NAME<\/a> passwd \u2212 password file<\/p>\n The \/etc\/passwd<\/i> file is a text file that describes user login accounts for the system. It should have read permission allowed for all users (many utilities, like ls<\/b>(1) use it to map user IDs to usernames), but write access only for the superuser.<\/p>\n In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover the basic assumption used to be that of a friendly user-community. These days many people run some version of the shadow password suite, where \/etc\/passwd<\/i> has an ‘x’ character in the password field, and the encrypted passwords are in \/etc\/shadow<\/i>, which is readable by the superuser only.<\/p>\n If the encrypted password, whether in \/etc\/passwd<\/i> or in \/etc\/shadow<\/i>, is an empty string, login is allowed without even asking for a password. Note that this functionality may be intentionally disabled in applications, or configurable (for example using the “nullok” or “nonull” arguments to pam_unix.so).<\/p>\n If the encrypted password in \/etc\/passwd<\/i> is “*NP*<\/i>” (without the quotes), the shadow record should be obtained from an NIS+ server.<\/p>\n Regardless of whether shadow passwords are used, many system administrators use an asterisk (*) in the encrypted password field to make sure that this user can not authenticate themself using a password. (But see NOTES below.)<\/p>\n If you create a new login, first put an asterisk (*) in the password field, then use passwd<\/b>(1) to set it.<\/p>\n Each line of the file describes a single user, and contains seven colon-separated fields:<\/p>\n name:password:UID:GID:GECOS:directory:shell<\/p>\n The field are as follows:<\/p>\n
DESCRIPTION<\/a>
FILES<\/a>
NOTES<\/a>
SEE ALSO<\/a>
COLOPHON<\/a> <\/p>\n
\nNAME <\/a> <\/h2>\n
DESCRIPTION <\/a> <\/h2>\n
| <\/td>\n | \n name<\/i><\/p>\n<\/td>\n | <\/td>\n | \n This is the user\u2019s login name. It should not contain capital letters.<\/p>\n<\/td>\n<\/tr>\n | ||||||||||||
| <\/td>\n | \n password<\/i><\/p>\n<\/td>\n | <\/td>\n | \n This is either the encrypted user password, an asterisk (*), or the letter ‘x’. (See pwconv<\/b>(8) for an explanation of ‘x’.)<\/p>\n<\/td>\n<\/tr>\n UID<\/i><\/p>\n<\/td>\n The privileged root<\/i> login account (superuser) has the user ID 0.<\/p>\n<\/td>\n<\/tr>\n GID<\/i><\/p>\n<\/td>\n This is the numeric primary group ID for this user. (Additional groups for the user are defined in the system group file; see group<\/b>(5)).<\/p>\n<\/td>\n<\/tr>\n GECOS<\/i><\/p>\n<\/td>\n This field (sometimes called the “comment field”) is optional and used only for informational purposes. Usually, it contains the full username. Some programs (for example, finger<\/b>(1)) display information from this field.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n GECOS stands for “General Electric Comprehensive Operating System”, which was renamed to GCOS when GE\u2019s large systems division was sold to Honeywell. Dennis Ritchie has reported: “Sometimes we sent printer output or batch jobs to the GCOS machine. The gcos field in the password file was a place to stash the information for the $IDENTcard. Not elegant.”<\/p>\n |