1.\" $NetBSD: passwd.5,v 1.5 1997/06/27 16:10:12 lukem Exp $ 2.\" 3.\" Copyright (c) 1988, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" Portions Copyright (c) 1994, Jason Downs. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)passwd.5 8.1 (Berkeley) 6/5/93 36.\" 37.Dd July 18, 1995 38.Dt PASSWD 5 39.Os 40.Sh NAME 41.Nm passwd 42.Nd format of the password file 43.Sh DESCRIPTION 44The 45.Nm passwd 46files are files consisting of newline separated records, one per user, 47containing ten colon (``:'') separated fields. These fields are as 48follows: 49.Pp 50.Bl -tag -width password -offset indent 51.It name 52User's login name. 53.It password 54User's 55.Em encrypted 56password. 57.It uid 58User's id. 59.It gid 60User's login group id. 61.It class 62User's general classification (unused). 63.It change 64Password change time. 65.It expire 66Account expiration time. 67.It gecos 68General information about the user. 69.It home_dir 70User's home directory. 71.It shell 72User's login shell. 73.El 74.Pp 75The 76.Ar name 77field is the login used to access the computer account, and the 78.Ar uid 79field is the number associated with it. They should both be unique 80across the system (and often across a group of systems) since they 81control file access. 82.Pp 83While it is possible to have multiple entries with identical login names 84and/or identical user id's, it is usually a mistake to do so. Routines 85that manipulate these files will often return only one of the multiple 86entries, and that one by random selection. 87.Pp 88The login name must never begin with a hyphen (``-''); also, it is strongly 89suggested that neither upper-case characters or dots (``.'') be part 90of the name, as this tends to confuse mailers. No field may contain a 91colon (``:'') as this has been used historically to separate the fields 92in the user database. 93.Pp 94The password field is the 95.Em encrypted 96form of the password. 97If the 98.Ar password 99field is empty, no password will be required to gain access to the 100machine. This is almost invariably a mistake. 101Because these files contain the encrypted user passwords, they should 102not be readable by anyone without appropriate privileges. 103.Pp 104The group field is the group that the user will be placed in upon login. 105Since this system supports multiple groups (see 106.Xr groups 1 ) 107this field currently has little special meaning. 108.Pp 109The 110.Ar class 111field is currently unused. In the near future it will be a key to 112a 113.Xr termcap 5 114style database of user attributes. 115.Pp 116The 117.Ar change 118field is the number in seconds, 119.Dv GMT , 120from the epoch, until the 121password for the account must be changed. 122This field may be left empty to turn off the password aging feature. 123.Pp 124The 125.Ar expire 126field is the number in seconds, 127.Dv GMT , 128from the epoch, until the 129account expires. 130This field may be left empty to turn off the account aging feature. 131.Pp 132The 133.Ar gecos 134field normally contains comma (``,'') separated subfields as follows: 135.Pp 136.Bl -tag -width office -offset indent -compact 137.It name 138user's full name 139.It office 140user's office number 141.It wphone 142user's work phone number 143.It hphone 144user's home phone number 145.El 146.Pp 147This information is used by the 148.Xr finger 1 149program. 150.Pp 151The user's home directory is the full 152.Tn UNIX 153path name where the user 154will be placed on login. 155.Pp 156The shell field is the command interpreter the user prefers. 157If there is nothing in the 158.Ar shell 159field, the Bourne shell 160.Pq Pa /bin/sh 161is assumed. 162.Sh YP SUPPORT 163If YP is active, the 164.Nm 165file also supports standard YP exclusions and inclusions, based on user 166names and netgroups. 167.Pp 168Lines beginning with a ``-'' (minus sign) are entries marked as being excluded 169from any following inclusions, which are marked with a ``+'' (plus sign). 170.Pp 171If the second character of the line is a ``@'' (at sign), the operation 172involves the user fields of all entries in the netgroup specified by the 173remaining characters of the 174.Ar name 175field. 176Otherwise, the remainder of the 177.Ar name 178field is assumed to be a specific user name. 179.Pp 180The ``+'' token may also be alone in the 181.Ar name 182field, which causes all users from the 183.Pa passwd.byname 184and 185.Pa passwd.byuid 186YP maps to be included. 187.Pp 188If the entry contains non-empty 189.Ar uid 190or 191.Ar gid 192fields, the specified numbers will override the information retrieved 193from the YP maps. As well, if the 194.Ar gecos, 195.Ar dir 196or 197.Ar shell 198entries contain text, it will override the information included via YP. 199On some systems, the 200.Ar passwd 201field may also be overriden. 202.Sh SEE ALSO 203.Xr chpass 1 , 204.Xr login 1 , 205.Xr passwd 1 , 206.Xr getpwent 3 , 207.Xr netgroup 5 , 208.Xr adduser 8 , 209.Xr pwd_mkdb 8 , 210.Xr vipw 8 , 211.Xr yp 8 212.Pp 213.%T "Managing NFS and NIS" 214(O'Reilly & Associates) 215.Sh BUGS 216User information should (and eventually will) be stored elsewhere. 217.Pp 218Placing YP exclusions in the file after any inclusions will have 219unexpected results. 220.Sh COMPATIBILITY 221The password file format has changed since 4.3BSD. 222The following awk script can be used to convert your old-style password 223file into a new style password file. 224The additional fields 225.Dq class , 226.Dq change 227and 228.Dq expire 229are added, but are turned off by default. 230Class is currently not implemented, but change and expire are; to set them, 231use the current day in seconds from the epoch + whatever number of seconds 232of offset you want. 233.Bd -literal -offset indent 234BEGIN { FS = ":"} 235{ print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 } 236.Ed 237.Sh HISTORY 238A 239.Nm 240file format appeared in 241.At v6 . 242.Pp 243YP file format first appeared in SunOS. 244