1PASSWD(5)                  Linux Programmer's Manual                 PASSWD(5)
2
3
4

NAME

6       passwd - password file
7

DESCRIPTION

9       Passwd  is  a text file, that contains a list of the system's accounts,
10       giving for each account some useful information like user ID, group ID,
11       home  directory,  shell,  etc.   Often,  it also contains the encrypted
12       passwords for each account.  It should  have  general  read  permission
13       (many  utilities,  like ls(1) use it to map user IDs to usernames), but
14       write access only for the superuser.
15
16       In the good old days there was no great problem with this general  read
17       permission.   Everybody  could  read  the  encrypted passwords, but the
18       hardware was too slow to crack a well-chosen  password,  and  moreover,
19       the  basic  assumption  used  to  be that of a friendly user-community.
20       These days many people run some version of the shadow  password  suite,
21       where  /etc/passwd  has  "x"  instead  of  encrypted passwords, and the
22       encrypted passwords are in /etc/shadow which is readable by  the  supe‐
23       ruser only.
24
25       If the encrypted password, whether in /etc/passwd or in /etc/shadow, is
26       an empty string, login is allowed without even asking for  a  password.
27       Note  that this functionality may be intentionally disabled in applica‐
28       tions, or configurable (for example  using  the  "nullok"  or  "nonull"
29       arguments to pam_unix.so).
30
31       If  the  encrypted  password  in  /etc/passwd  is  "*NP*"  (without the
32       quotes), the shadow record should be obtained from a NIS+ server.
33
34       Regardless of whether shadow passwords are used, many sysadmins use  an
35       asterisk  in  the  encrypted password field to make sure that this user
36       can not authenticate him- or herself using a password.   (But  see  the
37       Notes below.)
38
39       If you create a new login, first put an asterisk in the password field,
40       then use passwd(1) to set it.
41
42       There is one entry per line, and each line has the format:
43
44              account:password:UID:GID:GECOS:directory:shell
45
46       The field descriptions are:
47
48              account   the name of the user on the  system.   It  should  not
49                        contain capital letters.
50
51              password  the  encrypted  user password, an asterisk (*), or the
52                        letter 'x'.  (See  pwconv(8)  for  an  explanation  of
53                        'x'.)
54
55              UID       the numerical user ID.
56
57              GID       the numerical primary group ID for this user.
58
59              GECOS     This field is optional and only used for informational
60                        purposes.  Usually, it  contains  the  full  username.
61                        GECOS  means  General Electric Comprehensive Operating
62                        System, which has been renamed to GCOS when GE's large
63                        systems   division  was  sold  to  Honeywell.   Dennis
64                        Ritchie has reported: "Sometimes we sent printer  out‐
65                        put or batch jobs to the GCOS machine.  The gcos field
66                        in the password file was a place to stash the informa‐
67                        tion for the $IDENTcard.  Not elegant."
68
69              directory the user's $HOME directory.
70
71              shell     the  program  to run at login (if empty, use /bin/sh).
72                        If set to a nonexistent executable, the user  will  be
73                        unable to login through login(1).
74

FILES

76       /etc/passwd
77

NOTES

79       If  you  want to create user groups, their GIDs must be equal and there
80       must be an entry in /etc/group, or no group will exist.
81
82       If the encrypted password is set to  an  asterisk,  the  user  will  be
83       unable  to  login  using login(1), but may still login using rlogin(1),
84       run existing processes and initiate new ones through  rsh(1),  cron(8),
85       at(1),  or  mail  filters,  etc.   Trying  to lock an account by simply
86       changing the shell field yields the same result and additionally allows
87       the use of su(1).
88

SEE ALSO

90       login(1),   passwd(1),   su(1),   getpwent(3),  getpwnam(3),  group(5),
91       shadow(5)
92

COLOPHON

94       This page is part of release 3.25 of the Linux  man-pages  project.   A
95       description  of  the project, and information about reporting bugs, can
96       be found at http://www.kernel.org/doc/man-pages/.
97
98
99
100Linux                             1998-01-05                         PASSWD(5)
Impressum