Print this page
2989 Eliminate use of LOGNAME_MAX in ON
1166 useradd have warning with name more 8 chars
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/man/man4/passwd.4
+++ new/usr/src/man/man4/passwd.4
1 1 '\" te
2 +.\" Copyright (c) 2013 Gary Mills
2 3 .\" Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved.
3 4 .\" Copyright 1989 AT&T
4 5 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 6 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 7 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 8 .TH PASSWD 4 "Jul 28, 2004"
8 9 .SH NAME
9 10 passwd \- password file
10 11 .SH SYNOPSIS
11 12 .LP
12 13 .nf
13 14 \fB/etc/passwd\fR
14 15 .fi
15 16
16 17 .SH DESCRIPTION
17 18 .sp
18 19 .LP
19 20 The file \fB/etc/passwd\fR is a local source of information about users'
20 21 accounts. The password file can be used in conjunction with other naming
21 22 sources, such as the \fBNIS\fR maps \fBpasswd.byname\fR and \fBpasswd.bygid\fR,
22 23 data from the \fBNIS+\fR \fBpasswd\fR table, or password data stored on an LDAP
23 24 server. Programs use the \fBgetpwnam\fR(3C) routines to access this
24 25 information.
25 26 .sp
26 27 .LP
27 28 Each \fBpasswd\fR entry is a single line of the form:
28 29 .sp
29 30 .in +2
30 31 .nf
31 32 \fIusername\fR\fB:\fR\fIpassword\fR\fB:\fR\fIuid\fR\fB:\fR
32 33 \fIgid\fR\fB:\fR\fIgcos-field\fR\fB:\fR\fIhome-dir\fR\fB:\fR
33 34 \fIlogin-shell\fR
34 35 .fi
35 36 .in -2
36 37 .sp
37 38
38 39 .sp
39 40 .LP
↓ open down ↓ |
28 lines elided |
↑ open up ↑ |
40 41 where
41 42 .sp
42 43 .ne 2
43 44 .na
44 45 \fB\fIusername\fR\fR
45 46 .ad
46 47 .RS 15n
47 48 is the user's login name.
48 49 .sp
49 50 The login (\fBlogin\fR) and role (\fBrole\fR) fields accept a string of no more
50 -than eight bytes consisting of characters from the set of alphabetic
51 +than 32 bytes consisting of characters from the set of alphabetic
51 52 characters, numeric characters, period (\fB\&.\fR), underscore (\fB_\fR), and
52 53 hyphen (\fB-\fR). The first character should be alphabetic and the field should
53 54 contain at least one lower case alphabetic character. A warning message is
54 55 displayed if these restrictions are not met.
55 56 .sp
56 57 The \fBlogin\fR and \fBrole\fR fields must contain at least one character and
57 58 must not contain a colon (\fB:\fR) or a newline (\fB\en\fR).
58 59 .RE
59 60
60 61 .sp
61 62 .ne 2
62 63 .na
63 64 \fB\fIpassword\fR\fR
64 65 .ad
65 66 .RS 15n
66 67 is an empty field. The encrypted password for the user is in the corresponding
67 68 entry in the \fB/etc/shadow\fR file. \fBpwconv\fR(1M) relies on a special value
68 69 of '\fBx\fR' in the password field of \fB/etc/passwd\fR. If this value
69 70 of '\fBx\fR' exists in the password field of \fB/etc/passwd\fR, this indicates
70 71 that the password for the user is already in \fB/etc/shadow\fR and should not
71 72 be modified.
72 73 .RE
73 74
74 75 .sp
75 76 .ne 2
76 77 .na
77 78 \fB\fIuid\fR\fR
78 79 .ad
79 80 .RS 15n
80 81 is the user's unique numerical \fBID\fR for the system.
81 82 .RE
82 83
83 84 .sp
84 85 .ne 2
85 86 .na
86 87 \fB\fIgid\fR\fR
87 88 .ad
88 89 .RS 15n
89 90 is the unique numerical \fBID\fR of the group that the user belongs to.
90 91 .RE
91 92
92 93 .sp
93 94 .ne 2
94 95 .na
95 96 \fB\fIgcos-field\fR\fR
96 97 .ad
97 98 .RS 15n
98 99 is the user's real name, along with information to pass along in a mail-message
99 100 heading. (It is called the gcos-field for historical reasons.) An ``\fB&\fR\&''
100 101 (ampersand) in this field stands for the login name (in cases where the login
101 102 name appears in a user's real name).
102 103 .RE
103 104
104 105 .sp
105 106 .ne 2
106 107 .na
107 108 \fB\fIhome-dir\fR\fR
108 109 .ad
109 110 .RS 15n
110 111 is the pathname to the directory in which the user is initially positioned upon
111 112 logging in.
112 113 .RE
113 114
114 115 .sp
115 116 .ne 2
116 117 .na
117 118 \fB\fIlogin-shell\fR\fR
118 119 .ad
119 120 .RS 15n
120 121 is the user's initial shell program. If this field is empty, the default shell
121 122 is \fB/usr/bin/sh\fR.
