passwd - password file


     Passwd is a text file, that contains a list of the  system's
     accounts,  giving  for  each account some useful information
     like user ID, group ID, home directory, shell,  etc.   Often
     it  also  contains the encrypted passwords for each account.
     It should have general read permission (many utilities, like
     ls(1)  use  it  to  map  user  IDs to user names), but write
     access only for the superuser.

     In the good old days there was no great  problem  with  this
     general read permission.  Everybody could read the encrypted
     passwords, but the hardware was too slow to  crack  a  well-
     chosen  password, and moreover, the basic assumption used to
     be that of a friendly user-community.  These days many  peo-
     ple  run  some  version  of the shadow password suite, where
     /etc/passwd has *'s instead of encrypted passwords, and  the
     encrypted  passwords are in /etc/shadow which is readable by
     the superuser only.

     Regardless of whether shadow passwords are used, many sysad-
     mins use a star in the encrypted password field to make sure
     that this user can not authenticate him- or herself using  a
     password. (But see the Notes below.)

     If you create a new login, first put a star in the  password
     field, then use passwd(1) to set it.

     There is one entry per line, and each line has the format:


     The field descriptions are:

          account   the name of  the  user  on  the  system.   It
                    should not contain capital letters.

          password  the encrypted user password or a star.

          UID       the numerical user ID.

          GID       the numerical primary group ID for this user.

          GECOS     This field is  optional  and  only  used  for
                    informational purposes.  Usually, it contains
                    the full  user  name.   GECOS  means  General
                    Electric   Comprehensive   Operating  System,
                    which has been  renamed  to  GCOS  when  GE's
                    large systems division was sold to Honeywell.
                    Dennis Ritchie has  reported:  "Sometimes  we
                    sent printer output or batch jobs to the GCOS
                    machine.  The gcos field in the password file
                    was  a place to stash the information for the
                    $IDENTcard.  Not elegant."

          directory the user's $HOME directory.

          shell     the program to run at login  (if  empty,  use
                    /bin/sh).   If  set to a non-existing execut-
                    able,  the  user  will  be  unable  to  login
                    through login(1).


     If you want to create user groups, their GIDs must be  equal
     and  there  must be an entry in /etc/group, or no group will

     If the encrypted password is set to a star, the user will be
     unable  to  login  using login(1), but may still login using
     rlogin(1), run existing  processes  and  initiate  new  ones
     through  rsh(1)  or  cron(1)  or  at(1) or mail filters etc.
     Trying to lock an account by simply changing the shell field
     yields  the  same  result and additionally allows the use of




     passwd(1), login(1), su(1), group(5), shadow(5)