| 1 | .TH PASSWD 5
|
|---|
| 2 | .SH NAME
|
|---|
| 3 | passwd, group, shadow \- user and group databases, shadow passwords
|
|---|
| 4 | .SH SYNOPSIS
|
|---|
| 5 | .B /etc/passwd
|
|---|
| 6 | .br
|
|---|
| 7 | .B /etc/group
|
|---|
| 8 | .br
|
|---|
| 9 | .B /etc/shadow
|
|---|
| 10 | .SH DESCRIPTION
|
|---|
| 11 | .B /etc/passwd
|
|---|
| 12 | lists all the users of the system, and
|
|---|
| 13 | .B /etc/group
|
|---|
| 14 | lists all the groups the users may belong to. Both files also contain
|
|---|
| 15 | encrypted passwords, numeric ID's etc. Encrypted passwords may be hidden
|
|---|
| 16 | in the file
|
|---|
| 17 | .B /etc/shadow
|
|---|
| 18 | if extra protection is warranted.
|
|---|
| 19 | .PP
|
|---|
| 20 | Each file is an text file containing one line per user or group. The data
|
|---|
| 21 | fields on a line are separated by colons. Each line in the password file
|
|---|
| 22 | has the following form:
|
|---|
| 23 | .PP
|
|---|
| 24 | .RS
|
|---|
| 25 | .I name:passwd:uid:gid:gecos:dir:shell
|
|---|
| 26 | .RE
|
|---|
| 27 | .PP
|
|---|
| 28 | The
|
|---|
| 29 | .I name
|
|---|
| 30 | field is the login name of a user, it is up to 8 letters or numbers long
|
|---|
| 31 | starting with a letter. The login name must be unique.
|
|---|
| 32 | The
|
|---|
| 33 | .I password
|
|---|
| 34 | field is either empty (no password), a 13 character encrypted password as
|
|---|
| 35 | returned by
|
|---|
| 36 | .BR crypt (3),
|
|---|
| 37 | or a login name preceded by two number signs (#) to index the shadow
|
|---|
| 38 | password file. Anything else (usually \(**) is invalid.
|
|---|
| 39 | The
|
|---|
| 40 | .I uid
|
|---|
| 41 | and
|
|---|
| 42 | .I gid
|
|---|
| 43 | fields are two numbers indicating the users user-id and group-id. These
|
|---|
| 44 | id's do not have to be unique, there may be more than one name with the same
|
|---|
| 45 | id's.
|
|---|
| 46 | The
|
|---|
| 47 | .I gecos
|
|---|
| 48 | field can be set by the user. It is expected to be a comma separated list
|
|---|
| 49 | of personal data where the first item is the full name of the user.
|
|---|
| 50 | The
|
|---|
| 51 | .I dir
|
|---|
| 52 | field
|
|---|
| 53 | is the path name of the users home directory.
|
|---|
| 54 | Lastly the
|
|---|
| 55 | .I shell
|
|---|
| 56 | field is the path name of the users login shell, it may be empty to indicate
|
|---|
| 57 | .BR /bin/sh .
|
|---|
| 58 | A MINIX 3 specific extension allows the shell field to contain extra space
|
|---|
| 59 | separated arguments for the shell.
|
|---|
| 60 | .PP
|
|---|
| 61 | Lines in the group file consist of four fields:
|
|---|
| 62 | .PP
|
|---|
| 63 | .RS
|
|---|
| 64 | .I name:passwd:gid:mem
|
|---|
| 65 | .RE
|
|---|
| 66 | .PP
|
|---|
| 67 | The
|
|---|
| 68 | .I name
|
|---|
| 69 | field is the name of the group, same restrictions as a login name.
|
|---|
| 70 | The
|
|---|
| 71 | .I passwd
|
|---|
| 72 | field may be used to let users change groups.
|
|---|
| 73 | The
|
|---|
| 74 | .I gid
|
|---|
| 75 | field is a number telling the group-id. The group-id is unique for a group.
|
|---|
| 76 | The
|
|---|
| 77 | .I mem
|
|---|
| 78 | field is a comma separated list of login names that are special members of
|
|---|
| 79 | the group. If a system supports supplementary group id's then a user's set
|
|---|
| 80 | of supplementary group id's is set to all the groups they are a member of.
|
|---|
| 81 | If a system allows one to change groups then one can change to a group one
|
|---|
| 82 | is a member of without using the group's password.
|
|---|
| 83 | .PP
|
|---|
| 84 | The shadow password file has precisely the same form as the password file,
|
|---|
| 85 | except that only the
|
|---|
| 86 | .I name
|
|---|
| 87 | or
|
|---|
| 88 | .I passwd
|
|---|
| 89 | fields are used as yet. The other fields are zero or empty. A password in
|
|---|
| 90 | the password file may have the form
|
|---|
| 91 | .BI "##" user
|
|---|
| 92 | to indicate the entry
|
|---|
| 93 | .I user
|
|---|
| 94 | in the shadow password file. The password in this entry is then used for
|
|---|
| 95 | authentication of the user. The shadow file can only be read by the
|
|---|
| 96 | privileged utility
|
|---|
| 97 | .BR pwdauth (8),
|
|---|
| 98 | so that the encrypted passwords in the shadow file are kept secret, and thus
|
|---|
| 99 | safe from a dictionary attack.
