Use the `passwd` InSpec audit resource to test the contents of `/etc/passwd`, which contains the following information for users that may log into the system and/or as users that own running processes. The format for `/etc/passwd` includes:
* A username
* The password for that user (on newer systems passwords should be stored in `/etc/shadow` )
* The user identifier (UID) assigned to that user
* The group identifier (GID) assigned to that user
* Additional information about that user
* That user's home directory
* That user's default command shell
These entries are defined as a colon-delimited row in the file, one row per user:
A `passwd` resource block declares one (or more) users and associated user information to be tested:
describe passwd do
its('users') { should_not include 'forbidden_user' }
end
describe passwd.uid(filter) do
its('users') { should cmp 'root' }
its('count') { should eq 1 }
end
where
* `homes`, `gids`, `passwords`, `shells`, `uids`, and `users` are valid accessors for `passwd`
* `filter` one (or more) arguments, for example: `passwd.users(/name/)` used to define filtering
* `filter` may take any of the following arguments: `count` (retrieves the number of entries), `lines` (provides raw `passwd` lines), and `params` (returns an array of maps for all entries)
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).