File Formats                                            passwd(4)


NAME

     passwd - password file


SYNOPSIS

     /etc/passwd


DESCRIPTION

     The file /etc/passwd is a local source of information  about
     users'  accounts.  The password file can be used in conjunc-
     tion with  other  naming  sources,  such  as  the  NIS  maps
     passwd.byname  and  passwd.bygid,  data from the NIS+ passwd
     table, or password data stored on an LDAP  server.  Programs
     use the getpwnam(3C) routines to access this information.

     Each passwd entry is a single line of the form:

       username:password:uid:
       gid:gcos-field:home-dir:
       login-shell

     where

     username       is the user's login name.

                    The login  (login)  and  role  (role)  fields
                    accept  a  string of no more than eight bytes
                    consisting of  characters  from  the  set  of
                    alphabetic  characters,  numeric  characters,
                    period (.), underscore (_), and  hyphen  (-).
                    The  first character should be alphabetic and
                    the field should contain at least  one  lower
                    case  alphabetic character. A warning message
                    is displayed if these  restrictions  are  not
                    met.

                    The login and role  fields  must  contain  at
                    least  one  character  and must not contain a
                    colon (:) or a newline (\n).

     password       is an empty field. The encrypted password for
                    the user is in the corresponding entry in the
                    /etc/shadow file.   pwconv(1M)  relies  on  a
                    special value of 'x' in the password field of
                    /etc/passwd.  If this value of 'x' exists  in
                    the password field of /etc/passwd, this indi-
                    cates that  the  password  for  the  user  is

SunOS 5.11          Last change: 28 Jul 2004                    1


File Formats                                            passwd(4)

                    already  in  /etc/shadow  and  should  not be
                    modified.

     uid            is the user's unique  numerical  ID  for  the
                    system.

     gid            is the unique numerical ID of the group  that
                    the user belongs to.

     gcos-field     is the user's real name, along with  informa-
                    tion to pass along in a mail-message heading.
                    (It is called the gcos-field  for  historical
                    reasons.)  An ``&'' (ampersand) in this field
                    stands for the login name (in cases where the
                    login name appears in a user's real name).

     home-dir       is the pathname to the directory in which the
                    user is initially positioned upon logging in.

     login-shell    is the user's initial shell program. If  this
                    field   is   empty,   the  default  shell  is
                    /usr/bin/sh.

     The maximum value of the uid and gid fields  is  2147483647.
     To  maximize interoperability and compatibility, administra-
     tors are recommended to assign users a  range  of  UIDs  and
     GIDs  below  60000 where possible. (UIDs from 0-99 inclusive
     are reserved by the  operating  system  vendor  for  use  in
     future  applications.  Their use by end system users or ven-
     dors of layered products is  not  supported  and  may  cause
     security related issues with future applications.)

     The password file is an ASCII file that resides in the  /etc
     directory.  Because the encrypted passwords on a secure sys-
     tem are always kept in the shadow file, /etc/passwd has gen-
     eral  read permission on all systems and can be used by rou-
     tines that map between numerical user IDs and user names.

     Blank lines are treated as malformed entries in  the  passwd
     file and cause consumers of the file , such as getpwnam(3C),
     to fail.

SunOS 5.11          Last change: 28 Jul 2004                    2


File Formats                                            passwd(4)

     The password file can contain entries beginning with  a  `+'
     (plus  sign)  or '-' (minus sign) to selectively incorporate
     entries from another naming service  source,  such  as  NIS,
     NIS+, or LDAP.

     A line beginning with a '+'  means  to  incorporate  entries
     from  the  naming  service source. There are three styles of
     the '+' entries in this file. A single + means to insert all
     the entries from the alternate naming service source at that
     point, while a +name means to insert the specific entry,  if
     one  exists,  from  the  naming service source. A +@netgroup
     means to insert the entries for all members of  the  network
     group netgroup from the alternate naming service. If a +name
     entry has a non-null password,  gcos,  home-dir,  or  login-
     shell  field, the value of that field overrides what is con-
     tained in the alternate naming  service.  The  uid  and  gid
     fields cannot be overridden.

