Print this page
5069 Removal of wu-ftpd
Reviewed by: Josef 'Jeff' Sipek <josef.sipek@nexenta.com>
Reviewed by: Garrett D'Amore <garrett@damore.org>
Reviewed by: Milan Jurik <milan.jurik@xylab.cz>
Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com>
Reviewed by: Gary Mills <gary_mills@fastmail.fm>
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Adam Stevko <adam.stevko@gmail.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man4/passwd.4
+++ new/usr/src/man/man4/passwd.4
1 1 '\" te
2 2 .\" Copyright (c) 2013 Gary Mills
3 3 .\" Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved.
4 4 .\" Copyright 1989 AT&T
5 5 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
6 6 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
7 7 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
|
↓ open down ↓ |
7 lines elided |
↑ open up ↑ |
8 8 .TH PASSWD 4 "Apr 16, 2013"
9 9 .SH NAME
10 10 passwd \- password file
11 11 .SH SYNOPSIS
12 12 .LP
13 13 .nf
14 14 \fB/etc/passwd\fR
15 15 .fi
16 16
17 17 .SH DESCRIPTION
18 -.sp
19 18 .LP
20 19 The file \fB/etc/passwd\fR is a local source of information about users'
21 20 accounts. The password file can be used in conjunction with other naming
22 21 sources, such as the \fBNIS\fR maps \fBpasswd.byname\fR and \fBpasswd.bygid\fR,
23 22 data from the \fBNIS+\fR \fBpasswd\fR table, or password data stored on an LDAP
24 23 server. Programs use the \fBgetpwnam\fR(3C) routines to access this
25 24 information.
26 25 .sp
27 26 .LP
28 27 Each \fBpasswd\fR entry is a single line of the form:
29 28 .sp
30 29 .in +2
31 30 .nf
32 31 \fIusername\fR\fB:\fR\fIpassword\fR\fB:\fR\fIuid\fR\fB:\fR
33 32 \fIgid\fR\fB:\fR\fIgcos-field\fR\fB:\fR\fIhome-dir\fR\fB:\fR
34 33 \fIlogin-shell\fR
35 34 .fi
36 35 .in -2
37 36 .sp
38 37
39 38 .sp
40 39 .LP
41 40 where
42 41 .sp
43 42 .ne 2
44 43 .na
45 44 \fB\fIusername\fR\fR
46 45 .ad
47 46 .RS 15n
48 47 is the user's login name.
49 48 .sp
50 49 The login (\fBlogin\fR) and role (\fBrole\fR) fields accept a string of no more
51 50 than 32 bytes consisting of characters from the set of alphabetic
52 51 characters, numeric characters, period (\fB\&.\fR), underscore (\fB_\fR), and
53 52 hyphen (\fB-\fR). The first character should be alphabetic and the field should
54 53 contain at least one lower case alphabetic character. A warning message is
55 54 displayed if these restrictions are not met.
56 55 .sp
57 56 The \fBlogin\fR and \fBrole\fR fields must contain at least one character and
58 57 must not contain a colon (\fB:\fR) or a newline (\fB\en\fR).
59 58 .RE
60 59
61 60 .sp
62 61 .ne 2
63 62 .na
64 63 \fB\fIpassword\fR\fR
65 64 .ad
66 65 .RS 15n
67 66 is an empty field. The encrypted password for the user is in the corresponding
68 67 entry in the \fB/etc/shadow\fR file. \fBpwconv\fR(1M) relies on a special value
69 68 of '\fBx\fR' in the password field of \fB/etc/passwd\fR. If this value
70 69 of '\fBx\fR' exists in the password field of \fB/etc/passwd\fR, this indicates
71 70 that the password for the user is already in \fB/etc/shadow\fR and should not
72 71 be modified.
73 72 .RE
74 73
75 74 .sp
76 75 .ne 2
77 76 .na
78 77 \fB\fIuid\fR\fR
79 78 .ad
80 79 .RS 15n
81 80 is the user's unique numerical \fBID\fR for the system.
82 81 .RE
83 82
84 83 .sp
85 84 .ne 2
86 85 .na
87 86 \fB\fIgid\fR\fR
88 87 .ad
89 88 .RS 15n
90 89 is the unique numerical \fBID\fR of the group that the user belongs to.
91 90 .RE
92 91
93 92 .sp
94 93 .ne 2
95 94 .na
96 95 \fB\fIgcos-field\fR\fR
97 96 .ad
98 97 .RS 15n
99 98 is the user's real name, along with information to pass along in a mail-message
100 99 heading. (It is called the gcos-field for historical reasons.) An ``\fB&\fR\&''
101 100 (ampersand) in this field stands for the login name (in cases where the login
102 101 name appears in a user's real name).
103 102 .RE
104 103
105 104 .sp
106 105 .ne 2
107 106 .na
108 107 \fB\fIhome-dir\fR\fR
109 108 .ad
110 109 .RS 15n
111 110 is the pathname to the directory in which the user is initially positioned upon
112 111 logging in.
