GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools

Trace: passwd
man:passwd

PASSWD(5) Linux Programmer's Manual PASSWD(5)

NAME 

     passwd - password file

DESCRIPTION 

     The  /etc/passwd file is a text file that describes user login accounts
     for the system.  It should have read permission allowed for  all  users
     (many  utilities,  like ls(1) use it to map user IDs to usernames), but
     write access only for the superuser.
     In the good old days there was no great problem with this general  read
     permission.   Everybody  could  read  the  encrypted passwords, but the
     hardware was too slow to crack a well-chosen password, and moreover the
     basic  assumption  used to be that of a friendly user-community.  These
     days many people run some version of the shadow password  suite,  where
     /etc/passwd  has  an  'x'  character  in  the  password  field, and the
     encrypted passwords are in /etc/shadow, which is readable by the  supe-
     ruser only.
     If the encrypted password, whether in /etc/passwd or in /etc/shadow, is
     an empty string, login is allowed without even asking for  a  password.
     Note  that this functionality may be intentionally disabled in applica-
     tions, or configurable (for example  using  the  "nullok"  or  "nonull"
     arguments to pam_unix.so).
     If  the  encrypted  password  in  /etc/passwd  is  "*NP*"  (without the
     quotes), the shadow record should be obtained from an NIS+ server.
     Regardless of whether shadow passwords are used, many  system  adminis-
     trators  use  an  asterisk  (*) in the encrypted password field to make
     sure that this user can not authenticate him- or herself using a  pass-
     word.  (But see NOTES below.)
     If  you  create  a new login, first put an asterisk (*) in the password
     field, then use passwd(1) to set it.
     Each line of the file describes  a  single  user,  and  contains  seven
     colon-separated fields:
         name:password:UID:GID:GECOS:directory:shell
     The field are as follows:
     name        This is the user's login name.  It should not contain capi-
                 tal letters.
     password    This is either the encrypted  user  password,  an  asterisk
                 (*),  or the letter 'x'.  (See pwconv(8) for an explanation
                 of 'x'.)
     UID         The privileged root login account (superuser) has the  user
                 ID 0.
     GID         This is the numeric primary group ID for this user.  (Addi-
                 tional groups for the user are defined in the system  group
                 file; see group(5)).
     GECOS       This  field  (sometimes  called  the  "comment  field")  is
                 optional and used only for  informational  purposes.   Usu-
                 ally,  it  contains  the full username.  Some programs (for
                 example, finger(1)) display information from this field.
                 GECOS stands for "General Electric Comprehensive  Operating
                 System",  which was renamed to GCOS when GE's large systems
                 division  was  sold  to  Honeywell.   Dennis  Ritchie   has
                 reported:  "Sometimes  we sent printer output or batch jobs
                 to the GCOS machine.  The gcos field in the  password  file
                 was  a  place  to stash the information for the $IDENTcard.
                 Not elegant."
     directory   This is the user's home directory:  the  initial  directory
                 where  the  user  is placed after logging in.  The value in
                 this field is used to set the HOME environment variable.
     shell       This is  the  program  to  run  at  login  (if  empty,  use
                 /bin/sh).   If  set  to  a nonexistent executable, the user
                 will be unable to login through  login(1).   The  value  in
                 this field is used to set the SHELL environment variable.

FILES 

     /etc/passwd

NOTES 

     If  you  want  to  create  user  groups,  there  must  be  an  entry in
     /etc/group, or no group will exist.
     If the encrypted password is set to an asterisk (*), the user  will  be
     unable  to  login  using login(1), but may still login using rlogin(1),
     run existing processes and initiate new ones through  rsh(1),  cron(8),
     at(1),  or  mail  filters,  etc.   Trying  to lock an account by simply
     changing the shell field yields the same result and additionally allows
     the use of su(1).

SEE ALSO 

     chfn(1),  chsh(1),  login(1),  passwd(1), su(1), crypt(3), getpwent(3),
     getpwnam(3), group(5), shadow(5), vipw(8)

COLOPHON 

     This page is part of release 4.16 of the Linux  man-pages  project.   A
     description  of  the project, information about reporting bugs, and the
     latest    version    of    this    page,    can     be     found     at
     https://www.kernel.org/doc/man-pages/.

Linux 2018-04-30 PASSWD(5)

/data/webs/external/dokuwiki/data/pages/man/passwd.txt · Last modified: 2019/05/17 09:47 by 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki