HPUX passwd[4]
passwd in anderen Kapiteln des hpux Handbuch:
passwd.1
passwd(4) passwd(4)
NAME
passwd - password file, pwd.h
DESCRIPTION
passwd contains the following information for each user:
o login name
o encrypted password
o numerical user ID
o numerical group ID
o reserved field, which can be used for identification
o initial working directory
o program to use as shell
This is an ASCII file. Each field within each user's entry is
separated from the next by a colon. Each user is separated from the
next by a new-line. This file resides in the /etc directory. It can
and does have general read permission and can be used, for example, to
map numerical user IDs to names If the password field is null and
/.secure/etc/passwd does not exist, no password is demanded.
If the shell field is null, /bin/sh is used.
The system ignores the encrypted password field in /etc/passwd
entries. The encrypted password consists of 13 characters chosen from
a 64-character set of ``digits'' described below, except when the
password is null, in which case the encrypted password is also null.
Login can be prevented by entering in the password field a character
that is not part of the set of digits (such as *).
The characters used to represent ``digits'' are . for 0, / for 1, 0
through 9 for 2 through 11, A through Z for 12 through 37, and a
through z for 38 through 63.
Password aging is put in effect for a particular user if his encrypted
password in the password file is followed by a comma and a non-null
string of characters from the above alphabet. (Such a string must be
introduced in the first instance by the super-user.) This string
defines the ``age'' needed to implement password aging.
The first character of the age, M, denotes the maximum number of weeks
for which a password is valid. A user who attempts to login after his
password has expired is forced to supply a new one. The next
character, m, denotes the minimum period in weeks that must expire
before the password can be changed. The remaining characters define
the week (counted from the beginning of 1970) when the password was
last changed (a null string is equivalent to zero). M and m have
numerical values in the range 0 through 63 that correspond to the 64-
character set of ``digits'' shown above. If m = M = 0 (derived from
the string . or ..) the user is forced to change his password next
time he logs in (and the ``age'' disappears from his entry in the
Hewlett-Packard Company - 1 - HP-UX Release 9.0: August 1992
passwd(4) passwd(4)
password file). If m > M (signified, for example, by the string ./)
only the super-user can change the password.
getpwent(3C) designates values to the fields in the following
structure declared in <pwd.h>:
struct passwd {
char *pw_name;
char *pw_passwd;
int pw_uid;
int pw_gid;
char *pw_age;
char *pw_comment;
char *pw_gecos;
char *pw_dir;
char *pw_shell;
long pw_audid;
int pw_audflg;
};
It is suggested that the range 0-99 not be used for user and group IDs
(pw_uid and pw_gid in the above structure) so that IDs that might be
assigned for system software do not conflict.
The user's full name, office location, extension, and home phone
stored in the pw_gecos field of the passwd structure can be set by use
of the chfn command (see chfn(1)) and is used by the finger(1)
command. These two commands assume the information in this field is
in the order listed above. A portion of the user's real name can be
represented in the pw_gecos field by an & character, which some
utilities (including finger) expand by substituting the login name for
it and shifting the first letter of the login name to uppercase.
SECURITY FEATURES
A second password file, /.secure/etc/passwd maintains encrypted
passwords on the system and prevents users from viewing them. The
/.secure/etc/passwd file contains for each user the following
information:
o login name
o encrypted password
o numerical audit ID
o numerical audit flag
Like /etc/passwd, /.secure/etc/passwd is an ASCII file. Fields within
each user's entry are separated by colons. When it exists on the
system, /.secure/etc/passwd contains the encrypted passwords to
prevent access by non-privileged users.
Hewlett-Packard Company - 2 - HP-UX Release 9.0: August 1992
passwd(4) passwd(4)
The passwords contained in /.secure/etc/passwd take precedence over
those contained in the encrypted password field of /etc/passwd. User
authentication is done using the encrypted passwords in this file.
The password aging mechanism described above also applies to
/.secure/etc/passwd.
