The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

shadow (4)
  • shadow (3) ( Русские man: Библиотечные вызовы )
  • shadow (3) ( Linux man: Библиотечные вызовы )
  • >> shadow (4) ( Solaris man: Специальные файлы /dev/* )
  • shadow (5) ( Русские man: Форматы файлов )
  • shadow (5) ( Linux man: Форматы файлов )
  •  

    NAME

    shadow - shadow password file
     
    

    DESCRIPTION

    /etc/shadow is an access-restricted ASCII system file that stores users' encrypted passwords and related information. The shadow file can be used in conjunction with other shadow sources, including the NIS maps passwd.byname and passwd.byuid and the NIS+ table passwd. Programs use the getspnam(3C) routines to access this information.

    The fields for each user entry are separated by colons. Each user is separated from the next by a newline. Unlike the /etc/passwd file, /etc/shadow does not have general read permission.

    Each entry in the shadow file has the form:

    username:password:lastchg:min:max:warn:inactive:expire:flag
    

    The fields are defined as follows:

    username

    The user's login name (UID).

    password

    An encrypted password for the user generated by crypt(3C), a lock string to indicate that the login is not accessible, or no string, which shows that there is no password for the login.

    The lock string is defined as *LK* in the first four characters of the password field.

    lastchg

    The number of days between January 1, 1970, and the date that the password was last modified. The lastchg value is a decimal number, as interpreted by strtol(3C).

    min

    The minimum number of days required between password changes. This field must be set to 0 or above to enable password aging.

    max

    The maximum number of days the password is valid.

    warn

    The number of days before password expires that the user is warned.

    inactive

    The number of days of inactivity allowed for that user. This is counted on a per-machine basis; the information about the last login is taken from the machine's lastlog file.

    expire

    An absolute date expressed as the number of days since the Unix Epoch (January 1, 1970). When this number is reached the login can no longer be used. For example, an expire value of 13514 specifies a login expiration of January 1, 2007.

    flag

    Failed login count in low order four bits; remainder reserved for future use, set to zero.

    A value of -1 for min, max, or warn disables password aging.

    The encrypted password consists of at most CRYPT_MAXCIPHERTEXTLEN characters chosen from a 64-character alphabet (., /, 0-9, A-Z, a-z). Two additional special characters, "$" and ",", can also be used and are defined in crypt(3C). To update this file, use the passwd(1), useradd(1M), usermod(1M), or userdel(1M) commands.

    In order to make system administration manageable, /etc/shadow entries should appear in exactly the same order as /etc/passwd entries; this includes ``+'' and ``-'' entries if the compat source is being used (see nsswitch.conf(4)).

    Values for the various time-related fields are interpreted as Greenwich Mean Time.  

    FILES

    /etc/shadow

    shadow password file

    /etc/passwd

    password file

    /etc/nsswitch.conf

    name-service switch configuration file

    /var/adm/lastlog

    time of last login

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    Interface StabilityStable

     

    SEE ALSO

    login(1), passwd(1), useradd(1M), userdel(1M), usermod(1M), strtol(3C), crypt(3C), crypt_gensalt(3C), getspnam(3C), putspent(3C), nsswitch.conf(4), passwd(4), attributes(5), pam_unix_account(5), pam_unix_auth(5)  

    NOTES

    If password aging is turned on in any name service the passwd: line in the /etc/nsswitch.conf file must have a format specified in the nsswitch.conf(4) man page.

    If the /etc/nsswitch.conf passwd policy is not in one of the supported formats, logins will not be allowed upon password expiration, because the software does not know how to handle password updates under these conditions. See nsswitch.conf(4) for additional information.


     

    Index

    NAME
    DESCRIPTION
    FILES
    ATTRIBUTES
    SEE ALSO
    NOTES


    Поиск по тексту MAN-ов: 




    Спонсоры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2022 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру