*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->FreeBSD man pages -> passwd (5)              



NAME    [Toc]    [Back]

     passwd, master.passwd -- format of the password file

DESCRIPTION    [Toc]    [Back]

     The passwd files are the local source of password information.  They can
     be used in conjunction with the Hesiod domains `passwd' and `uid', and
     the NIS maps `passwd.byname', `passwd.byuid', `master.passwd.byname', and
     `master.passwd.byuid', as controlled by nsswitch.conf(5).

     The master.passwd file is readable only by root, and consists of newline
     separated records, one per user, containing ten colon (``:'') separated
     fields.  These fields are as follows:

	   name      User's login name.

	   password  User's encrypted password.

	   uid	     User's id.

	   gid	     User's login group id.

	   class     User's general classification (unused).

	   change    Password change time.

	   expire    Account expiration time.

	   gecos     General information about the user.

	   home_dir  User's home directory.

	   shell     User's login shell.

     The passwd file is generated from the master.passwd file by pwd_mkdb(8),
     has the class, change, and expire fields removed, and the password field
     replaced by a ``*''.

     The name field is the login used to access the computer account, and the
     uid field is the number associated with it.  They should both be unique
     across the system (and often across a group of systems) since they control
 file access.

     While it is possible to have multiple entries with identical login names
     and/or identical user id's, it is usually a mistake to do so.  Routines
     that manipulate these files will often return only one of the multiple
     entries, and that one by random selection.

     The login name must never begin with a hyphen (``-''); also, it is
     strongly suggested that neither upper-case characters or dots (``.'') be
     part of the name, as this tends to confuse mailers.  No field may contain
     a colon (``:'') as this has been used historically to separate the fields
     in the user database.

     The password field is the encrypted form of the password.	If the
     password field is empty, no password will be required to gain access to
     the machine.  This is almost invariably a mistake.  Because these files
     contain the encrypted user passwords, they should not be readable by anyone
 without appropriate privileges.

     The group field is the group that the user will be placed in upon login.
     Since this system supports multiple groups (see groups(1)) this field
     currently has little special meaning.

     The class field is a key for a user's login class. Login classes are
     defined in login.conf(5), which is a termcap(5) style database of user
     attributes, accounting, resource, and environment settings.

     The change field is the number of seconds from the epoch, UTC, until the
     password for the account must be changed.	This field may be left empty
     to turn off the password aging feature.

     The expire field is the number of seconds from the epoch, UTC, until the
     account expires.  This field may be left empty to turn off the account
     aging feature.

     The gecos field normally contains comma (``,'') separated subfields as

	   name    user's full name
	   office  user's office number
	   wphone  user's work phone number
	   hphone  user's home phone number

     The full name may contain a ampersand (``&'') which will be replaced by
     the capitalized login name when the gecos field is displayed or used by
     various programs such as finger(1), sendmail(8), etc.

     The office and phone number subfields are used by the finger(1) program,
     and possibly other applications.

     The user's home directory is the full UNIX path name where the user will
     be placed on login.

     The shell field is the command interpreter the user prefers.  If there is
     nothing in the shell field, the Bourne shell (/bin/sh) is assumed.

HESIOD SUPPORT    [Toc]    [Back]

     If `dns' is specified for the `passwd' database in nsswitch.conf(5), then
     passwd lookups occur from the `passwd' Hesiod domain.

NIS SUPPORT    [Toc]    [Back]

     If `nis' is specified for the `passwd' database in nsswitch.conf(5), then
     passwd lookups occur from the `passwd.byname', `passwd.byuid',
     `master.passwd.byname', and `master.passwd.byuid' NIS maps.

COMPAT SUPPORT    [Toc]    [Back]

     If `compat' is specified for the `passwd' database, and either `dns' or
     `nis' is specified for the `passwd_compat' database in nsswitch.conf(5),
     then the passwd file also supports standard `+/-' exclusions and inclusions,
 based on user names and netgroups.

     Lines beginning with a ``-'' (minus sign) are entries marked as being
     excluded from any following inclusions, which are marked with a ``+''
     (plus sign).

     If the second character of the line is a ``@'' (at sign), the operation
     involves the user fields of all entries in the netgroup specified by the
     remaining characters of the name field.  Otherwise, the remainder of the
     name field is assumed to be a specific user name.

     The ``+'' token may also be alone in the name field, which causes all
     users from either the Hesiod domain passwd (with `passwd_compat: dns') or
     `passwd.byname' and `passwd.byuid' NIS maps (with `passwd_compat: nis')
     to be included.

     If the entry contains non-empty uid or gid fields, the specified numbers
     will override the information retrieved from the Hesiod domain or the NIS
     maps. As well, if the gecos, dir or shell entries contain text, it will
     override the information included via Hesiod or NIS.  On some systems,
     the passwd field may also be overridden.

FILES    [Toc]    [Back]

     /etc/passwd	 ASCII password file, with passwords removed
     /etc/pwd.db	 db(3)-format password database, with passwords
     /etc/master.passwd  ASCII password file, with passwords intact
     /etc/spwd.db	 db(3)-format password database, with passwords intact

SEE ALSO    [Toc]    [Back]

     chpass(1), login(1), passwd(1), getpwent(3), netgroup(5), adduser(8),
     pwd_mkdb(8), vipw(8), yp(8)

     Managing NFS and NIS (O'Reilly & Associates)

BUGS    [Toc]    [Back]

     User information should (and eventually will) be stored elsewhere.

     Placing `compat' exclusions in the file after any inclusions will have
     unexpected results.

COMPATIBILITY    [Toc]    [Back]

     The password file format has changed since 4.3BSD.  The following awk
     script can be used to convert your old-style password file into a new
     style password file.  The additional fields ``class'', ``change'' and
     ``expire'' are added, but are turned off by default.  Class is currently
     not implemented, but change and expire are; to set them, use the current
     day in seconds from the epoch + whatever number of seconds of offset you

	   BEGIN { FS = ":"}
	   { print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 }

HISTORY    [Toc]    [Back]

     A passwd file format appeared in Version 6 AT&T UNIX.

     The NIS passwd file format first appeared in SunOS.

     The Hesiod support first appeared in FreeBSD 4.1.	It was imported from
     the NetBSD Project, where it first appeared in NetBSD 1.4.

FreeBSD 5.2.1		       January 16, 1999 		 FreeBSD 5.2.1
[ Back ]
 Similar pages
Name OS Title
DxfToIv IRIX converts an Autodesk Data Exchange File format (.DXF) file to Open Inventor 2.0 format
DXmCvtCStoFC Tru64 Converts a compound string to a file-compatible format string. Currently uses text format.
vipw Linux edit the password, group, shadow-password, or shadow-group file.
passwd HP-UX password file
passwd Linux The password file
passwd IRIX password file
shadow Linux encrypted password file
fgetpwent Linux get password file entry
getpwent IRIX get password file entry
shadow HP-UX shadow password file
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service