Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

NetBSD 6.1.5 - man page for passwd (netbsd section 5)

PASSWD(5)			     BSD File Formats Manual				PASSWD(5)

     passwd, master.passwd -- format of the password file

     The passwd files are the local source of password information.  They can be used in conjunc-
     tion with the Hesiod domain 'passwd' and the NIS maps 'passwd.byname', 'passwd.byuid',
     'master.passwd.byname', and 'master.passwd.byuid', as controlled by nsswitch.conf(5).

     The master.passwd file is readable only by root, and consists of newline separated ASCII
     records, one per user, containing ten colon (``:'') separated fields.

     Each line has the form:

     These fields are as follows:
	   name      User's login name.
	   password  User's encrypted password.
	   uid	     User's id.
	   gid	     User's login group id.
	   class     User's login class.
	   change    Password change time.
	   expire    Account expiration time.
	   gecos     General information about the user.
	   home_dir  User's home directory.
	   shell     User's login shell.

     Be aware that each line is limited to 1024 characters; longer ones will be ignored.  This
     limit can be queried through sysconf(3) by using the _SC_GETPW_R_SIZE_MAX parameter.

     The passwd file is generated from the master.passwd file by pwd_mkdb(8), has the class,
     change, and expire fields removed, and the password field replaced by a ``*''.

     The name field is the login used to access the computer account, and the uid field is the
     number associated with it.  They should both be unique across the system (and often across a
     group of systems) since they control file access.

     While it is possible to have multiple entries with identical login names and/or identical
     user id's, it is usually a mistake to do so.  Routines that manipulate these files will
     often return only one of the multiple entries, and that one by random selection.

     The login name must never begin with a hyphen (``-''); also, it is strongly suggested that
     neither upper-case characters nor dots (``.'') be part of the name, as this tends to confuse
     mailers.  No field may contain a colon (``:'') as this has been used historically to sepa-
     rate the fields in the user database.

     The password field is the encrypted form of the password.	If the password field is empty,
     no password will be required to gain access to the machine.  This is almost invariably a
     mistake.  Because these files contain the encrypted user passwords, they should not be read-
     able by anyone without appropriate privileges.  For the possible ciphers used in this field
     see passwd.conf(5).

     The gid field is the group that the user will be placed in upon login.  Since this system
     supports multiple groups (see groups(1)) this field currently has little special meaning.

     The class field is a key for a user's login class.  Login classes are defined in
     login.conf(5), which is a termcap(5) style database of user attributes, accounting, resource
     and environment settings.

     The change field is the number of seconds from the epoch, UTC, until the password for the
     account must be changed.  This field may be left empty to turn off the password aging fea-
     ture.  If this is set to ``-1'' then the user will be prompted to change their password at
     the next login.

     The expire field is the number of seconds from the epoch, UTC, until the account expires.
     This field may be left empty to turn off the account aging feature.

     If either of the change or expire fields are set, the system will remind the user of the
     impending change or expiry if they login within a configurable period (defaulting to 14
     days) before the event.

     The gecos field normally contains comma (``,'') separated subfields as follows:

	   name    user's full name
	   office  user's office number
	   wphone  user's work phone number
	   hphone  user's home phone number

     The full name may contain an ampersand (``&'') which will be replaced by the capitalized
     login name when the gecos field is displayed or used by various programs such as finger(1),
     sendmail(8), etc.

     The office and phone number subfields are used by the finger(1) program, and possibly other

     The user's home directory is the full UNIX path name where the user will be placed on login.

     The shell field is the command interpreter the user prefers.  If there is nothing in the
     shell field, the Bourne shell (/bin/sh) is assumed.

     If 'dns' is specified for the 'passwd' database in nsswitch.conf(5), then passwd lookups
     occur from the 'passwd' Hesiod domain.

     If 'nis' is specified for the 'passwd' database in nsswitch.conf(5), then passwd lookups
     occur from the 'passwd.byname', 'passwd.byuid', 'master.passwd.byname', and
     'master.passwd.byuid' NIS maps.

     If 'compat' is specified for the 'passwd' database, and either 'dns' or 'nis' is specified
     for the 'passwd_compat' database in nsswitch.conf(5), then the passwd file also supports
     standard '+/-' exclusions and inclusions, based on user names and netgroups.

     Lines beginning with a minus sign (``-'') are entries marked as being excluded from any fol-
     lowing inclusions, which are marked with a plus sign (``+'').

     If the second character of the line is an at sign (``@''), the operation involves the user
     fields of all entries in the netgroup specified by the remaining characters of the name
     field.  Otherwise, the remainder of the name field is assumed to be a specific user name.

     The ``+'' token may also be alone in the name field, which causes all users from either the
     Hesiod domain passwd (with 'passwd_compat: dns') or 'passwd.byname' and 'passwd.byuid' NIS
     maps (with 'passwd_compat: nis') to be included.

     If the entry contains non-empty uid or gid fields, the specified numbers will override the
     information retrieved from the Hesiod domain or the NIS maps.  As well, if the gecos,
     home_dir or shell entries contain text, it will override the information included via Hesiod
     or NIS.  On some systems, the passwd field may also be overridden.

     chpass(1), login(1), newgrp(1), passwd(1), pwhash(1), getpwent(3), login_getclass(3),
     login.conf(5), netgroup(5), passwd.conf(5), adduser(8), pwd_mkdb(8), vipw(8), yp(8)

     Managing NFS and NIS (O'Reilly & Associates)

     The password file format has changed since 4.3BSD.  The following awk script can be used to
     convert your old-style password file into a new style password file.  The additional fields
     ``class'', ``change'' and ``expire'' are added, but are turned off by default.  To set them,
     use the current day in seconds from the epoch + whatever number of seconds of offset you

	   BEGIN { FS = ":"}
	   { print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 }

     A passwd file format appeared in Version 6 AT&T UNIX.

     The NIS passwd file format first appeared in SunOS.

     The Hesiod support first appeared in NetBSD 1.4.

     The login.conf(5) capability first appeared in NetBSD 1.5.

     User information should (and eventually will) be stored elsewhere.

     Placing 'compat' exclusions in the file after any inclusions will have unexpected results.

BSD					  June 21, 2007 				      BSD

All times are GMT -4. The time now is 07:40 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password