]>
Commit | Line | Data |
---|---|---|
3d54a910 MK |
1 | .\" Copyright (c) 1993 Michael Haardt (michael@moria.de), |
2 | .\" Fri Apr 2 11:32:09 MET DST 1993 | |
fea681da MK |
3 | .\" |
4 | .\" This is free documentation; you can redistribute it and/or | |
5 | .\" modify it under the terms of the GNU General Public License as | |
6 | .\" published by the Free Software Foundation; either version 2 of | |
7 | .\" the License, or (at your option) any later version. | |
8 | .\" | |
9 | .\" The GNU General Public License's references to "object code" | |
10 | .\" and "executables" are to be interpreted as the output of any | |
11 | .\" document formatting or typesetting system, including | |
12 | .\" intermediate and printed output. | |
13 | .\" | |
14 | .\" This manual is distributed in the hope that it will be useful, | |
15 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | .\" GNU General Public License for more details. | |
18 | .\" | |
19 | .\" You should have received a copy of the GNU General Public | |
20 | .\" License along with this manual; if not, write to the Free | |
21 | .\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, | |
22 | .\" USA. | |
23 | .\" | |
24 | .\" Modified Sun Jul 25 10:46:28 1993 by Rik Faith (faith@cs.unc.edu) | |
25 | .\" Modified Sun Aug 21 18:12:27 1994 by Rik Faith (faith@cs.unc.edu) | |
26 | .\" Modified Sun Jun 18 01:53:57 1995 by Andries Brouwer (aeb@cwi.nl) | |
27 | .\" Modified Mon Jan 5 20:24:40 MET 1998 by Michael Haardt | |
28 | .\" (michael@cantor.informatik.rwth-aachen.de) | |
69289f8a | 29 | .TH PASSWD 5 1998-01-05 "Linux" "Linux Programmer's Manual" |
fea681da MK |
30 | .SH NAME |
31 | passwd \- password file | |
32 | .SH DESCRIPTION | |
33 | .B Passwd | |
34 | is a text file, that contains a list of the system's accounts, | |
35 | giving for each account some useful information like user ID, | |
36 | group ID, home directory, shell, etc. | |
37 | Often, it also contains the encrypted passwords for each account. | |
38 | It should have general read permission (many utilities, like | |
39 | .BR ls (1) | |
18701562 | 40 | use it to map user IDs to usernames), but write access only for the |
fea681da MK |
41 | superuser. |
42 | .PP | |
43 | In the good old days there was no great problem with this general | |
c13182ef MK |
44 | read permission. |
45 | Everybody could read the encrypted passwords, but the | |
fea681da | 46 | hardware was too slow to crack a well-chosen password, and moreover, the |
c13182ef MK |
47 | basic assumption used to be that of a friendly user-community. |
48 | These days many people run some version of the shadow password suite, where | |
fea681da | 49 | .I /etc/passwd |
c13182ef | 50 | has asterisks (*) instead of encrypted passwords, |
30f7100e | 51 | and the encrypted passwords are in |
fea681da MK |
52 | .I /etc/shadow |
53 | which is readable by the superuser only. | |
54 | .PP | |
55 | Regardless of whether shadow passwords are used, many sysadmins | |
30f7100e | 56 | use an asterisk in the encrypted password field to make sure |
fea681da | 57 | that this user can not authenticate him- or herself using a |
6387216b MK |
58 | password. |
59 | (But see the Notes below.) | |
fea681da | 60 | .PP |
30f7100e | 61 | If you create a new login, first put an asterisk in the password field, |
fea681da MK |
62 | then use |
63 | .BR passwd (1) | |
64 | to set it. | |
65 | .PP | |
66 | There is one entry per line, and each line has the format: | |
67 | .sp | |
68 | .RS | |
69 | account:password:UID:GID:GECOS:directory:shell | |
70 | .RE | |
71 | .sp | |
72 | The field descriptions are: | |
fea681da MK |
73 | .RS |
74 | .TP 1.0in | |
75 | .I account | |
c13182ef MK |
76 | the name of the user on the system. |
77 | It should not contain capital letters. | |
fea681da MK |
78 | .TP |
79 | .I password | |
f81fb444 | 80 | the encrypted user password, an asterisk (*), or the letter \(aqx\(aq. |
30f7100e MK |
81 | (See |
82 | .BR pwconv (8) | |
f81fb444 | 83 | for an explanation of \(aqx\(aq.) |
fea681da MK |
84 | .TP |
85 | .I UID | |
86 | the numerical user ID. | |
87 | .TP | |
88 | .I GID | |
89 | the numerical primary group ID for this user. | |
90 | .TP | |
91 | .I GECOS | |
92 | This field is optional and only used for informational purposes. | |
18701562 | 93 | Usually, it contains the full username. |
c13182ef | 94 | GECOS means General Electric |
fea681da | 95 | Comprehensive Operating System, which has been renamed to GCOS when |
c13182ef MK |
96 | GE's large systems division was sold to Honeywell. |
97 | Dennis Ritchie has reported: "Sometimes we sent printer output or | |
98 | batch jobs to the GCOS machine. | |
99 | The gcos field in the password file was a place to stash the | |
100 | information for the $IDENTcard. | |
101 | Not elegant." | |
fea681da MK |
102 | .TP |
103 | .I directory | |
a96050c6 MK |
104 | the user's |
105 | .B $HOME | |
106 | directory. | |
fea681da MK |
107 | .TP |
108 | .I shell | |
109 | the program to run at login (if empty, use | |
8478ee02 | 110 | .IR /bin/sh ). |
f74bac5d | 111 | If set to a nonexistent executable, the user will be unable to login |
fea681da MK |
112 | through |
113 | .BR login (1). | |
114 | .RE | |
2b2581ee MK |
115 | .SH FILES |
116 | .I /etc/passwd | |
19c98696 | 117 | .SH NOTES |
fea681da MK |
118 | If you want to create |
119 | user groups, their GIDs must be equal and there must be an entry in | |
120 | \fI/etc/group\fP, or no group will exist. | |
121 | .PP | |
30f7100e | 122 | If the encrypted password is set to an asterisk, the user will be unable |
fea681da MK |
123 | to login using |
124 | .BR login (1), | |
125 | but may still login using | |
126 | .BR rlogin (1), | |
127 | run existing processes and initiate new ones through | |
128 | .BR rsh (1), | |
49ec013c | 129 | .BR cron (8), |
fea681da | 130 | .BR at (1), |
c13182ef MK |
131 | or mail filters, etc. |
132 | Trying to lock an account by simply changing the | |
fea681da MK |
133 | shell field yields the same result and additionally allows the use of |
134 | .BR su (1). | |
fea681da MK |
135 | .SH "SEE ALSO" |
136 | .BR login (1), | |
137 | .BR passwd (1), | |
138 | .BR su (1), | |
b22e49b8 MK |
139 | .BR getpwent (3), |
140 | .BR getpwnam (3), | |
fea681da MK |
141 | .BR group (5), |
142 | .BR shadow (5) |