SUMMARY: Password file comments

From: Andy Gay 3272 (
Date: Sun Feb 19 1995 - 17:37:43 CST

This generated a surprising amount of interest and a few requests
that I summarise, so here goes. The original query was:

> Date: Mon, 13 Feb 1995 15:10:40 +0000
> From: (Andy Gay)
> Subject: Password file comments
> Newsgroups: info.sun-managers
> Organization: Racal Datacom

> Is there any way to put comments in the /etc/passwd file? I tried using
> lines with the usual "#" at the start, it doesn't seem to stop anything
> working but I get lots of syslog errors about bad passwd entries.

The general flavour of the responses was "NO!" - not only can you
not put comments in, it's a VERY BAD IDEA to try! Seems that you
can open security holes - putting a # in front of a valid entry allows
the entry to be used just by putting the # in front of the user name
when logging in - e.g. (from Goetz Golla <>)
among others:

  #guest:bkv/EsZldfZR.:831:20:Guest Account:/mnt/guest:/bin/csh

  does not disable the guest account, but is an entry for user #guest.
Specially bad if using NIS - (Syed Zaeem Hosain) reports
that YP can even end up with an account named # with no password!!!

However - it's not all bad. Several people suggested that if you
make a "comment" that looks like a valid entry no harm will be done,
e.g. from (Robert Wolf) and several others
  comment01:nopass:29901:0: ... true comment line 1 ...:/bin/false:/tmp

Useful but rather obvious IMHO (well, I had thought of it before I
posted the original query). The problem is that it's not easily
seen as a comment entry when editing the file.

For Solaris folks, (Paulo Licio de Geus) reports
that comments using # and blank lines are OK in /etc/shadow. I don't
use Solaris though, so I can't verify this.

A good idea if using NIS is to put comments in the YP file and modify
the makefile to strip them out - suggested by

It's fairly obvious that you can disable an account by putting a note
in the password and gecos fields - most people seemed to think that
was what I was trying to do.

My reason for asking was that I'm running a POP server for a growing
population of mail users. I'm trying to find ways to simplify the
passwd file maintenance as new users are added, comments are a first
step. It would have been nice to be able to section the file in an
easily visible way to group users by department, location etc. I wonder
how other folks deal with this - just ensuring you don't duplicate
user names and IDs gets tough when there are a few hundred entries.

Thanks to all who responded.


Andy Gay - Racal Datacom tech support ( -- Andy Gay - Racal Datacom tech support (

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:16 CDT