The password file is /etc/passwd, and it is the database file for all users on the system. The format of each line is as follows:
The fields are self-explanatory except for the gecos field. This field is for miscellaneous information about the user, such as the users' full name, his office location, office and home phone numbers, and possibly a brief text message. For security and privacy reasons, this field is little used nowadays, but the system administrator should be aware of its existence because the gecos field is used by traditional UNIX programs such as finger and mail. For that reason, it is commonly referred to as the finger information field. The data in this field will be comma delimited; the gecos field can be changed with the cgfn (change finger) command.
Note that a colon separates all fields in the /etc/passwd file. If no information is available for a field, that field is empty, but all the colons remain.
If an asterisk appears in the password field, that user will not be permitted to log on. Why does this feature exist? So that a user can be easily disabled and (possibly) reinstated later without having to be created all over again. The system administrator manually edits this field, which is the traditional UNIX way of accomplishing this task. Ubuntu provides improved functionality with the passwd -l command mentioned earlier.
Several services run as pseudo-users, usually with root permissions. These are the system, or logical, users mentioned previously. You would not want these accounts available for general login for security reasons, so they are assigned /sbin/nologin as their shell, which prohibits any logins from those "users."
A list of /etc/passwd reveals the following:
$ cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh dhcp:x:101:101::/nonexistent:/bin/false syslog:x:102:102::/home/syslog:/bin/false klog:x:103:103::/home/klog:/bin/false cupsys:x:100:106::/home/cupsys:/bin/false messagebus:x:104:107::/var/run/dbus:/bin/false haldaemon:x:108:108:Hardware abstraction layer, , , :/var/run/hal:/bin/false gdm:x:105:111:Gnome Display Manager:/var/lib/gdm:/bin/false hplip:x:106:7:HPLIP system user,,,:/var/run/hplip:/bin/false andrew:x:10 00:10 00:Andrew Hudson,17,01225112233,01225445566:\ /home/andrew:/bin/bash beagleindex:x:107:65534::/var/cache/beagle:/bin/false
Note that all the password fields do not show a password, but contain an x because they are shadow passwords, a useful security enhancement to Linux, discussed in the following section.
Was this article helpful?