OpenBSD manual page server

Manual Page Search Parameters

GETPWENT(3) Library Functions Manual GETPWENT(3)

getpwent, setpwent, endpwentsequential password database access

#include <sys/types.h>
#include <pwd.h>

struct passwd *
getpwent(void);

void
setpwent(void);

void
endpwent(void);

These functions operate on the password database file which is described in passwd(5). Each entry in the database is defined by the structure struct passwd found in the include file ⟨pwd.h⟩:

struct passwd {
	char	*pw_name;	/* user name */
	char	*pw_passwd;	/* encrypted password */
	uid_t	pw_uid;		/* user uid */
	gid_t	pw_gid;		/* user gid */
	time_t	pw_change;	/* password change time */
	char	*pw_class;	/* user access class */
	char	*pw_gecos;	/* Honeywell login info */
	char	*pw_dir;	/* home directory */
	char	*pw_shell;	/* default shell */
	time_t	pw_expire;	/* account expiration */
};

The () function sequentially reads the password database and is intended for programs that wish to process the complete list of users.

It is dangerous for long-running programs to keep the file descriptors open as the database will become out of date if it is updated while the program is running. Furthermore, programs that run child processes should be careful to call () to close these descriptors before calling execve(2) or system(3).

() causes getpwent() to “rewind” to the beginning of the database.

The () function closes any file descriptors opened by setpwent() or getpwent().

These routines have been written to “shadow” the password file, that is, allow only certain programs to have access to the encrypted password. If the process which calls them has an effective UID of 0 or has the “_shadow” group in its group vector, the encrypted password will be returned, otherwise, the password field of the returned structure will point to the string ‘*’.

If YP is active, () also uses the master.passwd.byname YP map (if available) or the passwd.byname YP map. This is in addition to the passwd file, and respects the order of both normal and YP entries in the passwd file.

The getpwent() function returns a valid pointer to a passwd structure on success or a null pointer if end-of-file is reached or an error occurs.

The endpwent() and setpwent() functions have no return value.

/etc/pwd.db
insecure password database file
/etc/spwd.db
secure password database file
/etc/master.passwd
current password file
/etc/passwd
a Version 7 format password file

getlogin(2), getgrent(3), getgrouplist(3), getpwnam(3), pw_dup(3), passwd(5), Makefile.yp(8), pwd_mkdb(8), vipw(8), yp(8)

The getpwent(), setpwent(), and endpwent() functions appeared in Version 7 AT&T UNIX.

The historic function setpwfile(3), which allowed the specification of alternate password databases, has been deprecated and is no longer available.

The getpwent() function stores its results in an internal static buffer and returns a pointer to that buffer. Subsequent calls to getpwent(), getpwnam(), or getpwuid() will overwrite the same buffer.

The routines getpwent(), endpwent(), and setpwent() are fairly useless in a networked environment and should be avoided, if possible.

June 5, 2013 OpenBSD-5.4