122 123 .RE
123 124
124 125 .sp
125 126 .LP
126 127 The maximum value of the \fIuid\fR and \fIgid\fR fields is \fB2147483647\fR. To
127 128 maximize interoperability and compatibility, administrators are recommended to
128 129 assign users a range of \fBUID\fRs and \fBGID\fRs below \fB60000\fR where
129 130 possible. (\fBUID\fRs from \fB0\fR-\fB99\fR inclusive are reserved by the
130 131 operating system vendor for use in future applications. Their use by end system
131 132 users or vendors of layered products is not supported and may cause security
132 133 related issues with future applications.)
133 134 .sp
134 135 .LP
135 136 The password file is an \fBASCII\fR file that resides in the \fB/etc\fR
136 137 directory. Because the encrypted passwords on a secure system are always kept
137 138 in the \fBshadow\fR file, \fB/etc/passwd\fR has general read permission on all
138 139 systems and can be used by routines that map between numerical user \fBID\fRs
139 140 and user names.
140 141 .sp
141 142 .LP
142 143 Blank lines are treated as malformed entries in the \fBpasswd\fR file and cause
143 144 consumers of the file , such as \fBgetpwnam\fR(3C), to fail.
144 145 .sp
145 146 .LP
146 147 The password file can contain entries beginning with a `+' (plus sign) or '-'
147 148 (minus sign) to selectively incorporate entries from another naming service
148 149 source, such as NIS, NIS+, or LDAP.
149 150 .sp
150 151 .LP
151 152 A line beginning with a '+' means to incorporate entries from the naming
152 153 service source. There are three styles of the '+' entries in this file. A
153 154 single + means to insert all the entries from the alternate naming service
154 155 source at that point, while a +\fIname\fR means to insert the specific entry,
155 156 if one exists, from the naming service source. A +@\fInetgroup\fR means to
156 157 insert the entries for all members of the network group \fInetgroup\fR from the
157 158 alternate naming service. If a +\fIname\fR entry has a non-null \fBpassword\fR,
158 159 \fIgcos\fR, \fIhome-dir\fR, or \fIlogin-shell\fR field, the value of that field
159 160 overrides what is contained in the alternate naming service. The \fIuid\fR and
160 161 \fIgid\fR fields cannot be overridden.
161 162 .sp
162 163 .LP
163 164 A line beginning with a `\(mi' means to disallow entries from the alternate
164 165 naming service. There are two styles of `-` entries in this file. -\fIname\fR
165 166 means to disallow any subsequent entries (if any) for \fIname\fR (in this file
166 167 or in a naming service), and -@\fInetgroup\fR means to disallow any subsequent
167 168 entries for all members of the network group \fInetgroup\fR.
168 169 .sp
169 170 .LP
170 171 This is also supported by specifying ``passwd : compat'' in
171 172 \fBnsswitch.conf\fR(4). The "compat" source might not be supported in future
172 173 releases. The preferred sources are \fBfiles\fR followed by the identifier of a
173 174 name service, such as \fBnis\fR or \fBldap\fR. This has the effect of
174 175 incorporating the entire contents of the naming service's \fBpasswd\fR database
175 176 or password-related information after the \fBpasswd\fR file.
176 177 .sp
177 178 .LP
178 179 Note that in compat mode, for every \fB/etc/passwd\fR entry, there must be a
179 180 corresponding entry in the \fB/etc/shadow\fR file.
180 181 .sp
181 182 .LP
182 183 Appropriate precautions must be taken to lock the \fB/etc/passwd\fR file
183 184 against simultaneous changes if it is to be edited with a text editor;
184 185 \fBvipw\fR(1B) does the necessary locking.
185 186 .SH EXAMPLES
186 187 .LP
187 188 \fBExample 1 \fRSample \fBpasswd\fR File
188 189 .sp
189 190 .LP
190 191 The following is a sample \fBpasswd\fR file:
191 192
192 193 .sp
193 194 .in +2
194 195 .nf
195 196 root:x:0:1:Super-User:/:/sbin/sh
196 197 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
197 198 .fi
198 199 .in -2
199 200 .sp
200 201
201 202 .sp
202 203 .LP
203 204 and the sample password entry from \fBnsswitch.conf\fR:
204 205
205 206 .sp
206 207 .in +2
207 208 .nf
208 209 passwd: files ldap
209 210 .fi
210 211 .in -2
211 212 .sp
212 213
213 214 .sp
214 215 .LP
215 216 In this example, there are specific entries for users \fBroot\fR and \fBfred\fR
216 217 to assure that they can login even when the system is running single-user. In
217 218 addition, anyone whose password information is stored on an LDAP server will be
218 219 able to login with their usual password, shell, and home directory.
