1passwd(4)                        File Formats                        passwd(4)
2
3
4

NAME

6       passwd - password file
7

SYNOPSIS

9       /etc/passwd
10
11

DESCRIPTION

13       The  file  /etc/passwd  is  a  local source of information about users'
14       accounts. The password file can be used in conjunction with other  nam‐
15       ing  sources, such as the NIS maps passwd.byname and passwd.bygid, data
16       from the NIS+ passwd table, or password data stored on an LDAP  server.
17       Programs use the getpwnam(3C) routines to access this information.
18
19
20       Each passwd entry is a single line of the form:
21
22         username:password:uid:
23         gid:gcos-field:home-dir:
24         login-shell
25
26
27
28
29       where
30
31       username       is the user's login name.
32
33                      The login (login) and role (role) fields accept a string
34                      of no more than eight  bytes  consisting  of  characters
35                      from  the  set of alphabetic characters, numeric charac‐
36                      ters, period (.), underscore (_), and  hyphen  (-).  The
37                      first  character  should  be  alphabetic  and  the field
38                      should contain at least one lower case alphabetic  char‐
39                      acter.  A warning message is displayed if these restric‐
40                      tions are not met.
41
42                      The login and role fields  must  contain  at  least  one
43                      character  and must not contain a colon (:) or a newline
44                      (\n).
45
46
47       password       is an empty field. The encrypted password for  the  user
48                      is  in  the corresponding entry in the /etc/shadow file.
49                      pwconv(1M) relies on a special value of 'x' in the pass‐
50                      word  field  of /etc/passwd. If this value of 'x' exists
51                      in the password field  of  /etc/passwd,  this  indicates
52                      that the password for the user is already in /etc/shadow
53                      and should not be modified.
54
55
56       uid            is the user's unique numerical ID for the system.
57
58
59       gid            is the unique numerical ID of the group  that  the  user
60                      belongs to.
61
62
63       gcos-field     is  the user's real name, along with information to pass
64                      along in a mail-message heading. (It is called the gcos-
65                      field  for  historical reasons.) An ``&'' (ampersand) in
66                      this field stands for the login name (in cases where the
67                      login name appears in a user's real name).
68
69
70       home-dir       is  the  pathname  to the directory in which the user is
71                      initially positioned upon logging in.
72
73
74       login-shell    is the user's initial shell program. If  this  field  is
75                      empty, the default shell is /usr/bin/sh.
76
77
78
79       The  maximum value of the uid and gid fields is 2147483647. To maximize
80       interoperability and compatibility, administrators are  recommended  to
81       assign users a range of UIDs and GIDs below 60000 where possible. (UIDs
82       from 0-99 inclusive are reserved by the operating system vendor for use
83       in  future  applications.  Their  use by end system users or vendors of
84       layered products is not supported and may cause security related issues
85       with future applications.)
86
87
88       The  password file is an ASCII file that resides in the /etc directory.
89       Because the encrypted passwords on a secure system are always  kept  in
90       the shadow file, /etc/passwd has general read permission on all systems
91       and can be used by routines that map between  numerical  user  IDs  and
92       user names.
93
94
95       Blank  lines  are  treated  as malformed entries in the passwd file and
96       cause consumers of the file , such as getpwnam(3C), to fail.
97
98
99       The password file can contain entries beginning with a `+' (plus  sign)
100       or  '-'  (minus  sign)  to selectively incorporate entries from another
101       naming service source, such as NIS, NIS+, or LDAP.
102
103
104       A line beginning with a '+' means to incorporate entries from the  nam‐
105       ing  service  source. There are three styles of the '+' entries in this
106       file. A single + means to insert all the  entries  from  the  alternate
107       naming  service source at that point, while a +name means to insert the
108       specific entry, if one exists, from the naming service source. A +@net‐
109       group  means to insert the entries for all members of the network group
110       netgroup from the alternate naming service. If a +name entry has a non-
111       null  password, gcos, home-dir, or login-shell field, the value of that
112       field overrides what is contained in the alternate naming service.  The
113       uid and gid fields cannot be overridden.
114
115
116       A  line  beginning with a `−' means to disallow entries from the alter‐
117       nate naming service. There are two styles of `-` entries in this  file.
118       -name  means  to  disallow any subsequent entries (if any) for name (in
119       this file or in a naming service), and -@netgroup means to disallow any
120       subsequent entries for all members of the network group netgroup.
121
122
123       This  is  also  supported  by  specifying  ``passwd  : compat'' in nss‐
124       witch.conf(4). The "compat" source might not  be  supported  in  future
125       releases. The preferred sources are files followed by the identifier of
126       a name service, such as nis or ldap. This has the effect of incorporat‐
127       ing  the  entire  contents  of  the naming service's passwd database or
128       password-related information after the passwd file.
129
130
131       Note that in compat mode, for every /etc/passwd entry, there must be  a
132       corresponding entry in the /etc/shadow file.
133
134
135       Appropriate  precautions  must  be  taken  to lock the /etc/passwd file
136       against simultaneous changes if it is to be edited with a text  editor;
137       vipw(1B) does the necessary locking.
138

