2008-07-06 15:10:32 +00:00
|
|
|
.\" Copyright (c) 1993 Michael Haardt (michael@moria.de),
|
|
|
|
.\" Fri Apr 2 11:32:09 MET DST 1993
|
2004-11-03 13:51:07 +00:00
|
|
|
.\"
|
|
|
|
.\" This is free documentation; you can redistribute it and/or
|
|
|
|
.\" modify it under the terms of the GNU General Public License as
|
|
|
|
.\" published by the Free Software Foundation; either version 2 of
|
|
|
|
.\" the License, or (at your option) any later version.
|
|
|
|
.\"
|
|
|
|
.\" The GNU General Public License's references to "object code"
|
|
|
|
.\" and "executables" are to be interpreted as the output of any
|
|
|
|
.\" document formatting or typesetting system, including
|
|
|
|
.\" intermediate and printed output.
|
|
|
|
.\"
|
|
|
|
.\" This manual is distributed in the hope that it will be useful,
|
|
|
|
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
.\" GNU General Public License for more details.
|
|
|
|
.\"
|
|
|
|
.\" You should have received a copy of the GNU General Public
|
|
|
|
.\" License along with this manual; if not, write to the Free
|
|
|
|
.\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111,
|
|
|
|
.\" USA.
|
|
|
|
.\"
|
|
|
|
.\" Modified Sun Jul 25 10:46:28 1993 by Rik Faith (faith@cs.unc.edu)
|
|
|
|
.\" Modified Sun Aug 21 18:12:27 1994 by Rik Faith (faith@cs.unc.edu)
|
|
|
|
.\" Modified Sun Jun 18 01:53:57 1995 by Andries Brouwer (aeb@cwi.nl)
|
|
|
|
.\" Modified Mon Jan 5 20:24:40 MET 1998 by Michael Haardt
|
|
|
|
.\" (michael@cantor.informatik.rwth-aachen.de)
|
2007-05-18 10:09:18 +00:00
|
|
|
.TH PASSWD 5 1998-01-05 "Linux" "Linux Programmer's Manual"
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NAME
|
|
|
|
passwd \- password file
|
|
|
|
.SH DESCRIPTION
|
|
|
|
.B Passwd
|
|
|
|
is a text file, that contains a list of the system's accounts,
|
|
|
|
giving for each account some useful information like user ID,
|
|
|
|
group ID, home directory, shell, etc.
|
|
|
|
Often, it also contains the encrypted passwords for each account.
|
|
|
|
It should have general read permission (many utilities, like
|
|
|
|
.BR ls (1)
|
2008-06-30 14:36:59 +00:00
|
|
|
use it to map user IDs to usernames), but write access only for the
|
2004-11-03 13:51:07 +00:00
|
|
|
superuser.
|
|
|
|
.PP
|
|
|
|
In the good old days there was no great problem with this general
|
2007-04-12 22:42:49 +00:00
|
|
|
read permission.
|
|
|
|
Everybody could read the encrypted passwords, but the
|
2004-11-03 13:51:07 +00:00
|
|
|
hardware was too slow to crack a well-chosen password, and moreover, the
|
2007-04-12 22:42:49 +00:00
|
|
|
basic assumption used to be that of a friendly user-community.
|
|
|
|
These days many people run some version of the shadow password suite, where
|
2004-11-03 13:51:07 +00:00
|
|
|
.I /etc/passwd
|
2007-04-12 22:42:49 +00:00
|
|
|
has asterisks (*) instead of encrypted passwords,
|
2006-07-05 12:45:41 +00:00
|
|
|
and the encrypted passwords are in
|
2004-11-03 13:51:07 +00:00
|
|
|
.I /etc/shadow
|
|
|
|
which is readable by the superuser only.
|
|
|
|
.PP
|
|
|
|
Regardless of whether shadow passwords are used, many sysadmins
|
2006-07-05 12:45:41 +00:00
|
|
|
use an asterisk in the encrypted password field to make sure
|
2004-11-03 13:51:07 +00:00
|
|
|
that this user can not authenticate him- or herself using a
|
2008-06-28 04:57:20 +00:00
|
|
|
password.
|
|
|
|
(But see the Notes below.)
|
2004-11-03 13:51:07 +00:00
|
|
|
.PP
|
2006-07-05 12:45:41 +00:00
|
|
|
If you create a new login, first put an asterisk in the password field,
|
2004-11-03 13:51:07 +00:00
|
|
|
then use
|
|
|
|
.BR passwd (1)
|
|
|
|
to set it.