     A line beginning with a `-' means to disallow  entries  from
     the  alternate  naming  service. There are two styles of `-`
     entries in this file. -name means to disallow any subsequent
     entries  (if any) for name (in this file or in a naming ser-
     vice), and  -@netgroup  means  to  disallow  any  subsequent
     entries for all members of the network group netgroup.

     This is also supported by specifying ``passwd : compat''  in
     nsswitch.conf(4). The "compat" source might not be supported
     in future releases. The preferred sources are files followed
     by  the  identifier  of a name service, such as nis or ldap.
     This has the effect of incorporating the entire contents  of
     the  naming  service's  passwd  database or password-related
     information after the passwd file.

     Note that in compat mode, for every /etc/passwd entry, there
     must be a corresponding entry in the /etc/shadow file.

     Appropriate  precautions  must  be   taken   to   lock   the
     /etc/passwd file against simultaneous changes if it is to be
     edited with a text editor; vipw(1B) does the necessary lock-
     ing.


EXAMPLES

     Example 1 Sample passwd File

     The following is a sample passwd file:

SunOS 5.11          Last change: 28 Jul 2004                    3


File Formats                                            passwd(4)

       root:x:0:1:Super-User:/:/sbin/sh
       fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh

     and the sample password entry from nsswitch.conf:

       passwd: files ldap

     In this example, there are specific entries for  users  root
     and  fred to assure that they can login even when the system
     is running single-user. In addition, anyone  whose  password
     information  is  stored  on  an  LDAP server will be able to
     login with their usual password, shell, and home directory.

     If the password file is:

       root:x:0:1:Super-User:/:/sbin/sh
       fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
       +

     and the password entry in nsswitch.conf is:

       passwd: compat

     then all the entries listed  in  the  NIS  passwd.byuid  and
     passwd.byname  maps  will  be effectively incorporated after
     the entries for root and fred.  If  the  password  entry  in
     nsswitch.conf is:

       passwd_compat: ldap
       passwd: compat

SunOS 5.11          Last change: 28 Jul 2004                    4


File Formats                                            passwd(4)

     then all password-related entries stored on the LDAP  server
     will be incorporated after the entries for root and fred.

     The following is a sample passwd file when shadow  does  not
     exist:

       root:q.mJzTnu8icf.:0:1:Super-User:/:/sbin/sh
       fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
       +john:
       +@documentation:no-login:
       +::::Guest

     The following is a  sample  passwd  file  when  shadow  does
     exist:

       root:##root:0:1:Super-User:/:/sbin/sh
       fred:##fred:508:10:& Fredericks:/usr2/fred:/bin/csh
       +john:
       +@documentation:no-login:
       +::::Guest

     In this example, there are specific entries for  users  root
     and  fred, to assure that they can log in even when the sys-
     tem is running standalone. The user john will have his pass-
     word entry in the naming service source incorporated without
     change, anyone in the netgroup documentation will have their
     password field disabled, and anyone else will be able to log
     in with their usual password, shell, and home directory, but
     with a gcos field of Guest


FILES

     /etc/nsswitch.conf

     /etc/passwd

     /etc/shadow

SunOS 5.11          Last change: 28 Jul 2004                    5


File Formats                                            passwd(4)


SEE ALSO

     chgrp(1),   chown(1),   finger(1),   groups(1),    login(1),
     newgrp(1),    nispasswd(1),   passwd(1),   sh(1),   sort(1),
     domainname(1M),   getent(1M),   in.ftpd(1M),   passmgmt(1M),
     pwck(1M),   pwconv(1M),  su(1M),  useradd(1M),  userdel(1M),
     usermod(1M), a64l(3C), crypt(3C),  getpw(3C),  getpwnam(3C),
     getspnam(3C),    putpwent(3C),   group(4),   hosts.equiv(4),
     nsswitch.conf(4), shadow(4), environ(5), unistd.h(3HEAD)

     System Administration Guide: Basic Administration

SunOS 5.11          Last change: 28 Jul 2004                    6


Man(1) output converted with man2html


FhG Schily's Home VED powered