PASSWD(4) — HP-UX
NAME
passwd − password file, pwd.h
DESCRIPTION
Passwd contains for each user the following information:
login name
encrypted password
numerical user ID
numerical group ID
reserved field, which may be used for identification
initial working directory
program to use as shell
This is an ASCII file. Each field within each user’s entry is separated from the next by a colon. Each user is separated from the next by a new-line. If the password field is null, no password is demanded. If the shell field is null, /bin/sh is used.
This file resides in directory /etc. Because of the encrypted passwords, it can and does have general read permission and can be used, for example, to map numerical user IDs to names.
The encrypted password consists of 13 characters chosen from a 64-character set of "digits" described below, except when the password is null, in which case the encrypted password is also null. Login can be prevented by entering in the password field a character that is not part of the set of digits (e.g., ∗).
The characters used to represent "digits" are . for 0, / for 1, 0 through 9 for 2−11, A through Z for 12−37, and a through z for 38−63.
Password aging is effected for a particular user if his encrypted password in the password file is followed by a comma and a non-null string of characters from the above alphabet. (Such a string must be introduced in the first instance by the super-user.) This string defines the "age" needed to implement password aging.
The first character of the age, M say, denotes the maximum number of weeks for which a password is valid. A user who attempts to login after his password has expired will be forced to supply a new one. The next character, m say, denotes the minimum period in weeks which must expire before the password may be changed. The remaining characters define the week (counted from the beginning of 1970) when the password was last changed. (A null string is equivalent to zero.) M and m have numerical values in the range 0−63 that correspond to the 64-character set of "digits" shown above. If m = M = 0 (derived from the string . or ..) the user will be forced to change his password the next time he logs in (and the “age” will disappear from his entry in the password file). If m > M (signified, e.g., by the string ./) only the super-user will be able to change the password.
Pwd.h designates the broken out password file as obtained by getpwent(3C):
struct passwd {
| char | ∗pw_name; | |
| char | ∗pw_passwd; | |
| int | pw_uid; | |
| int | pw_gid; | |
| char | ∗pw_age; | |
| char | ∗pw_comment; | |
| char | ∗pw_gecos; | |
| char | ∗pw_dir; | |
| char | ∗pw_shell; |
};
It is suggested that the range 0-99 not be used for user and group ID’s (pw_uid and pw_gid in the above structure) so that IDs which may be assigned for system software do not conflict.
The user’s full name, office location, extension, and home phone stored in the pw_gecos field of the passwd structure can be set with the chfn(1) command and is used by the finger(1) command. These two commands assume the information in this field is in the order listed above. A portion of the user’s real name may be represented in the pw_gecos field by an & character, which some utilities (including finger(1)) expand by substituting the login name for it and then shifting the first letter of the login name to uppercase.
NETWORKING FEATURES
NFS
The passwd file can have entries that begin with a plus (+) or minus (-) sign in the first column. Such lines are used to access the Yellow Page network database. A line beginning with a plus (+) is used to incorporate entries from the Yellow Pages. There are three styles of + entries: all by itself, + means to insert the entire contents of the Yellow Pages password file at that point; +name means to insert the entry (if any) for name from the Yellow Pages at that point; +@name means to insert the entries for all members of the network group name at that point. If a + entry has a non-null password, directory, gecos, or shell field, they will override what is contained in the Yellow Pages. The numerical user ID and group ID fields cannot be overridden.
The passwd file can also have lines beginning with a minus (-), which disallow entries from the Yellow Pages. There are two styles of - entries: -name means to disallow any subsequent entries (if any) for name, and -@name means to disallow any subsequent entries for all members of the network group name.
WARNINGS
The uid 17 is reserved for the Pascal Language operating system. The uid 18 is reserved for the BASIC Language operating system. These are operating systems for the Series 300 computers that can co-exist with HP-UX on the same disk. Using these uids for other purposes may inhibit file transfer and sharing.
The information kept in the pw_gecos field may conflict with unsupported or future uses of this field. The use of the pw_gecos field for keeping user identification information has not been formalized within any of the industry standards. The current use of this field is derived from its use within the Berkeley Software Distribution. Future standards may define this field for other purposes.
DEPENDENCIES
Series 300, 500
The following fields have character limitations as noted:
the login name field can be no longer than 8 characters;
the initial working directory field can be no longer than 63 characters;
the program field can be no longer than 44 characters.
The results are unpredictable if these fields are longer than the limits specified above.
NFS
EXAMPLES
Here is a sample /etc/passwd file:
root:3Km/o4Cyq84Xc:0:10:System Administrator:/:/bin/sh
joeuser:r4hRJr4GJ4CqE:100:50:Joe User,Post 4A,12345,:/users/joeuser:/bin/csh
+john:
-bob:
+@documentation:no-login:
-@marketing:
+:::Guest
In this example, there are specific entries for users root and joeuser, in case the Yellow Pages are out of order. The user john will have his password entry in the Yellow Pages incorporated without change; any subsequent entries for the user bob will be ignored; anyone in the netgroup documentation will have their password field disabled; anyone in the netgroup marketing will not be returned by getpwent(3C) and thus not allowed to login, and anyone else will be able to log in with their usual password, shell, and home directory, but with a pw_gecos field of Guest.
WARNINGS
The plus (+) and minus (-) features are part of NFS. Therefore if NFS is not installed, then these features will not work.
The uid of -2 is reserved for remote root access with NFS. The pw_name usually given to this uid is nobody. Since uid are stored as unsigned values, the following define is included in pwd.h to match the user nobody.
#define UID_NOBODY ((ushort) 0xfffe)
SEE ALSO
netgroup(4).
FILES
/etc/passwd
SEE ALSO
chfn(1), finger(1), login(1), passwd(1), a64l(3C), crypt(3C), getpwent(3C), group(4).
Hewlett-Packard Company — Version B.1, May 11, 2021