| 
passwd(4)							     passwd(4)
      passwd - password file
      /etc/passwd is an ASCII file containing entries for each user.  Each
     field within each user's entry is separated from the next by a colon.
     Each user is separated from the next by a newline.	 An entry beginning
     with # is ignored,	and may	be silently removed under some circumstances
     (see passwd(1) for	specific information.)
     The passwd	file contains the following information	for each user:
     name      User's login name -- consists of	alphanumeric characters	and
	       must not	be greater than	eight characters long.	It is
	       recommended that	the login name consist of a leading lower case
	       letter followed by a combination	of digits and lower case
	       letters for greatest portability	across multiple	versions of
	       the UNIX	operating system.  This	recommendation can be safely
	       ignored for users local to IRIX systems.	 The pwck(1M) command
	       checks for the greatest possible	portability on names, and
	       complains about user names that do not cause problems on	IRIX.
     password  Encrypted password and optional password	aging information.  If
	       the password field is null (empty), no password is demanded
	       when the	user logs in.  If the system is	configured to use
	       shadow passwords, this field of /etc/passwd is ignored by all
	       programs	that do	password checking.  See	pwconv(1M) for
	       information about shadow	passwords.
     numerical user ID
	       This is the user's ID in	the system and it must be unique.
     numerical group ID
	       This is the number of the default group that the	user belongs
	       to.
     user's real name
	       In some versions	of UNIX, this field also contains the user's
	       office, extension, home phone, and so on.  For historical
	       reasons this field is called the	GECOS field.  The finger(1)
	       program can interpret the GECOS field if	it contains comma
	       (``,'') separated subfields as follows:
	       name	user's full name
	       office	user's office number
	       wphone	user's work phone number
	       hphone	user's home phone number
	       An & in the user's full name field stands for the login name
	       (in cases where the login name appears in a user's real name).
									Page 1
passwd(4)							     passwd(4)
     initial working directory
	       The directory that the user is positioned in when they log in;
	       this is known as	the home directory.
     shell     The program to use as the command interpreter (shell) when the
	       user logs in.  If the shell field is empty, the Bourne shell
	       (/bin/sh) is assumed.  If the first character of	this field is
	       an *, then the login(1) program treats the home directory field
	       as the directory	to be used as the argument to the chroot(2)
	       system call, and	then loops back	to reading the /etc/passwd
	       file under the new root,	reprompting for	the login.  This can
	       be used to implement secure or restricted logins, in a manner
	       similar to ftp(1C).
     Password aging is used for	a particular user if his encrypted password is
     followed by a comma and a non-null	string of characters from a 64-
     character alphabet	(.,/,0-9, A-Z, a-z) parsed left	to right by a64l(3)).
     The first character of the	age, M say, denotes the	maximum	number of
     weeks for which a password	is valid.  A user who attempts to login	after
     his password has expired is forced	to change his password.	 The next
     character,	m say, denotes the minimum period in weeks that	must expire
     before the	password can be	changed.  If the second	character is omitted,
     zero weeks	is the default minimum.	 M and m have numerical	values in the
     range 0-63	that correspond	to the 64-character alphabet shown above (/ =
     1 week, z = 63 weeks).  The remaining characters are the weeks since the
     epoch when	the password was last changed.	If m = M = 0 (derived from the
     string . or ..) the user is forced	to change his password the next	time
     he	logs in	(and the age disappears	from his entry in the password file).
     If	m > M only the superuser is able to change the password.  The password
     must have been previously changed and therefore have a valid last change
     date in the aging field for this m	> M mechanism to control password
     manipulation.  Simply putting ./ as the aging string will be interpreted
     by	login as an expired password (because the last changed date is 0), and
     the automatic invocation of passwd	by login will fail due to the m	> M
     mechanism.
     The password file resides in the /etc directory.  Because of the
     encrypted passwords, it has general read permission and can be used, for
     example, to map numerical user ID's to names.
     If	the NFS	option is installed, the passwd	file can also have lines
     beginning with a `+' (plus	sign) which means to incorporate entries from
     the NIS.  There are three styles of + entries in this file:
     +		  Means	to insert the entire contents of the NIS password file
		  at that point.
     +name	  Means	to insert the entry (if	any) for name from the NIS at
		  that point.
									Page 2
passwd(4)							     passwd(4)
     +@netgroup	  Means	to insert the entries for all members of the network
		  group	netgroup at that point.
     If	a + entry has a	non-empty password, directory, GECOS, or shell field,
     the value of that field overrides what is contained in the	NIS.  The uid
     and gid fields cannot be overridden.
     The passwd	file can also have lines beginning with	a `-' (minus sign)
     which means to disallow entries from the NIS (or from local use).	There
     are two styles of `-' entries in this file:
     -name	  Means	to disallow any	subsequent entries (if any) for	name
		  (in this file	or in the NIS).
     -@netgroup	  Means	to disallow any	subsequent entries for all members of
		  the network group netgroup.
     Password aging is not supported for NIS entries.
     User ID number restrictions and conventions in the	UNIX community are few
     and simple.
     Reserved:
	  UID 0		The superuser (aka root).
	  UID -2	NFS 'nobody'.  Note that because uid_t is unsigned, -2
			is mapped to the special value 60001 by	NFS.
	  UID 60001 and	60002
			For historical reasons,	these values correspond	to the
			users ``nobody'' and ``noaccess'', respectively.  It
			is recommended that you	not allocate these values to
			real users.
     Conventions:
	  UID 1	to 10	Commonly used for system pseudo	users and daemons.
	  UID 11 to 99	Commonly used for uucp logins and 'famous users'.
	  UID 100 to 2147483647	(except	for 60001 and 60002)
			Normal users (start at 100).  For historical reasons
			certain	operations are restricted for uids larger than
			65535.	Most significantly, these users	cannot own
			files on an efs(4) filesystem.	This also means	that
			they cannot run	a program that allocates a pty(7M)
			(for example, vi(1) and	xwsh(1G)) if /dev resides on
			an efs(4) filesystem.
									Page 3
passwd(4)							     passwd(4)
			For these reasons, we recommend	that large uids	only
			be used	on xfs(4) based	systems.
     Here is a sample /etc/passwd file:
	  root:q.mJzTnu8icF.:0:10:superuser:/:/bin/csh
	  bill:6k/7KCFRPNVXg,z/:508:10:& The Cat:/usr2/bill:/bin/csh
	  +john:
	  +@documentation:no-login:
	  +::::Guest
	  nobody:*:-2:-2::/dev/null:/dev/null
     In	this example, there are	specific entries for users root	and bill, to
     assure that they can log in even when the system is running stand-alone
     or	when the NIS is	not running.  The user bill has	63 weeks of maximum
     password aging and	1 week of minimum password aging.  Programs that use
     the GECOS field replace the & with	`Bill'.	 The user john has his
     password entry in the NIS incorporated without change; anyone in the
     netgroup documentation has	their password field disabled, and anyone else
     is	able to	log in with their usual	password, shell, and home directory,
     but with a	GECOS field of Guest. The user nobody cannot log in and	is
     used by the exportfs(1M) command.
     /etc/passwd
 
     login(1), passwd(1), pwck(1M), pwconv(1M),	ypchpass(1), yppasswd(1),
     a64l(3C), crypt(3C), getpwent(3C),	exports(4), group(4), netgroup(4),
     shadow(4).
									PPPPaaaaggggeeee 4444[ Back ] |