'\" t .\" Title: shadow .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: 07/27/2018 .\" Manual: File Formats and Conversions .\" Source: shadow-utils 4.5 .\" Language: English .\" .TH "SHADOW" "5" "07/27/2018" "shadow\-utils 4\&.5" "File Formats and Conversions" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" shadow \- shadowed password file .SH "DESCRIPTION" .PP shadow is a file which contains the password information for the system\*(Aqs accounts and optional aging information\&. .PP This file must not be readable by regular users if password security is to be maintained\&. .PP Each line of this file contains 9 fields, separated by colons (\(lq:\(rq), in the following order: .PP \fBlogin name\fR .RS 4 It must be a valid account name, which exist on the system\&. .RE .PP \fBencrypted password\fR .RS 4 Refer to \fBcrypt\fR(3) for details on how this string is interpreted\&. .sp If the password field contains some string that is not a valid result of \fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&. .sp This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the /etc/shadow file may decide not to permit any access at all if the password field is empty\&. .sp A password field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the password field before the password was locked\&. .RE .PP \fBdate of last password change\fR .RS 4 The date of the last password change, expressed as the number of days since Jan 1, 1970\&. .sp The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system\&. .sp An empty field means that password aging features are disabled\&. .RE .PP \fBminimum password age\fR .RS 4 The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again\&. .sp An empty field and value 0 mean that there are no minimum password age\&. .RE .PP \fBmaximum password age\fR .RS 4 The maximum password age is the number of days after which the user will have to change her password\&. .sp After this number of days is elapsed, the password may still be valid\&. The user should be asked to change her password the next time she will log in\&. .sp An empty field means that there are no maximum password age, no password warning period, and no password inactivity period (see below)\&. .sp If the maximum password age is lower than the minimum password age, the user cannot change her password\&. .RE .PP \fBpassword warning period\fR .RS 4 The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned\&. .sp An empty field and value 0 mean that there are no password warning period\&. .RE .PP \fBpassword inactivity period\fR .RS 4 The number of days after a password has expired (see the maximum password age above) during which the password should still be accepted (and the user should update her password during the next login)\&. .sp After expiration of the password and this expiration period is elapsed, no login is possible using the current user\*(Aqs password\&. The user should contact her administrator\&. .sp An empty field means that there are no enforcement of an inactivity period\&. .RE .PP \fBaccount expiration date\fR .RS 4 The date of expiration of the account, expressed as the number of days since Jan 1, 1970\&. .sp Note that an account expiration differs from a password expiration\&. In case of an account expiration, the user shall not be allowed to login\&. In case of a password expiration, the user is not allowed to login using her password\&. .sp An empty field means that the account will never expire\&. .sp The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan 1, 1970\&. .RE .PP \fBreserved field\fR .RS 4 This field is reserved for future use\&. .RE .SH "FILES" .PP /etc/passwd .RS 4 User account information\&. .RE .PP /etc/shadow .RS 4 Secure user account information\&. .RE .PP /etc/shadow\- .RS 4 Backup file for /etc/shadow\&. .sp Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools\&. .RE .SH "SEE ALSO" .PP \fBchage\fR(1), \fBlogin\fR(1), \fBpasswd\fR(1), \fBpasswd\fR(5), \fBpwck\fR(8), \fBpwconv\fR(8), \fBpwunconv\fR(8), \fBsu\fR(1), \fBsulogin\fR(8)\&.