1.\" $NetBSD: passwd.5,v 1.4 1995/07/28 06:46:05 phil Exp $ 2.\" 3.\" Copyright (c) 1988, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" Portions Copyright (c) 1994, Jason Downs. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)passwd.5 8.1 (Berkeley) 6/5/93 36.\" 37.Dd July 18, 1995 38.Dt PASSWD 5 39.Os 40.Sh NAME 41.Nm passwd 42.Nd format of the password file 43.Sh DESCRIPTION 44The 45.Nm passwd 46files are files consisting of newline separated records, one per user, 47containing ten colon (``:'') separated fields. These fields are as 48follows: 49.Pp 50.Bl -tag -width password -offset indent 51.It name 52User's login name. 53.It password 54User's 55.Em encrypted 56password. 57.It uid 58User's id. 59.It gid 60User's login group id. 61.It class 62User's general classification (unused). 63.It change 64Password change time. 65.It expire 66Account expiration time. 67.It gecos 68General information about the user. 69.It home_dir 70User's home directory. 71.It shell 72User's login shell. 73.El 74.Pp 75The 76.Ar name 77field is the login used to access the computer account, and the 78.Ar uid 79field is the number associated with it. They should both be unique 80across the system (and often across a group of systems) since they 81control file access. 82.Pp 83While it is possible to have multiple entries with identical login names 84and/or identical user id's, it is usually a mistake to do so. Routines 85that manipulate these files will often return only one of the multiple 86entries, and that one by random selection. 87.Pp 88The login name must never begin with a hyphen (``-''); also, it is strongly 89suggested that neither upper-case characters or dots (``.'') be part 90of the name, as this tends to confuse mailers. No field may contain a 91colon (``:'') as this has been used historically to separate the fields 92in the user database. 93.Pp 94The password field is the 95.Em encrypted 96form of the password. 97If the 98.Ar password 99field is empty, no password will be required to gain access to the 100machine. This is almost invariably a mistake. 101Because these files contain the encrypted user passwords, they should 102not be readable by anyone without appropriate privileges. 103.Pp 104The group field is the group that the user will be placed in upon login. 105Since this system supports multiple groups (see 106.Xr groups 1 ) 107this field currently has little special meaning. 108.Pp 109The 110.Ar class 111field is currently unused. In the near future it will be a key to 112a 113.Xr termcap 5 114style database of user attributes. 115.Pp 116The 117.Ar change 118field is the number in seconds, 119.Dv GMT , 120from the epoch, until the 121password for the account must be changed. 122This field may be left empty to turn off the password aging feature. 123.Pp 124The 125.Ar expire 126field is the number in seconds, 127.Dv GMT , 128from the epoch, until the 129account expires. 130This field may be left empty to turn off the account aging feature. 131.Pp 132The 133.Ar gecos 134field normally contains comma (``,'') separated subfields as follows: 135.Pp 136.Bd -unfilled -offset indent 137name user's full name 138office user's office number 139wphone user's work phone number 140hphone user's home phone number 141.Ed 142.Pp 143This information is used by the 144.Xr finger 1 145program. 146.Pp 147The user's home directory is the full 148.Tn UNIX 149path name where the user 150will be placed on login. 151.Pp 152The shell field is the command interpreter the user prefers. 153If there is nothing in the 154.Ar shell 155field, the Bourne shell 156.Pq Pa /bin/sh 157is assumed. 158.Sh YP SUPPORT 159If YP is active, the 160.Nm 161file also supports standard YP exclusions and inclusions, based on user 162names and netgroups. 163.Pp 164Lines beginning with a ``-'' (minus sign) are entries marked as being excluded 165from any following inclusions, which are marked with a ``+'' (plus sign). 166.Pp 167If the second character of the line is a ``@'' (at sign), the operation 168involves the user fields of all entries in the netgroup specified by the 169remaining characters of the 170.Ar name 171field. 172Otherwise, the remainder of the 173.Ar name 174field is assumed to be a specific user name. 175.Pp 176The ``+'' token may also be alone in the 177.Ar name 178field, which causes all users from the 179.Pa passwd.byname 180and 181.Pa passwd.byuid 182YP maps to be included. 183.Pp 184If the entry contains non-empty 185.Ar uid 186or 187.Ar gid 188fields, the specified numbers will override the information retrieved 189from the YP maps. As well, if the 190.Ar gecos, 191.Ar dir 192or 193.Ar shell 194entries contain text, it will override the information included via YP. 195On some systems, the 196.Ar passwd 197field may also be overriden, hence it is recommended that the standard 198way to enable YP passwd support in 199.Pa /etc/master.passwd 200is: 201.Pp 202+:*:::::::: 203.Pp 204which after 205.Xr pwd_mkdb 8 206will result in 207.Pa /etc/passwd 208containing: 209.Pp 210+:*:0:0::: 211.Pp 212.Sh SEE ALSO 213.Xr chpass 1 , 214.Xr login 1 , 215.Xr passwd 1 , 216.Xr getpwent 3 , 217.Xr netgroup 5 , 218.Xr adduser 8 , 219.Xr pwd_mkdb 8 , 220.Xr vipw 8 , 221.Xr yp 8 222.Pp 223.%T "Managing NFS and NIS" 224(O'Reilly & Associates) 225.Sh BUGS 226User information should (and eventually will) be stored elsewhere. 227.Pp 228Placing YP exclusions in the file after any inclusions will have 229unexpected results. 230.Sh COMPATIBILITY 231The password file format has changed since 4.3BSD. 232The following awk script can be used to convert your old-style password 233file into a new style password file. 234The additional fields 235.Dq class , 236.Dq change 237and 238.Dq expire 239are added, but are turned off by default. 240Class is currently not implemented, but change and expire are; to set them, 241use the current day in seconds from the epoch + whatever number of seconds 242of offset you want. 243.Bd -literal -offset indent 244BEGIN { FS = ":"} 245{ print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 } 246.Ed 247.Sh HISTORY 248A 249.Nm 250file format appeared in 251.At v6 . 252.Pp 253YP file format first appeared in SunOS. 254