The / etc/passwd file contains essential information required during login.
It contains entries (one per line) for all valid users of the system. Typically, the system administrator would modify or change these fields when adding new users to the system. As an easier alternative, the system administrator could use the SAM program to add users, which adds/changes the fields automatically (see the System Administration Tasks manual for details).
4 Syntax of Entries
The general form of / etc/passwd entries is:
username : password [ ,pw_ age] : use rid : groupid: idstring: homedir: command A colon. Fields are separated by colons.
username The username for which a user can login. login assigns this value to the environment variable LOGNAME. The logname command displays this value (see logname(l) in the HP- UX Reference).
password The encrypted form of the password the user must supply during login for this username.
If this field is empty ( : :), the user has no password and can login without typing one. This form of password is not recommended since it could lead to security problems.
Users can change their password wi thou t su peruser privilege by using the passwd command (see passwd(l) in the HP-UX Reference ).
Password aging, an additional security feature, can be added too, as described next under ,pw_age.
Note On trusted systems, the password field contains only a *, and passwords are stored in a separate file, / . secure/ etc/passwd.
For details on trusted system, see HP-UX System Security.
,pw_age An optional aging field. Can be used to ensure that a user is forced to change his or her password every n-week interval, where n is 4-8 Login
defined by the system administrator. This field is comprised of these parts:
,max min wks
There should be no spaces between the max, min, and wks parameters. They are shown separated here only to improve readability.
The comma sets off the age fields from the encrypted password which precedes it.
max A single character representing the maximum number of weeks the user can use the password before being forced to use a new password. This character is encrypted as shown in Table 4-1:
Table 4-1.
Password Aging Encryption Characters Character Weeks
0
/ 1
o through 9 2 through 11 A through Z 12 through 37 a through z 38 through 63
mzn A single character representing the minimum number of weeks the user must use the current password before being allowed to change it. Like the max character, the min character is encrypted, as shown in Table 4-l.
wks A string of encrypted characters defining the number of weeks (counted from the beginning of 1970) when the password was last changed. The login program uses and updates this field to enforce password aging. A null value is equivalent to specifying zero weeks.
If max and min are zero (e.g., ,pw_age is , .. ), the user is forced to enter a password at the next login attempt and this field
Login 4-9
4
4
use rid
groupid
is removed. If min is greater than max, then only the system administrator can change the password.
See the password example for terry in the next section, "Sample /etc/passwd Entries".
A numeric user ID. Must be unique for each user. The id
command displays this value (see id(l) in the HP-UX Reference).
Group ID of the group to which the user belongs. Must be a valid group ID defined in fete/group. The id command displays this value (see id(l) in the HP-UX Reference).
idstring A character string, typically holds the user's full name.
homedir Directory to use as the home directory-that is, the directory in which the user is initially placed after login. login assigns this value to the HOME environment variable.
command login runs command using the exee system call (see exec( 2) in the HP- UX Reference). Any command can be placed in this field, but typically it contains the path name of a shell: /bin/ksh, /bin/sh, /bin/ esh, or /bin/pam.
login assigns this value to the SHELL environment variable.
Users can change their default shell without superuser privelege via the ehsh (change shell) command (see chsh(l) in the HP-UX Reference) .
For more details on the format of the / ete/passwd file, (see passwd( 4) in the HP-UX Reference).
4-10 Login
Sample /etc/passwd Entries
root:xE5/0qrnYf8Hg:O:1:System Administrator:/:/bin/sh
Defines the root user (superuser) with an encrypted password, user ID 0, group ID 1, ID string "System Administrator" , home directory / (root), and who uses the Bourne shell.
michael:, .. :125:10:Michael Moose:/users/michael:/bin/ksh
Defines a user named michael who when he next tries to login, the
system will force him to enter a new password (indicated by ", .. " in 4 the password field). In addition, he has user ID 125, group ID 10, id
string "Michael Moose", home directory /users/michael, and he uses the Korn shell.
terry:,9/:265:20:Terry Kellog:/users/terry:/bin/ksh
Defines a user named terry who has password aging enabled. login will force terry to change her password every 11 weeks-indicated by the 9 as the max element of the pw_age field (,9/). In addition, terry cannot change her password more than once a week-indicated by the / as the min component of pw_age (,9/).
guest:/bin/rsh
Defines a guest user who has a restricted shell.
who::90:1::/:/bin/who
Defines a user named who with no password, user id 90, group id 1, home directory /, and command /bin/who. If a user attempts to login using username who, the system simply runs the who command and displays its output to the screen.
date::91:1::/:/bin/date
This is similar to the who entry. When the user types date to the login: prompt, the system runs the date command.
Login 4·11