passwd (5)





NAME

       passwd - password file


DESCRIPTION

       Passwd  is  a text file, that contains a list of the system's accounts,
       giving for each account some useful information like user ID, group ID,
       home  directory,  shell,  etc.   Often,  it also contains the encrypted
       passwords for each account.  It should  have  general  read  permission
       (many  utilities, like ls(1) use it to map user IDs to user names), but
       write access only for the superuser.

       In the good old days there was no great problem with this general  read
       permission.   Everybody  could  read  the  encrypted passwords, but the
       hardware was too slow to crack a well-chosen  password,  and  moreover,
       the  basic  assumption  used  to  be that of a friendly user-community.
       These days many people run some version of the shadow  password  suite,
       where  /etc/passwd  has  *'s  instead  of  encrypted passwords, and the
       encrypted passwords are in /etc/shadow which is readable by  the  supe-
       ruser only.

       Regardless  of  whether shadow passwords are used, many sysadmins use a
       star in the encrypted password field to make sure that  this  user  can
       not  authenticate  him- or herself using a password. (But see the Notes
       below.)

       If you create a new login, first put a star in the password field, then
       use passwd(1) to set it.

       There is one entry per line, and each line has the format:

              account:password:UID:GID:GECOS:directory:shell

       The field descriptions are:

              account   the  name  of  the  user on the system.  It should not
                        contain capital letters.

              password  the encrypted user password or a star.

              UID       the numerical user ID.

              GID       the numerical primary group ID for this user.

              GECOS     This field is optional and only used for informational
                        purposes.   Usually,  it  contains the full user name.
                        GECOS means General Electric  Comprehensive  Operating
                        System, which has been renamed to GCOS when GE's large
                        systems  division  was  sold  to  Honeywell.    Dennis
                        Ritchie  has reported: "Sometimes we sent printer out-
                        put or batch jobs to the GCOS machine.  The gcos field
                        in the password file was a place to stash the informa-
                        tion for the $IDENTcard.  Not elegant."

              directory the user's $HOME directory.

       If  the encrypted password is set to a star, the user will be unable to
       login using login(1), but may still login using rlogin(1), run existing
       processes and initiate new ones through rsh(1), cron(1), at(1), or mail
       filters, etc.  Trying to lock an account by simply changing  the  shell
       field  yields the same result and additionally allows the use of su(1).


FILES

       /etc/passwd


SEE ALSO

       passwd(1), login(1), su(1), group(5), shadow(5)

                                  1998-01-05                         passwd(5)