The pw_audid and pw_audflg also reside in /.secure/etc/passwd.
getpwent(3C) designates values to the fields in the following
structure, which is declared in <pwd.h>:
struct s_passwd {
char *pw_name;
char *pw_passwd;
long pw_audid;
int pw_audflg;
};
NETWORKING FEATURES
NFS
The passwd file can have entries that begin with a plus (+) or minus
(-) sign in the first column. Such lines are used to access the
Network Information System network database. A line beginning with a
plus (+) is used to incorporate entries from the Network Information
System. There are three styles of + entries:
+ Insert the entire contents of the Network Information
System password file at that point;
+name Insert the entry (if any) for name from the Network
Information System at that point
+@name Insert the entries for all members of the network
group name at that point.
If a + entry has a non-null password, directory, gecos, or shell
field, they override what is contained in the Network Information
System. The numerical user ID and group ID fields cannot be
overridden.
The passwd file can also have lines beginning with a minus (-), which
disallow entries from the Network Information System. There are two
styles of - entries:
-name Disallow any subsequent entries (if any) for name.
-@name Disallow any subsequent entries for all members of
the network group name.
WARNINGS
User ID (uid) 17 is reserved for the Pascal Language operating system.
Hewlett-Packard Company - 3 - HP-UX Release 9.0: August 1992
passwd(4) passwd(4)
User ID (uid) 18 is reserved for the BASIC Language operating system.
These are operating systems for Series 300 and 400 computers that can
co-exist with HP-UX on the same disk. Using these uids for other
purposes may inhibit file transfer and sharing.
The information kept in the pw_gecos field may conflict with
unsupported or future uses of this field. Use of the pw_gecos field
for keeping user identification information has not been formalized
within any of the industry standards. The current use of this field
is derived from its use within the Berkeley Software Distribution.
Future standards may define this field for other purposes.
The following fields have character limitations as noted:
o Login name field can be no longer than 8 characters;
o Initial working directory field can be no longer than 63
characters;
o Program field can be no longer than 44 characters.
o Results are unpredictable if these fields are longer than the
limits specified above.
The following fields have numerical limitations as noted:
o The user ID is an integer value between -2 and UID_MAX
inclusive.
o The group ID is an integer value between 0 and UID_MAX
inclusive.
o If either of these values are out of range, the getpwent(3C)
functions reset the ID value to (UID_MAX).
EXAMPLES
NFS Example
Here is a sample /etc/passwd file:
root:3Km/o4Cyq84Xc:0:10:System Administrator:/:/bin/sh
joeuser:r4hRJr4GJ4CqE:100:50:Joe User,Post 4A,12345:/users/joeuser:/bin/ksh
+john:
-bob:
+@documentation:no-login:
-@marketing:
+:::Guest
In this example, there are specific entries for users root and
joeuser, in case the Network Information System are out of order.
Hewlett-Packard Company - 4 - HP-UX Release 9.0: August 1992
passwd(4) passwd(4)
o User john's password entry in the Network Information System
is incorporated without change.
o Any subsequent entries for user bob are ignored.
o The password field for anyone in the netgroup documentation
is disabled.
o Users in netgroup marketing are not returned by getpwent(3C)
and thus are not allowed to log in.
o Anyone else can log in with their usual password, shell, and
home directory, but with a pw_gecos field of Guest.
NFS Warnings
The plus (+) and minus (-) features are NFS functionality; therefore,
if NFS is not installed, they do not work. Also, these features work
only with /etc/passwd, but not with /.secure/etc/passwd. When
/.secure/etc/passwd is installed, the encrypted passwords can be
accessed only in /.secure/etc/passwd. Any user entry in the Network
Information System database also must have an entry in
/.secure/etc/passwd.
The uid of -2 is reserved for remote root access by means of NFS.
The pw_name usually given to this uid is nobody. Since uids are
stored as unsigned values, the following define is included in
<pwd.h> to match the user nobody.
UID_NOBODY ((ushort) 0xfffe)
FILES
/etc/passwd
SEE ALSO
chfn(1), finger(1), login(1), passwd(1), a64l(3C), crypt(3C),
getpwent(3C), limits(5).
STANDARDS CONFORMANCE
passwd: SVID2, XPG2
Hewlett-Packard Company - 5 - HP-UX Release 9.0: August 1992