HP-UX Reference (11i v1 00/12) - 4 File Formats (vol 8)
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man4/!!!intro.4
________________________________________________________________
___ ___
p
passwd(4) passwd(4)
NAME
passwd - password file, pwd.h
DESCRIPTION
/etc/passwd contains the following information for each user:
• login name
• encrypted password
• numerical user ID
• numerical group ID
• reserved gecos ID
• initial working directory
• program to use as shell
This is an ASCII file. Each field within each user’s entry is separated from the next by a colon. Each user
is separated from the next by a newline. This file resides in the /etc directory. It can and does have gen-
eral read permission and can be used, for example, to map numerical user IDs to names.
getpwent(3C) returns a pointer to a user’s entry passwd structure declared in <pwd.h>
The login name must begin with an alpha character and may only contain alphanumeric and underscore
characters. If the login directory is null the user will be placed in
/ by default. If the login shell is null,
/usr/bin/sh is used.
It is suggested that the range 0−99 not be used for user and group IDs so that IDs that might be assigned
for system software do not conflict.
The gecos field may contain the following identification: user’s full name, office location, extension, and
home phone. The gecos field can be set by use of the chfn command and is displayed by the
finger
command (see chfn(1) and finger(1)). These two commands assume the information in this field is in the
order listed above. A portion of the user’s real name can be represented in the gecos field by an
& charac-
ter, which some utilities (including
finger) expand by substituting the login name for it and shifting the
first letter of the login name to uppercase.
The following description of the password field applies only to a standard system. For a trusted system see
the SECURITY FEATURES section instead.
If the password field is null there is no password and no password is demanded on login. Otherwise this
field consists of an encrypted password with an optional password aging subfield.
The encrypted password consists of 13 characters chosen from a 64-character set of "digits" described below,
Login can be prevented by entering in the password field a character that is not part of the set of digits
(such as *).
The characters used to represent "digits" are . for 0,
/ for 1, 0 through 9 for 2 through 11, A through Z for
12 through 37, and
a through z for 38 through 63.
Password aging is put in effect for a particular user if his encrypted password in the password file is fol-
lowed by a comma and a non-null string of characters from the above alphabet. (Such a string must be
introduced in the first instance by a superuser.) This string defines the "age" needed to implement pass-
word aging.
UNIX keeps internal time stamps in a format with a base date of Thursday January 1, 1970. Because of
this, passwd considers the beginning of a week to be 00:00 GMT Thursday.
The first character of the age, M, denotes the maximum number of weeks for which a password is valid. A
user who attempts to login after his password has expired is forced to supply a new one. The next charac-
ter, m, denotes the minimum period in weeks that must expire before the password can be changed. The
remaining two characters define the week when the password was last changed (a null string is equivalent
to zero). M and m have numerical values in the range 0 through 63 that correspond to the 64-character set
of "digits" shown above.
If m = M = 0 (derived from the string . or ..), the user is forced to change his password next time he logs
in (and the "age" disappears from his entry in the password file). If m > M (signified, for example, by the
string ./), then only a superuser (not the user) can change the password. Not allowing the user to ever
change the password is discouraged.
HP-UX Release 11i: December 2000 − 1 − Section 4−−201
___
___