User mapping tables (UNIX, Linux)

The user mapping tables in the SYSUSER database are system tables that map users to OS-level properties that enable Informix® access and control level of discretionary access privileges.

sysusermap table

Database: SYSUSER

Table 1. Schema of the sysusermap table
Column Type Description
username CHAR(32) PUBLIC or a mapped user name
surrogate_id INT Identification number for a surrogate user identity. This number is generated when you run the GRANT ACCESS TO statement to create a mapped user.

syssurrogates table

Database: SYSUSER

Table 2. Schema of the syssurrogates table
Column Type Description
surrogate_ID SERIAL Identification number for a surrogate user identity. This number is generated when you run the GRANT ACCESS TO statement to create a mapped user.
os_username CHAR(32)

User name of an operating system account on the Informix® host computer to be used as the surrogate user identity.

The os_username field is null when you set a value to the UID keyword in the GRANT ACCESS TO statement.

uid INT

User identifier number that corresponds with the permissions to which you want to map a user, users, or PUBLIC. This number and the corresponding gid value together form a surrogate user identity.

The uid field is null when you specify a name with USER keyword in the GRANT ACCESS TO statement.

gid INT Group identifier number that corresponds with the permissions to which you want to map a user, users, or PUBLIC.
groupname CHAR(32) A group name that exists on the operating system of the Informix® host computer.
homedir VARCHAR(255) Full path name in which user files are stored. The uid and gid must own the directory and have READ, WRITE, and EXECUTE permissions. The directory must not have PUBLIC WRITE permission.
userauth CHAR(10) Contains userauth pattern that indicates whether the user has server administrator privileges.

syssurrogategroups table

Database: SYSUSER

Table 3. Schema of the syssurrogategroups table
Column Type Description
surrogate_id INT Identification number for a surrogate user identity. This number is generated when you run the GRANT ACCESS TO statement to create a mapped user.
gid INT Group identifier number that corresponds with the permissions to which you want to map a user, users, or PUBLIC.
groupname CHAR(32) A group name that exists on the operating system of the Informix® host computer.
groupseq SMALLINT Unique number associated with the group information.

sysintauthusers table

Database: SYSUSER

Before a user connects to a database of a non-root installation, the server must authenticate the user by verifying credentials in sysintauthusers table. The value that is stored in the sysintauthusers table of the sysusers database is hashed with a 64-bit random salt that is also stored.

Table 4. Schema of the sysintauthusers table
Column Type Description
username NCHAR(32) Name for the user.
salt BIGINT 64-bit salt that the server uses to morph the password before applying the hashing algorithm. The server can use salt to change a password so that two users with the same password do not have the same hashed password in the database. Salt improves security because it prevents password guessing.
hashed_password VARCHAR(128) A sha-256 hashed and base-64 encoded password.
hash_type CHAR(16) Type of hashing algorithm used. Currently the SHA-256 algorithm is used.
updated DATETIME YEAR TO SECOND {TIMESTAMP} N/A
flags INTEGER Flags used to store some account information (such as the account lock).
min_change INTERVAL DAY(7) TO SECOND N/A
max_change INTERVAL DAY(7) TO SECOND, N/A
inactive INTERVAL DAY(7) TO SECOND N/A
ac_expire DATETIME YEAR TO SECOND N/A