passwd(F)

passwd -- password file

Synopsis

   /etc/passwd

Description

/etc/passwd is an ASCII file that contains basic information about each user's account.

Usage

For each authorized user, the passwd file contains a one-line entry, of the form:

   	login_name : password : uid : gid : comment : home_dir : login_shell

where:

login_name: is the name specified by the user when logging in. This field contains no uppercase characters, should not be more than eight characters long, and should begin with a non-numeric character (that is, any alphabetic or special character except colon).
password: contains the character x. This field remains only for compatibility reasons. Password information is contained in the file /etc/shadow [see shadow(F)].
uid: is the user's numerical ID for the system, which should be unique.
gid: is the numerical ID of the group to which the user belongs.
comment: is any information you think might be useful to a user of this file which is not included elsewhere in the file.
home_dir: is the pathname of the directory in which the user is initially positioned upon logging in.
login_shell: is the user's initial shell program. If this field is empty, the default shell is /usr/bin/sh.

Fields are separated by a colon; entries, by a new-line. Comment lines (lines preceded by the # (hash) character) are not allowed in the /etc/passwd file.

/etc/passwd has general read permission on all systems, and can be used by routines that map numerical user IDs to names.

The passwd file can also have lines beginning with a + (plus sign) which means to incorporate entries from the Network Information Service (NIS). There are three styles of + entries in the passwd file: by itself, + means to insert the entire contents of the NIS password file at that point; +name means to insert the entry (if any) for name from the NIS service at that point; +@ netgroup means to insert the entries for all members of the network group netgroup at that point. If a + name entry has a non-null password, comment, home-dir, or login-shell field, the value of that field overrides what is contained in the NIS service. The uid and gid fields cannot be overridden.

The passwd file can also have lines beginning with a - (minus sign) which means to disallow entries from the NIS service. There are two styles of - entries in the passwd file: - name means to disallow any subsequent entries (if any) for name (in this file or in the NIS service); -@ netgroup means to disallow any subsequent entries for all members of the network group netgroup.

When the Network Information Service (NIS) is in use, the local /etc/passwd file is consulted first, then the NIS maps passwd.byname or passwd.byuid on the NIS server.

Examples

Here is a sample passwd file:

   root:x:0:10:God:/:/bin/csh
   fred:x:508:10:& Fredericks:/usr2/fred:/bin/csh
   +john:
   +@documentation:no-login:
   +::::Guest

In this example, there are specific entries for users root and fred, to ensure that they can log in even when the system is running standalone. The user john will have his password entry in the NIS service incorporated without change; anyone in the netgroup documentation will have their password field disabled, and anyone else will be able to log in with their usual password, shell, and home directory, but with a comment field of Guest.

Warnings

To avoid inconsistencies with the I&A security database, NIS entries should always come at the end of the passwd file.

Files

/etc/passwd
/etc/shadow
/usr/lib/locale/locale/LC_MESSAGES/uxcore.abi: language-specific message file [See LANG on environ(M).]
/var/yp/domainname/passwd.byname: Corresponding NIS map containing password information. The user name is the key in the map.
/var/yp/domainname/passwd.byuid: Same as passwd.byname, except key is user ID instead of user name.

References

getpwent(S), group(F), login(C), passwd(C), putpwent(S), pwconv(ADM), shadow(F), unistd(F), useradd(ADM), userdel(ADM), usermod(ADM)