]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Copyright (c) 1993 Michael Haardt (michael@moria.de), Fri Apr 2 11:32:09 MET DST 1993 |
2 | .\" | |
3 | .\" This is free documentation; you can redistribute it and/or | |
4 | .\" modify it under the terms of the GNU General Public License as | |
5 | .\" published by the Free Software Foundation; either version 2 of | |
6 | .\" the License, or (at your option) any later version. | |
7 | .\" | |
8 | .\" The GNU General Public License's references to "object code" | |
9 | .\" and "executables" are to be interpreted as the output of any | |
10 | .\" document formatting or typesetting system, including | |
11 | .\" intermediate and printed output. | |
12 | .\" | |
13 | .\" This manual is distributed in the hope that it will be useful, | |
14 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | .\" GNU General Public License for more details. | |
17 | .\" | |
18 | .\" You should have received a copy of the GNU General Public | |
19 | .\" License along with this manual; if not, write to the Free | |
20 | .\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, | |
21 | .\" USA. | |
22 | .\" | |
23 | .\" Modified Sun Jul 25 10:46:28 1993 by Rik Faith (faith@cs.unc.edu) | |
24 | .\" Modified Sun Aug 21 18:12:27 1994 by Rik Faith (faith@cs.unc.edu) | |
25 | .\" Modified Sun Jun 18 01:53:57 1995 by Andries Brouwer (aeb@cwi.nl) | |
26 | .\" Modified Mon Jan 5 20:24:40 MET 1998 by Michael Haardt | |
27 | .\" (michael@cantor.informatik.rwth-aachen.de) | |
28 | .TH PASSWD 5 1998-01-05 "File formats" "Linux Programmer's Manual" | |
29 | .SH NAME | |
30 | passwd \- password file | |
31 | .SH DESCRIPTION | |
32 | .B Passwd | |
33 | is a text file, that contains a list of the system's accounts, | |
34 | giving for each account some useful information like user ID, | |
35 | group ID, home directory, shell, etc. | |
36 | Often, it also contains the encrypted passwords for each account. | |
37 | It should have general read permission (many utilities, like | |
38 | .BR ls (1) | |
39 | use it to map user IDs to user names), but write access only for the | |
40 | superuser. | |
41 | .PP | |
42 | In the good old days there was no great problem with this general | |
43 | read permission. Everybody could read the encrypted passwords, but the | |
44 | hardware was too slow to crack a well-chosen password, and moreover, the | |
45 | basic assumption used to be that of a friendly user-community. These days | |
46 | many people run some version of the shadow password suite, where | |
47 | .I /etc/passwd | |
48 | has *'s instead of encrypted passwords, and the encrypted passwords are in | |
49 | .I /etc/shadow | |
50 | which is readable by the superuser only. | |
51 | .PP | |
52 | Regardless of whether shadow passwords are used, many sysadmins | |
53 | use a star in the encrypted password field to make sure | |
54 | that this user can not authenticate him- or herself using a | |
55 | password. (But see the Notes below.) | |
56 | .PP | |
57 | If you create a new login, first put a star in the password field, | |
58 | then use | |
59 | .BR passwd (1) | |
60 | to set it. | |
61 | .PP | |
62 | There is one entry per line, and each line has the format: | |
63 | .sp | |
64 | .RS | |
65 | account:password:UID:GID:GECOS:directory:shell | |
66 | .RE | |
67 | .sp | |
68 | The field descriptions are: | |
69 | .sp | |
70 | .RS | |
71 | .TP 1.0in | |
72 | .I account | |
73 | the name of the user on the system. It should not contain capital letters. | |
74 | .TP | |
75 | .I password | |
76 | the encrypted user password or a star. | |
77 | .TP | |
78 | .I UID | |
79 | the numerical user ID. | |
80 | .TP | |
81 | .I GID | |
82 | the numerical primary group ID for this user. | |
83 | .TP | |
84 | .I GECOS | |
85 | This field is optional and only used for informational purposes. | |
86 | Usually, it contains the full user name. GECOS means General Electric | |
87 | Comprehensive Operating System, which has been renamed to GCOS when | |
88 | GE's large systems division was sold to Honeywell. Dennis Ritchie has | |
89 | reported: "Sometimes we sent printer output or batch jobs to the GCOS | |
90 | machine. The gcos field in the password file was a place to stash the | |
91 | information for the $IDENTcard. Not elegant." | |
92 | .TP | |
93 | .I directory | |
94 | the user's $HOME directory. | |
95 | .TP | |
96 | .I shell | |
97 | the program to run at login (if empty, use | |
8478ee02 | 98 | .IR /bin/sh ). |
fea681da MK |
99 | If set to a non-existing executable, the user will be unable to login |
100 | through | |
101 | .BR login (1). | |
102 | .RE | |
103 | .SH NOTE | |
104 | If you want to create | |
105 | user groups, their GIDs must be equal and there must be an entry in | |
106 | \fI/etc/group\fP, or no group will exist. | |
107 | .PP | |
108 | If the encrypted password is set to a star, the user will be unable | |
109 | to login using | |
110 | .BR login (1), | |
111 | but may still login using | |
112 | .BR rlogin (1), | |
113 | run existing processes and initiate new ones through | |
114 | .BR rsh (1), | |
115 | .BR cron (1), | |
116 | .BR at (1), | |
117 | or mail filters, etc. Trying to lock an account by simply changing the | |
118 | shell field yields the same result and additionally allows the use of | |
119 | .BR su (1). | |
120 | .SH FILES | |
121 | .I /etc/passwd | |
122 | .SH "SEE ALSO" | |
123 | .BR login (1), | |
124 | .BR passwd (1), | |
125 | .BR su (1), | |
126 | .BR group (5), | |
127 | .BR shadow (5) |