PASSWD(5)                  File formats                 PASSWD(5)

       passwd - password file

       Passwd  is  a  text file, that contains a list of the sys-
       tem's accounts, giving for each account some useful infor-
       mation like user ID, group ID, home directory, shell, etc.
       Often it also contains the encrypted  passwords  for  each
       account.   It  should  have  general read permission (many
       utilities, like ls(1) use it  to  map  user  IDs  to  user
       names), but write access only for the superuser.

       In  the good old days there was no great problem with this
       general  read  permission.   Everybody  could   read   the
       encrypted  passwords,  but  the  hardware  was too slow to
       crack a well-chosen  password,  and  moreover,  the  basic
       assumption  used  to be that of a friendly user-community.
       These days many people run  some  version  of  the  shadow
       password  suite,  where  /etc/passwd  has  *'s  instead of
       encrypted passwords, and the encrypted  passwords  are  in
       /etc/shadow which is readable by the superuser only.

       Regardless  of  whether  shadow  passwords  are used, many
       sysadmins use a star in the encrypted  password  field  to
       make sure that this user can not authenticate him- or her-
       self using a password. (But see the Notes below.)

       If you create a new login, first put a star in  the  pass-
       word field, then use passwd(1) to set it.

       There is one entry per line, and each line has the format:


       The field descriptions are:

              account   the name of the user on the  system.   It
                        should not contain capital letters.

              password  the encrypted user password or a star.

              UID       the numerical user ID.

              GID       the  numerical  primary group ID for this

              GECOS     This field is optional and only used  for
                        informational purposes.  Usually, it con-
                        tains the full user  name.   GECOS  means
                        General  Electric Comprehensive Operating
                        System, which has been  renamed  to  GCOS
                        when GE's large systems division was sold
                        to   Honeywell.    Dennis   Ritchie   has
                        reported: "Sometimes we sent printer out-
                        put or batch jobs to  the  GCOS  machine.
                        The gcos field in the password file was a
                        place to stash the  information  for  the
                        $IDENTcard.  Not elegant."

              directory the user's $HOME directory.

              shell     the  program  to  run at login (if empty,
                        use /bin/sh).  If set to  a  non-existing
                        executable,  the  user  will be unable to
                        login through login(1).

       If you want to create user  groups,  their  GIDs  must  be
       equal  and  there  must  be  an entry in /etc/group, or no
       group will exist.

       If the encrypted password is set to a star, the user  will
       be  unable  to  login  using login(1), but may still login
       using rlogin(1), run existing processes and  initiate  new
       ones  through  rsh(1)  or cron(1) or at(1) or mail filters
       etc.  Trying to lock an account  by  simply  changing  the
       shell field yields the same result and additionally allows
       the use of su(1).


       passwd(1), login(1), su(1), group(5), shadow(5)

                         January 5, 1998                        1