passwd man page on OpenBSD

Man page or keyword search:  
man Server   11362 pages
apropos Keyword Search (all sections)
Output format
OpenBSD logo
[printable version]

PASSWD(5)		  OpenBSD Programmer's Manual		     PASSWD(5)

NAME
     passwd, master.passwd - format of the password file

DESCRIPTION
     The master.passwd file, readable only by root, consists of newline-
     separated records, one per user, containing ten colon (`:') separated
     fields.  These fields are as follows:

	   name	     User's login name.
	   password  User's encrypted password.
	   uid	     User's login user ID.
	   gid	     User's login group ID.
	   class     User's general classification (see login.conf(5)).
	   change    Password change time.
	   expire    Account expiration time.
	   gecos     General information about the user.
	   home_dir  User's home directory.
	   shell     User's login shell.

     The publicly-readable passwd file is generated from the master.passwd
     file by pwd_mkdb(8) and has the class, change, and expire fields removed.
     Also, the encrypted password field is replaced by an asterisk (`*').

     The password files should never be edited by hand; vipw(8) should be used
     instead.

     The name field is the login used to access the computer account, and the
     uid field is the number associated with it.  They should both be unique
     across the system (and often across a group of systems) since they
     control file access.

     While it is possible to have multiple entries with identical login names
     and/or identical user IDs, it is usually a mistake to do so.  Routines
     that manipulate these files will often return only one of the multiple
     entries, and that one by random selection.

     The login name may be up to 31 characters long.  For compatibility with
     legacy software, a login name should start with a letter and consist
     solely of letters, numbers, dashes and underscores.  The login name must
     never begin with a hyphen (`-'); also, it is strongly suggested that
     neither uppercase characters nor dots (`.') be part of the name, as this
     tends to confuse mailers.	No field may contain a colon as this has been
     used historically to separate the fields in the user database.

     The password field is the encrypted form of the password.	If the
     password field is empty, no password will be required to gain access to
     the machine.  This is almost invariably a mistake.	 By convention,
     accounts that are not intended to be logged in to (e.g. bin, daemon,
     sshd) have a star (`*') in the password field.  Note that there is
     nothing special about `*', it is just one of many strings that is not a
     valid encrypted password (see crypt(3)).  Because master.passwd contains
     the encrypted user passwords, it should not be readable by anyone without
     appropriate privileges.

     Which type of cipher is used to encrypt the password information depends
     on the configuration in login.conf(5).  It can be different for local and
     YP passwords.

     The group field is the group that the user will be placed in upon login.
     Since this system supports multiple groups (see groups(1)) this field
     currently has little special meaning.

     The class field is used by login(1) and other programs to determine which
     entry in the login.conf(5) database should be used.

     The change field is the number in seconds, GMT, from the Epoch, until the
     password for the account must be changed.	This field may be left empty
     to turn off the password aging feature.

     The expire field is the number in seconds, GMT, from the Epoch, until the
     account expires.  This field may be left empty to turn off the account
     aging feature.

     The gecos field normally contains comma (`,') separated subfields as
     follows:

	   name	   User's full name.
	   office  User's office location.
	   wphone  User's work phone number.
	   hphone  User's home phone number.

     The full name may contain an ampersand (`&'), which will be replaced by
     the capitalized login name when the gecos field is displayed or used by
     various programs such as finger(1), sendmail(8), etc.

     The office and phone number subfields, if they exist, are used by the
     finger(1) program and possibly by other applications.

     The home_dir field (the user's home directory) is the full UNIX pathname
     where the user will be placed on login.

     The shell field is the command interpreter the user prefers.  If there is
     nothing in the shell field, the Bourne shell (/bin/sh) is assumed.
     Accounts that are not intended to be logged in to usually have a shell of
     /sbin/nologin.

YP SUPPORT
     If YP is active, the passwd file also supports standard YP exclusions and
     inclusions, based on user names and netgroups.

     Lines beginning with a `-' (minus sign) are entries marked as being
     excluded from any following inclusions, which are marked with a `+' (plus
     sign).

     If the second character of the line is a `@' (at sign), the operation
     involves the user fields of all entries in the netgroup specified by the
     remaining characters of the name field.  Otherwise, the remainder of the
     name field is assumed to be a specific user name.

     The `+' token may also be alone in the name field, which causes all users
     from the passwd.byname and passwd.byuid YP maps to be included.

     If the entry contains non-empty uid or gid fields, the specified numbers
     will override the information retrieved from the YP maps.	Additionally,
     if the gecos, dir, or shell entries contain text, it will override the
     information included via YP.  On some systems, the passwd field may also
     be overridden.  It is recommended that the standard way to enable YP
     passwd support in /etc/master.passwd is:

     +:*::::::::

     which after pwd_mkdb(8) will result in /etc/passwd containing:

     +:*:0:0:::

     When YP is enabled but temporarily unavailable, login becomes impossible
     for all users except those having an entry in the netid(5) file.

SEE ALSO
     chpass(1), login(1), passwd(1), crypt(3), getpwent(3), login.conf(5),
     netgroup(5), netid(5), adduser(8), Makefile.yp(8), pwd_mkdb(8), vipw(8),
     yp(8)

     Managing NFS and NIS (O'Reilly & Associates)

STANDARDS
     The password file format has changed since 4.3BSD.	 The following awk(1)
     script can be used to convert your old-style password file into a new
     style password file.  The additional fields ``class'', ``change'', and
     ``expire'' are added, but are turned off by default.  To set change and
     expire use the current day in seconds from the Epoch plus the number of
     seconds of offset desired.

	   BEGIN { FS = ":"}
	   { print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 }

HISTORY
     A passwd file format appeared in Version 3 AT&T UNIX.

     The YP file format first appeared in SunOS.

BUGS
     User information should (and eventually will) be stored elsewhere.

     Placing YP exclusions in the file after any inclusions will have
     unexpected results.

OpenBSD 4.9			March 27, 2009			   OpenBSD 4.9
[top]

List of man pages available for OpenBSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net