1 .\" $NetBSD: passwd.5,v 1.12.2.2 1999/12/17 23:14:50 he Exp $
3 .\" Copyright (c) 1988, 1991, 1993
4 .\" The Regents of the University of California. All rights reserved.
5 .\" Portions Copyright (c) 1994, Jason Downs. All rights reserved.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
10 .\" 1. Redistributions of source code must retain the above copyright
11 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
15 .\" 3. All advertising materials mentioning features or use of this software
16 .\" must display the following acknowledgement:
17 .\" This product includes software developed by the University of
18 .\" California, Berkeley and its contributors.
19 .\" 4. Neither the name of the University nor the names of its contributors
20 .\" may be used to endorse or promote products derived from this software
21 .\" without specific prior written permission.
23 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 .\" From: @(#)passwd.5 8.1 (Berkeley) 6/5/93
44 .Nd format of the password file
48 files are the local source of password information.
49 They can be used in conjunction with the Hesiod domains
58 .Sq master.passwd.byname ,
60 .Sq master.passwd.byuid ,
64 For consistency, none of these files should ever be modified
69 file is readable only by root, and consists of newline separated
70 records, one per user, containing ten colon (``:'') separated
72 These fields are as follows:
74 .Bl -tag -width password -offset indent
84 User's login group id.
90 Account expiration time.
92 General information about the user.
94 User's home directory.
101 file is generated from the
105 has the class, change, and expire fields removed, and the password
113 is used to indicate that no one can ever log into that account
114 using password authentication (logins through other forms of
115 authentication, i.e.\& using
117 keys, will still work).
118 The field only contains encrypted passwords, and
120 can never be the result of encrypting a password.
124 field is the login used to access the computer account, and the
126 field is the number associated with it.
127 They should both be unique
128 across the system (and often across a group of systems) since they
131 While it is possible to have multiple entries with identical login names
132 and/or identical user id's, it is usually a mistake to do so.
134 that manipulate these files will often return only one of the multiple
135 entries, and that one by random selection.
137 The login name must never begin with a hyphen (``-''); also, it is strongly
138 suggested that neither upper-case characters or dots (``.'') be part
139 of the name, as this tends to confuse mailers.
140 No field may contain a
141 colon (``:'') as this has been used historically to separate the fields
142 in the user database.
144 The password field is the
146 form of the password, see
150 field is empty, no password will be required to gain access to the
152 This is almost invariably a mistake.
153 Because these files contain the encrypted user passwords, they should
154 not be readable by anyone without appropriate privileges.
156 The group field is the group that the user will be placed in upon login.
157 Since this system supports multiple groups (see
159 this field currently has little special meaning.
163 field is a key for a user's login class.
169 style database of user attributes, accounting, resource,
170 and environment settings.
174 field is the number of seconds from the epoch,
177 password for the account must be changed.
178 This field may be left empty to turn off the password aging feature.
182 field is the number of seconds from the epoch,
186 This field may be left empty to turn off the account aging feature.
190 field normally contains comma (``,'') separated subfields as follows:
192 .Bl -tag -width office -offset indent -compact
198 user's work phone number
200 user's home phone number
203 The full name may contain a ampersand (``&'') which will be replaced by
204 the capitalized login name when the gecos field is displayed or used
205 by various programs such as
210 The office and phone number subfields are used by the
212 program, and possibly other applications.
214 The user's home directory is the full
216 path name where the user
217 will be placed on login.
219 The shell field is the command interpreter the user prefers.
220 If there is nothing in the
222 field, the Bourne shell
231 .Xr nsswitch.conf 5 ,
234 lookups occur from the
243 .Xr nsswitch.conf 5 ,
246 lookups occur from the
249 .Sq master.passwd.byname ,
251 .Sq master.passwd.byuid
266 .Xr nsswitch.conf 5 ,
269 file also supports standard
271 exclusions and inclusions, based on user names and netgroups.
273 Lines beginning with a ``-'' (minus sign) are entries marked as being excluded
274 from any following inclusions, which are marked with a ``+'' (plus sign).
276 If the second character of the line is a ``@'' (at sign), the operation
277 involves the user fields of all entries in the netgroup specified by the
278 remaining characters of the
281 Otherwise, the remainder of the
283 field is assumed to be a specific user name.
285 The ``+'' token may also be alone in the
287 field, which causes all users from either the Hesiod domain
290 .Sq passwd_compat: dns )
297 .Sq passwd_compat: nis )
300 If the entry contains non-empty
304 fields, the specified numbers will override the information retrieved
305 from the Hesiod domain or the
313 entries contain text, it will override the information included via
318 field may also be overridden.
320 .Bl -tag -width ".Pa /etc/master.passwd" -compact
323 password file, with passwords removed
326 password database, with passwords removed
327 .It Pa /etc/master.passwd
329 password file, with passwords intact
332 password database, with passwords intact
335 The password file format has changed since
337 The following awk script can be used to convert your old-style password
338 file into a new style password file.
339 The additional fields
344 are added, but are turned off by default.
345 Class is currently not implemented, but change and expire are; to set them,
346 use the current day in seconds from the epoch + whatever number of seconds
348 .Bd -literal -offset indent
350 { print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 }
366 .%T "Managing NFS and NIS"
367 (O'Reilly & Associates)
371 file format appeared in
377 file format first appeared in SunOS.
379 The Hesiod support first appeared in
381 It was imported from the
383 Project, where it first appeared in
386 User information should (and eventually will) be stored elsewhere.
390 exclusions in the file after any inclusions will have