The
passwd files are the local source of password information. They can be used in conjunction with the Hesiod domain ‘passwd' and the NIS maps ‘passwd.byname', ‘passwd.byuid', ‘master.passwd.byname', and ‘master.passwd.byuid', as controlled by
nsswitch.conf(5).
The
master.passwd file is readable only by root, and consists of newline separated ASCII records, one per user, containing ten colon (“:”) separated fields.
Each line has the form:
name:password:uid:gid:class:change:expire:gecos:home_dir:shell
These fields are as follows:
password
User's encrypted password.
gid
User's login group id.
class
User's login class.
change
Password change time.
expire
Account expiration time.
gecos
General information about the user.
home_dir
User's home directory.
shell
User's login shell.
Be aware that each line is limited to 1024 characters; longer ones will be ignored. This limit can be queried through
sysconf(3) by using the
_SC_GETPW_R_SIZE_MAX parameter.
The
passwd file is generated from the
master.passwd file by
pwd_mkdb(8), has the
class,
change, and
expire fields removed, and the
password field replaced by a “*”.
The
name field is the login used to access the computer account, and the
uid field is the number associated with it. They should both be unique across the system (and often across a group of systems) since they control file access.
While it is possible to have multiple entries with identical login names and/or identical user id's, it is usually a mistake to do so. Routines that manipulate these files will often return only one of the multiple entries, and that one by random selection.
The login name must never begin with a hyphen (“-”); also, it is strongly suggested that neither upper-case characters nor dots (“.”) be part of the name, as this tends to confuse mailers. No field may contain a colon (“:”) as this has been used historically to separate the fields in the user database.
The
password field is the
encrypted form of the password. If the
password field is empty, no password will be required to gain access to the machine. This is almost invariably a mistake. Because these files contain the encrypted user passwords, they should not be readable by anyone without appropriate privileges. For the possible ciphers used in this field see
passwd.conf(5).
The
gid field is the group that the user will be placed in upon login. Since this system supports multiple groups (see
groups(1)) this field currently has little special meaning.
The
class field is a key for a user's login class. Login classes are defined in
login.conf(5), which is a
termcap(5) style database of user attributes, accounting, resource and environment settings.
The
change field is the number of seconds from the epoch,
UTC, until the password for the account must be changed. This field may be left empty to turn off the password aging feature. If this is set to “-1” then the user will be prompted to change their password at the next login.
The
expire field is the number of seconds from the epoch,
UTC, until the account expires. This field may be left empty to turn off the account aging feature.
If either of the
change or
expire fields are set, the system will remind the user of the impending change or expiry if they login within a configurable period (defaulting to 14 days) before the event.
The
gecos field normally contains comma (“,”) separated subfields as follows:
office
user's office number
wphone
user's work phone number
hphone
user's home phone number
The full name may contain an ampersand (“&”) which will be replaced by the capitalized login name when the gecos field is displayed or used by various programs such as
finger(1),
sendmail(8), etc.
The office and phone number subfields are used by the
finger(1) program, and possibly other applications.
The user's home directory is the full
UNIX path name where the user will be placed on login.
The shell field is the command interpreter the user prefers. If there is nothing in the
shell field, the Bourne shell (
/bin/sh) is assumed.