passwd(4) DG/UX 5.4 Rel. 2.01 passwd(4)
NAME
passwd - password file
SYNOPSIS
/etc/passwd
DESCRIPTION
The passwd file is an ISO 8859 file containing basic information
about each user's account. The file contains a one-line entry for
each user allowed to log in to the system. Each entry has the
following format:
username:password:uid:gid:gcos-field:home-dir:login-shell
where
username User's login name. This field contains no up
percase characters, must be ASCII characters
only, and must not be more than USR_NAME [see
limits(4)] characters long.
password The user's encrypted password. If this field
is empty, login(1) does not request a password
before logging the user in.
uid The user's user identification number (UID) for
the system. The UID must be unique; otherwise,
users with the same UID will be able to access
each other's files. uid is generally a value
between 0 and 32767.
gid The user's group identification number (GID)
for the system. gid is generally a value be
tween 0 and 32767.
gcos-field The user's real name, along with information to
pass along in a mail-message heading. Some
system administrators use this field to contain
the user's office, extension, home phone, and
so on. It is called the GCOS field for histor
ical reasons. An ampersand (&) in this field
stands for the login name (in cases where the
login name appears in a user's real name).
home-dir The pathname of the directory to which the user
is initially positioned when logging in.
login-shell The user's initial shell program. If this
field is empty, the default shell is /bin/sh
unless you are running the Network File System
(NFS); in that case the default is /usr/bin/sh.
Because the encrypted passwords on a secure system are kept in the
passwd.adjunct file, /etc/passwd has general read permission on all
Licensed material--property of copyright holder(s) 1
passwd(4) DG/UX 5.4 Rel. 2.01 passwd(4)
systems, and can be used by routines that map UIDs to names.
The encrypted password consists of 13 characters chosen from a
64-character alphabet ( . , / , 0-9 , A-Z , a-z ), except when the
password is null. In that case, the encrypted password is also null.
Password aging is affected for a particular user if the user's en
crypted password in the password file is followed by a comma and a
non-null string of characters from the above alphabet (such a string
must first be introduced by the superuser).
The first character of the age denotes the maximum number of weeks
for which a password is valid. If you try to login after your pass
word has expired, you must supply a new one. The next character de
notes the minimum period in weeks that must elapse before the pass
word may be changed. The remaining characters define the week
(counted from the beginning of 1970) when the password was last
changed ( a null string is equivalent to zero). The first and second
characters have numerical values in the range 0-63 that correspond to
the 64-character alphabet shown above (i.e., / = 1 week; z = 63
weeks). If both characters are equal to zero (derived from the
string "." or ".."), you must change your password the next time you
login. The age will disappear from your entry in the password file.
If the second character is greater than the first (signified, e.g.,
by the string "./"), then only the superuser will be able to change
the password.
ONC/NFS Features
If you are using DG/UX Open Network Computing/Network File System
(ONC/NFS), additional features are available. The passwd file can
also have lines beginning with a plus (+), which means to incorporate
entries from the Network Information Service (NIS).
There are three styles of + entries: by itself, + means to insert the
entire contents of the NIS password file at that point; +name means
to insert the entry (if any) for name from NIS at that point; +@net
group means to insert the entries for all members of the network
group netgroup at that point. If a +name entry has a non-null pass
word, gcos-field, home-dir, or login-shell field, they will override
what is contained in NIS. The uid and gid fields cannot be overrid
den.
Entries beginning with a minus sign (-) are also allowed. They have
two formats: -name and -@name. The meaning of these formats is the
same as for +name and +@name, respectively, except that the action is
reversed; all members matched are considered to be excluded from the
password file, regardless of subsequent entries. Minus entries can
be used to exclude specific entries from NIS.
Appropriate precautions must be taken to lock the /etc/passwd file
against simultaneous changes if it is to be edited with a text edi
tor; vipw(1M) does the necessary locking.
Licensed material--property of copyright holder(s) 2
passwd(4) DG/UX 5.4 Rel. 2.01 passwd(4)
EXAMPLE
Here is a sample /etc/passwd file:
root:q.mJzTnu8icF.:0:10:God:/:/bin/csh
tut:6k/7KCFRPNVXg:508:10:Bill Tuthill:/usr/tut:/bin/csh
+john:
-@documentation:no-login:
+:::Guest
john::605:20:John Smith:/usr/john:
In this example, there are specific entries for users root and tut,
in case NIS is not running. (See Managing ONC/NFS and Its Facilities
on the DG/UX System.) The user john will have his password entry in
NIS incorporated without change; anyone in the netgroup documentation
will have their password field disabled, and anyone else will be able
to login with their usual password, shell, and home directory, but
with a GCOS field of Guest.
The second entry for john in this example will not be used if NIS is
running; the first entry for a given user name will be used if multi
ple entries exist.
Appropriate precautions must be taken to lock the /etc/passwd file
against simultaneous changes if it is to be edited with a text edi
tor; vipw(1M) does the necessary locking. The password file can be
scanned for inconsistencies using pwck(1M).
ONC/NFS Example
The following example relates to ONC/NFS and NIS:
root:q.mJzTnu8icF.:0:10:Super User:/:/bin/csh
fred:6k/7KCFRPNVXg:508:10:% Fredericks:/usr2/fred:/bin/csh
+john:
+@documentation:no-login:
+::::Guest
In this example, there are specific entries for users root and fred,
to assure that they can log in even when the system is running stan
dalone. The user john will have his password entry in the Network
Information Service incorporated without change; anyone in the net
group documentation will have their password field disabled, and any
one else will be able to log in with their usual password, shell, and
home directory, but with a GCOS field of Guest.
FILES
/etc/passwd
SEE ALSO
login(1), mail(1), passwd(1), pwck(1M), sendmail(1M), useradd(1M),
vipw(1M), crypt(3C), crypt(3X), getpwent(3C), group(4), limits(4),
iso-88591(5).
BUGS
The mail(1) and sendmail(1M) programs use the GCOS field to compose
Licensed material--property of copyright holder(s) 3
passwd(4) DG/UX 5.4 Rel. 2.01 passwd(4)
the From: line for addressing mail messages, but these programs get
confused by nested parentheses when composing replies. This problem
can be avoided by using different types of brackets within the GCOS
field; for example:
(& Fredricks [Podunk U <EE/CIS>] {818}-555-5555)
Licensed material--property of copyright holder(s) 4