|
|
|
|
.PP
|
|
|
|
There is one entry per line, and each line has the format:
|
|
|
|
.sp
|
|
|
|
.RS
|
|
|
|
account:password:UID:GID:GECOS:directory:shell
|
|
|
|
.RE
|
|
|
|
.sp
|
|
|
|
The field descriptions are:
|
|
|
|
.RS
|
|
|
|
.TP 1.0in
|
|
|
|
.I account
|
2007-04-12 22:42:49 +00:00
|
|
|
the name of the user on the system.
|
|
|
|
It should not contain capital letters.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.I password
|
2008-06-09 15:49:35 +00:00
|
|
|
the encrypted user password, an asterisk (*), or the letter \(aqx\(aq.
|
2006-07-05 12:45:41 +00:00
|
|
|
(See
|
|
|
|
.BR pwconv (8)
|
2008-06-09 15:49:35 +00:00
|
|
|
for an explanation of \(aqx\(aq.)
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.I UID
|
|
|
|
the numerical user ID.
|
|
|
|
.TP
|
|
|
|
.I GID
|
|
|
|
the numerical primary group ID for this user.
|
|
|
|
.TP
|
|
|
|
.I GECOS
|
|
|
|
This field is optional and only used for informational purposes.
|
2008-06-30 14:36:59 +00:00
|
|
|
Usually, it contains the full username.
|
2007-04-12 22:42:49 +00:00
|
|
|
GECOS means General Electric
|
2004-11-03 13:51:07 +00:00
|
|
|
Comprehensive Operating System, which has been renamed to GCOS when
|
2007-04-12 22:42:49 +00:00
|
|
|
GE's large systems division was sold to Honeywell.
|
|
|
|
Dennis Ritchie has reported: "Sometimes we sent printer output or
|
|
|
|
batch jobs to the GCOS machine.
|
|
|
|
The gcos field in the password file was a place to stash the
|
|
|
|
information for the $IDENTcard.
|
|
|
|
Not elegant."
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.I directory
|
2007-12-16 13:41:43 +00:00
|
|
|
the user's
|
|
|
|
.B $HOME
|
|
|
|
directory.
|
2004-11-03 13:51:07 +00:00
|
|
|
.TP
|
|
|
|
.I shell
|
|
|
|
the program to run at login (if empty, use
|
2005-11-02 13:55:25 +00:00
|
|
|
.IR /bin/sh ).
|
2004-11-03 13:51:07 +00:00
|
|
|
If set to a non-existing executable, the user will be unable to login
|
|
|
|
through
|
|
|
|
.BR login (1).
|
|
|
|
.RE
|
2007-05-19 04:30:20 +00:00
|
|
|
.SH FILES
|
|
|
|
.I /etc/passwd
|
2007-05-16 02:54:18 +00:00
|
|
|
.SH NOTES
|
2004-11-03 13:51:07 +00:00
|
|
|
If you want to create
|
|
|
|
user groups, their GIDs must be equal and there must be an entry in
|
|
|
|
\fI/etc/group\fP, or no group will exist.
|
|
|
|
.PP
|
2006-07-05 12:45:41 +00:00
|
|
|
If the encrypted password is set to an asterisk, the user will be unable
|
2004-11-03 13:51:07 +00:00
|
|
|
to login using
|
|
|
|
.BR login (1),
|
|
|
|
but may still login using
|
|
|
|
.BR rlogin (1),
|
|
|
|
run existing processes and initiate new ones through
|
|
|
|
.BR rsh (1),
|
2007-10-14 18:33:54 +00:00
|
|
|
.BR cron (8),
|
2004-11-03 13:51:07 +00:00
|
|
|
.BR at (1),
|
2007-04-12 22:42:49 +00:00
|
|
|
or mail filters, etc.
|
|
|
|
Trying to lock an account by simply changing the
|
2004-11-03 13:51:07 +00:00
|
|
|
shell field yields the same result and additionally allows the use of
|
|
|
|
.BR su (1).
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR login (1),
|
|
|
|
.BR passwd (1),
|
|
|
|
.BR su (1),
|
2008-07-03 15:23:13 +00:00
|
|
|
.BR getpwent (3),
|
|
|
|
.BR getpwnam (3),
|
2004-11-03 13:51:07 +00:00
|
|
|
.BR group (5),
|
|
|
|
.BR shadow (5)
|