HP-UX Reference (11i v2 03/08) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

241

242

243

244

245

246

247

248

249

250

passwd(4) passwd(4)

NAME

passwd - password ﬁle

SYNOPSIS

#include <pwd.h>

DESCRIPTION

/etc/passwd contains the following information for each user:

• login name

• encrypted password

• numerical user ID

• numerical group ID

• reserved gecos ID

• initial working directory

• program to use as shell

This is an ASCII ﬁle. Each ﬁeld within each user’s entry is separated from the next by a colon. Each user

is separated from the next by a newline. This ﬁle resides in the

/etc directory. It can and does have

general read permission and can be used, for example, to map numerical user IDs to names.

getpwent (3C) returns a pointer to a user’s entry passwd structure declared in

<pwd.h>

The login name must begin with an alpha character and may only contain alphanumeric and underscore

characters. If the login directory is null, the user will be placed in / by default. If the login shell is null,

/usr/bin/sh is used.

It is suggested that the range 0−99 not be used for user and group IDs so that IDs that might be assigned

for system software do not conﬂict.

The gecos ﬁeld may contain the following identiﬁcation: user’s full name, ofﬁce location, extension, and

home phone. The gecos ﬁeld can be set by use of the

chfn command and is displayed by the

finger

command (see chfn (1) and ﬁnger(1)). These two commands assume the information in this ﬁeld is in the

order listed above. A portion of the user’s real name can be represented in the gecos ﬁeld by an

& charac-

ter, which some utilities (including

finger) expand by substituting the login name for it and shifting the

ﬁrst letter of the login name to uppercase.

Password Field

On a non-shadowed standard system, all password ﬁelds contain the actual encrypted password. On a

shadowed standard system, all password ﬁelds contain an ‘x’, while the actual encrypted passwords reside

/etc/shadow. On a trusted system, all password ﬁelds contain a ‘*’ and the actual encrypted pass-

words reside in the Protected Password Database.

The following description of the password ﬁeld applies only to the password ﬁeld of an entry in

/etc/passwd that contains an actual encrypted password. See the shadow (4) manpage for details

about encrypted passwords that reside in /etc/shadow, and see the SECURITY FEATURES section of

this manpage for details about encrypted passwords that reside on a trusted system.

If the password ﬁeld is null, there is no password and no password is demanded on login. Otherwise, this

ﬁeld consists of an encrypted password with an optional password aging subﬁeld.

The encrypted password consists of 13 characters chosen from a 64-character set of "digits" described

below, Login can be prevented by entering in the password ﬁeld a character that is not part of the set of

digits (such as

*).

The characters used to represent "digits" are

. for 0, / for 1, 0 through 9 for 2 through 11, A through Z

for 12 through 37, and a through z for 38 through 63.

Password aging is put in effect for a particular user if his encrypted password in the password ﬁle is fol-

lowed by a comma and a non-null string of characters from the above alphabet. (Such a string must be

introduced in the ﬁrst instance by a superuser.) This string deﬁnes the "age" needed to implement pass-

word aging.

UNIX keeps internal time stamps in a format with a base date of Thursday January 1, 1970. Because of

this, passwd considers the beginning of a week to be 00:00 GMT Thursday.

The ﬁrst character of the age, M, denotes the maximum number of weeks for which a password is valid.

A user who attempts to login after his password has expired is forced to supply a new one. The next char-

acter, m, denotes the minimum period in weeks that must expire before the password can be changed.

HP-UX 11i Version 2: August 2003 − 1 − Hewlett-Packard Company Section 4−−229