NAME
passwd, group, shadow - user and group databases, shadow
passwords
SYNOPSIS
/etc/passwd
/etc/group
/etc/shadow
DESCRIPTION
/etc/passwd lists all the users of the system, and
/etc/group lists all the groups the users may belong to.
Both files also contain encrypted passwords, numeric ID's
etc. Encrypted passwords may be hidden in the file
/etc/shadow if extra protection is warranted.
Each file is an text file containing one line per user or
group. The data fields on a line are separated by colons.
Each line in the password file has the following form:
name:passwd:uid:gid:gecos:dir:shell
The name field is the login name of a user, it is up to 8
letters or numbers long starting with a letter. The login
name must be unique. The password field is either empty (no
password), a 13 character encrypted password as returned by
crypt(3), or a login name preceded by two number signs (#)
to index the shadow password file. Anything else (usually
*) is invalid. The uid and gid fields are two numbers indi-
cating the users user-id and group-id. These id's do not
have to be unique, there may be more than one name with the
same id's. The gecos field can be set by the user. It is
expected to be a comma separated list of personal data where
the first item is the full name of the user. The dir field
is the path name of the users home directory. Lastly the
shell field is the path name of the users login shell, it
may be empty to indicate /bin/sh. A MINIX 3 specific exten-
sion allows the shell field to contain extra space separated
arguments for the shell.
Lines in the group file consist of four fields:
name:passwd:gid:mem
The name field is the name of the group, same restrictions
as a login name. The passwd field may be used to let users
change groups. The gid field is a number telling the
group-id. The group-id is unique for a group. The mem
field is a comma separated list of login names that are spe-
cial members of the group. If a system supports supplemen-
tary group id's then a user's set of supplementary group
id's is set to all the groups they are a member of. If a
system allows one to change groups then one can change to a
group one is a member of without using the group's password.
The shadow password file has precisely the same form as the
password file, except that only the name or passwd fields
are used as yet. The other fields are zero or empty. A
password in the password file may have the form ##user to
indicate the entry user in the shadow password file. The
password in this entry is then used for authentication of
the user. The shadow file can only be read by the
privileged utility pwdauth(8), so that the encrypted pass-
words in the shadow file are kept secret, and thus safe from
a dictionary attack.
Special password and group file entries
There are several entries in the password and group files
that are preallocated for current or future use. All id's
less than 10 are reserved. The special password file
entries are:
root:##root:0:0:Big Brother:/usr/src:
daemon:*:1:1:The Deuce:/etc:
bin:##root:2:0:Binaries:/usr/src:
uucp:*:5:5:UNIX to UNIX copy:/usr/spool/uucp:/usr/sbin/uucico
news:*:6:6:Usenet news:/usr/spool/news:
ftp:*:7:7:Anonymous FTP:/usr/ftp:
nobody:*:9999:99::/tmp:
ast:*:8:3:Andrew S. Tanenbaum:/usr/ast:
The root id is of course the super user. The daemon id is
used by some daemons. Some devices are protected so that
only those daemons can access them. The bin id owns all
sources and most binaries. The uucp, news and ftp id's are
for serial line data transfer, usenet news, or ftp if so
needed. The nobody id is used in those cases that a program
may not have any privileges at all. The ast id is the
honorary home directory for Andrew S. Tanenbaum, the creator
of MINIX 3. You can also find the initial contents for a
new home directory there.
The special group file entries are:
operator:*:0:
daemon:*:1:
bin:*:2:
other:*:3:
tty:*:4:
uucp:*:5:
news:*:6:
ftp:*:7:
kmem:*:8:
nogroup:*:99:
Groups with the same name as special user id are used with
those id's. The operator group is for the administrators of
the system. Users in this group are granted special
privileges. The other group is for ordinary users. The tty
group is for terminal devices, and associated set-gid com-
mands. Same thing with the kmem group and memory devices.
FILES
/etc/passwd The user database.
/etc/group The group database.
/etc/shadow The shadow password file.
SEE ALSO
login(1), passwd(1), su(1), crypt(3), getpwent(3), get-
grent(3), pwdauth(8).
NOTES
The nobody and nogroup id's are likely to be renumbered to
the highest possible id's once it is figured out what they
are.
AUTHOR
Kees J. Bot (kjb@cs.vu.nl)