Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

getpwent(3)

crypt(3)

ypsync(8)

ypserv(8)

login(1)

passwd(1)

crontab(1)

group(4)

ypfiles(4)



  passwd(4)                           CLIX                           passwd(4)



  NAME

    passwd, passwd.local, passwd.yp - System user password files

  DESCRIPTION

    A system's /etc/passwd file is an ASCII file that contains account access
    and login information for each user on that system.  Each user or system
    account entry is on a separate line; each field within each user's entry
    is separated from the next by a colon.  The fields appear on each line in
    the following order:

    Login name     The user's login account name.  It must contain no
                   uppercase characters, and must not be more than eight
                   characters in length.

    Password       The user's encrypted password, plus any password aging
                   information.  If the field is null (::), no password is
                   demanded.  If the field contains a comma-dot combination
                   (,.), a password change is forced upon next login.  If the
                   field contains an asterisk (*), logins are prevented
                   (usually applies only to certain system accounts).

    Numerical user ID
                   The user ID (UID) that uniquely identifies the user in the
                   system.  This number ranges from 0 (reserved for root) to
                   59,999.

    Numerical group ID
                   The group ID (GID) to which the user belongs in the system.
                   This number ranges from 1 to 59,999.

    User information
                   A field that may include information such as the user's
                   name, office location, and phone number.  If the field
                   contains an ampersand (&), the user's login name is
                   inserted.

    Initial working directory
                   The directory in which the user is placed upon login, also
                   known as the home directory.

    Shell          The shell program used when the user logs in.  If the field
                   is null, /bin/sh is used.

    If a user's encrypted password is followed by a comma (,) and four
    alphanumeric characters, that user's password is subject to password
    aging, forcing the user to change the login password periodically.  A
    password aging subfield is appended to an encrypted password, using the
    following syntax:




  2/94 - Intergraph Corporation                                              1







  passwd(4)                           CLIX                           passwd(4)



    ,Mmww

    The characters in the subfield are defined as follows:

    M       Maximum time (in weeks) that passes before the user is forced to
            provide a new password.

    m       Minimum time (in weeks) that passes before the user is allowed to
            change a password.

    ww      Time (in weeks) since January 1, 1970 that the last change occured
            (created by the system when a new password is implemented).

    The characters representing the number of weeks are defined as follows:

    .        0 weeks.

    /        1 week.

    0 - 9    2 through 11 weeks.

    A - Z    12 through 37 weeks.

    a - z    38 through 63 weeks.

    If a login on the system is not being used, but should not be removed from
    the system, it can be locked against unauthorized use.  To lock a login,
    change the encrypted password field to contain one or more characters that
    are not used by the encryption process.  A common and noticeable way to do
    this is to change the password field to Locked; (the semicolon character
    is not used for encryption).

    On systems running the Network Information Service (NIS), the /etc/passwd
    file is generated by selectively combining the /etc/passwd.local file on
    the client with entries from the /etc/passwd.yp file on the NIS master
    server.  This combination normally occurs at system boot time.  On
    networks where the /etc/passwd.yp file changes much more frequently than
    system boot, the ypsync command can be run from a crontab file to force a
    new /etc/passwd file to be generated more frequently.

    The passwd.local file can have lines beginning with a plus sign (+), which
    means to incorporate entries from NIS.  There are two styles of + entries.
    A + line means to insert the entire contents of the NIS password file at
    that point; a +name line means to insert the entry (if any) for name from
    NIS at that point.  If a + entry has a non-null password, directory, user
    name, or shell field, it overrides what is contained in NIS.  The
    numerical UID and GID fields cannot be overridden.

  EXAMPLES

    Here is a sample /etc/passwd file:



  2                                              Intergraph Corporation - 2/94







  passwd(4)                           CLIX                           passwd(4)



    root:OtG6xCSnq6PE3:0:3:Admin(root):/:/bin/ksh
    daemon:*:1:12:Admin(daemon):/:
    bin:*:2:2:Admin(bin):/bin:
    sys:TIIp1xFzxybK2:3:3:Admin(sys):/usr/src:/bin/ksh
    adm:*:4:4:Admin(adm):/usr/adm:
    uucp:*:5:1:uucp:/usr/lib/uucp:
    nuucp:!:6:1:nuucp:/usr/spool/uucppublic:/usr/lib/uucp/uucico
    setup:*:0:0:admin login:/usr/admin:/bin/rsh
    sysadm:*:0:0:admin login:/usr/admin:/bin/rsh
    powerdown:*:0:0:admin login:/usr/admin:/bin/rsh
    sync:*:20:1:Admin(sync):/:/bin/sync
    listen:*:21:3:rfs name server:/usr/net/nls:
    rje:*:68:8:rje:/usr/rje:
    shqer:*:69:8:rje:/usr/rje:
    lp:*:71:2:lp:/usr/spool/lp:
    johndoe::DqLLO1LXuTTyI,O07G:100:1:John Doe:/usr/johndoe:/bin/ksh
    janedoe:.GDP7Jted3i3l,O0MG:101:1:Jane Doe:/usr/janedoe:/bin/ksh

    In this example, user logins johndoe and janedoe are subject to password
    aging; the root login account is not subject to password aging.

    To change the password aging for the johndoe login account, specifying a
    6-week wait between forced password changes and a 2-week delay before the
    user can change a new password, edit the /etc/passwd line for johndoe to
    appear as follows:

    johndoe::DqLLO1LXuTTyI,40:100:1:John Doe:/usr/johndoe:/bin/ksh


    The password aging subfield defines the maximim and minimum times as 4
    (for 6 weeks) and 0 (for 2 weeks).  When johndoe next logs in, the system
    will force a password change and append the ww characters to the end of
    the password aging subfield.

    To lock the janedoe login account, edit the /etc/passwd line for janedoe
    to appear as follows:

    janedoe:Locked;:102:1:Jane Doe:/usr/janedoe:/bin/ksh


    Here is a sample /etc/passwd.local file:

    root:q.mJzTnu8icF.:0:10:Administrator:/:/bin/ksh
    +doug:::::/usr/guest:/bin/rksh
    tut:6k/7KCFRPNVXg:508:10:Bill Tuthill:/usr2/tut:/bin/ksh
    +john:
    +:::guest

    In this example, there are specific entries for users root and tut, in
    case NIS is out of order.  The user john will have his password entry in
    NIS incorporated without change.  Anyone else will be able to log in with



  2/94 - Intergraph Corporation                                              3







  passwd(4)                           CLIX                           passwd(4)



    their usual password, shell, and home directory, but only under the login
    account guest.

  NOTES

    Take precautions to lock the /etc/passwd file against simultaneous changes
    when modified with a text editor.

    Because of the encrypted passwords, the file has general read permission
    and can be used, for example, to map numerical UIDs to names.

  RELATED INFORMATION

    Functions:  getpwent(3), crypt(3)

    Commands:  ypsync(8), ypserv(8), login(1), passwd(1), crontab(1)

    Files:  group(4), ypfiles(4)




































  4                                              Intergraph Corporation - 2/94

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026