CONTENTS

DESCRIPTION

For consistency, none of these files should ever be modified manually.

The master.passwd file is readable only by root, and consists of newline separated records, one per user, containing ten colon (‘‘:’’) separated fields. These fields are as follows:

The passwd file is generated from the master.passwd file by pwd_mkdb(8), has the class, change, and expire fields removed, and the password field replaced by a ‘*’ character. In the master.passwd file, a password of ‘*’ is used to indicate that no one can ever log into that account using password authentication (logins through other forms of authentication, i.e. using ssh(1) keys, will still work). The field only contains encrypted passwords, and ‘*’ can never be the result of encrypting a password.

The name field is the login used to access the computer account, and the uid field is the number associated with it. They should both be unique across the system (and often across a group of systems) since they control file access.

While it is possible to have multiple entries with identical login names and/or identical user id’s, it is usually a mistake to do so. Routines that manipulate these files will often return only one of the multiple entries, and that one by random selection.

The login name must never begin with a hyphen (‘‘-’’); also, it is strongly suggested that neither upper-case characters or dots (‘‘.’’) be part of the name, as this tends to confuse mailers. No field may contain a colon (‘‘:’’) as this has been used historically to separate the fields in the user database.

The password field is the encrypted form of the password, see crypt(3). If the password field is empty, no password will be required to gain access to the machine. This is almost invariably a mistake. Because these files contain the encrypted user passwords, they should not be readable by anyone without appropriate privileges.

The group field is the group that the user will be placed in upon login. Since this system supports multiple groups (see groups(1)) this field currently has little special meaning.

The class field is a key for a user’s login class. Login classes are defined in login.conf(5), which is a termcap(5) style database of user attributes, accounting, resource, and environment settings.

The change field is the number of seconds from the epoch, UTC, until the password for the account must be changed. This field may be left empty to turn off the password aging feature.

The expire field is the number of seconds from the epoch, UTC, until the account expires. This field may be left empty to turn off the account aging feature.

The gecos field normally contains comma (‘‘,’’) separated subfields as follows:

The full name may contain a ampersand (‘‘&’’) which will be replaced by the capitalized login name when the gecos field is displayed or used by various programs such as finger(1), sendmail(8), etc.

The office and phone number subfields are used by the finger(1) program, and possibly other applications.

The user’s home directory is the full Unix path name where the user will be placed on login.

NIS SUPPORT

COMPAT SUPPORT

Lines beginning with a ‘‘-’’ (minus sign) are entries marked as being excluded from any following inclusions, which are marked with a ‘‘+’’ (plus sign).

If the second character of the line is a ‘‘@’’ (at sign), the operation involves the user fields of all entries in the netgroup specified by the remaining characters of the name field. Otherwise, the remainder of the name field is assumed to be a specific user name.

The ‘‘+’’ token may also be alone in the name field, which causes all users from either the Hesiod domain passwd (with 'passwd_compat: dns') or 'passwd.byname' and 'passwd.byuid' NIS maps (with 'passwd_compat: nis') to be included.

COMPATIBILITY

SEE ALSO