Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
passwd(4)							     passwd(4)

NAME
       passwd -	password file

SYNOPSIS
       /etc/passwd

       The  file /etc/passwd is	a local	source of information about users' ac-
       counts. The password file can be	used in	conjunction with other	naming
       sources,	such as	the NIS	maps passwd.byname and passwd.bygid, data from
       the NIS+	passwd table, or password data stored on an LDAP server.  Pro-
       grams use the getpwnam(3C) routines to access this information.

       Each passwd entry is a single line of the form:

       username:password:uid:
       gid:gcos-field:home-dir:
       login-shell

       where

       username	       is  the	user's login name. It is recommended that this
		       field conform to	the checks performed by	pwck(1M).

       password	       is an empty field. The encrypted	password for the  user
		       is  in the corresponding	entry in the /etc/shadow file.
		       pwconv(1M) relies on a special  value  of  'x'  in  the
		       password	field of /etc/passwd. If this value of 'x' ex-
		       ists in the password field of /etc/passwd,  this	 indi-
		       cates  that  the	 password  for	the user is already in
		       /etc/shadow and should not be modified.

       uid	       is the user's unique numerical ID for the system.

       gid	       is the unique numerical ID of the group that  the  user
		       belongs to.

       gcos-field      is the user's real name,	along with information to pass
		       along in	a mail-message	heading.  (It  is  called  the
		       gcos-field  for	historical  reasons.) An ``&'' (amper-
		       sand) in	this field stands for the login	name (in cases
		       where the login name appears in a user's	real name).

       home-dir	       is  the	pathname to the	directory in which the user is
		       initially positioned upon logging in.

       login-shell     is the user's initial shell program. If this  field  is
		       empty, the default shell	is /usr/bin/sh.

       The  maximum value of the uid and gid fields is 2147483647. To maximize
       interoperability	and compatibility, administrators are  recommended  to
       assign users a range of UIDs and	GIDs below 60000 where possible.

       The  password file is an	ASCII file that	resides	in the /etc directory.
       Because the encrypted passwords on a secure system are always  kept  in
       the shadow file,	/etc/passwd has	general	read permission	on all systems
       and can be used by routines that	map between  numerical	user  IDs  and
       user names.

       Blank  lines  are  treated  as malformed	entries	in the passwd file and
       cause consumers of the file , such as getpwnam(3C), to fail.

       The password file can contain entries beginning with a `+' (plus	 sign)
       or  '-'	(minus	sign)  to selectively incorporate entries from another
       naming service source, such as NIS, NIS+, or LDAP.

       A line beginning	with a '+' means to incorporate	entries	from the  nam-
       ing  service  source. There are three styles of the '+' entries in this
       file. A single +	means to insert	all the	 entries  from	the  alternate
       naming  service source at that point, while a +name means to insert the
       specific	entry, if one exists, from the naming service source. A	+@net-
       group  means to insert the entries for all members of the network group
       netgroup	from the alternate naming service. If a	+name entry has	a non-
       null  password, gcos, home-dir, or login-shell field, the value of that
       field overrides what is contained in the	alternate naming service.  The
       uid and gid fields cannot be overridden.

       A  line	beginning with a `-' means to disallow entries from the	alter-
       nate naming service. There are two styles of `-`	entries	in this	 file.
       -name  means  to	 disallow any subsequent entries (if any) for name (in
       this file or in a naming	service), and -@netgroup means to disallow any
       subsequent entries for all members of the network group netgroup.

       This  is	 also  supported  by  specifying  ``passwd  : compat'' in nss-
       witch.conf(4). The "compat" source might	not be supported in future re-
       leases. The preferred sources are files followed	by the identifier of a
       name service, such as nis or ldap. This has the effect of incorporating
       the  entire  contents  of the naming service's passwd database or pass-
       word-related information	after the passwd file.

       Note that in compat mode, for every /etc/passwd entry, there must be  a
       corresponding entry in the /etc/shadow file.

       Appropriate  precautions	 must  be  taken  to lock the /etc/passwd file
       against simultaneous changes if it is to	be edited with a text  editor;
       vipw(1B)	does the necessary locking.

       Example 1: Sample passwd	File

       The following is	a sample passwd	file:

       root:x:0:1:Super-User:/:/sbin/sh
       fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh

       and the sample password entry from nsswitch.conf:

       passwd: files ldap

       In  this	example, there are specific entries for	users root and fred to
       assure that they	can login even when the	system is running single-user.
       In  addition,  anyone  whose  password information is stored on an LDAP
       server will be able to login with their usual password, shell, and home
       directory.

       If the password file is:

       root:x:0:1:Super-User:/:/sbin/sh
       fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
       +

       and the password	entry in nsswitch.conf is:

       passwd: compat

       then  all  the entries listed in	the NIS	passwd.byuid and passwd.byname
       maps will be effectively	incorporated after the entries	for  root  and
       fred. If	the password entry in nsswitch.conf is:

       passwd_compat: ldap
       passwd: compat

       then all	password-related entries stored	on the LDAP server will	be in-
       corporated after	the entries for	root and fred.

       The following is	a sample passwd	file when shadow does not exist:

       root:q.mJzTnu8icf.:0:1:Super-User:/:/sbin/sh
       fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
       +john:
       +@documentation:no-login:
       +::::Guest

       The following is	a sample passwd	file when shadow does exist:

       root:##root:0:1:Super-User:/:/sbin/sh
       fred:##fred:508:10:& Fredericks:/usr2/fred:/bin/csh
       +john:
       +@documentation:no-login:
       +::::Guest

       In this example,	there are specific entries for users root and fred, to
       assure that they	can log	in even	when the system	is running standalone.
       The user	john will have his password entry in the naming	service	source
       incorporated  without change, anyone in the netgroup documentation will
       have their password field disabled, and anyone else will	be able	to log
       in  with	 their	usual  password, shell,	and home directory, but	with a
       gcos field of Guest

       /etc/nsswitch.conf

       /etc/passwd

       /etc/shadow

       chgrp(1), chown(1), finger(1),  groups(1),  login(1),  newgrp(1),  nis-
       passwd(1),   passwd(1),	sh(1),	sort(1),  domainname(1M),  getent(1M),
       in.ftpd(1M), passmgmt(1M), pwck(1M), pwconv(1M),	 su(1M),  useradd(1M),
       userdel(1M), usermod(1M), a64l(3C), crypt(3C), getpw(3C), getpwnam(3C),
       getspnam(3C), putpwent(3C), group(4), hosts.equiv(4), nsswitch.conf(4),
       shadow(4), environ(5), unistd.h(3HEAD)

				  28 Jul 2004			     passwd(4)

NAME | SYNOPSIS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=passwd&sektion=4&manpath=SunOS+5.10>

home | help