passwd man page on OpenIndiana

Man page or keyword search:  
man Server   20441 pages
apropos Keyword Search (all sections)
Output format
OpenIndiana logo
[printable version]

passwd(4)			 File Formats			     passwd(4)

NAME
       passwd - password file

SYNOPSIS
       /etc/passwd

DESCRIPTION
       The  file  /etc/passwd  is  a  local source of information about users'
       accounts. The password file can be used in conjunction with other  nam‐
       ing sources, such as the NIS maps passwd.byname or password data stored
       on an LDAP server. Programs use the  getpwnam(3C)  routines  to	access
       this information.

       Each passwd entry is a single line of the form:

	 username:password:uid:
	 gid:gcos-field:home-dir:
	 login-shell

       where

       username	      is the user's login name.

		      The login (login) and role (role) fields accept a string
		      of no more than eight  bytes  consisting	of  characters
		      from  the	 set of alphabetic characters, numeric charac‐
		      ters, period (.), underscore (_), and  hyphen  (-).  The
		      first  character	should	be  alphabetic	and  the field
		      should contain at least one lower case alphabetic	 char‐
		      acter.  A warning message is displayed if these restric‐
		      tions are not met.

		      The login and role fields	 must  contain	at  least  one
		      character	 and must not contain a colon (:) or a newline
		      (\n).

       password	      is an empty field. The encrypted password for  the  user
		      is  in  the corresponding entry in the /etc/shadow file.
		      pwconv(1M) relies on a special value of 'x' in the pass‐
		      word  field  of /etc/passwd. If this value of 'x' exists
		      in the password field  of	 /etc/passwd,  this  indicates
		      that the password for the user is already in /etc/shadow
		      and should not be modified.

       uid	      is the user's unique numerical ID for the system.

       gid	      is the unique numerical ID of the group  that  the  user
		      belongs to.

       gcos-field     is  the user's real name, along with information to pass
		      along in a mail-message heading. (It is called the gcos-
		      field  for  historical reasons.) An ``&'' (ampersand) in
		      this field stands for the login name (in cases where the
		      login name appears in a user's real name).

       home-dir	      is  the  pathname	 to the directory in which the user is
		      initially positioned upon logging in.

       login-shell    is the user's initial shell program. If  this  field  is
		      empty, the default shell is /usr/bin/sh.

       The  maximum value of the uid and gid fields is 2147483647. To maximize
       interoperability and compatibility, administrators are  recommended  to
       assign users a range of UIDs and GIDs below 60000 where possible. (UIDs
       from 0-99 inclusive are reserved by the operating system vendor for use
       in  future  applications.  Their	 use by end system users or vendors of
       layered products is not supported and may cause security related issues
       with future applications.)

       The  password file is an ASCII file that resides in the /etc directory.
       Because the encrypted passwords on a secure system are always  kept  in
       the shadow file, /etc/passwd has general read permission on all systems
       and can be used by routines that map between  numerical	user  IDs  and
       user names.

       Blank  lines  are  treated  as malformed entries in the passwd file and
       cause consumers of the file , such as getpwnam(3C), to fail.

       The password file can contain entries beginning with a `+' (plus	 sign)
       or  '-'	(minus	sign)  to selectively incorporate entries from another
       naming service source, such as NIS or LDAP.

       A line beginning with a '+' means to incorporate entries from the  nam‐
       ing  service  source. There are three styles of the '+' entries in this
       file. A single + means to insert all the	 entries  from	the  alternate
       naming  service source at that point, while a +name means to insert the
       specific entry, if one exists, from the naming service source. A +@net‐
       group  means to insert the entries for all members of the network group
       netgroup from the alternate naming service. If a +name entry has a non-
       null  password, gcos, home-dir, or login-shell field, the value of that
       field overrides what is contained in the alternate naming service.  The
       uid and gid fields cannot be overridden.

       A  line	beginning with a `−' means to disallow entries from the alter‐
       nate naming service. There are two styles of `-` entries in this	 file.
       -name  means  to	 disallow any subsequent entries (if any) for name (in
       this file or in a naming service), and -@netgroup means to disallow any
       subsequent entries for all members of the network group netgroup.

       This  is	 also  supported  by  specifying  ``passwd  : compat'' in nss‐
       witch.conf(4). The "compat" source might not  be	 supported  in	future
       releases. The preferred sources are files followed by the identifier of
       a name service, such as nis or ldap. This has the effect of incorporat‐
       ing  the	 entire	 contents  of  the naming service's passwd database or
       password-related information after the passwd file.

       Note that in compat mode, for every /etc/passwd entry, there must be  a
       corresponding entry in the /etc/shadow file.

       Appropriate  precautions	 must  be  taken  to lock the /etc/passwd file
       against simultaneous changes if it is to be edited with a text  editor;
       vipw(1B) does the necessary locking.

EXAMPLES
       Example 1 Sample passwd File

       The following is a sample passwd file:

	 root:x:0:1:Super-User:/:/sbin/sh
	 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh

       and the sample password entry from nsswitch.conf:

	 passwd: files ldap

       In  this example, there are specific entries for users root and fred to
       assure that they can login even when the system is running single-user.
       In  addition,  anyone  whose  password information is stored on an LDAP
       server will be able to login with their usual password, shell, and home
       directory.

       If the password file is:

	 root:x:0:1:Super-User:/:/sbin/sh
	 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
	 +

       and the password entry in nsswitch.conf is:

	 passwd: compat

       then  all  the entries listed in the NIS passwd.byuid and passwd.byname
       maps will be effectively incorporated after the entries	for  root  and
       fred. If the password entry in nsswitch.conf is:

	 passwd_compat: ldap
	 passwd: compat

       then  all  password-related  entries  stored on the LDAP server will be
       incorporated after the entries for root and fred.

       The following is a sample passwd file when shadow does not exist:

	 root:q.mJzTnu8icf.:0:1:Super-User:/:/sbin/sh
	 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
	 +john:
	 +@documentation:no-login:
	 +::::Guest

       The following is a sample passwd file when shadow does exist:

	 root:##root:0:1:Super-User:/:/sbin/sh
	 fred:##fred:508:10:& Fredericks:/usr2/fred:/bin/csh
	 +john:
	 +@documentation:no-login:
	 +::::Guest

       In this example, there are specific entries for users root and fred, to
       assure that they can log in even when the system is running standalone.
       The user john will have his password entry in the naming service source
       incorporated  without change, anyone in the netgroup documentation will
       have their password field disabled, and anyone else will be able to log
       in  with	 their	usual  password, shell, and home directory, but with a
       gcos field of Guest

FILES
       /etc/nsswitch.conf

       /etc/passwd

       /etc/shadow

SEE ALSO
       chgrp(1),  chown(1),   finger(1),   groups(1),	login(1),   newgrp(1),
       passwd(1),  sh(1),  sort(1),  domainname(1M),  getent(1M), in.ftpd(1M),
       passmgmt(1M), pwck(1M), pwconv(1M), su(1M),  useradd(1M),  userdel(1M),
       usermod(1M),   a64l(3C),	 crypt(3C),  getpw(3C),	 getpwnam(3C),	getsp‐
       nam(3C),	 putpwent(3C),	group(4),  hosts.equiv(4),   nsswitch.conf(4),
       shadow(4), environ(5), unistd.h(3HEAD)

       System Administration Guide: Basic Administration

SunOS 5.11			  10 Dec 2009			     passwd(4)
[top]

List of man pages available for OpenIndiana

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net