oldlinux-files/Minix/2.0.0/wwwman/man5/shadow.5.html

<HTML>
<HEAD>
<TITLE>passwd(5)</TITLE>
</HEAD>
<BODY>
<H1>passwd(5)</H1>
<HR>
<PRE>

</PRE>
<H2>NAME</H2><PRE>
     passwd, group, shadow - user and group databases, shadow passwords


</PRE>
<H2>SYNOPSIS</H2><PRE>
     <STRONG>/etc/passwd</STRONG>
     <STRONG>/etc/group</STRONG>
     <STRONG>/etc/shadow</STRONG>


</PRE>
<H2>DESCRIPTION</H2><PRE>
     <STRONG>/etc/passwd</STRONG> lists all the users of the system, and <STRONG>/etc/group</STRONG>  lists  all
     the  groups  the  users may belong to.  Both files also contain encrypted
     passwords, numeric ID's etc.  Encrypted passwords may be  hidden  in  the
     file <STRONG>/etc/shadow</STRONG> if extra protection is warranted.

     Each file is an text file containing one line per  user  or  group.   The
     data fields on a line are separated by colons.  Each line in the password
     file has the following form:

          <EM>name</EM>:<EM>passwd</EM>:<EM>uid</EM>:<EM>gid</EM>:<EM>gecos</EM>:<EM>dir</EM>:<EM>shell</EM>

     The <EM>name</EM> field is the login name of a user, it is  up  to  8  letters  or
     numbers long starting with a letter.  The login name must be unique.  The
     <EM>password</EM> field is either empty (no password), a  13  character  encrypted
     password  as returned by <STRONG><A HREF="../man3/crypt.3.html">crypt(3)</A></STRONG>, or a login name preceded by two number
     signs (#) to index the shadow password file.  Anything else  (usually  *)
     is  invalid.  The <EM>uid</EM> and <EM>gid</EM> fields are two numbers indicating the users
     user-id and group-id.  These id's do not have to be unique, there may  be
     more than one name with the same id's.  The <EM>gecos</EM> field can be set by the
     user.  It is expected to be a comma separated list of personal data where
     the  first  item is the full name of the user.  The <EM>dir</EM> field is the path
     name of the users home directory.  Lastly the <EM>shell</EM>  field  is  the  path
     name  of  the  users login shell, it may be empty to indicate <STRONG>/bin/sh</STRONG>.  A
     Minix specific extension allows the shell field to  contain  extra  space
     separated arguments for the shell.

     Lines in the group file consist of four fields:

          <EM>name</EM>:<EM>passwd</EM>:<EM>gid</EM>:<EM>mem</EM>

     The <EM>name</EM> field is the name of the group, same  restrictions  as  a  login
     name.   The <EM>passwd</EM> field may be used to let users change groups.  The <EM>gid</EM>
     field is a number telling the group-id.  The group-id  is  unique  for  a
     group.   The  <EM>mem</EM> field is a comma separated list of login names that are
     special members of the group.  If a system supports  supplementary  group
     id's  then  a  user's  set  of supplementary group id's is set to all the
     groups they are a member of.  If a system allows  one  to  change  groups
     then  one  can  change  to  a  group one is a member of without using the
     group's password.


     The shadow password file has precisely the  same  form  as  the  password
     file,  except  that  only the <EM>name</EM> or <EM>passwd</EM> fields are used as yet.  The
     other fields are zero or empty.  A password in the password file may have
     the  form  <STRONG>##</STRONG><EM>user</EM> to indicate the entry <EM>user</EM> in the shadow password file.
     The password in this entry is then used for authentication of  the  user.
     The shadow file can only be read by the privileged utility <STRONG><A HREF="../man8/pwdauth.8.html">pwdauth(8)</A></STRONG>, so
     that the encrypted passwords in the shadow file are kept secret, and thus
     safe from a dictionary attack.

  <STRONG>Special</STRONG> <STRONG>password</STRONG> <STRONG>and</STRONG> <STRONG>group</STRONG> <STRONG>file</STRONG> <STRONG>entries</STRONG>
     There are several entries in  the  password  and  group  files  that  are
     preallocated  for  current  or  future  use.   All  id's less than 10 are
     reserved.  The special password file entries are:

          root:##root:0:0:Big Brother:/usr/src:
          daemon:*:1:1:The Deuce:/etc:
          bin:##root:2:0:Binaries:/usr/src:
          uucp:*:5:5:UNIX to UNIX copy:/usr/spool/uucp:/usr/sbin/uucico
          news:*:6:6:Usenet news:/usr/spool/news:
          ftp:*:7:7:Anonymous FTP:/usr/ftp:
          nobody:*:9999:99::/tmp:
          ast:*:8:3:Andrew S. Tanenbaum:/usr/ast:

     The <STRONG>root</STRONG> id is of course the super user.  The <STRONG>daemon</STRONG> id is used  by  some
     daemons.   Some  devices  are  protected  so  that only those daemons can
     access them.  The <STRONG>bin</STRONG> id owns all sources and most binaries.   The  <STRONG>uucp</STRONG>,
     <STRONG>news</STRONG>  and <STRONG>ftp</STRONG> id's are for serial line data transfer, usenet news, or ftp
     if so needed.  The <STRONG>nobody</STRONG> id is used in those cases that  a  program  may
     not  have  any  privileges  at  all.   The  <STRONG>ast</STRONG>  id  is the honorary home
     directory for Andrew S. Tanenbaum, the creator of Minix.   You  can  also
     find the initial contents for a new home directory there.

     The special group file entries are:

          operator:*:0:
          daemon:*:1:
          bin:*:2:
          other:*:3:
          tty:*:4:
          uucp:*:5:
          news:*:6:
          ftp:*:7:
          kmem:*:8:
          nogroup:*:99:

     Groups with the same name as special user id are used  with  those  id's.
     The  <STRONG>operator</STRONG>  group  is  for the administrators of the system.  Users in
     this group are granted  special  privileges.   The  <STRONG>other</STRONG>  group  is  for
     ordinary  users.   The  <STRONG>tty</STRONG> group is for terminal devices, and associated
     set-gid commands.  Same thing with the <STRONG>kmem</STRONG> group and memory devices.


</PRE>
<H2>FILES</H2><PRE>

     <STRONG>/etc/passwd</STRONG>    The user database.

     <STRONG>/etc/group</STRONG>     The group database.

     <STRONG>/etc/shadow</STRONG>    The shadow password file.


</PRE>
<H2>SEE ALSO</H2><PRE>
     <STRONG><A HREF="../man1/login.1.html">login(1)</A></STRONG>,   <STRONG><A HREF="../man1/passwd.1.html">passwd(1)</A></STRONG>,   <STRONG><A HREF="../man1/su.1.html">su(1)</A></STRONG>,   <STRONG><A HREF="../man3/crypt.3.html">crypt(3)</A></STRONG>,   <STRONG><A HREF="../man3/getpwent.3.html">getpwent(3)</A></STRONG>,   <STRONG><A HREF="../man3/getgrent.3.html">getgrent(3)</A></STRONG>,
     <STRONG><A HREF="../man8/pwdauth.8.html">pwdauth(8)</A></STRONG>.


</PRE>
<H2>NOTES</H2><PRE>
     The <STRONG>nobody</STRONG> and <STRONG>nogroup</STRONG> id's are likely to be renumbered  to  the  highest
     possible id's once it is figured out what they are.


</PRE>
<H2>AUTHOR</H2><PRE>
     Kees J. Bot (kjb@cs.vu.nl)
































</PRE>
</BODY>
</HTML>