summaryrefslogtreecommitdiffstats
path: root/man/man5/shadow.5
diff options
context:
space:
mode:
Diffstat (limited to 'man/man5/shadow.5')
-rw-r--r--man/man5/shadow.5148
1 files changed, 148 insertions, 0 deletions
diff --git a/man/man5/shadow.5 b/man/man5/shadow.5
new file mode 100644
index 0000000..5ab04b8
--- /dev/null
+++ b/man/man5/shadow.5
@@ -0,0 +1,148 @@
+'\" t
+.\" Title: shadow
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
+.\" Date: 11/08/2022
+.\" Manual: File Formats and Configuration Files
+.\" Source: shadow-utils 4.13
+.\" Language: English
+.\"
+.TH "SHADOW" "5" "11/08/2022" "shadow\-utils 4\&.13" "File Formats and Configuration"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+shadow \- shadowed password file
+.SH "DESCRIPTION"
+.PP
+shadow
+is a file which contains the password information for the system\*(Aqs accounts and optional aging information\&.
+.PP
+This file must not be readable by regular users if password security is to be maintained\&.
+.PP
+Each line of this file contains 9 fields, separated by colons (\(lq:\(rq), in the following order:
+.PP
+\fBlogin name\fR
+.RS 4
+It must be a valid account name, which exist on the system\&.
+.RE
+.PP
+\fBencrypted password\fR
+.RS 4
+This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the
+/etc/shadow
+file may decide not to permit any access at all if the password field is empty\&.
+.sp
+A password field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the password field before the password was locked\&.
+.sp
+Refer to
+\fBcrypt\fR(3)
+for details on how this string is interpreted\&.
+.sp
+If the password field contains some string that is not a valid result of
+\fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&.
+.RE
+.PP
+\fBdate of last password change\fR
+.RS 4
+The date of the last password change, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
+.sp
+The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system\&.
+.sp
+An empty field means that password aging features are disabled\&.
+.RE
+.PP
+\fBminimum password age\fR
+.RS 4
+The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again\&.
+.sp
+An empty field and value 0 mean that there is no minimum password age\&.
+.RE
+.PP
+\fBmaximum password age\fR
+.RS 4
+The maximum password age is the number of days after which the user will have to change her password\&.
+.sp
+After this number of days is elapsed, the password may still be valid\&. The user should be asked to change her password the next time she will log in\&.
+.sp
+An empty field means that there are no maximum password age, no password warning period, and no password inactivity period (see below)\&.
+.sp
+If the maximum password age is lower than the minimum password age, the user cannot change her password\&.
+.RE
+.PP
+\fBpassword warning period\fR
+.RS 4
+The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned\&.
+.sp
+An empty field and value 0 mean that there are no password warning period\&.
+.RE
+.PP
+\fBpassword inactivity period\fR
+.RS 4
+The number of days after a password has expired (see the maximum password age above) during which the password should still be accepted (and the user should update her password during the next login)\&.
+.sp
+After expiration of the password and this expiration period is elapsed, no login is possible for the user\&. The user should contact her administrator\&.
+.sp
+An empty field means that there are no enforcement of an inactivity period\&.
+.RE
+.PP
+\fBaccount expiration date\fR
+.RS 4
+The date of expiration of the account, expressed as the number of days since Jan 1, 1970 00:00 UTC\&.
+.sp
+Note that an account expiration differs from a password expiration\&. In case of an account expiration, the user shall not be allowed to login\&. In case of a password expiration, the user is not allowed to login using her password\&.
+.sp
+An empty field means that the account will never expire\&.
+.sp
+The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan 1, 1970\&.
+.RE
+.PP
+\fBreserved field\fR
+.RS 4
+This field is reserved for future use\&.
+.RE
+.SH "FILES"
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.PP
+/etc/shadow
+.RS 4
+Secure user account information\&.
+.RE
+.PP
+/etc/shadow\-
+.RS 4
+Backup file for /etc/shadow\&.
+.sp
+Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBchage\fR(1),
+\fBlogin\fR(1),
+\fBpasswd\fR(1),
+\fBpasswd\fR(5),
+\fBpwck\fR(8),
+\fBpwconv\fR(8),
+\fBpwunconv\fR(8),
+\fBsu\fR(1),
+\fBsulogin\fR(8)\&.