Passwd File – Understanding “+::::::” at the End of /etc/passwd

passwd

In some of my servers there is this strange line at the end of /etc/passwd/ consisting of just:

+::::::

Does anyone knows what it means?

I searched the net but only found the same, unanswered question by one Jim from 2012:

Anyone know what this means in Linux SLES 11 and can it be removed

(see https://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/).

Servers in question run SLES 12, the other Ubuntu bionic.

Best Answer

I'm reposting the below from the following Unix stackexchange answer:

https://unix.stackexchange.com/questions/106215/whta-does-bin-bash-in-etc-passwd-mean

The answer lies in the nsswitch.conf(5) man page:

Interaction with +/- syntax (compat mode)

Linux libc5 without NYS does not have the name service switch but does allow the user some policy control. In /etc/passwd you could have entries of the form +user or +@netgroup (include the specified user from the NIS passwd map), -user or -@netgroup (exclude the specified user), and + (include every user, except the excluded ones, from the NIS passwd map).

You can override certain passwd fields for a particular user from the NIS passwd map by using the extended form of +user:::::: in /etc/passwd. Non-empty fields override information in the NIS passwd map.

Since most people only put a + at the end of /etc/passwd to include everything from NIS, the switch provides a faster alternative for this case (passwd: files nis) which doesn’t require the single + entry in /etc/passwd, /etc/group, and /etc/shadow. If this is not sufficient, the NSS compat service provides full +/- semantics. By default, the source is nis, but this may be overridden by specifying nisplus as source for the pseudo-databases passwd_compat, group_compat and shadow_compat. These pseudo-databases are only available in GNU C Library.

Related Topic