diff options
Diffstat (limited to 'man/man5/shadow.5')
-rw-r--r-- | man/man5/shadow.5 | 148 |
1 files changed, 148 insertions, 0 deletions
diff --git a/man/man5/shadow.5 b/man/man5/shadow.5 new file mode 100644 index 0000000..5ab04b8 --- /dev/null +++ b/man/man5/shadow.5 @@ -0,0 +1,148 @@ +'\" t +.\" Title: shadow +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> +.\" Date: 11/08/2022 +.\" Manual: File Formats and Configuration Files +.\" Source: shadow-utils 4.13 +.\" Language: English +.\" +.TH "SHADOW" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +shadow \- shadowed password file +.SH "DESCRIPTION" +.PP +shadow +is a file which contains the password information for the system\*(Aqs accounts and optional aging information\&. +.PP +This file must not be readable by regular users if password security is to be maintained\&. +.PP +Each line of this file contains 9 fields, separated by colons (\(lq:\(rq), in the following order: +.PP +\fBlogin name\fR +.RS 4 +It must be a valid account name, which exist on the system\&. +.RE +.PP +\fBencrypted password\fR +.RS 4 +This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the +/etc/shadow +file may decide not to permit any access at all if the password field is empty\&. +.sp +A password field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the password field before the password was locked\&. +.sp +Refer to +\fBcrypt\fR(3) +for details on how this string is interpreted\&. +.sp +If the password field contains some string that is not a valid result of +\fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&. +.RE +.PP +\fBdate of last password change\fR +.RS 4 +The date of the last password change, expressed as the number of days since Jan 1, 1970 00:00 UTC\&. +.sp +The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system\&. +.sp +An empty field means that password aging features are disabled\&. +.RE +.PP +\fBminimum password age\fR +.RS 4 +The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again\&. +.sp +An empty field and value 0 mean that there is no minimum password age\&. +.RE +.PP +\fBmaximum password age\fR +.RS 4 +The maximum password age is the number of days after which the user will have to change her password\&. +.sp +After this number of days is elapsed, the password may still be valid\&. The user should be asked to change her password the next time she will log in\&. +.sp +An empty field means that there are no maximum password age, no password warning period, and no password inactivity period (see below)\&. +.sp +If the maximum password age is lower than the minimum password age, the user cannot change her password\&. +.RE +.PP +\fBpassword warning period\fR +.RS 4 +The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned\&. +.sp +An empty field and value 0 mean that there are no password warning period\&. +.RE +.PP +\fBpassword inactivity period\fR +.RS 4 +The number of days after a password has expired (see the maximum password age above) during which the password should still be accepted (and the user should update her password during the next login)\&. +.sp +After expiration of the password and this expiration period is elapsed, no login is possible for the user\&. The user should contact her administrator\&. +.sp +An empty field means that there are no enforcement of an inactivity period\&. +.RE +.PP +\fBaccount expiration date\fR +.RS 4 +The date of expiration of the account, expressed as the number of days since Jan 1, 1970 00:00 UTC\&. +.sp +Note that an account expiration differs from a password expiration\&. In case of an account expiration, the user shall not be allowed to login\&. In case of a password expiration, the user is not allowed to login using her password\&. +.sp +An empty field means that the account will never expire\&. +.sp +The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan 1, 1970\&. +.RE +.PP +\fBreserved field\fR +.RS 4 +This field is reserved for future use\&. +.RE +.SH "FILES" +.PP +/etc/passwd +.RS 4 +User account information\&. +.RE +.PP +/etc/shadow +.RS 4 +Secure user account information\&. +.RE +.PP +/etc/shadow\- +.RS 4 +Backup file for /etc/shadow\&. +.sp +Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools\&. +.RE +.SH "SEE ALSO" +.PP +\fBchage\fR(1), +\fBlogin\fR(1), +\fBpasswd\fR(1), +\fBpasswd\fR(5), +\fBpwck\fR(8), +\fBpwconv\fR(8), +\fBpwunconv\fR(8), +\fBsu\fR(1), +\fBsulogin\fR(8)\&. |