Using the /etc/passwd file

Traditionally, the /etc/passwd file is used to keep track of every registered user that has access to a system.

The /etc/passwd file is a colon-separated file that contains the following information:
  • User name
  • Encrypted password
  • User ID number (UID)
  • User's group ID number (GID)
  • Full name of the user (GECOS)
  • User home directory
  • Login shell
The following is an example of an /etc/passwd file:
nuucp:*:6:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
jdoe:*:202:1:John Doe:/home/jdoe:/usr/bin/ksh 
AIX® does not store encrypted passwords in the /etc/passwd file in the way that UNIX systems do, but in the /etc/security/passwd file by default, which is only readable by the root user. The password field in the /etc/passwd file is used by AIX to signify whether a password exists or whether the account is blocked.
Note: When the login shell is null, login is successful and the resulting login shell is Bourne shell for ssh. When accessed via su the login shell is sh, which is a hard link to ksh.
The /etc/passwd file is owned by the root user and must be readable by all the users, but only the root user has writable permissions, which are shown as -rw-r--r--. If a user ID has a password, then the password field will have an ! (exclamation point). If the user ID does not have a password, then the password field will have an * (asterisk). The encrypted passwords are stored in the /etc/security/passwd file. The following example contains the last four entries in the /etc/security/passwd file based on the entries from the /etc/passwd file shown previously.
        password = *
        password = * 
        password = * 

        password = eacVScDKri4s6 
        lastupdate = 1026394230 
        flags = ADMCHG                   

The user ID jdoe does not have an entry in the /etc/security/passwd file because it does not have a password set in the /etc/passwd file.

The consistency of the /etc/passwd file can be checked using the pwdck command. The pwdck command verifies the correctness of the password information in the user database files by checking the definitions for all of the users or for specified users.