per user, containing ten colon (``:'') separated fields. These fields
are as follows:
name User's login name.
password User's encrypted password.
uid User's id.
gid User's login group id.
class User's general classification (unused).
change Password change time.
expire Account expiration time.
gecos General information about the user.
home_dir User's home directory.
shell User's login shell.
The name field is the login used to access the computer account, and the
uid field is the number associated with it. They should both be unique
across the system (and often across a group of systems) since they con-
trol file access.
While it is possible to have multiple entries with identical login names
and/or identical user id's, it is usually a mistake to do so. Routines
that manipulate these files will often return only one of the multiple
entries, and that one by random selection.
The login name must never begin with a hyphen (``-''); also, it is
strongly suggested that neither upper-case characters or dots (``.'') be
part of the name, as this tends to confuse mailers. No field may contain
a colon (``:'') as this has been used historically to separate the fields
in the user database.
The password field is the encrypted form of the password. If the
password field is empty, no password will be required to gain access to
the machine. This is almost invariably a mistake. Because these files
contain the encrypted user passwords, they should not be readable by any-
one without appropriate privileges.
Which type of cipher is used to encrypt the password information depends
on the configuration in passwd.conf(5). It can be different for local
and YP passwords.
The group field is the group that the user will be placed in upon login.
Since this system supports multiple groups (see groups(1)) this field
currently has little special meaning.
name user's full name
office user's office number
wphone user's work phone number
hphone user's home phone number
This information is used by the finger(1) program.
The user's home directory is the full UNIX path name where the user will
be placed on login.
The shell field is the command interpreter the user prefers. If there is
nothing in the shell field, the Bourne shell (/bin/sh) is assumed.
YP SUPPORT
If YP is active, the passwd file also supports standard YP exclusions and
inclusions, based on user names and netgroups.
Lines beginning with a ``-'' (minus sign) are entries marked as being
excluded from any following inclusions, which are marked with a ``+''
(plus sign).
If the second character of the line is a ``@'' (at sign), the operation
involves the user fields of all entries in the netgroup specified by the
remaining characters of the name field. Otherwise, the remainder of the
name field is assumed to be a specific user name.
The ``+'' token may also be alone in the name field, which causes all
users from the passwd.byname and passwd.byuid YP maps to be included.
If the entry contains non-empty uid or gid fields, the specified numbers
will override the information retrieved from the YP maps. As well, if the
gecos, dir or shell entries contain text, it will override the informa-
tion included via YP. On some systems, the passwd field may also be
overriden, hence it is recommended that the standard way to enable YP
passwd support in /etc/master.passwd is:
+:*::::::::
which after pwd_mkdb(8) will result in /etc/passwd containing:
+:*:0:0:::
SEE ALSO
chpass(1), login(1), passwd(1), passwd.conf(5), getpwent(3), netgroup(5),
adduser(8), pwd_mkdb(8), vipw(8), yp(8)
Managing NFS and NIS (O'Reilly & Associates)
BUGS
User information should (and eventually will) be stored elsewhere.
HISTORY
A passwd file format appeared in Version 6 AT&T UNIX.
YP file format first appeared in SunOS.
BSD July 18, 1995 BSD
Man(1) output converted with
man2html