219 220
220 221 .sp
221 222 .LP
222 223 If the password file is:
223 224
224 225 .sp
225 226 .in +2
226 227 .nf
227 228 root:x:0:1:Super-User:/:/sbin/sh
228 229 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
229 230 +
230 231 .fi
231 232 .in -2
232 233 .sp
233 234
234 235 .sp
235 236 .LP
236 237 and the password entry in \fBnsswitch.conf\fR is:
237 238
238 239 .sp
239 240 .in +2
240 241 .nf
241 242 passwd: compat
242 243 .fi
243 244 .in -2
244 245 .sp
245 246
246 247 .sp
247 248 .LP
248 249 then all the entries listed in the \fBNIS\fR \fBpasswd.byuid\fR and
249 250 \fBpasswd.byname\fR maps will be effectively incorporated after the entries for
250 251 \fBroot\fR and \fBfred\fR. If the password entry in \fBnsswitch.conf\fR is:
251 252
252 253 .sp
253 254 .in +2
254 255 .nf
255 256 passwd_compat: ldap
256 257 passwd: compat
257 258 .fi
258 259 .in -2
259 260
260 261 .sp
261 262 .LP
262 263 then all password-related entries stored on the LDAP server will be
263 264 incorporated after the entries for \fBroot\fR and \fBfred\fR.
264 265
265 266 .sp
266 267 .LP
267 268 The following is a sample \fBpasswd\fR file when \fBshadow\fR does not exist:
268 269
269 270 .sp
270 271 .in +2
271 272 .nf
272 273 root:q.mJzTnu8icf.:0:1:Super-User:/:/sbin/sh
273 274 fred:6k/7KCFRPNVXg:508:10:& Fredericks:/usr2/fred:/bin/csh
274 275 +john:
275 276 +@documentation:no-login:
276 277 +::::Guest
277 278 .fi
278 279 .in -2
279 280 .sp
280 281
281 282 .sp
282 283 .LP
283 284 The following is a sample \fBpasswd\fR file when \fBshadow\fR does exist:
284 285
285 286 .sp
286 287 .in +2
287 288 .nf
288 289 root:##root:0:1:Super-User:/:/sbin/sh
289 290 fred:##fred:508:10:& Fredericks:/usr2/fred:/bin/csh
290 291 +john:
291 292 +@documentation:no-login:
292 293 +::::Guest
293 294 .fi
294 295 .in -2
295 296 .sp
296 297
297 298 .sp
298 299 .LP
299 300 In this example, there are specific entries for users \fBroot\fR and
300 301 \fBfred\fR, to assure that they can log in even when the system is running
301 302 standalone. The user \fBjohn\fR will have his password entry in the naming
302 303 service source incorporated without change, anyone in the netgroup
303 304 \fBdocumentation\fR will have their password field disabled, and anyone else
304 305 will be able to log in with their usual password, shell, and home directory,
305 306 but with a \fIgcos\fR field of \fBGuest\fR
306 307
307 308 .SH FILES
308 309 .sp
309 310 .ne 2
310 311 .na
311 312 \fB\fB/etc/nsswitch.conf\fR\fR
312 313 .ad
313 314 .RS 22n
314 315
315 316 .RE
316 317
317 318 .sp
318 319 .ne 2
319 320 .na
320 321 \fB\fB/etc/passwd\fR\fR
321 322 .ad
322 323 .RS 22n
323 324
324 325 .RE
325 326
326 327 .sp
327 328 .ne 2
328 329 .na
329 330 \fB\fB/etc/shadow\fR\fR
330 331 .ad
331 332 .RS 22n
332 333
333 334 .RE
334 335
335 336 .SH SEE ALSO
336 337 .sp
337 338 .LP
338 339 \fBchgrp\fR(1), \fBchown\fR(1), \fBfinger\fR(1), \fBgroups\fR(1),
339 340 \fBlogin\fR(1), \fBnewgrp\fR(1), \fBnispasswd\fR(1), \fBpasswd\fR(1),
340 341 \fBsh\fR(1), \fBsort\fR(1), \fBdomainname\fR(1M), \fBgetent\fR(1M),
341 342 \fBin.ftpd\fR(1M), \fBpassmgmt\fR(1M), \fBpwck\fR(1M), \fBpwconv\fR(1M),
342 343 \fBsu\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBusermod\fR(1M),
343 344 \fBa64l\fR(3C), \fBcrypt\fR(3C), \fBgetpw\fR(3C), \fBgetpwnam\fR(3C),
344 345 \fBgetspnam\fR(3C), \fBputpwent\fR(3C), \fBgroup\fR(4), \fBhosts.equiv\fR(4),
345 346 \fBnsswitch.conf\fR(4), \fBshadow\fR(4), \fBenviron\fR(5),
346 347 \fBunistd.h\fR(3HEAD)
347 348 .sp
348 349 .LP
349 350 \fISystem Administration Guide: Basic Administration\fR
↓ open down ↓ |
289 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX