passwd(4) C2 Trusted DG/UX 5.4.2T passwd(4)
NAME
passwd - password file
SYNOPSIS
/etc/passwd
DESCRIPTION
The passwd file is an ASCII file containing basic information about
each user's account. The file contains a one-line entry for each
user allowed to log in to the system. Each entry has the following
format:
username:password:uid:gid:gcos-field:home-dir:login-shell
where
username User's login name. This field contains no up
percase characters, and must not be more than
USR_NAME [see limits(4)] characters long.
password The user's encrypted password. If this field
is empty, login(1) does not request a password
before logging the user in. (On a Trusted
DG/UX system, login(1) always requests a pass
word.)
uid The user's user identification number (UID) for
the system. The UID must be unique; otherwise,
users with the same UID will be able to access
each other's files. uid is generally a value
between 0 and 32767.
gid The user's group identification number (GID)
for the system. gid is generally a value be
tween 0 an 32767.
gcos-field The user's real name, along with information to
pass along in a mail-message heading. Some
system administrators use this field to contain
the user's office, extension, home phone, and
so on. It is called the GCOS field for histor
ical reasons. An ampersand (&) in this field
stands for the login name (in cases where the
login name appears in a user's real name).
home-dir The pathname of the directory to which the user
is initially positioned when logging in.
login-shell The user's initial shell program. If this
field is empty, the default shell is /bin/sh
unless you are running the Network File System
(NFS); in that case the default is /usr/bin/sh.
The encrypted password consists of 13 characters chosen from a
Licensed material--property of copyright holder(s) 1
passwd(4) C2 Trusted DG/UX 5.4.2T passwd(4)
64-character alphabet ( . , / , 0-9 , A-Z , a-z ), except when the
password is null. In that case, the encrypted password is also null.
Password aging is affected for a particular user if the user's en
crypted password in the password file is followed by a comma and a
non-null string of characters from the above alphabet (such a string
must first be introduced by the superuser).
The first character of the age denotes the maximum number of weeks
for which a password is valid. If you try to login after your pass
word has expired, you must supply a new one. The next character de
notes the minimum period in weeks that must elapse before the pass
word may be changed. The remaining characters define the week
(counted from the beginning of 1970) when the password was last
changed ( a null string is equivalent to zero). The first and second
characters have numerical values in the range 0-63 that correspond to
the 64-character alphabet shown above (i.e., / = 1 week; z = 63
weeks). If both characters are equal to zero (derived from the
string "." or ".."), you must change your password the next time you
login. The age will disappear from your entry in the password file.
If the second character is greater than the first (signified, e.g.,
by the string "./"), then only the superuser will be able to change
the password.
On a Trusted DG/UX system, login(1) and password aging are handled
differently -- see Trusted Facility Manual for the C2 Trusted DG/UX
System. Also, the passwd file is automatically rewritten whenever
sysadm(1M) is used to add, delete, or modify a user or group entry in
the A&A database, and whenever a user changes their password. Any
changes intended to persist should be made using sysadm(1M), not in
the passwd file itself. (An exception is made for a + as the last
line of the passwd file -- see below.)
ONC/NFS Features
If you are using DG/UX Open Network Computing/Network File System
(ONC/NFS), additional features are available. The passwd file can
also have lines beginning with a plus (+), which means to incorporate
entries from the Network Information Service (NIS).
There are three styles of + entries: by itself, + means to insert the
entire contents of the NIS password file at that point; +name means
to insert the entry (if any) for name from NIS at that point; +@net
group means to insert the entries for all members of the network
group netgroup at that point. If a +name entry has a non-null pass
word, gcos-field, home-dir, or login-shell field, they will override
what is contained in NIS. The uid and gid fields cannot be overrid
den.
Entries beginning with a minus sign (-) are also allowed. They have
two formats: -name and -@name. The meaning of these formats is the
same as for +name and +@name, respectively, except that the action is
reversed; all members matched are considered to be excluded from the
password file, regardless of subsequent entries. Minus entries can
be used to exclude specific entries from NIS.
Licensed material--property of copyright holder(s) 2
passwd(4) C2 Trusted DG/UX 5.4.2T passwd(4)
On a Trusted DG/UX system, only the + by itself is supported, and on
ly as the last line of the passwd file. If + is manually inserted as
the last line of the passwd file (using vipw(1M), say), that line
will be preserved through any sysadm(1M) and password change activi
ty.
Appropriate precautions must be taken to lock the /etc/passwd file
against simultaneous changes if it is to be edited with a text edi
tor; vipw(1M) does the necessary locking. Do not edit the
/etc/passwd file except to add or remove the "+" entry from the last
line. Any other changes will be lost the next time sysadm(1M) is
used to add, modify, or delete a user account, or the next time any
one changes a password.
EXAMPLE
Here is a sample /etc/passwd file:
root:q.mJzTnu8icF.:0:10:God:/:/bin/csh
tut:6k/7KCFRPNVXg:508:10:Bill Tuthill:/usr/tut:/bin/csh
john::605:20:John Smith:/usr/john:
+
In this example there are specific entries for users root, tut, and
john (from the A&A database), and anyone else in the NIS database
will be represented in /etc/passwd.
FILES
/etc/passwd
SEE ALSO
login(1), mail(1), passwd(1), pwck(1M), sendmail(1C), useradd(1M),
vipw(1M), crypt(3C), crypt(3X), getpwent(3C), group(4), limits(4).
BUGS
The mail(1) and sendmail(1C) programs use the GCOS field to compose
the From: line for addressing mail messages, but these programs get
confused by nested parentheses when composing replies. This problem
can be avoided by using different types of brackets within the GCOS
field; for example:
(& Fredricks [Podunk U <EE/CIS>] {818}-555-5555)
Licensed material--property of copyright holder(s) 3