Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages

OpenSolaris 2009.06 - man page for passwd (opensolaris section 4)

passwd(4)				   File Formats 				passwd(4)

NAME
       passwd - password file

SYNOPSIS
       /etc/passwd

DESCRIPTION
       The  file /etc/passwd is a local source of information about users' accounts. The password
       file can be used  in  conjunction  with	other  naming  sources,  such  as  the	NIS  maps
       passwd.byname  and  passwd.bygid, data from the NIS+ passwd table, or password data stored
       on an LDAP server. Programs use the getpwnam(3C) routines to access this information.

       Each passwd entry is a single line of the form:

	 username:password:uid:
	 gid:gcos-field:home-dir:
	 login-shell

       where

       username       is the user's login name.

		      The login (login) and role (role) fields accept a string of  no  more  than
		      eight bytes consisting of characters from the set of alphabetic characters,
		      numeric characters, period (.), underscore (_), and hyphen (-).  The  first
		      character  should  be  alphabetic and the field should contain at least one
		      lower case alphabetic character. A warning message is  displayed	if  these
		      restrictions are not met.

		      The  login and role fields must contain at least one character and must not
		      contain a colon (:) or a newline (\n).

       password       is an empty field. The encrypted password for the user  is  in  the  corre-
		      sponding	entry  in  the	/etc/shadow  file. pwconv(1M) relies on a special
		      value of 'x' in the password field of /etc/passwd. If  this  value  of  'x'
		      exists  in the password field of /etc/passwd, this indicates that the pass-
		      word for the user is already in /etc/shadow and should not be modified.

       uid	      is the user's unique numerical ID for the system.

       gid	      is the unique numerical ID of the group that the user belongs to.

       gcos-field     is the user's real name, along with information to pass along  in  a  mail-
		      message  heading.  (It is called the gcos-field for historical reasons.) An
		      ``&'' (ampersand) in this field stands for the login name (in  cases  where
		      the login name appears in a user's real name).

       home-dir       is  the pathname to the directory in which the user is initially positioned
		      upon logging in.

       login-shell    is the user's initial shell program. If this field is  empty,  the  default
		      shell is /usr/bin/sh.

       The  maximum  value  of the uid and gid fields is 2147483647. To maximize interoperability
       and compatibility, administrators are recommended to assign users a range of UIDs and GIDs
       below 60000 where possible. (UIDs from 0-99 inclusive are reserved by the operating system
       vendor for use in future applications. Their use by end system users or vendors of layered
       products is not supported and may cause security related issues with future applications.)

       The  password  file  is	an  ASCII  file  that  resides in the /etc directory. Because the
       encrypted passwords on a secure system are always kept in the shadow file, /etc/passwd has
       general read permission on all systems and can be used by routines that map between numer-
       ical user IDs and user names.

       Blank lines are treated as malformed entries in the passwd file and cause consumers of the
       file , such as getpwnam(3C), to fail.

       The password file can contain entries beginning with a `+' (plus sign) or '-' (minus sign)
       to selectively incorporate entries from another naming service source, such as NIS,  NIS+,
       or LDAP.

       A  line	beginning with a '+' means to incorporate entries from the naming service source.
       There are three styles of the '+' entries in this file. A single + means to insert all the
       entries	from  the  alternate  naming service source at that point, while a +name means to
       insert the specific entry, if one exists, from the naming  service  source.  A  +@netgroup
       means  to insert the entries for all members of the network group netgroup from the alter-
       nate naming service. If a +name entry has a non-null password, gcos, home-dir,  or  login-
       shell  field,  the value of that field overrides what is contained in the alternate naming
       service. The uid and gid fields cannot be overridden.

       A line beginning with a `-' means to disallow entries from the alternate  naming  service.
       There  are  two styles of `-` entries in this file. -name means to disallow any subsequent
       entries (if any) for name (in this file or in a naming service), and -@netgroup	means  to
       disallow any subsequent entries for all members of the network group netgroup.

       This is also supported by specifying ``passwd : compat'' in nsswitch.conf(4). The "compat"
       source might not be supported in future releases. The preferred sources are files followed
       by  the identifier of a name service, such as nis or ldap. This has the effect of incorpo-
       rating the entire contents of the naming service's  passwd  database  or  password-related
       information after the passwd file.

       Note that in compat mode, for every /etc/passwd entry, there must be a corresponding entry
       in the /etc/shadow file.

       Appropriate precautions must be taken to lock the /etc/passwd  file  against  simultaneous
       changes if it is to be edited with a text editor; vipw(1B) does the necessary locking.

EXAMPLES
       Example 1 Sample passwd File

       The following is a sample passwd file:

	 root:x:0:1:Super-User:/:/sbin/sh
	 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh

       and the sample password entry from nsswitch.conf:

	 passwd: files ldap

       In  this  example,  there are specific entries for users root and fred to assure that they
       can login even when the system is running single-user. In addition, anyone whose  password
       information  is	stored on an LDAP server will be able to login with their usual password,
       shell, and home directory.

       If the password file is:

	 root:x:0:1:Super-User:/:/sbin/sh
	 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
	 +

       and the password entry in nsswitch.conf is:

	 passwd: compat

       then all the entries listed in the NIS passwd.byuid and passwd.byname maps will be  effec-
       tively  incorporated  after  the  entries for root and fred. If the password entry in nss-
       witch.conf is:

	 passwd_compat: ldap
	 passwd: compat

       then all password-related entries stored on the LDAP server will be incorporated after the
       entries for root and fred.

       The following is a sample passwd file when shadow does not exist:

	 root:q.mJzTnu8icf.:0:1:Super-User:/:/sbin/sh
	 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
	 +john:
	 +@documentation:no-login:
	 +::::Guest

       The following is a sample passwd file when shadow does exist:

	 root:##root:0:1:Super-User:/:/sbin/sh
	 fred:##fred:508:10:& Fredericks:/usr2/fred:/bin/csh
	 +john:
	 +@documentation:no-login:
	 +::::Guest

       In  this  example, there are specific entries for users root and fred, to assure that they
       can log in even when the system is running standalone. The user john will have  his  pass-
       word  entry  in	the naming service source incorporated without change, anyone in the net-
       group documentation will have their password field disabled, and anyone else will be  able
       to  log	in with their usual password, shell, and home directory, but with a gcos field of
       Guest

FILES
       /etc/nsswitch.conf

       /etc/passwd

       /etc/shadow

SEE ALSO
       chgrp(1), chown(1), finger(1), groups(1), login(1),  newgrp(1),	nispasswd(1),  passwd(1),
       sh(1),	sort(1),   domainname(1M),   getent(1M),   in.ftpd(1M),  passmgmt(1M),	pwck(1M),
       pwconv(1M), su(1M), useradd(1M), userdel(1M), usermod(1M), a64l(3C), crypt(3C), getpw(3C),
       getpwnam(3C),  getspnam(3C),  putpwent(3C),  group(4),  hosts.equiv(4),	nsswitch.conf(4),
       shadow(4), environ(5), unistd.h(3HEAD)

       System Administration Guide: Basic Administration

SunOS 5.11				   28 Jul 2004					passwd(4)


All times are GMT -4. The time now is 09:34 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password