Passwd
Line 22: | Line 22: | ||
== Software == | == Software == | ||
− | * Many standard utility programs are related to reading and writing these files, including <code>passwd</code>, <code>usermod</code>, <code>vipw</code>, and <code>getent</code>. | + | * Many standard utility programs are related to reading and writing these files, including <code>[https://linux.die.net/man/1/passwd passwd]</code>, <code>[https://linux.die.net/man/8/usermod usermod]</code>, <code>[https://linux.die.net/man/8/vipw vipw]</code>, and <code>[https://linux.die.net/man/1/getent getent]</code>. |
− | * Programmatically, to look up user information, the <code>getpwent</code> family of C library functions may be used. (But password-related functions should probably be done via PAM instead, i.e. with [https://linux.die.net/man/3/pam_authenticate pam_authenticate] and related functions.) | + | * Programmatically, to look up user information, the <code>[https://linux.die.net/man/3/getpwent getpwent]</code> family of C library functions may be used. (But password-related functions should probably be done via PAM instead, i.e. with <code>[https://linux.die.net/man/3/pam_authenticate pam_authenticate]</code> and related functions.) |
== Links == | == Links == | ||
Line 32: | Line 32: | ||
* [https://www.ibm.com/support/knowledgecenter/en/ssw_aix_71/com.ibm.aix.security/passwords_etc_passwd_file.htm IBM Knowledge Center: Using the /etc/passwd file] | * [https://www.ibm.com/support/knowledgecenter/en/ssw_aix_71/com.ibm.aix.security/passwords_etc_passwd_file.htm IBM Knowledge Center: Using the /etc/passwd file] | ||
* [http://www.linfo.org/etc_passwd.html LINFO: The /etc/passwd File] | * [http://www.linfo.org/etc_passwd.html LINFO: The /etc/passwd File] | ||
+ | * [https://linux.die.net/man/5/passwd passwd(5) - Linux man page] | ||
+ | * [https://linux.die.net/man/5/shadow shadow(5) - Linux man page] | ||
+ | * [https://linux.die.net/man/5/group group(5) - Linux man page] | ||
[[Category:File formats with a distinctive filename]] | [[Category:File formats with a distinctive filename]] | ||
{{DISPLAYTITLE:passwd}} | {{DISPLAYTITLE:passwd}} |
Revision as of 16:58, 2 May 2017
This article describes the format of the traditional Unix /etc/passwd
file, and related files, including /etc/shadow
, /etc/group
, and /etc/gshadow
. These files contain information about user accounts. They use text-based formats with colon-separated fields, with one line per user or group.
Note that on modern systems, this is not the only way to manage users. Other methods, such as LDAP or Winbind, may be used as well. The methods to use are usually configured in the /etc/nsswitch.conf
file.
The name of the passwd
file has become a misnomer, as (hashed) passwords are now rarely stored in it. If hashed passwords are stored locally, they will be in the shadow
file instead.
Contents |
Password field
The password field in the passwd
or shadow
file originally consisted of a single-block DES hash of the user's password. As such, it was limited to 8 7-bit characters.
That turned out to be way too insecure. Modern systems use a different format, which begins with a dollar sign:
$<algorithm-id>$<salt>$<hashed password>
GECOS
The so-called GECOS field in the passwd
file contains several comma-separated subfields. The subfields include the user's full name, and other information such as phone numbers.
The name GECOS is a nonsensical accident of history. It originally stood for something like General Electric Comprehensive Operating Supervisor (there is conflicting information about whether the S stood for Supervisor, or System).
Software
- Many standard utility programs are related to reading and writing these files, including
passwd
,usermod
,vipw
, andgetent
. - Programmatically, to look up user information, the
getpwent
family of C library functions may be used. (But password-related functions should probably be done via PAM instead, i.e. withpam_authenticate
and related functions.)