DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

passwd(F)


passwd -- password file

Format

username:[password]:UID:GID:[comment]:directory:[program]

Network Information Service (NIS) entries

+[username]:[password]:::[comment]:[directory]:[program]
+@netgroup:
-username:
-@netgroup:

Description

/etc/passwd is an ASCII file. Each entry in passwd occupies one line and describes one user. Each line contains the following seven colon-separated fields:

username
The login name of the user.

password
Encrypted password. If this field is null, no password is demanded. If the shadow(F) file exists on the system, then an ``x'' is stored in this field; the encrypted password and password aging information are stored in the shadow file instead.

UID
Numerical user ID.

GID
Numerical group ID as defined in the group(F) file.

comment
This field corresponds to the information displayed as the output of the finger command. Refer to finger(C) for details of the required format.

directory
Initial working directory.

program
Program to use as shell. If this field is null, sh is used by default.

Passwords are encrypted, so passwd has general read permission and can be used, for example, to map numerical user IDs to names.

The encrypted password consists of 13 characters chosen from a 64-character alphabet (., /, 0-9, A-Z, a-z). In the case that the password is null, the encrypted password is also null.

Network Information Service (NIS) entries

Entries in passwd beginning with ``+'' incorporate information obtained from NIS. A ``+::::::'' entry has the effect of inserting the entire NIS password file at that point. If username is specified after ``+'', the entry for that user is inserted. Entries for password, comment, directory, and program override the corresponding values obtained from NIS. If a network group netgroup is specified after ``+@'', all members of that group are inserted.

Entries beginning with ``-'' exclude users and network groups from logging in. A ``-username'' entry causes any subsequent entries in passwd or obtained from NIS for a user to be ignored. A ``-@netgroup'' entry causes any subsequent entries for members of a network group to be ignored.

Password aging

Password aging is in effect for a particular user if their encrypted password is followed by a comma and a non-null string of characters from the above alphabet. (Such a string must be introduced by root.)

The first character of the age denotes the maximum number of weeks for which a password is valid. A user who attempts to log in after their password has expired will be forced to supply a new one.

The next character denotes the minimum period in weeks which must expire before the password may be changed.

The remaining characters define the week (counted from the beginning of 1970) when the password was last changed. (A null string is equivalent to zero.)

The first and second characters must have numerical values in the range 0-63, where the dot (.) is equal to 0 and lowercase z is equal to 63.

If the numerical value of both characters is 0, the user will be forced to change their password the next time they log in.

If the second character is greater than the first, only root will be able to change the password.

Examples

An example of a passwd file used in conjunction with the shadow file:
   root:x:0:10:super user:/:/bin/sh
   fran:x:121:100:Fran Sisco:/u/fran:/bin/ksh
   -renee:
   -@marketing:
   +diego::::::
   +:::::/u/guest:/bin/rksh
   +@developers:
root and fran can log in even when the system is standalone. diego and all members of the network group developers can log in using their NIS passwords. developers are restricted to using rksh in the directory /u/guest. renee and all members of the marketing network group are forbidden to log in.

Files


/etc/passwd
full pathname of passwd

See also

getprpwent(S), getpwent(S), group(F), login(M), netgroup(NF), passwd(C), pwconv(ADM), rksh(C), sh(C), shadow(F)
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003