]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Copyright (c) 1993 Michael Haardt (michael@moria.de), Fri Apr 2 11:32:09 MET DST 1993 |
2 | .\" | |
3 | .\" This is free documentation; you can redistribute it and/or | |
4 | .\" modify it under the terms of the GNU General Public License as | |
5 | .\" published by the Free Software Foundation; either version 2 of | |
6 | .\" the License, or (at your option) any later version. | |
7 | .\" | |
8 | .\" The GNU General Public License's references to "object code" | |
9 | .\" and "executables" are to be interpreted as the output of any | |
10 | .\" document formatting or typesetting system, including | |
11 | .\" intermediate and printed output. | |
12 | .\" | |
13 | .\" This manual is distributed in the hope that it will be useful, | |
14 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | .\" GNU General Public License for more details. | |
17 | .\" | |
18 | .\" You should have received a copy of the GNU General Public | |
19 | .\" License along with this manual; if not, write to the Free | |
20 | .\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, | |
21 | .\" USA. | |
22 | .\" | |
23 | .\" Modified Sun Jul 25 10:46:28 1993 by Rik Faith (faith@cs.unc.edu) | |
24 | .\" Modified Sun Aug 21 18:12:27 1994 by Rik Faith (faith@cs.unc.edu) | |
25 | .\" Modified Sun Jun 18 01:53:57 1995 by Andries Brouwer (aeb@cwi.nl) | |
26 | .\" Modified Mon Jan 5 20:24:40 MET 1998 by Michael Haardt | |
27 | .\" (michael@cantor.informatik.rwth-aachen.de) | |
69289f8a | 28 | .TH PASSWD 5 1998-01-05 "Linux" "Linux Programmer's Manual" |
fea681da MK |
29 | .SH NAME |
30 | passwd \- password file | |
31 | .SH DESCRIPTION | |
32 | .B Passwd | |
33 | is a text file, that contains a list of the system's accounts, | |
34 | giving for each account some useful information like user ID, | |
35 | group ID, home directory, shell, etc. | |
36 | Often, it also contains the encrypted passwords for each account. | |
37 | It should have general read permission (many utilities, like | |
38 | .BR ls (1) | |
39 | use it to map user IDs to user names), but write access only for the | |
40 | superuser. | |
41 | .PP | |
42 | In the good old days there was no great problem with this general | |
c13182ef MK |
43 | read permission. |
44 | Everybody could read the encrypted passwords, but the | |
fea681da | 45 | hardware was too slow to crack a well-chosen password, and moreover, the |
c13182ef MK |
46 | basic assumption used to be that of a friendly user-community. |
47 | These days many people run some version of the shadow password suite, where | |
fea681da | 48 | .I /etc/passwd |
c13182ef | 49 | has asterisks (*) instead of encrypted passwords, |
30f7100e | 50 | and the encrypted passwords are in |
fea681da MK |
51 | .I /etc/shadow |
52 | which is readable by the superuser only. | |
53 | .PP | |
54 | Regardless of whether shadow passwords are used, many sysadmins | |
30f7100e | 55 | use an asterisk in the encrypted password field to make sure |
fea681da MK |
56 | that this user can not authenticate him- or herself using a |
57 | password. (But see the Notes below.) | |
58 | .PP | |
30f7100e | 59 | If you create a new login, first put an asterisk in the password field, |
fea681da MK |
60 | then use |
61 | .BR passwd (1) | |
62 | to set it. | |
63 | .PP | |
64 | There is one entry per line, and each line has the format: | |
65 | .sp | |
66 | .RS | |
67 | account:password:UID:GID:GECOS:directory:shell | |
68 | .RE | |
69 | .sp | |
70 | The field descriptions are: | |
fea681da MK |
71 | .RS |
72 | .TP 1.0in | |
73 | .I account | |
c13182ef MK |
74 | the name of the user on the system. |
75 | It should not contain capital letters. | |
fea681da MK |
76 | .TP |
77 | .I password | |
30f7100e MK |
78 | the encrypted user password, an asterisk (*), or the letter 'x'. |
79 | (See | |
80 | .BR pwconv (8) | |
81 | for an explanation of 'x'.) | |
fea681da MK |
82 | .TP |
83 | .I UID | |
84 | the numerical user ID. | |
85 | .TP | |
86 | .I GID | |
87 | the numerical primary group ID for this user. | |
88 | .TP | |
89 | .I GECOS | |
90 | This field is optional and only used for informational purposes. | |
c13182ef MK |
91 | Usually, it contains the full user name. |
92 | GECOS means General Electric | |
fea681da | 93 | Comprehensive Operating System, which has been renamed to GCOS when |
c13182ef MK |
94 | GE's large systems division was sold to Honeywell. |
95 | Dennis Ritchie has reported: "Sometimes we sent printer output or | |
96 | batch jobs to the GCOS machine. | |
97 | The gcos field in the password file was a place to stash the | |
98 | information for the $IDENTcard. | |
99 | Not elegant." | |
fea681da MK |
100 | .TP |
101 | .I directory | |
102 | the user's $HOME directory. | |
103 | .TP | |
104 | .I shell | |
105 | the program to run at login (if empty, use | |
8478ee02 | 106 | .IR /bin/sh ). |
fea681da MK |
107 | If set to a non-existing executable, the user will be unable to login |
108 | through | |
109 | .BR login (1). | |
110 | .RE | |
19c98696 | 111 | .SH NOTES |
fea681da MK |
112 | If you want to create |
113 | user groups, their GIDs must be equal and there must be an entry in | |
114 | \fI/etc/group\fP, or no group will exist. | |
115 | .PP | |
30f7100e | 116 | If the encrypted password is set to an asterisk, the user will be unable |
fea681da MK |
117 | to login using |
118 | .BR login (1), | |
119 | but may still login using | |
120 | .BR rlogin (1), | |
121 | run existing processes and initiate new ones through | |
122 | .BR rsh (1), | |
123 | .BR cron (1), | |
124 | .BR at (1), | |
c13182ef MK |
125 | or mail filters, etc. |
126 | Trying to lock an account by simply changing the | |
fea681da MK |
127 | shell field yields the same result and additionally allows the use of |
128 | .BR su (1). | |
129 | .SH FILES | |
130 | .I /etc/passwd | |
131 | .SH "SEE ALSO" | |
132 | .BR login (1), | |
133 | .BR passwd (1), | |
134 | .BR su (1), | |
135 | .BR group (5), | |
136 | .BR shadow (5) |