ahill/shadow
1
0
Fork 0
mirror of https://github.com/shadow-maint/shadow.git synced 2026-01-26 22:12:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
shadow/man/shadow.5.xml
Dominika Borges 8d19543da1 man: Update doc style in shadow man page
2025-06-09 10:23:37 +02:00

287 lines
8.5 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!--
SPDX-FileCopyrightText: 1989 - 1990, Julianne Frances Haugh
SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
SPDX-License-Identifier: BSD-3-Clause
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!-- SHADOW-CONFIG-HERE -->
]>
<refentry id='shadow.5'>
<!-- $Id$ -->
<refentryinfo>
<author>
<firstname>Julianne Frances</firstname>
<surname>Haugh</surname>
<contrib>Creation, 1989</contrib>
</author>
<author>
<firstname>Thomas</firstname>
<surname>Kłoczko</surname>
<email>kloczek@pld.org.pl</email>
<contrib>shadow-utils maintainer, 2000 - 2007</contrib>
</author>
<author>
<firstname>Nicolas</firstname>
<surname>François</surname>
<email>nicolas.francois@centraliens.net</email>
<contrib>shadow-utils maintainer, 2007 - now</contrib>
</author>
</refentryinfo>
<refmeta>
<refentrytitle>shadow</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="sectdesc">File Formats and Configuration Files</refmiscinfo>
<refmiscinfo class="source">shadow-utils</refmiscinfo>
<refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>shadow</refname>
<refpurpose>shadowed password file</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<filename>shadow</filename> is a file which contains the password
information for the system's accounts and optional aging
information.
</para>
<para>
This file must not be readable by regular users if password security
is to be maintained.
</para>
<para>
Each line of this file contains 9 fields, separated by colons
(<quote>:</quote>), in the following order:
</para>
<variablelist>
<varlistentry>
<term><emphasis role="bold">login name</emphasis></term>
<listitem>
<para>
It must be a valid account name, which exists on the system.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">encrypted password</emphasis></term>
<listitem>
<para>
If the password field is empty, the user can log in without a password.
However, some applications that read
the <filename>/etc/shadow</filename> file
might block access
if the password field is empty.
</para>
<para>
If the password field begins with an exclamation mark <emphasis>!</emphasis>,
the password is locked.
The remaining characters on the
line represent the password field before the password was
locked.
</para>
<para>
Refer to <citerefentry><refentrytitle>crypt</refentrytitle>
<manvolnum>3</manvolnum></citerefentry> for details on how
this string is interpreted.
</para>
<para>
If the password field contains a string that is not a valid
result of <citerefentry><refentrytitle>crypt</refentrytitle>
<manvolnum>3</manvolnum></citerefentry>, for instance ! or *,
the user cannot use a UNIX password to log in.
However, the user may log in the system by other means.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="bold">date of last password change</emphasis>
</term>
<listitem>
<para>
The date of the last password change, expressed as the number
of days since 1970-01-01 00:00:00 UTC.
</para>
<para>
The value 0 indicates that the user must change their password
the next time they log in to the system.
</para>
<para>
An empty field means that password aging features are
disabled.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">minimum password age</emphasis></term>
<listitem>
<para>
The minimum password age is the number of days the user must wait
before they can change their password again.
</para>
<para>
An empty field and value 0 mean that there is no minimum
password age.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">maximum password age</emphasis></term>
<listitem>
<para>
The maximum password age is the number of days after which the
user must change their password.
</para>
<para>
After this number of days has elapsed, the password may still be valid.
The user is prompted to change their password at the next login.
</para>
<para>
An empty field means that there are no maximum password age,
no password warning period, and no password inactivity period
(see below).
</para>
<para>
If the maximum password age is lower than the minimum password
age, the user cannot change her password.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="bold">password warning period</emphasis>
</term>
<listitem>
<para>
The number of days before a password expires
(see the maximum password age above)
during which the user is warned.
</para>
<para>
An empty field and value 0 mean that there is no password
warning period.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="bold">password inactivity period</emphasis>
</term>
<listitem>
<para>
The number of days after a password expires
(see the maximum password age above)
during which the password is still accepted,
and the user must update their password at the next login.
</para>
<para>
After the password expires and the password inactivity period elapses,
the user cannot log in and must contact their administrator.
</para>
<para>
An empty string means that no inactivity period is enforced.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="bold">account expiration date</emphasis>
</term>
<listitem>
<para>
The date when the account expires,
expressed as the number of days since 1970-01-01.
</para>
<para>
Note that account expiration differs from password expiration.
Account expiration prevents the user from logging in,
whereas password expiration only prevents users from logging in
with their password.
</para>
<para>
An empty field means that the account never expires.
</para>
<para>
The value 0 should not be used,
as it is interpreted either as an account with no expiration
or as an expiration date of 1970-01-01.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">reserved field</emphasis></term>
<listitem>
<para>This field is reserved for future use.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>User account information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>Secure user account information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow-</filename></term>
<listitem>
<para>Backup file for /etc/shadow.</para>
<para>
Note that this file is used by the tools of the shadow
toolsuite, but not by all user and password management tools.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>chage</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pwck</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pwconv</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pwunconv</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>sulogin</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
Reference in New Issue View Git Blame Copy Permalink