passwd(4) DG/UX R4.11MU05 passwd(4)
NAME
passwd - password file
SYNOPSIS
/etc/passwd
DESCRIPTION
The passwd file is an ISO 8859 file containing basic information
about each user's account. The file contains a one-line entry for
each user allowed to log in to the system. Each entry has the
following format:
username:password:uid:gid:gcos-field:home-dir:login-shell
where
username User's login name. This field contains no up
percase characters, must be ASCII characters
only, and should not be more than eight charac
ters long.
password The user's encrypted password. If this field
is empty, login(1) does not request a password
before logging the user in. (On a system with
DG/UX information security, login(1) and other
session initiators will perform the steps spec
ified in the authentication procedure associat
ed with a user's authorization.)
uid The user's user identification number (UID) for
the system. The UID must be unique; otherwise,
users with the same UID will be able to access
each other's files. uid is generally a value
between 0 and 32767.
gid The user's group identification number (GID)
for the system. gid is generally a value be
tween 0 and 32767.
gcos-field The user's real name, along with information to
pass along in a mail-message heading. Some
system administrators use this field to contain
the user's office, extension, home phone, and
so on. It is called the GCOS field for histor
ical reasons. An ampersand (&) in this field
stands for the login name (in cases where the
login name appears in a user's real name).
home-dir The pathname of the directory to which the user
is initially positioned when logging in.
login-shell The user's initial shell program. If this
field is empty, the default shell is /bin/sh
unless you are running the Network File System
(NFS); in that case the default is /usr/bin/sh.
The encrypted password consists of 13 characters chosen from a
64-character alphabet ( . , / , 0-9 , A-Z , a-z ), except when the
password is null. In that case, the encrypted password is also null.
Password aging is affected for a particular user if the user's en
crypted password in the password file is followed by a comma and a
non-null string of characters from the above alphabet (such a string
must first be introduced by a user with appropriate privilege (See
NOTES, below)).
The first character of the age denotes the maximum number of weeks
for which a password is valid. If you try to login after your pass
word has expired, you must supply a new one. The next character de
notes the minimum period in weeks that must elapse before the pass
word may be changed. The remaining characters define the week
(counted from the beginning of 1970) when the password was last
changed ( a null string is equivalent to zero). The first and second
characters have numerical values in the range 0-63 that correspond to
the 64-character alphabet shown above (i.e., / = 1 week; z = 63
weeks). If both characters are equal to zero (derived from the
string "." or ".."), you must change your password the next time you
login. The age will disappear from your entry in the password file.
If the second character is greater than the first (signified, e.g.,
by the string "./"), then only a user with appropriate privilege (See
NOTES, below) will be able to change the password.
On a system with DG/UX information security, login(1) and password
aging are handled differently -- see Managing Security on the
DG/UX(TM) System. Also, the passwd file is automatically rewritten
whenever sysadm(1M) is used to add, delete, or modify a user or group
entry in the A&A database, and whenever a user changes their pass
word. Any changes intended to persist should be made using
sysadm(1M), not in the passwd file itself. (An exception is made for
a + as the last line of the passwd file -- see below.)
ONC/NFS Features
If you are using DG/UX Open Network Computing/Network File System
(ONC/NFS), additional features are available. The passwd file can
also have lines beginning with a plus (+), which means to incorporate
entries from the Network Information Service (NIS).
There are three styles of + entries: by itself, + means to insert the
entire contents of the NIS password file at that point; +name means
to insert the entry (if any) for name from NIS at that point; +@net
group means to insert the entries for all members of the network
group netgroup at that point. If a +name entry has a non-null pass
word, gcos-field, home-dir, or login-shell field, they will override
what is contained in NIS. The uid and gid fields cannot be overrid
den.
Entries beginning with a minus sign (-) are also allowed. They have
two formats: -name and -@name. The meaning of these formats is the
same as for +name and +@name, respectively, except that the action is
reversed; all members matched are considered to be excluded from the
password file, regardless of subsequent entries. Minus entries can
be used to exclude specific entries from NIS.
On a system with DG/UX information security, only the + by itself is
supported, and only as the last line of the passwd file. If + is
manually inserted as the last line of the passwd file (using
vipw(1M), say), that line will be preserved through any sysadm(1M)
and password change activity.
Appropriate precautions must be taken to lock the /etc/passwd file
against simultaneous changes if it is to be edited with a text edi
tor; vipw(1M) does the necessary locking. Do not edit the
/etc/passwd file except to add or remove the "+" entry from the last
line. Any other changes will be lost the next time sysadm(1M) is
used to add, modify, or delete a user account, or the next time any
one changes a password.
EXAMPLE
Here is a sample /etc/passwd file:
root:q.mJzTnu8icF.:0:10:The Admin:/:/bin/csh
tut:6k/7KCFRPNVXg:508:10:Bill Tuthill:/usr/tut:/bin/csh
+john:
-@documentation:no-login:
+:::Guest
john::605:20:John Smith:/usr/john:
+
In this example, there are specific entries for users root and tut,
in case NIS is not running. (See Managing ONC/NFS and Its Facilities
on the DG/UX System.) The user john will have his password entry in
NIS incorporated without change; anyone in the netgroup documentation
will have their password field disabled, and anyone else will be able
to login with their usual password, shell, and home directory, but
with a GCOS field of Guest.
The second entry for john in this example will not be used if NIS is
running; the first entry for a given user name will be used if multi
ple entries exist.
Appropriate precautions must be taken to lock the /etc/passwd file
against simultaneous changes if it is to be edited with a text edi
tor; vipw(1M) does the necessary locking. The password file can be
scanned for inconsistencies using pwck(1M).
ONC/NFS Example
The following example relates to ONC/NFS and NIS:
root:q.mJzTnu8icF.:0:10:Super User:/:/bin/csh
fred:6k/7KCFRPNVXg:508:10:% Fredericks:/usr2/fred:/bin/csh
+john:
+@documentation:no-login:
+::::Guest
In this example, there are specific entries for users root and fred,
to assure that they can log in even when the system is running stan
dalone. The user john will have his password entry in the Network
Information Service incorporated without change; anyone in the net
group documentation will have their password field disabled, and any
one else will be able to log in with their usual password, shell, and
home directory, but with a GCOS field of Guest.
NOTES
On a generic DG/UX system, appropriate privilege is granted by having
an effective UID of 0 (root). See the appropriate_privilege(5) man
page for more information.
On a system with DG/UX information security, appropriate privilege is
granted by having one or more specific capabilities enabled in the
effective capability set of the user. See the cap_defaults(5) man
page for more information.
FILES
/etc/passwd
SEE ALSO
login(1), mail(1), passwd(1), pwck(1M), sendmail(1M), useradd(1M),
vipw(1M), crypt(3C), crypt(3X), getpwent(3C), group(4), limits(4),
iso-88591(5), appropriate_privilege(5).
Managing Security on the DG/UX(TM) System.
BUGS
The mail(1) and sendmail(1M) programs use the GCOS field to compose
the From: line for addressing mail messages, but these programs get
confused by nested parentheses when composing replies. This problem
can be avoided by using different types of brackets within the GCOS
field; for example:
(& Fredricks [Podunk U <EE/CIS>] {818}-555-5555)
Licensed material--property of copyright holder(s)