vipw

Edit the password file

$ vipw

$ vipw [[-V|--version]]

vipw [-s]

-s
    Edit the shadow password file (/etc/shadow) instead of the standard password file (/etc/passwd).

vipw provides a secure and robust method for editing the system's critical user account files: /etc/passwd and /etc/shadow. When invoked, it first locks the relevant file to prevent concurrent modifications by other processes or users, thereby avoiding file corruption. It then opens the file in the user's preferred text editor, which is determined by the VISUAL or EDITOR environment variables, defaulting to vi if neither is set.

Upon exiting the editor, vipw performs essential syntax checks on the modified file. If the syntax is valid, it saves the changes and releases the lock. This entire process ensures that these crucial system files remain in a consistent and valid state, which is paramount for user authentication and overall system security. It is an indispensable utility for system administrators managing user accounts.

Only the root user can execute vipw. Incorrect modifications to the password or shadow files can lead to serious system issues, including the inability for users (even root) to log in. Always be extremely cautious when making changes. While vipw includes syntax checking, it cannot prevent logical errors (e.g., deleting critical user accounts).

vipw honors the VISUAL and EDITOR environment variables to determine which text editor to launch. If VISUAL is set, it takes precedence. Otherwise, EDITOR is used. If neither variable is set, vipw defaults to using the vi editor.

To ensure exclusive access and prevent corruption, vipw employs a lock file (e.g., /etc/ptmp or /etc/passwd.lock) before opening the target file for editing. If vipw crashes or is interrupted unexpectedly, this lock file might be left behind, preventing subsequent runs until it is manually removed by the root user. Modern implementations are generally more robust in handling lock file cleanup.

After you finish editing the file and exit the editor, vipw parses the modified content to verify its adherence to the expected format and content rules for password or shadow files. If syntax errors are detected, it will prompt you with options to either re-edit the file to correct the errors or discard the changes and exit without saving. This crucial step prevents the installation of a malformed password file that could potentially prevent user logins or cause other system instability.

vipw has been a fundamental utility in Unix-like operating systems for decades, providing a secure mechanism for direct manipulation of user account files. It was developed to address the critical need for safely editing sensitive system configuration files without risking corruption, especially in multi-user environments where concurrent access could lead to inconsistencies. Its design, incorporating file locking and syntax validation, established a standard for handling such critical files long before many modern configuration management tools existed. On Linux systems, it is typically part of the shadow-utils package, which provides essential tools for managing user and group accounts and their associated password files.

vigr(8), passwd(5), shadow(5), useradd(8), usermod(8), userdel(8)