format of the password file
file, readable only by
root, consists of newline-separated records, one per user, containing ten
colon separated fields. These fields are as follows:
- User's login name.
- User's encrypted password.
- User's login user ID.
- User's login group ID.
- User's general classification (see
- Password change time.
- Account expiration time.
- General information about the user.
- User's home directory.
- User's login shell.
generated from the
and has the class,
change, and expire fields removed. Also, the encrypted password field is
replaced by an asterisk.
The password files should never be edited by hand;
should be used instead.
field is the login used to access the
computer account, and the uid
field is the
number associated with it. They should both be unique across the system (and
often across a group of systems) since they control file access.
While it is possible to have multiple entries with identical login names and/or
identical user IDs, it is usually a mistake to do so. Routines that manipulate
these files will often return only one of the multiple entries, and that one
by random selection.
The login name may be up to 31 characters long. For compatibility with legacy
software, a login name should start with a letter and consist solely of
letters, numbers, dashes and underscores. The login name must never begin with
a dash (‘
’); also, it is strongly
suggested that neither uppercase characters nor dots
’) be part of the name, as this tends
to confuse mailers. No field may contain a colon as this has been used
historically to separate the fields in the user database.
The password field is the encrypted
form of the
password. If the password
field is empty, no
password will be required to gain access to the machine. This is almost
invariably a mistake. By convention, accounts that are not intended to be
logged in to (e.g. bin, daemon, sshd) only contain a single asterisk in the
field. Note that there is nothing
special about ‘
’, it is just one of
many characters that cannot occur in a valid encrypted password (see
). Similarly, login
accounts not allowing password authentication but allowing other
authentication methods, for example public key authentication, conventionally
have 13 asterisks in the password
encrypted user passwords, it should not be readable by anyone without
Configuration for the cipher used to encrypt the password information is
contained in login.conf(5)
field is the primary group that the
user will be placed in upon login. Note that the
file may grant the user
access to supplementary groups.
field is used by
and other programs to
determine which entry in the
should be used.
field is the number in seconds, GMT,
from the Epoch, until the password for the account must be changed. This field
may be left empty to turn off the password aging feature.
field is the number in seconds, GMT,
from the Epoch, until the account expires. This field may be left empty to
turn off the account aging feature.
field normally contains comma
separated subfields as follows:
- User's full name.
- User's office location.
- User's work phone number.
- User's home phone number.
The full name may contain an ampersand
’), which will be replaced by the
capitalized login name when the gecos field is displayed or used by various
programs such as finger(1)
The office and phone number subfields, if they exist, are used by the
program and possibly
by other applications.
field is the full path name of a
directory to be used as the initial working directory for the user's login
shell. Usually, it is owned by the user and by the user's primary
field is the command interpreter the
user prefers. If there is nothing in the
field, the default shell
) is assumed. Accounts that are not
intended to be logged in to usually have a shell of
If YP is active, the
supports standard YP exclusions and inclusions, based on user names and
Lines beginning with a ‘
’ (minus sign)
are entries marked as being excluded from any following inclusions, which are
marked with a ‘
’ (plus sign).
If the second character of the line is a
’ (at sign), the operation involves
the user fields of all entries in the netgroup specified by the remaining
characters of the name
field. Otherwise, the
remainder of the name
field is assumed to be
a specific user name.
’ token may also be alone in the
field, which causes all users from the
YP maps to be included.
If the entry contains non-empty uid
fields, the specified numbers will
override the information retrieved from the YP maps. Additionally, if the
entries contain text, it will
override the information included via YP. On some systems, the
field may also be overridden. It is
recommended that the standard way to enable YP passwd support in
which after pwd_mkdb(8)
result in /etc/passwd
When YP is enabled but temporarily unavailable, login becomes impossible for all
users except those having an entry in the
Managing NFS and NIS
(O'Reilly & Associates)
file format first appeared in
Version 1 AT&T UNIX
. The gecos field first
appeared in Version 3 AT&T UNIX
; since the
same version, the passwords are encrypted. The gid field first appeared in
Version 5 AT&T UNIX
; the class, change and
expire fields as well as the
file in 4.3BSD-Reno
The YP file format first appeared in SunOS.
Placing YP exclusions in the file after any inclusions does not cancel the