1PASSWD(5)                  Linux Programmer's Manual                 PASSWD(5)
2
3
4

NAME

6       passwd - password file
7

DESCRIPTION

9       The  /etc/passwd file is a text file that describes user login accounts
10       for the system.  It should have read permission allowed for  all  users
11       (many  utilities,  like ls(1) use it to map user IDs to usernames), but
12       write access only for the superuser.
13
14       In the good old days there was no great problem with this general  read
15       permission.   Everybody  could  read  the  encrypted passwords, but the
16       hardware was too slow to crack a well-chosen password, and moreover the
17       basic  assumption  used to be that of a friendly user-community.  These
18       days many people run some version of the shadow password  suite,  where
19       /etc/passwd  has  an  'x'  character  in  the  password  field, and the
20       encrypted passwords are in /etc/shadow, which is readable by the  supe‐
21       ruser only.
22
23       If the encrypted password, whether in /etc/passwd or in /etc/shadow, is
24       an empty string, login is allowed without even asking for  a  password.
25       Note  that this functionality may be intentionally disabled in applica‐
26       tions, or configurable (for example  using  the  "nullok"  or  "nonull"
27       arguments to pam_unix.so).
28
29       If  the  encrypted  password  in  /etc/passwd  is  "*NP*"  (without the
30       quotes), the shadow record should be obtained from an NIS+ server.
31
32       Regardless of whether shadow passwords are used, many  system  adminis‐
33       trators  use  an  asterisk  (*) in the encrypted password field to make
34       sure that this user can not authenticate  themself  using  a  password.
35       (But see NOTES below.)
36
37       If  you  create  a new login, first put an asterisk (*) in the password
38       field, then use passwd(1) to set it.
39
40       Each line of the file describes  a  single  user,  and  contains  seven
41       colon-separated fields:
42
43           name:password:UID:GID:GECOS:directory:shell
44
45       The field are as follows:
46
47       name        This is the user's login name.  It should not contain capi‐
48                   tal letters.
49
50       password    This is either the encrypted  user  password,  an  asterisk
51                   (*),  or the letter 'x'.  (See pwconv(8) for an explanation
52                   of 'x'.)
53
54       UID         The privileged root login account (superuser) has the  user
55                   ID 0.
56
57       GID         This is the numeric primary group ID for this user.  (Addi‐
58                   tional groups for the user are defined in the system  group
59                   file; see group(5)).
60
61       GECOS       This  field  (sometimes  called  the  "comment  field")  is
62                   optional and used only for  informational  purposes.   Usu‐
63                   ally,  it  contains  the full username.  Some programs (for
64                   example, finger(1)) display information from this field.
65
66                   GECOS stands for "General Electric Comprehensive  Operating
67                   System",  which was renamed to GCOS when GE's large systems
68                   division  was  sold  to  Honeywell.   Dennis  Ritchie   has
69                   reported:  "Sometimes  we sent printer output or batch jobs
70                   to the GCOS machine.  The gcos field in the  password  file
71                   was  a  place  to stash the information for the $IDENTcard.
72                   Not elegant."
73
74       directory   This is the user's home directory:  the  initial  directory
75                   where  the  user  is placed after logging in.  The value in
76                   this field is used to set the HOME environment variable.
77
78       shell       This is  the  program  to  run  at  login  (if  empty,  use
79                   /bin/sh).   If  set  to  a nonexistent executable, the user
80                   will be unable to login through  login(1).   The  value  in
81                   this field is used to set the SHELL environment variable.
82

FILES

84       /etc/passwd
85

NOTES

87       If  you  want  to  create  user  groups,  there  must  be  an  entry in
88       /etc/group, or no group will exist.
89
90       If the encrypted password is set to an asterisk (*), the user  will  be
91       unable  to  login  using login(1), but may still login using rlogin(1),
92       run existing processes and initiate new ones through  rsh(1),  cron(8),
93       at(1),  or  mail  filters,  etc.   Trying  to lock an account by simply
94       changing the shell field yields the same result and additionally allows
95       the use of su(1).
96

SEE ALSO

98       chfn(1),  chsh(1),  login(1),  passwd(1), su(1), crypt(3), getpwent(3),
99       getpwnam(3), group(5), shadow(5), vipw(8)
100

COLOPHON

102       This page is part of release 5.07 of the Linux  man-pages  project.   A
103       description  of  the project, information about reporting bugs, and the
104       latest    version    of    this    page,    can     be     found     at
105       https://www.kernel.org/doc/man-pages/.
106
107
108
109Linux                             2018-04-30                         PASSWD(5)
Impressum