OpenBSD manual page server

Manual Page Search Parameters

GETPWENT(3) Library Functions Manual GETPWENT(3)

getpwent, setpwent, endpwentsequential password database access

#include <pwd.h>

struct passwd *



These functions operate on the password database file which is described in passwd(5). Each entry in the database is defined by the structure struct passwd found in the include file <pwd.h>:

struct passwd {
	char	*pw_name;	/* user name */
	char	*pw_passwd;	/* encrypted password */
	uid_t	pw_uid;		/* user uid */
	gid_t	pw_gid;		/* user gid */
	time_t	pw_change;	/* password change time */
	char	*pw_class;	/* user access class */
	char	*pw_gecos;	/* Honeywell login info */
	char	*pw_dir;	/* home directory */
	char	*pw_shell;	/* default shell */
	time_t	pw_expire;	/* account expiration */

The () function sequentially reads the password database and is intended for programs that wish to process the complete list of users.

It is dangerous for long-running programs to keep the file descriptors open as the database will become out of date if it is updated while the program is running. However the file descriptors are automatically closed when execve(2) is called.

() causes getpwent() to “rewind” to the beginning of the database.

The () function closes any file descriptors opened by setpwent() or getpwent().

These routines have been written to “shadow” the password file, that is, allow only certain programs to have access to the encrypted password. If the process which calls them has an effective UID of 0 or has the “_shadow” group in its group vector, the encrypted password will be returned, otherwise, the password field of the returned structure will point to the string ‘*’.

If YP is active, () also uses the master.passwd.byname YP map (if available) or the passwd.byname YP map. This is in addition to the passwd file, and respects the order of both normal and YP entries in the passwd file.

The getpwent() function returns a valid pointer to a passwd structure on success or a null pointer if end-of-file is reached or an error occurs. Subsequent calls to getpwent(), getpwnam(), getpwnam_shadow(), getpwuid() or getpwuid_shadow() may invalidate the returned pointer or overwrite the contents of the passwd structure it points to.

The endpwent() and setpwent() functions have no return value.

insecure password database file
secure password database file
current password file
legacy password file

The getpwent() function may fail for any of the errors specified for dbopen(3) and its get() routine.

If YP is active, it may also fail due to errors caused by the YP subsystem.

getlogin(2), getgrent(3), getgrouplist(3), getpwnam(3), pw_dup(3), passwd(5), Makefile.yp(8), pwd_mkdb(8), vipw(8), yp(8)

These functions are compliant with the X/Open System Interfaces option of the IEEE Std 1003.1-2008 (“POSIX.1”) specification.

The getpwent(), setpwent(), and endpwent() functions appeared in Version 7 AT&T UNIX.

The historic function setpwfile(), which allowed the specification of alternate password databases, has been deprecated and is no longer available.

The routines getpwent(), endpwent(), and setpwent() are fairly useless in a networked environment and should be avoided, if possible.

September 11, 2022 OpenBSD-7.4