man/man5/passwd.5

.\" Copyright (c) 1988, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" %sccs.include.redist.man%
.\"
.\"     @(#)passwd.5	8.1 (Berkeley) 06/05/93
.\"
.Dd
.Dt PASSWD 5
.Os
.Sh NAME
.Nm passwd
.Nd format of the password file
.Sh DESCRIPTION
The
.Nm passwd
files are files consisting of newline separated records, one per user,
containing ten colon (``:'') separated fields.  These fields are as
follows:
.Pp
.Bl -tag -width password -offset indent
.It name
User's login name.
.It password
User's
.Em encrypted
password.
.It uid
User's id.
.It gid
User's login group id.
.It class
User's general classification (unused).
.It change
Password change time.
.It expire
Account expiration time.
.It gecos
General information about the user.
.It home_dir
User's home directory.
.It shell
User's login shell.
.El
.Pp
The
.Ar name
field is the login used to access the computer account, and the
.Ar uid
field is the number associated with it.  They should both be unique
across the system (and often across a group of systems) since they
control file access.
.Pp
While it is possible to have multiple entries with identical login names
and/or identical user id's, it is usually a mistake to do so.  Routines
that manipulate these files will often return only one of the multiple
entries, and that one by random selection.
.Pp
The login name must never begin with a hyphen (``-''); also, it is strongly
suggested that neither upper-case characters or dots (``.'') be part
of the name, as this tends to confuse mailers.  No field may contain a
colon (``:'') as this has been used historically to separate the fields
in the user database.
.Pp
The password field is the
.Em encrypted
form of the password.
If the
.Ar password
field is empty, no password will be required to gain access to the
machine.  This is almost invariably a mistake.
Because these files contain the encrypted user passwords, they should
not be readable by anyone without appropriate privileges.
.Pp
The group field is the group that the user will be placed in upon login.
Since this system supports multiple groups (see
.Xr groups 1 )
this field currently has little special meaning.
.Pp
The
.Ar class
field is currently unused.  In the near future it will be a key to
a
.Xr termcap 5
style database of user attributes.
.Pp
The
.Ar change
field is the number in seconds,
.Dv GMT ,
from the epoch, until the
password for the account must be changed.
This field may be left empty to turn off the password aging feature.
.Pp
The
.Ar expire
field is the number in seconds,
.Dv GMT ,
from the epoch, until the
account expires.
This field may be left empty to turn off the account aging feature.
.Pp
The
.Ar gecos
field normally contains comma (``,'') separated subfields as follows:
.Pp
.Bd -unfilled -offset indent
name		user's full name
office		user's office number
wphone		user's work phone number
hphone		user's home phone number
.Ed
.Pp
This information is used by the
.Xr finger 1
program.
.Pp
The user's home directory is the full
.Tn UNIX
path name where the user
will be placed on login.
.Pp
The shell field is the command interpreter the user prefers.
If there is nothing in the
.Ar shell
field, the Bourne shell
.Pq Pa /bin/sh
is assumed.
.Sh SEE ALSO
.Xr chpass 1 ,
.Xr login 1 ,
.Xr passwd 1 ,
.Xr getpwent 3 ,
.Xr adduser 8 ,
.Xr pwd_mkdb 8 ,
.Xr vipw 8
.Sh BUGS
User information should (and eventually will) be stored elsewhere.
.Sh COMPATIBILITY
The password file format has changed since 4.3BSD.
The following awk script can be used to convert your old-style password
file into a new style password file.
The additional fields
.Dq class ,
.Dq change
and
.Dq expire
are added, but are turned off by default.
Class is currently not implemented, but change and expire are; to set them,
use the current day in seconds from the epoch + whatever number of seconds
of offset you want.
.Bd -literal -offset indent
BEGIN { FS = ":"}
{ print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 }
.Ed
.Sh HISTORY
A
.Nm
file format appeared in
.At v6 .