/etc/passwd File
Purpose
Contains basic user attributes.
Description
An entry in the /etc/passwd file has the following form:
Name:Password: UserID:PrincipleGroup:Gecos: HomeDirectory:Shell
Attributes in an entry are separated by a : (colon). For this reason, you should not use a : (colon) in any attribute. The attributes are defined as follows:
Attribute | Definition |
---|---|
Name | Specifies the user's login name. There are a number of restrictions on naming users. See the mkuser command for more information. |
Password | Contains an * (asterisk) indicating an invalid password or an ! (exclamation point) indicating that the password is in the /etc/security/passwd file. Under normal conditions, the field contains an !. If the field has an * and a password is required for user authentication, the user cannot log in. |
UserID | Specifies the user's unique numeric ID. This ID is used for discretionary access control. The value is a unique decimal integer. |
PrincipleGroup | Specifies the user's principal group ID. This must be the numeric ID of a group in the user database or a group defined by a network information service. The value is a unique decimal integer. |
Gecos | Specifies general information about the user that is not needed by the system, such as an office or phone number. The value is a character string. The Gecos field cannot contain a colon. |
HomeDirectory | Specifies the full path name of the user's home directory. If the user does not have a defined home directory, the home directory of the guest user is used. The value is a character string. |
Shell | Specifies the initial program or shell that is executed after a user invokes the login command or su command. If a user does not have a defined shell, /usr/bin/sh, the system shell, is used. The value is a character string that may contain arguments to pass to the initial program. |
Users can have additional attributes in other system files. See the "Files" section for additional information.
Changing the User File
You should access the user database files through the system commands and subroutines defined for this purpose. Access through other commands or subroutines may not be supported in future releases. Use the following commands to access user database files:
- chfn
- chsh
- chuser
- lsuser
- mkuser
- rmuser
The mkuser command adds new entries to the /etc/passwd file and fills in the attribute values as defined in the /usr/lib/security/mkuser.default file.
The Password attribute is always initialized to an * (asterisk), an invalid password. You can set the password with the passwd or pwdadm command. When the password is changed, an ! (exclamation point) is added to the /etc/passwd file, indicating that the encrypted password is in the /etc/security/passwd file.
Use the chuser command to change all user attributes except Password. The chfn command and the chsh command change the Gecos attribute and Shell attribute, respectively. To display all the attributes in this file, use the lsuser command. To remove a user and all the user's attributes, use the rmuser command.
To write programs that affect attributes in the /etc/passwd file, use the subroutines listed in the related information section.
Security
Access Control: This file should grant read (r) access to all users and write (w) access only to the root user and members of the security group.
Examples
- Typical records that show an invalid password for smith and guest follow:
The fields are in the following order: user name, password, user ID, primary group, general (gecos) information, home directory, and initial program (login shell). The * (asterisk) in the password field indicates that the password is invalid. Each attribute is separated by a : (colon).smith:*:100:100:8A-74(office):/home/smith:/usr/bin/sh guest:*:200:0::/home/guest:/usr/bin/sh
- If the password for smith in the previous example is
changed to a valid password, the record will change to the following:
The ! (exclamation point) indicates that an encrypted password is stored in the /etc/security/passwd file.smith:!:100:100:8A-74(office):/home/smith:/usr/bin/sh
Files
Item | Description |
---|---|
/etc/passwd | Contains basic user attributes. |
/usr/lib/security/mkuser.default | Contains default attributes for new users. |
/etc/group | Contains the basic attributes of groups. |
/etc/security/group | Contains the extended attributes of groups. |
/etc/security/passwd | Contains password information. |
/etc/security/user | Contains the extended attributes of users. |
/etc/security/environ | Contains the environment attributes of users. |
/etc/security/limits | Contains the process resource limits of users. |