PASSWD(5)PASSWD(5)NAME
passwd, group, shadow - user and group databases, shadow passwords
SYNOPSIS
/etc/passwd
/etc/group
/etc/shadow
DESCRIPTION
/etc/passwd lists all the users of the system, and /etc/group lists all
the groups the users may belong to. Both files also contain encrypted
passwords, numeric ID's etc. Encrypted passwords may be hidden in the
file /etc/shadow if extra protection is warranted.
Each file is an text file containing one line per user or group. The
data fields on a line are separated by colons. Each line in the pass‐
word file has the following form:
name:passwd:uid:gid:gecos:dir:shell
The name field is the login name of a user, it is up to 8 letters or
numbers long starting with a letter. The login name must be unique.
The password field is either empty (no password), a 13 character
encrypted password as returned by crypt(3), or a login name preceded by
two number signs (#) to index the shadow password file. Anything else
(usually ∗) is invalid. The uid and gid fields are two numbers indi‐
cating the users user-id and group-id. These id's do not have to be
unique, there may be more than one name with the same id's. The gecos
field can be set by the user. It is expected to be a comma separated
list of personal data where the first item is the full name of the
user. The dir field is the path name of the users home directory.
Lastly the shell field is the path name of the users login shell, it
may be empty to indicate /bin/sh. A MINIX 3 specific extension allows
the shell field to contain extra space separated arguments for the
shell.
Lines in the group file consist of four fields:
name:passwd:gid:mem
The name field is the name of the group, same restrictions as a login
name. The passwd field may be used to let users change groups. The
gid field is a number telling the group-id. The group-id is unique for
a group. The mem field is a comma separated list of login names that
are special members of the group. If a system supports supplementary
group id's then a user's set of supplementary group id's is set to all
the groups they are a member of. If a system allows one to change
groups then one can change to a group one is a member of without using
the group's password.
The shadow password file has precisely the same form as the password
file, except that only the name or passwd fields are used as yet. The
other fields are zero or empty. A password in the password file may
have the form ##user to indicate the entry user in the shadow password
file. The password in this entry is then used for authentication of
the user. The shadow file can only be read by the privileged utility
pwdauth(8), so that the encrypted passwords in the shadow file are kept
secret, and thus safe from a dictionary attack.
Special password and group file entries
There are several entries in the password and group files that are pre‐
allocated for current or future use. All id's less than 10 are
reserved. The special password file entries are:
root:##root:0:0:Big Brother:/usr/src:
daemon:*:1:1:The Deuce:/etc:
bin:##root:2:0:Binaries:/usr/src:
uucp:*:5:5:UNIX to UNIX copy:/usr/spool/uucp:/usr/sbin/uucico
news:*:6:6:Usenet news:/usr/spool/news:
ftp:*:7:7:Anonymous FTP:/usr/ftp:
nobody:*:9999:99::/tmp:
ast:*:8:3:Andrew S. Tanenbaum:/usr/ast:
The root id is of course the super user. The daemon id is used by some
daemons. Some devices are protected so that only those daemons can
access them. The bin id owns all sources and most binaries. The uucp,
news and ftp id's are for serial line data transfer, usenet news, or
ftp if so needed. The nobody id is used in those cases that a program
may not have any privileges at all. The ast id is the honorary home
directory for Andrew S. Tanenbaum, the creator of MINIX 3. You can
also find the initial contents for a new home directory there.
The special group file entries are:
operator:*:0:
daemon:*:1:
bin:*:2:
other:*:3:
tty:*:4:
uucp:*:5:
news:*:6:
ftp:*:7:
kmem:*:8:
nogroup:*:99:
Groups with the same name as special user id are used with those id's.
The operator group is for the administrators of the system. Users in
this group are granted special privileges. The other group is for
ordinary users. The tty group is for terminal devices, and associated
set-gid commands. Same thing with the kmem group and memory devices.
FILES
/etc/passwd The user database.
/etc/group The group database.
/etc/shadow The shadow password file.
SEE ALSOlogin(1), passwd(1), su(1), crypt(3), getpwent(3), getgrent(3),
pwdauth(8).
NOTES
The nobody and nogroup id's are likely to be renumbered to the highest
possible id's once it is figured out what they are.
AUTHOR
Kees J. Bot (kjb@cs.vu.nl)
PASSWD(5)