken has used Red Hat Linux since 1996 and has written ebooks, whitepapers, actual books, thousands of exam review questions, and hundreds of articles on open source and other topics. Ken also has 20+ years of experience as an enterprise sysadmin with Unix, Linux, Windows, and Virtualization. More about me

On Demand: Red Hat Summit 2021 Virtual Experience

Relive our April event with demos, keynotes, and technical sessions from
experts, all available on demand.

Related Content

OUR BEST CONTENT, DELIVERED TO YOUR INBOX