`passwd`

Change the login password or create new user names (UNIX)

Syntax:

passwd [name]

Options:

name: The username whose password is to be changed or for whom an account is to be created (root only).

Description:

You can use the passwd utility to change your login password, and if you're logged in as the superuser (root), you can create a new user account.

If you're changing your password, passwd prompts for the old password and then for the new password. The new password must be entered twice, to avoid typing mistakes. Only the owner or the superuser may change a password.

To create a new user account, type:

passwd new_user_name

Make sure that the user name is no longer than 14 characters; otherwise, that user won't be able to log in.

When creating a new user account, passwd prompts for information, such as the user's group list, home directory, and shell. The /etc/default/passwd file (see "Files," below) specifies the default values for these prompts. You can edit this file to modify passwd's behavior to suit local requirements.

The /etc/passwd file contains the following fields, separated by colons:

username:has_passwd:userid:groupid:misc:home_directory:initial_command

If the has_passwd field contains an x character, a password has been defined for this user. If no character is present, no password has been defined. Use of any other character is reserved and may cause side-effects for the user.

The groupid field contains a group number. Users may log in under the groupid listed in their /etc/passwd file entry without being listed as a member of that group in the /etc/group file.

The misc field stores supplemental information, with commas separating subfields. Usually, the first subfield contains the user's "real life" name. Some utilities use this information.

The initial_command field contains the initial command to run after the user has successfully logged in. This command and any arguments it takes must be separated by tab or space characters. As the command is spawned directly (not run by a shell), no shell expansions is performed. There is no mechanism for specifying command-line arguments that contain space or tab characters themselves. (Quoting isn't supported.)

If no initial_command is specified, /bin/sh is used.

Files:

/etc/.pwlock

This file is created by passwd to indicate to other instances of passwd that the password file is currently being modified. When passwd finishes, the file is removed. See "Caveats," below.

/etc/group

This file defines the known groups for the system. It associates group names with a numerical ID and a list of usernames who are members of the group.

Entries in this file appear in the following format:

groupname::groupid:user[,user]...

/etc/passwd

Contains the user account entries. The format of entries in this file are as follows:

username:has_passwd:userid:groupid:misc:home_directory:initial_command

/etc/shadow

Contains encoded versions of the actual passwords for user accounts. The passwords themselves aren't stored in the /etc/passwd file.

/etc/opasswd /etc/oshadow

When passwd modifies a password file, it first locks the password files with the /etc/.pwlock file, then copies the contents of the current /etc/passwd and /etc/shadow files to /etc/opasswd and /etc/oshadow, respectively. If passwd is killed before it finishes writing the updated file, the password files may be restored from these backup versions. See "Caveats," below.

/etc/default/passwd

Contains the default settings that the passwd utility uses when you create a new user account. If you're the system administrator, you can edit this file, which includes:

BASEDIR=dirname: The base directory under which user directories are created. The default is /home.
SHELL=progname: The shell to use for the login shell field in new password entries. The default is /bin/sh.
UIDRANGE=low-[high]: The valid range of values for new user IDs. You can omit the high component, indicating no upper bound, but you still need the dash. The default is 100-.
GIDRANGE=low-[high]: The valid range of values for group IDs. As with UIDRANGE, you can omit the high component if there's no upper bound. The default is 100-.
DUPDIROK: If specified, passwd lets you select an existing directory as a new user's home directory. By default, this isn't allowed.
DUPUIDOK: If specified, passwd lets you select an existing user ID for a new user name. This is generally discouraged, because it allows many user names to be mapped to one user ID. By default, this isn't allowed.
NOPASSWORDOK: If specified, passwd lets you set up user accounts that don't require a password to log in. By default, this is allowed.
STRICTPASSWORD: If specified, passwd requires all passwords to contain at least two types of characters (e.g. alphabetic and punctuation). By default, this isn't set.
INSISTANT=retries: The number of times passwd asks non-root users if they really want to set up their account with no password. The default is 6. This variable is ignored if NOPASSWORDOK is set.
PROFILE=basename: The name to use for the shell's initialization file in the user's home directory. The file specified by DEFPROFILE (below) is copied there when you set up a new account. The default is .profile.
DEFPROFILE=filename: The path to a default shell-initialization file that's copied to a new user's PROFILE when you set up the account. The default is /etc/skel/.profile.
QNXCRYPT: If this is set, passwd uses the old QNX 4 encryption method, instead of the default UNIX encryption method. By default, this isn't set.

Caveats:

The passwd utility creates the /etc/.pwlock file during updates to the password database. If for some reason the system crashes at an inopportune moment and leaves this file present, passwd will refuse to work until the file is removed by the system administrator. If the password files are somehow left in an inconsistent state as a result of the crash, the system administrator should also copy /etc/oshadow to /etc/shadow and copy /etc/opasswd to /etc/passwd.

passwd