Contains basic user attributes.
The /etc/passwd file contains basic user attributes. This is an ASCII file that contains an entry for each user. Each entry defines the basic attributes applied to a user. When you use the mkuser command to add a user to your system, the command updates the /etc/passwd file.
An entry in the /etc/passwd file has the following form:
Name:Password: UserID:PrincipleGroup:Gecos: HomeDirectory:Shell
Attributes in an entry are separated by a : (colon). For this reason, you should not use a : (colon) in any attribute. The attributes are defined as follows:
Attribute | Definition |
---|---|
Name | Specifies the user's login name. The user name must be a unique string of 8 bytes or less. There are a number of restrictions on naming users. See the mkuser command for more information. |
Password | Contains an * (asterisk) indicating an invalid password or an ! (exclamation point) indicating that the password is in the /etc/security/passwd file. Under normal conditions, the field contains an !. If the field has an * and a password is required for user authentication, the user cannot log in. |
UserID | Specifies the user's unique numeric ID. This ID is used for discretionary access control. The value is a unique decimal integer. |
PrincipleGroup | Specifies the user's principal group ID. This must be the numeric ID of a group in the user database or a group defined by a network information service. The value is a unique decimal integer. |
Gecos | Specifies general information about the user that is not needed by the system, such as an office or phone number. The value is a character string. The Gecos field cannot contain a colon. |
HomeDirectory | Specifies the full path name of the user's home directory. If the user does not have a defined home directory, the home directory of the guest user is used. The value is a character string. |
Shell | Specifies the initial program or shell that is executed after a user invokes the login command or su command. If a user does not have a defined shell, /usr/bin/sh, the system shell, is used. The value is a character string that may contain arguments to pass to the initial program. |
Users can have additional attributes in other system files. See the "Files" section for additional information.
You should access the user database files through the system commands and subroutines defined for this purpose. Access through other commands or subroutines may not be supported in future releases. Use the following commands to access user database files:
The mkuser command adds new entries to the /etc/passwd file and fills in the attribute values as defined in the /usr/lib/security/mkuser.default file.
The Password attribute is always initialized to an * (asterisk), an invalid password. You can set the password with the passwd or pwdadm command. When the password is changed, an ! (exclamation point) is added to the /etc/passwd file, indicating that the encrypted password is in the /etc/security/passwd file.
Use the chuser command to change all user attributes except Password. The chfn command and the chsh command change the Gecos attribute and Shell attribute, respectively. To display all the attributes in this file, use the lsuser command. To remove a user and all the user's attributes, use the rmuser command.
To write programs that affect attributes in the /etc/passwd file, use the subroutines listed in Related Information.
Access Control: This file should grant read (r) access to all users and write (w) access only to the root user and members of the security group.
smith:*:100:100:8A-74(office):/home/smith:/usr/bin/sh guest:*:200:0::/home/guest:/usr/bin/sh
The fields are in the following order: user name, password, user ID, primary group, general (gecos) information, home directory, and initial program (login shell). The * (asterisk) in the password field indicates that the password is invalid. Each attribute is separated by a : (colon).
smith:!:100:100:8A-74(office):/home/smith:/usr/bin/sh
The ! (exclamation point) indicates that an encrypted password is stored in the /etc/security/passwd file.
/etc/passwd | Contains basic user attributes. |
/usr/lib/security/mkuser.default | Contains default attributes for new users. |
/etc/group | Contains the basic attributes of groups. |
/etc/security/group | Contains the extended attributes of groups. |
/etc/security/passwd | Contains password information. |
/etc/security/user | Contains the extended attributes of users. |
/etc/security/environ | Contains the environment attributes of users. |
/etc/security/limits | Contains the process resource limits of users. |
The chfn command, chsh command, chuser command, lsuser mkuser command, passwd command, pwdadm command, pwdck command, rmuser command.
The endpwent subroutine, enduserdb subroutine, getpwent subroutine, getpwnam subroutine, getpwuid subroutine, getuserattr subroutine, IDtouser subroutine, nextuser subroutine, putpwent subroutine, putuserattr subroutine, setuserdb subroutine.
Security Administration in AIX 5L Version 5.2 System Management Concepts: Operating System and Devices.