1.\" $NetBSD: passwd.5,v 1.8 1997/11/12 00:49:52 mrg Exp $ 2.\" 3.\" Copyright (c) 1988, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" Portions Copyright (c) 1994, Jason Downs. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)passwd.5 8.1 (Berkeley) 6/5/93 36.\" 37.Dd August 16, 1997 38.Dt PASSWD 5 39.Os 40.Sh NAME 41.Nm passwd , 42.Nm master.passwd 43.Nd format of the password file 44.Sh DESCRIPTION 45The 46.Nm passwd 47files are files consisting of newline separated records, one per user, 48containing ten colon (``:'') separated fields. These fields are as 49follows: 50.Pp 51.Bl -tag -width password -offset indent 52.It name 53User's login name. 54.It password 55User's 56.Em encrypted 57password. 58.It uid 59User's id. 60.It gid 61User's login group id. 62.It class 63User's general classification (unused). 64.It change 65Password change time. 66.It expire 67Account expiration time. 68.It gecos 69General information about the user. 70.It home_dir 71User's home directory. 72.It shell 73User's login shell. 74.El 75.Pp 76The 77.Ar name 78field is the login used to access the computer account, and the 79.Ar uid 80field is the number associated with it. They should both be unique 81across the system (and often across a group of systems) since they 82control file access. 83.Pp 84While it is possible to have multiple entries with identical login names 85and/or identical user id's, it is usually a mistake to do so. Routines 86that manipulate these files will often return only one of the multiple 87entries, and that one by random selection. 88.Pp 89The login name must never begin with a hyphen (``-''); also, it is strongly 90suggested that neither upper-case characters or dots (``.'') be part 91of the name, as this tends to confuse mailers. No field may contain a 92colon (``:'') as this has been used historically to separate the fields 93in the user database. 94.Pp 95The password field is the 96.Em encrypted 97form of the password. 98If the 99.Ar password 100field is empty, no password will be required to gain access to the 101machine. This is almost invariably a mistake. 102Because these files contain the encrypted user passwords, they should 103not be readable by anyone without appropriate privileges. 104.Pp 105The group field is the group that the user will be placed in upon login. 106Since this system supports multiple groups (see 107.Xr groups 1 ) 108this field currently has little special meaning. 109.Pp 110The 111.Ar class 112field is currently unused. In the near future it will be a key to 113a 114.Xr termcap 5 115style database of user attributes. 116.Pp 117The 118.Ar change 119field is the number in seconds, 120.Dv GMT , 121from the epoch, until the 122password for the account must be changed. 123This field may be left empty to turn off the password aging feature. 124If this is set to 125.Dq -1 126then the user will be prompted to change their password at the next 127login. 128.Pp 129The 130.Ar expire 131field is the number in seconds, 132.Dv GMT , 133from the epoch, until the 134account expires. 135This field may be left empty to turn off the account aging feature. 136.Pp 137If either of the 138.Ar change 139or 140.Ar expire 141fields are set, the system will remind the user of the impending 142change or expiry if they login within the 14 days before the event. 143.Pp 144The 145.Ar gecos 146field normally contains comma (``,'') separated subfields as follows: 147.Pp 148.Bl -tag -width office -offset indent -compact 149.It name 150user's full name 151.It office 152user's office number 153.It wphone 154user's work phone number 155.It hphone 156user's home phone number 157.El 158.Pp 159This information is used by the 160.Xr finger 1 161program. 162.Pp 163The user's home directory is the full 164.Tn UNIX 165path name where the user 166will be placed on login. 167.Pp 168The shell field is the command interpreter the user prefers. 169If there is nothing in the 170.Ar shell 171field, the Bourne shell 172.Pq Pa /bin/sh 173is assumed. 174.Sh YP SUPPORT 175If YP is active, the 176.Nm 177file also supports standard YP exclusions and inclusions, based on user 178names and netgroups. 179.Pp 180Lines beginning with a ``-'' (minus sign) are entries marked as being excluded 181from any following inclusions, which are marked with a ``+'' (plus sign). 182.Pp 183If the second character of the line is a ``@'' (at sign), the operation 184involves the user fields of all entries in the netgroup specified by the 185remaining characters of the 186.Ar name 187field. 188Otherwise, the remainder of the 189.Ar name 190field is assumed to be a specific user name. 191.Pp 192The ``+'' token may also be alone in the 193.Ar name 194field, which causes all users from the 195.Pa passwd.byname 196and 197.Pa passwd.byuid 198YP maps to be included. 199.Pp 200If the entry contains non-empty 201.Ar uid 202or 203.Ar gid 204fields, the specified numbers will override the information retrieved 205from the YP maps. As well, if the 206.Ar gecos, 207.Ar dir 208or 209.Ar shell 210entries contain text, it will override the information included via YP. 211On some systems, the 212.Ar passwd 213field may also be overridden. 214.Sh SEE ALSO 215.Xr chpass 1 , 216.Xr login 1 , 217.Xr passwd 1 , 218.Xr getpwent 3 , 219.Xr netgroup 5 , 220.Xr adduser 8 , 221.Xr pwd_mkdb 8 , 222.Xr vipw 8 , 223.Xr yp 8 224.Pp 225.%T "Managing NFS and NIS" 226(O'Reilly & Associates) 227.Sh BUGS 228User information should (and eventually will) be stored elsewhere. 229.Pp 230Placing YP exclusions in the file after any inclusions will have 231unexpected results. 232.Sh COMPATIBILITY 233The password file format has changed since 4.3BSD. 234The following awk script can be used to convert your old-style password 235file into a new style password file. 236The additional fields 237.Dq class , 238.Dq change 239and 240.Dq expire 241are added, but are turned off by default. 242Class is currently not implemented, but change and expire are; to set them, 243use the current day in seconds from the epoch + whatever number of seconds 244of offset you want. 245.Bd -literal -offset indent 246BEGIN { FS = ":"} 247{ print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 } 248.Ed 249.Sh HISTORY 250A 251.Nm 252file format appeared in 253.At v6 . 254.Pp 255YP 256.Nm 257file format first appeared in SunOS. 258