format of the password file
master.passwd file, readable only by
root, consists of newline-separated records, one per user, containing ten
colon separated fields. These fields are as follows:
- User's login name.
- User's encrypted password.
- User's login user ID.
- User's login group ID.
- User's general classification (see login.conf(5)).
- Password change time.
- Account expiration time.
- General information about the user.
- User's home directory.
- User's login shell.
passwd file is
generated from the
master.passwd file by
pwd_mkdb(8) and has the class, change, and expire fields removed.
Also, the encrypted password field is replaced by an asterisk.
The password files should never be edited by hand; vipw(8) should be used instead.
The name field is the login used to access the computer account, and the uid field is the number associated with it. They should both be unique across the system (and often across a group of systems) since they control file access.
While it is possible to have multiple entries with identical login names and/or identical user IDs, it is usually a mistake to do so. Routines that manipulate these files will often return only one of the multiple entries, and that one by random selection.
The login name may be up to 31 characters long. For compatibility
with legacy software, a login name should start with a letter and consist
solely of letters, numbers, dashes and underscores. The login name must
never begin with a dash (‘
it is strongly suggested that neither uppercase characters nor dots
.’) be part of the name, as this
tends to confuse mailers. No field may contain a colon as this has been used
historically to separate the fields in the user database.
The password field is the encrypted form of the
password. If the password field is empty, no password
will be required to gain access to the machine. This is almost invariably a
mistake. By convention, accounts that are not intended to be logged in to
(e.g. bin, daemon, sshd) only contain a single asterisk in the
password field. Note that there is nothing special
*’, it is just one of many
characters that cannot occur in a valid encrypted password (see
crypt(3)). Similarly, login accounts not allowing password
authentication but allowing other authentication methods, for example public
key authentication, conventionally have 13 asterisks in the
password field. Because
master.passwd contains the encrypted user passwords,
it should not be readable by anyone without appropriate privileges.
Configuration for the cipher used to encrypt the password information is contained in login.conf(5).
The group field is the primary group that the user will be placed in upon login. Note that the group(5) file may grant the user access to supplementary groups.
The class field is used by login(1) and other programs to determine which entry in the login.conf(5) database should be used.
The change field is the number in seconds, GMT, from the Epoch, until the password for the account must be changed. This field may be left empty to turn off the password aging feature.
The expire field is the number in seconds, GMT, from the Epoch, until the account expires. This field may be left empty to turn off the account aging feature.
The gecos field normally contains comma separated subfields as follows:
- User's full name.
- User's office location.
- User's work phone number.
- User's home phone number.
The full name may contain an ampersand
&’), which will be replaced by
the capitalized login name when the gecos field is displayed or used by
various programs such as
The office and phone number subfields, if they exist, are used by the finger(1) program and possibly by other applications.
The home_dir field is the full path name of a directory to be used as the initial working directory for the user's login shell. Usually, it is owned by the user and by the user's primary group.
The shell field is the command interpreter the user prefers. If there is nothing in the shell field, the default shell (/bin/sh) is assumed. Accounts that are not intended to be logged in to usually have a shell of /sbin/nologin.
If YP is active, the
passwd file also
supports standard YP exclusions and inclusions, based on user names and
Lines beginning with a ‘
(minus sign) are entries marked as being excluded from any following
inclusions, which are marked with a
+’ (plus sign).
If the second character of the line is a
@’ (at sign), the operation involves
the user fields of all entries in the netgroup specified by the remaining
characters of the name field. Otherwise, the remainder
of the name field is assumed to be a specific user
+’ token may also be
alone in the name field, which causes all users from
the passwd.byname and
passwd.byuid YP maps to be included.
If the entry contains non-empty uid or gid fields, the specified numbers will override the information retrieved from the YP maps. Additionally, if the gecos, dir, or shell entries contain text, it will override the information included via YP. On some systems, the passwd field may also be overridden. It is recommended that the standard way to enable YP passwd support in /etc/master.passwd is:
which after pwd_mkdb(8) will result in /etc/passwd containing:
When YP is enabled but temporarily unavailable, login becomes impossible for all users except those having an entry in the netid(5) file.
chpass(1), login(1), passwd(1), crypt(3), getpwent(3), login.conf(5), netgroup(5), netid(5), adduser(8), Makefile.yp(8), pwd_mkdb(8), vipw(8), yp(8)
Managing NFS and NIS (O'Reilly & Associates)
passwd file format first appeared in
Version 1 AT&T UNIX. The gecos field
first appeared in Version 3 AT&T UNIX;
since the same version, the passwords are encrypted. The gid field first
appeared in Version 5 AT&T UNIX; the
class, change and expire fields as well as the
master.passwd file in
The YP file format first appeared in SunOS.
Placing YP exclusions in the file after any inclusions does not cancel the earlier inclusions.