EXAMPLES

140       Example 1 Sample passwd File
141
142
143       The following is a sample passwd file:
144
145
146         root:x:0:1:Super-User:/:/sbin/sh
147         fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
148
149
150
151
152       and the sample password entry from nsswitch.conf:
153
154
155         passwd: files ldap
156
157
158
159
160       In  this example, there are specific entries for users root and fred to
161       assure that they can login even when the system is running single-user.
162       In  addition,  anyone  whose  password information is stored on an LDAP
163       server will be able to login with their usual password, shell, and home
164       directory.
165
166
167
168       If the password file is:
169
170
171         root:x:0:1:Super-User:/:/sbin/sh
172         fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
173         +
174
175
176
177
178       and the password entry in nsswitch.conf is:
179
180
181         passwd: compat
182
183
184
185
186       then  all  the entries listed in the NIS passwd.byuid and passwd.byname
187       maps will be effectively incorporated after the entries  for  root  and
188       fred. If the password entry in nsswitch.conf is:
189
190
191         passwd_compat: ldap
192         passwd: compat
193
194
195
196       then  all  password-related  entries  stored on the LDAP server will be
197       incorporated after the entries for root and fred.
198
199
200
201       The following is a sample passwd file when shadow does not exist:
202
203
204         root:q.mJzTnu8icf.:0:1:Super-User:/:/sbin/sh
205         fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
206         +john:
207         +@documentation:no-login:
208         +::::Guest
209
210
211
212
213       The following is a sample passwd file when shadow does exist:
214
215
216         root:##root:0:1:Super-User:/:/sbin/sh
217         fred:##fred:508:10:& Fredericks:/usr2/fred:/bin/csh
218         +john:
219         +@documentation:no-login:
220         +::::Guest
221
222
223
224
225       In this example, there are specific entries for users root and fred, to
226       assure that they can log in even when the system is running standalone.
227       The user john will have his password entry in the naming service source
228       incorporated  without change, anyone in the netgroup documentation will
229       have their password field disabled, and anyone else will be able to log
230       in  with  their  usual  password, shell, and home directory, but with a
231       gcos field of Guest
232
233

FILES

235       /etc/nsswitch.conf
236
237
238       /etc/passwd
239
240
241       /etc/shadow
242
243

SEE ALSO

245       chgrp(1), chown(1), finger(1),  groups(1),  login(1),  newgrp(1),  nis‐
246       passwd(1),   passwd(1),  sh(1),  sort(1),  domainname(1M),  getent(1M),
247       in.ftpd(1M), passmgmt(1M), pwck(1M), pwconv(1M),  su(1M),  useradd(1M),
248       userdel(1M), usermod(1M), a64l(3C), crypt(3C), getpw(3C), getpwnam(3C),
249       getspnam(3C), putpwent(3C), group(4), hosts.equiv(4), nsswitch.conf(4),
250       shadow(4), environ(5), unistd.h(3HEAD)
251
252
253       System Administration Guide: Basic Administration
254
255
256
257SunOS 5.11                        28 Jul 2004                        passwd(4)
Impressum