113 112 .RE
114 113
115 114 .sp
116 115 .ne 2
117 116 .na
118 117 \fB\fIlogin-shell\fR\fR
119 118 .ad
120 119 .RS 15n
121 120 is the user's initial shell program. If this field is empty, the default shell
122 121 is \fB/usr/bin/sh\fR.
123 122 .RE
124 123
125 124 .sp
126 125 .LP
127 126 The maximum value of the \fIuid\fR and \fIgid\fR fields is \fB2147483647\fR. To
128 127 maximize interoperability and compatibility, administrators are recommended to
129 128 assign users a range of \fBUID\fRs and \fBGID\fRs below \fB60000\fR where
130 129 possible. (\fBUID\fRs from \fB0\fR-\fB99\fR inclusive are reserved by the
131 130 operating system vendor for use in future applications. Their use by end system
132 131 users or vendors of layered products is not supported and may cause security
133 132 related issues with future applications.)
134 133 .sp
135 134 .LP
136 135 The password file is an \fBASCII\fR file that resides in the \fB/etc\fR
137 136 directory. Because the encrypted passwords on a secure system are always kept
138 137 in the \fBshadow\fR file, \fB/etc/passwd\fR has general read permission on all
139 138 systems and can be used by routines that map between numerical user \fBID\fRs
140 139 and user names.
141 140 .sp
142 141 .LP
143 142 Blank lines are treated as malformed entries in the \fBpasswd\fR file and cause
144 143 consumers of the file , such as \fBgetpwnam\fR(3C), to fail.
145 144 .sp
146 145 .LP
147 146 The password file can contain entries beginning with a `+' (plus sign) or '-'
148 147 (minus sign) to selectively incorporate entries from another naming service
149 148 source, such as NIS, NIS+, or LDAP.
150 149 .sp
151 150 .LP
152 151 A line beginning with a '+' means to incorporate entries from the naming
153 152 service source. There are three styles of the '+' entries in this file. A
154 153 single + means to insert all the entries from the alternate naming service
155 154 source at that point, while a +\fIname\fR means to insert the specific entry,
156 155 if one exists, from the naming service source. A +@\fInetgroup\fR means to
157 156 insert the entries for all members of the network group \fInetgroup\fR from the
158 157 alternate naming service. If a +\fIname\fR entry has a non-null \fBpassword\fR,
159 158 \fIgcos\fR, \fIhome-dir\fR, or \fIlogin-shell\fR field, the value of that field
160 159 overrides what is contained in the alternate naming service. The \fIuid\fR and
161 160 \fIgid\fR fields cannot be overridden.
162 161 .sp
163 162 .LP
164 163 A line beginning with a `\(mi' means to disallow entries from the alternate
165 164 naming service. There are two styles of `-` entries in this file. -\fIname\fR
166 165 means to disallow any subsequent entries (if any) for \fIname\fR (in this file
167 166 or in a naming service), and -@\fInetgroup\fR means to disallow any subsequent
168 167 entries for all members of the network group \fInetgroup\fR.
169 168 .sp
170 169 .LP
171 170 This is also supported by specifying ``passwd : compat'' in
172 171 \fBnsswitch.conf\fR(4). The "compat" source might not be supported in future
173 172 releases. The preferred sources are \fBfiles\fR followed by the identifier of a
174 173 name service, such as \fBnis\fR or \fBldap\fR. This has the effect of
175 174 incorporating the entire contents of the naming service's \fBpasswd\fR database
176 175 or password-related information after the \fBpasswd\fR file.
177 176 .sp
178 177 .LP
179 178 Note that in compat mode, for every \fB/etc/passwd\fR entry, there must be a
180 179 corresponding entry in the \fB/etc/shadow\fR file.
181 180 .sp
182 181 .LP
183 182 Appropriate precautions must be taken to lock the \fB/etc/passwd\fR file
184 183 against simultaneous changes if it is to be edited with a text editor;
185 184 \fBvipw\fR(1B) does the necessary locking.
186 185 .SH EXAMPLES
187 186 .LP
188 187 \fBExample 1 \fRSample \fBpasswd\fR File
189 188 .sp
190 189 .LP
191 190 The following is a sample \fBpasswd\fR file:
192 191
193 192 .sp
194 193 .in +2
195 194 .nf
196 195 root:x:0:1:Super-User:/:/sbin/sh
197 196 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
198 197 .fi
199 198 .in -2
200 199 .sp
201 200
202 201 .sp
203 202 .LP
204 203 and the sample password entry from \fBnsswitch.conf\fR:
205 204
206 205 .sp
207 206 .in +2
208 207 .nf
209 208 passwd: files ldap
210 209 .fi
211 210 .in -2
212 211 .sp
213 212
214 213 .sp
215 214 .LP
216 215 In this example, there are specific entries for users \fBroot\fR and \fBfred\fR
217 216 to assure that they can login even when the system is running single-user. In
218 217 addition, anyone whose password information is stored on an LDAP server will be
219 218 able to login with their usual password, shell, and home directory.