|
|---|
| 100 | .SS "Special password and group file entries"
|
|---|
| 101 | There are several entries in the password and group files that are
|
|---|
| 102 | preallocated for current or future use. All id's less than 10 are reserved.
|
|---|
| 103 | The special password file entries are:
|
|---|
| 104 | .PP
|
|---|
| 105 | .RS
|
|---|
| 106 | .nf
|
|---|
| 107 | root:##root:0:0:Big Brother:/usr/src:
|
|---|
| 108 | daemon:*:1:1:The Deuce:/etc:
|
|---|
| 109 | bin:##root:2:0:Binaries:/usr/src:
|
|---|
| 110 | uucp:*:5:5:UNIX to UNIX copy:/usr/spool/uucp:/usr/sbin/uucico
|
|---|
| 111 | news:*:6:6:Usenet news:/usr/spool/news:
|
|---|
| 112 | ftp:*:7:7:Anonymous FTP:/usr/ftp:
|
|---|
| 113 | nobody:*:9999:99::/tmp:
|
|---|
| 114 | ast:*:8:3:Andrew S. Tanenbaum:/usr/ast:
|
|---|
| 115 | .fi
|
|---|
| 116 | .RE
|
|---|
| 117 | .PP
|
|---|
| 118 | The
|
|---|
| 119 | .B root
|
|---|
| 120 | id is of course the super user.
|
|---|
| 121 | The
|
|---|
| 122 | .B daemon
|
|---|
| 123 | id is used by some daemons. Some devices are protected so that only those
|
|---|
| 124 | daemons can access them.
|
|---|
| 125 | The
|
|---|
| 126 | .B bin
|
|---|
| 127 | id owns all sources and most binaries.
|
|---|
| 128 | The
|
|---|
| 129 | .BR uucp ,
|
|---|
| 130 | .BR news
|
|---|
| 131 | and
|
|---|
| 132 | .BR ftp
|
|---|
| 133 | id's are for serial line data transfer, usenet news, or ftp if so needed.
|
|---|
| 134 | The
|
|---|
| 135 | .B nobody
|
|---|
| 136 | id is used in those cases that a program may not have any privileges at all.
|
|---|
| 137 | The
|
|---|
| 138 | .B ast
|
|---|
| 139 | id is the honorary home directory for Andrew S. Tanenbaum, the creator of
|
|---|
| 140 | MINIX 3. You can also find the initial contents for a new home directory
|
|---|
| 141 | there.
|
|---|
| 142 | .PP
|
|---|
| 143 | The special group file entries are:
|
|---|
| 144 | .PP
|
|---|
| 145 | .RS
|
|---|
| 146 | .nf
|
|---|
| 147 | operator:*:0:
|
|---|
| 148 | daemon:*:1:
|
|---|
| 149 | bin:*:2:
|
|---|
| 150 | other:*:3:
|
|---|
| 151 | tty:*:4:
|
|---|
| 152 | uucp:*:5:
|
|---|
| 153 | news:*:6:
|
|---|
| 154 | ftp:*:7:
|
|---|
| 155 | kmem:*:8:
|
|---|
| 156 | nogroup:*:99:
|
|---|
| 157 | .fi
|
|---|
| 158 | .RE
|
|---|
| 159 | .PP
|
|---|
| 160 | Groups with the same name as special user id are used with those id's.
|
|---|
| 161 | The
|
|---|
| 162 | .B operator
|
|---|
| 163 | group is for the administrators of the system. Users in this group are
|
|---|
| 164 | granted special privileges.
|
|---|
| 165 | The
|
|---|
| 166 | .B other
|
|---|
| 167 | group is for ordinary users.
|
|---|
| 168 | The
|
|---|
| 169 | .B tty
|
|---|
| 170 | group is for terminal devices, and associated set-gid commands.
|
|---|
| 171 | Same thing with the
|
|---|
| 172 | .B kmem
|
|---|
| 173 | group and memory devices.
|
|---|
| 174 | .SH FILES
|
|---|
| 175 | .TP 15n
|
|---|
| 176 | .B /etc/passwd
|
|---|
| 177 | The user database.
|
|---|
| 178 | .TP
|
|---|
| 179 | .B /etc/group
|
|---|
| 180 | The group database.
|
|---|
| 181 | .TP
|
|---|
| 182 | .B /etc/shadow
|
|---|
| 183 | The shadow password file.
|
|---|
| 184 | .SH "SEE ALSO"
|
|---|
| 185 | .BR login (1),
|
|---|
| 186 | .BR passwd (1),
|
|---|
| 187 | .BR su (1),
|
|---|
| 188 | .BR crypt (3),
|
|---|
| 189 | .BR getpwent (3),
|
|---|
| 190 | .BR getgrent (3),
|
|---|
| 191 | .BR pwdauth (8).
|
|---|
| 192 | .SH NOTES
|
|---|
| 193 | The
|
|---|
| 194 | .B nobody
|
|---|
| 195 | and
|
|---|
| 196 | .B nogroup
|
|---|
| 197 | id's are likely to be renumbered to the highest possible id's once it is
|
|---|
| 198 | figured out what they are.
|
|---|
| 199 | .SH AUTHOR
|
|---|
| 200 | Kees J. Bot (kjb@cs.vu.nl)
|
|---|
