summaryrefslogtreecommitdiffstats
path: root/man5/passwd.5
diff options
context:
space:
mode:
Diffstat (limited to 'man5/passwd.5')
-rw-r--r--man5/passwd.5160
1 files changed, 160 insertions, 0 deletions
diff --git a/man5/passwd.5 b/man5/passwd.5
new file mode 100644
index 0000000..9b9a136
--- /dev/null
+++ b/man5/passwd.5
@@ -0,0 +1,160 @@
+.\" Copyright (c) 1993 Michael Haardt (michael@moria.de),
+.\" Fri Apr 2 11:32:09 MET DST 1993
+.\"
+.\" SPDX-License-Identifier: GPL-2.0-or-later
+.\"
+.\" Modified Sun Jul 25 10:46:28 1993 by Rik Faith (faith@cs.unc.edu)
+.\" Modified Sun Aug 21 18:12:27 1994 by Rik Faith (faith@cs.unc.edu)
+.\" Modified Sun Jun 18 01:53:57 1995 by Andries Brouwer (aeb@cwi.nl)
+.\" Modified Mon Jan 5 20:24:40 MET 1998 by Michael Haardt
+.\" (michael@cantor.informatik.rwth-aachen.de)
+.TH passwd 5 2023-02-05 "Linux man-pages 6.05.01"
+.SH NAME
+passwd \- password file
+.SH DESCRIPTION
+The
+.I /etc/passwd
+file is a text file that describes user login accounts for the system.
+It should have read permission allowed for all users (many utilities, like
+.BR ls (1)
+use it to map user IDs to usernames), but write access only for the
+superuser.
+.PP
+In the good old days there was no great problem with this general
+read permission.
+Everybody could read the encrypted passwords, but the
+hardware was too slow to crack a well-chosen password, and moreover the
+basic assumption used to be that of a friendly user-community.
+These days many people run some version of the shadow password suite, where
+.I /etc/passwd
+has an \[aq]x\[aq] character in the password field,
+and the encrypted passwords are in
+.IR /etc/shadow ,
+which is readable by the superuser only.
+.PP
+If the encrypted password, whether in
+.I /etc/passwd
+or in
+.IR /etc/shadow ,
+is an empty string, login is allowed without even asking for a password.
+Note that this functionality may be intentionally disabled in applications,
+or configurable (for example using the
+.RB \[dq] nullok \[dq]
+or
+.RB \[dq] nonull \[dq]
+arguments to
+.BR pam_unix (8)).
+.PP
+If the encrypted password in
+.I /etc/passwd
+is "\fI*NP*\fP" (without the quotes),
+the shadow record should be obtained from an NIS+ server.
+.PP
+Regardless of whether shadow passwords are used, many system administrators
+use an asterisk (*) in the encrypted password field to make sure
+that this user can not authenticate themself using a
+password.
+(But see NOTES below.)
+.PP
+If you create a new login, first put an asterisk (*) in the password field,
+then use
+.BR passwd (1)
+to set it.
+.PP
+Each line of the file describes a single user,
+and contains seven colon-separated fields:
+.PP
+.in +4n
+.EX
+name:password:UID:GID:GECOS:directory:shell
+.EE
+.in
+.PP
+The field are as follows:
+.TP 12
+.I name
+This is the user's login name.
+It should not contain capital letters.
+.TP
+.I password
+This is either the encrypted user password,
+an asterisk (*), or the letter \[aq]x\[aq].
+(See
+.BR pwconv (8)
+for an explanation of \[aq]x\[aq].)
+.TP
+.I UID
+The privileged
+.I root
+login account (superuser) has the user ID 0.
+.TP
+.I GID
+This is the numeric primary group ID for this user.
+(Additional groups for the user are defined in the system group file; see
+.BR group (5)).
+.TP
+.I GECOS
+This field (sometimes called the "comment field")
+is optional and used only for informational purposes.
+Usually, it contains the full username.
+Some programs (for example,
+.BR finger (1))
+display information from this field.
+.IP
+GECOS stands for "General Electric Comprehensive Operating System",
+which was renamed to GCOS when
+GE's large systems division was sold to Honeywell.
+Dennis Ritchie has reported: "Sometimes we sent printer output or
+batch jobs to the GCOS machine.
+The gcos field in the password file was a place to stash the
+information for the $IDENTcard.
+Not elegant."
+.TP
+.I directory
+This is the user's home directory:
+the initial directory where the user is placed after logging in.
+The value in this field is used to set the
+.B HOME
+environment variable.
+.TP
+.I shell
+This is the program to run at login (if empty, use
+.IR /bin/sh ).
+If set to a nonexistent executable, the user will be unable to login
+through
+.BR login (1).
+The value in this field is used to set the
+.B SHELL
+environment variable.
+.SH FILES
+.I /etc/passwd
+.SH NOTES
+If you want to create user groups, there must be an entry in
+.IR /etc/group ,
+or no group will exist.
+.PP
+If the encrypted password is set to an asterisk (*), the user will be unable
+to login using
+.BR login (1),
+but may still login using
+.BR rlogin (1),
+run existing processes and initiate new ones through
+.BR rsh (1),
+.BR cron (8),
+.BR at (1),
+or mail filters, etc.
+Trying to lock an account by simply changing the
+shell field yields the same result and additionally allows the use of
+.BR su (1).
+.SH SEE ALSO
+.BR chfn (1),
+.BR chsh (1),
+.BR login (1),
+.BR passwd (1),
+.BR su (1),
+.BR crypt (3),
+.BR getpwent (3),
+.BR getpwnam (3),
+.BR group (5),
+.BR shadow (5),
+.BR vipw (8)