220 219
221 220 .sp
222 221 .LP
223 222 If the password file is:
224 223
225 224 .sp
226 225 .in +2
227 226 .nf
228 227 root:x:0:1:Super-User:/:/sbin/sh
229 228 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
230 229 +
231 230 .fi
232 231 .in -2
233 232 .sp
234 233
235 234 .sp
236 235 .LP
237 236 and the password entry in \fBnsswitch.conf\fR is:
238 237
239 238 .sp
240 239 .in +2
241 240 .nf
242 241 passwd: compat
243 242 .fi
244 243 .in -2
245 244 .sp
246 245
247 246 .sp
248 247 .LP
249 248 then all the entries listed in the \fBNIS\fR \fBpasswd.byuid\fR and
250 249 \fBpasswd.byname\fR maps will be effectively incorporated after the entries for
251 250 \fBroot\fR and \fBfred\fR. If the password entry in \fBnsswitch.conf\fR is:
252 251
253 252 .sp
254 253 .in +2
255 254 .nf
256 255 passwd_compat: ldap
257 256 passwd: compat
258 257 .fi
259 258 .in -2
260 259
261 260 .sp
262 261 .LP
263 262 then all password-related entries stored on the LDAP server will be
264 263 incorporated after the entries for \fBroot\fR and \fBfred\fR.
265 264
266 265 .sp
267 266 .LP
268 267 The following is a sample \fBpasswd\fR file when \fBshadow\fR does not exist:
269 268
270 269 .sp
271 270 .in +2
272 271 .nf
273 272 root:q.mJzTnu8icf.:0:1:Super-User:/:/sbin/sh
274 273 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
275 274 +john:
276 275 +@documentation:no-login:
277 276 +::::Guest
278 277 .fi
279 278 .in -2
280 279 .sp
281 280
282 281 .sp
283 282 .LP
284 283 The following is a sample \fBpasswd\fR file when \fBshadow\fR does exist:
285 284
286 285 .sp
287 286 .in +2
288 287 .nf
289 288 root:##root:0:1:Super-User:/:/sbin/sh
290 289 fred:##fred:508:10:& Fredericks:/usr2/fred:/bin/csh
291 290 +john:
292 291 +@documentation:no-login:
293 292 +::::Guest
294 293 .fi
295 294 .in -2
296 295 .sp
297 296
298 297 .sp
|
↓ open down ↓ |
270 lines elided |
↑ open up ↑ |
299 298 .LP
300 299 In this example, there are specific entries for users \fBroot\fR and
301 300 \fBfred\fR, to assure that they can log in even when the system is running
302 301 standalone. The user \fBjohn\fR will have his password entry in the naming
303 302 service source incorporated without change, anyone in the netgroup
304 303 \fBdocumentation\fR will have their password field disabled, and anyone else
305 304 will be able to log in with their usual password, shell, and home directory,
306 305 but with a \fIgcos\fR field of \fBGuest\fR
307 306
308 307 .SH FILES
309 -.sp
310 308 .ne 2
311 309 .na
312 310 \fB\fB/etc/nsswitch.conf\fR\fR
313 311 .ad
314 312 .RS 22n
315 313
316 314 .RE
317 315
318 316 .sp
319 317 .ne 2
320 318 .na
321 319 \fB\fB/etc/passwd\fR\fR
322 320 .ad
323 321 .RS 22n
324 322
325 323 .RE
326 324
|
↓ open down ↓ |
7 lines elided |
↑ open up ↑ |
327 325 .sp
328 326 .ne 2
329 327 .na
330 328 \fB\fB/etc/shadow\fR\fR
331 329 .ad
332 330 .RS 22n
333 331
334 332 .RE
335 333
336 334 .SH SEE ALSO
337 -.sp
338 335 .LP
339 336 \fBchgrp\fR(1), \fBchown\fR(1), \fBfinger\fR(1), \fBgroups\fR(1),
340 337 \fBlogin\fR(1), \fBnewgrp\fR(1), \fBnispasswd\fR(1), \fBpasswd\fR(1),
341 338 \fBsh\fR(1), \fBsort\fR(1), \fBdomainname\fR(1M), \fBgetent\fR(1M),
342 -\fBin.ftpd\fR(1M), \fBpassmgmt\fR(1M), \fBpwck\fR(1M), \fBpwconv\fR(1M),
339 +\fBpassmgmt\fR(1M), \fBpwck\fR(1M), \fBpwconv\fR(1M),
343 340 \fBsu\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBusermod\fR(1M),
344 341 \fBa64l\fR(3C), \fBcrypt\fR(3C), \fBgetpw\fR(3C), \fBgetpwnam\fR(3C),
345 342 \fBgetspnam\fR(3C), \fBputpwent\fR(3C), \fBgroup\fR(4), \fBhosts.equiv\fR(4),
346 343 \fBnsswitch.conf\fR(4), \fBshadow\fR(4), \fBenviron\fR(5),
347 344 \fBunistd.h\fR(3HEAD)
348 345 .sp
349 346 .LP
350 347 \fISystem Administration Guide: Basic Administration\fR
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX