Passwd (file)
Encyclopedia
In Unix-like
operating systems the /etc/passwd file is a text-based database of information about users
that may login
to the system or other operating system user identities that own running processes.
In many operating systems this file is just one of many possible back-ends for the more general passwd name service
.
The file's name originates from one of its initial functions as it contained the data used to verify password
s of user accounts. However, on modern Unix
systems the security-sensitive password information is instead often stored in a different file using shadow password
s, or other database implementations.
The /etc/passwd file typically has file system permissions
that allow it to be readable by all users of the system (world-readable), although it may only be modified by the superuser
or by using a few special purpose privileged commands.
with one record per line
, each describing a user account
.
Each record consists of seven fields separated by colons
. The ordering of the records within the file is generally unimportant.
An example record may be:
jsmith:x:1001:1000:Joe Smith,Room 1007,(234)555-8910,(234)555-0044,email:/home/jsmith:/bin/sh
The fields, in order from left to right, are:
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating systems the /etc/passwd file is a text-based database of information about users
User (computing)
A user is an agent, either a human agent or software agent, who uses a computer or network service. A user often has a user account and is identified by a username , screen name , nickname , or handle, which is derived from the identical Citizen's Band radio term.Users are...
that may login
Login
Login is the method whereby a user obtains access to a computer system.Login may also refer to:*Magazines:** LOGiN, published by Enterbrain** ;login:, published by USENIX* Login, Carmarthenshire, an hamlet in Carmarthenshire...
to the system or other operating system user identities that own running processes.
In many operating systems this file is just one of many possible back-ends for the more general passwd name service
Passwd (database)
passwd is a name service database used to store user account information on Unix-like operating systems.The sources for the passwd database are configured, like other name service databases, in nsswitch.conf.-Fetching a specific user entry:For a specific user called 'joe':getent passwd joeFor a...
.
The file's name originates from one of its initial functions as it contained the data used to verify password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
s of user accounts. However, on modern Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
systems the security-sensitive password information is instead often stored in a different file using shadow password
Shadow password
In computing, Unix-like operating systems use the shadow password database mechanism to increase the security level of passwords by restricting all but highly privileged users' access to encrypted password data...
s, or other database implementations.
The /etc/passwd file typically has file system permissions
File system permissions
Most current file systems have methods of administering permissions or access rights to specific users and groups of users. These systems control the ability of the users to view or make changes to the contents of the filesystem....
that allow it to be readable by all users of the system (world-readable), although it may only be modified by the superuser
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
or by using a few special purpose privileged commands.
File format
The /etc/passwd file is a text fileText file
A text file is a kind of computer file that is structured as a sequence of lines of electronic text. A text file exists within a computer file system...
with one record per line
Line (text file)
In computing, a line is a unit of organization for text files. A line consists of a sequence of zero or more characters, usually displayed within a single horizontal sequence....
, each describing a user account
User (computing)
A user is an agent, either a human agent or software agent, who uses a computer or network service. A user often has a user account and is identified by a username , screen name , nickname , or handle, which is derived from the identical Citizen's Band radio term.Users are...
.
Each record consists of seven fields separated by colons
Colon (punctuation)
The colon is a punctuation mark consisting of two equally sized dots centered on the same vertical line.-Usage:A colon informs the reader that what follows the mark proves, explains, or lists elements of what preceded the mark....
. The ordering of the records within the file is generally unimportant.
An example record may be:
jsmith:x:1001:1000:Joe Smith,Room 1007,(234)555-8910,(234)555-0044,email:/home/jsmith:/bin/sh
The fields, in order from left to right, are:
- The first field is the user name, i.e. the string a user would type in when logging into the operating system: the lognameLognameIn computer software, logname is a program in Unix and Unix-like operating systems that prints the name of the user executing the command. It corresponds to the LOGNAME variable in the system-state environment. The logname system call and command appeared for the first time in UNIX System...
. Each record in the file must have a unique user name field. - The second field stores information used to validate a user's passwordPasswordA password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
; however in most modern uses this field is usually set to "x" (or some other indicator) with the actual password information being stored in a separate shadow passwordShadow passwordIn computing, Unix-like operating systems use the shadow password database mechanism to increase the security level of passwords by restricting all but highly privileged users' access to encrypted password data...
file. Setting this field to an asterisk "*" is the typical way to deactivate an account to prevent it being used. - The third field is the user identifierUser identifier (Unix)Unix-like operating systems identify users within the kernel by an unsigned integer value called a user identifier, often abbreviated to UID or User ID...
, the number that the operating system uses for internal purposes. It does not have to be unique. - The fourth field is the group identifierGroup identifier (Unix)In Unix-like systems, multiple users can be categorized into groups. POSIX and conventional Unix file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks,...
. This number identifies the primary group of the user; all files that are created by this user may initially be accessible to this group. - The fifth field, called the Gecos fieldGecos fieldThe gecos field, or GECOS field is an entry in the /etc/passwd file on Unix, and similar operating systems.It is typically used to record general information about the account or its user such as their real name and phone number.-Format:...
, is commentary that describes the person or account. Typically, this is a set of comma-separated values including the user's full name and contact details. - The sixth field is the path to the user's home directoryHome directoryA Home directory is a file system directory on a multi-user operating system containing files for a given user of the system. The specifics of the home directory is defined by the operating system involved; for example, Windows systems between 2000 and 2003 keep home directories in a folder...
. - The seventh field is the program that is started every time the user logs into the system. For an interactive user, this is usually one of the system's command line interpreters (shellsShell (computing)A shell is a piece of software that provides an interface for users of an operating system which provides access to the services of a kernel. However, the term is also applied very loosely to applications and may include any software that is "built around" a particular component, such as web...
).
See also
- crypt(3) - a library function implementing a password encryption algorithm
- getentGetentgetent is a unix command that helps a user get entries in a number of important text files called databases. This includes the passwd and group databases which store user information – hence getent is a common way to look up user details on Unix...
- a library function to lookup passwd records - passwdPasswd (command)passwd is a tool on most Unix and Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, which is saved...
- a command that allows a user to change their password - chfn - a command that allows a user to change their gecos information
- chshChshchsh is a command on Unix-like operating systems that is used to change a login shell. Users can either supply the pathname of the shell that they wish to change to on the command line, or supply no arguments, in which case chsh allows the user to change the shell interactively.chsh is a setuid...
- a command that allows a user to change their shell - vipwVipwvipw is a small computer program which enables a Unix system administrator to comfortably edit the "passwd" and "Shadow password" files. It comes bundled in the "Shadow" software package....
- a command to safely edit the /etc/passwd file