passwd
Purpose
Contains passwords.
Library
Standard C Library (libc.a)
Synopsis
#include (pwd.h)
Description
The passwd file is an ASCII file that contains all the
information that defines a user on the system. It con-
tains the following information:
o Login name
o Encrypted password
o Numerical user ID
o Numerical group ID
o Additional data for each user
o Initial current directory
o Program to use as shell.
Each field is separated from the next by a colon. The
file has general read permission and the passwords are
encrypted. Therefore, a user can use the file to map
numerical user IDs to names without potentially compro-
mising the security of other users.
The adduser command is used to maintain this file. Pro-
grams should use the getpwent subroutines to extract
various fields in this file.
&c2del. If the user password field is null, the user has
no password. &c2off. &c2ins. The user password field
is empty. Encrypted passwords are stored in the
/etc/security/s_user file (see "s_user"). &c2off. If
the program field is null, the shell (/bin/sh) is used.
The program field can contain parameters passed when the
exec system call is issued. Parameters are separated by
space (such as a space or tab characters). A \ (back-
slash) is used for escapement when a parameter contains a
space. The login command accepts the program name and as
many as 14 parameters. Any more than 14 parameters are
ignored. A maximum of 4096 characters can be used for
the program name and its parameters. More than 4096
characters causes login to exit. Parameters in this
field can use symbolic escapement for the following
special characters: \n, \r, \v (produces 013), \b, \t,
and \f. Additionally, \0 through \7 builds a one-byte
octal number. Anything else that is preceded with a \
(backslash) passes through.
The contents of the additional data for each user has the
following format:
full_name / file_limit ; site_info
where:
full_name Contains the name of the user whose
8-character (or fewer) login name is in the
first field.
If a user group list is used, the list may
not exceed 500 eight-character login names.
file_limit Specifies the maximum length file the user
can create. See the login command in AIX
Operating System Commands Reference and the
ulimit system call.
site_info Contains any printable character other than a
colon. This subfield is unused by the system
software and is available for information for
each user as required by applications spe-
cific to the site.
Any or all of the subfields can be omitted. If the
file_limit subfield is omitted, the preceding / (slash)
is omitted and the system-wide default limit is used. If
the site_info subfield is omitted, the preceding ; (semi-
colon) is also omitted. &c2ins. &c2off.
Passwords
The encrypted password is 13 characters long. The char-
acters used come from the extended characters (code page
P0, see "data stream") and may be uppercase or lowercase
characters, numerals, and the . (period) and / (slash)
characters except when the password is null. In this
case, the encrypted password is also null. Password
aging affects a particular user if a comma and a string
of characters that are not null follows the user password
in this file. Such a string must be initially introduced
by a person with superuser authority.
The first character of the age, M for example, is the
maximum number of weeks a password is valid. The next
character, m for example, is the minimum number of weeks,
before the password can be changed. The remaining char-
acters indicate when the password was last changed, given
as the number of weeks since the beginning of 1970 to the
time of the password change. A null string is equivalent
to 0. M and m have numerical values in the range 0
through 63. If m = M = 0, the user is forced to change
the password at the next login. This causes the age to
disappear from the password file entry. If m > M, only
someone with superuser authority is able to change the
password.
File
/etc/passwd
&c2ins.
/etc/security/s_user
&c2off.
Related Information
In this book: "a64l, l64a," "crypt, encrypt,"
"getpwent, getpwuid, getpwnam, setpwent, endpwent,"
"ulimit," "group," &c2ins. "s_user," &c2off. and "data
stream."
The login and passwd commands in AIX Operating System
Commands Reference.
"Overview of International Character Support" in Managing
the AIX Operating System.
&c2ins.