NAME 名稱

passwd - 密碼文件  

描述

Passwd 是個文本文件, 它包含了一個系統(tǒng)帳戶列表, 給出每個帳戶一些有用的信息，比如用戶 ID,組 ID, 家目錄, shell,等. 通常它也包含了每個用戶經(jīng)過加密的密碼. 它通常應(yīng)該是可讀的（許多命令，工具程序，象 ls(1) 用它做用戶 Id 到用戶名稱的映射）,但是只允許超級用戶有寫方式權(quán)限.

在過去美好的日子里，這種一般的讀許可沒有什么大問題. 每個人都能讀到加密了的密碼，因為硬件太慢以至于不能解開一個精選的密碼，另外，這基本假定是為友好的使用團體使用的. 現(xiàn)在，許多人運行一些版本的影子密碼套件，它們在 /etc/passwd 的密碼域里是 *，而不再是加密的口令，加密的口令放在 /etc/shadow 中，那個文件只有超級用戶能讀．

不管是否使用了影子密碼，許多系統(tǒng)管理員使用一個星號在加密的密碼字段以確保用戶不能鑒別他（她）自己的密碼. (見下面的注意)

如果你建立了一個新的登錄，首先放個星號在密碼字段, 然后使用 passwd(1) 設(shè)置它.

（密碼文件）里每行一條記錄，并且每行有這樣的格式：

account:password:UID:GID:GECOS:directory:shell （帳號:密碼:用戶ID:組ID:一般的信息:目錄:shell）

字段描述如下:

account

使用者在系統(tǒng)中的名字，它不能包含大寫字母.

password

加密的用戶密碼，或者星號。

UID

用戶 ID 數(shù)。

GID

用戶的主要組 ID 數(shù)。

GECOS

這字段是可選的，通常為了存放信息目的而設(shè)的．通常，它包含了用戶的全名. GECOS 意思是通用電氣綜合操作系統(tǒng)（General Electric Comprehensive Operating System）, 當(dāng) GE 的大型系統(tǒng)部分割售賣給 Honeywell 時它被改為 GCOS. Dennis Ritchie 作過報告："有時我們發(fā)送印刷品或批道作業(yè)到 GCOS機器時，gcos 字段打斷了 $IDENT 卡的信息，不太美觀。"（譯者：我想是太長吧）

directory

用戶的 $HOME 目錄.

shell

登錄時運行的程序（如果空的，使用 /bin/sh). 如果設(shè)為不存在的執(zhí)行（程序），用戶不能通過 login(1) 登錄.

注意

如果你想建立用戶組，他們的 GID 必須相等并且一定是在 /etc/group的一條記錄, 要不然組就不存在．

如果加密密碼設(shè)成星號，用戶將不能用 login(1) 來登錄, 但依然可以用 rlogin(1) 登錄, 通過 rsh(1) 或者 cron(1) 或者 at(1) 或者 mail 過濾器等程序運行已有的進程和開始新的等. 試圖通過簡單改變 shell 字段鎖住一個用戶結(jié)果是一樣的，而且還附上了使用 su(1) 的權(quán)限．  

相關(guān)文件

/etc/passwd  

又見

passwd(1), login(1), su(1), group(5), shadow(5)
#p#

NAME

passwd - password file  

DESCRIPTION

Passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. Often, it also contains the encrypted passwords for each account. It should have general read permission (many utilities, like ls(1) use it to map user IDs to user names), but write access only for the superuser.

In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community. These days many people run some version of the shadow password suite, where /etc/passwd has *'s instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.

Regardless of whether shadow passwords are used, many sysadmins use a star in the encrypted password field to make sure that this user can not authenticate him- or herself using a password. (But see the Notes below.)

If you create a new login, first put a star in the password field, then use passwd(1) to set it.

There is one entry per line, and each line has the format:

account:password:UID:GID:GECOS:directory:shell

The field descriptions are:

account

the name of the user on the system. It should not contain capital letters.

password

the encrypted user password or a star.

UID

the numerical user ID.

GID

the numerical primary group ID for this user.

GECOS

This field is optional and only used for informational purposes. Usually, it contains the full user name. GECOS means General Electric Comprehensive Operating System, which has been renamed to GCOS when GE's large systems division was sold to Honeywell. Dennis Ritchie has reported: "Sometimes we sent printer output or batch jobs to the GCOS machine. The gcos field in the password file was a place to stash the information for the $IDENTcard. Not elegant."

directory

the user's $HOME directory.

shell

the program to run at login (if empty, use /bin/sh). If set to a non-existing executable, the user will be unable to login through login(1).

NOTE

If you want to create user groups, their GIDs must be equal and there must be an entry in /etc/group, or no group will exist.

If the encrypted password is set to a star, the user will be unable to login using login(1), but may still login using rlogin(1), run existing processes and initiate new ones through rsh(1), cron(1), at(1), or mail filters, etc. Trying to lock an account by simply changing the shell field yields the same result and additionally allows the use of su(1).  

FILES

/etc/passwd  

SEE ALSO

passwd(1), login(1), su(1), group(5), shadow(5)