Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

passwd(5) [suse man page]

PASSWD(5)						     Linux Programmer's Manual							 PASSWD(5)

NAME

       passwd - password file

DESCRIPTION

       Passwd  is  a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group
       ID, home directory, shell, etc.	Often, it also contains the encrypted passwords for each account.  It should have general read	permission
       (many utilities, like ls(1) use it to map user IDs to usernames), but write access only for the superuser.

       In  the	good old days there was no great problem with this general read permission.  Everybody could read the encrypted passwords, but the
       hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that  of  a  friendly  user-community.
       These  days  many people run some version of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords,
       and the encrypted passwords are in /etc/shadow which is readable by the superuser only.

       Regardless of whether shadow passwords are used, many sysadmins use an asterisk in the encrypted password field to make sure that this user
       can not authenticate him- or herself using a password.  (But see the Notes below.)

       If you create a new login, first put an asterisk in the password field, then use passwd(1) to set it.

       There is one entry per line, and each line has the format:

	      account:password:UID:GID:GECOS:directory:shell

       The field descriptions are:

	      account	the name of the user on the system.  It should not contain capital letters.

	      password	the encrypted user password, an asterisk (*), or the letter 'x'.  (See pwconv(8) for an explanation of 'x'.)

	      UID	the numerical user ID.

	      GID	the numerical primary group ID for this user.

	      GECOS	This  field  is  optional  and only used for informational purposes.  Usually, it contains the full username.  GECOS means
			General Electric Comprehensive Operating System, which has been renamed to GCOS when GE's large systems division was  sold
			to Honeywell.  Dennis Ritchie has reported: "Sometimes we sent printer output or batch jobs to the GCOS machine.  The gcos
			field in the password file was a place to stash the information for the $IDENTcard.  Not elegant."

	      directory the user's $HOME directory.

	      shell	the program to run at login (if empty, use /bin/sh).  If set to a nonexistent executable, the user will be unable to login
			through login(1).

FILES

       /etc/passwd

NOTES

       If you want to create user groups, their GIDs must be equal and there must be an entry in /etc/group, or no group will exist.

       If  the encrypted password is set to an asterisk, the user will be unable to login using login(1), but may still login using rlogin(1), run
       existing processes and initiate new ones through rsh(1), cron(8), at(1), or mail filters, etc.  Trying to lock an account by simply  chang-
       ing the shell field yields the same result and additionally allows the use of su(1).

SEE ALSO

       login(1), passwd(1), su(1), getpwent(3), getpwnam(3), group(5), shadow(5)

COLOPHON

       This  page is part of release 3.25 of the Linux man-pages project.  A description of the project, and information about reporting bugs, can
       be found at http://www.kernel.org/doc/man-pages/.

Linux								    1998-01-05								 PASSWD(5)

Check Out this Related Man Page

PASSWD(5)							File Formats Manual							 PASSWD(5)

NAME

       passwd - password files

DESCRIPTION

       Passwd  files are files consisting of newline separated records, one per user, containing ten colon (``:'') separated fields.  These fields
       are as follows:

	       name	     user's login name
	       password      user's encrypted password
	       uid	     user's id
	       gid	     user's login group id
	       class	     user's general classification (unused)
	       change	     password change time
	       expire	     account expiration time
	       gecos	     general information about the user
	       home_dir      user's home directory
	       shell	     user's login shell

       The name field is the login used to access the computer account, and the uid field is the number associated with it.  They should  both	be
       unique across the system (and often across a group of systems) since they control file access.

       While  it  is  possible	to  have multiple entries with identical login names and/or identical user id's, it is usually a mistake to do so.
       Routines that manipulate these files will often return only one of the multiple entries, and that one by random selection.

       The login name must never begin with a hyphen (``-''); also, it is strongly suggested that neither upper-case characters or dots (``.'') be
       part  of  the  name, as this tends to confuse mailers.  No field may contain a colon (``:'') as this has been used historically to separate
       the fields in the user database.

       The password field is the encrypted form of the password.  If the password field is empty, no password will be required to gain	access	to
       the  machine.   This is almost invariably a mistake.  Because these files contain the encrypted user passwords, they should not be readable
       by anyone without appropriate privileges.

       The group field is the group that the user will be placed in upon login.  Since this system supports multiple groups (see  groups(1))  this
       field currently has little special meaning.

       The class field is currently unused.  In the near future it will be a key to a termcap(5) style database of user attributes.

       The change field is the number in seconds, GMT, from the epoch, until the password for the account must be changed.  This field may be left
       empty to turn off the password aging feature.

       The expire field is the number in seconds, GMT, from the epoch, until the account expires.  This field may be left empty to  turn  off  the
       account aging feature.

       The gecos field normally contains comma (``,'') separated subfields as follows:

	       name	     user's full name
	       office	     user's office number
	       wphone	     user's work phone number
	       hphone	     user's home phone number

       This information is used by the finger(1) program.

       The user's home directory is the full UNIX path name where the user will be placed on login.

       The shell field is the command interpreter the user prefers.  If the shell field is empty, the Bourne shell (/bin/sh) is assumed.

SEE ALSO

       chpass(1), login(1), passwd(1), getpwent(3), mkpasswd(8), vipw(8) adduser(8)

BUGS

       User information should (and eventually will) be stored elsewhere.

7th Edition							    May 8, 1989 							 PASSWD(5)
Man Page