diff --git a/exec/passwd.lua b/exec/passwd.lua
index d32ce21..9f80b36 100644
--- a/exec/passwd.lua
+++ b/exec/passwd.lua
@@ -1,4 +1,6 @@
 local tA = {...}
 local s=os.gensalt(16)
+tA[1] = tA[1] or os.getuid()
 io.write("New password for "..tA[1]..": ")
-os.setuser(tA[1],sha.sha256(io.read("*")..s),s)
+os.setuattr(tA[1],"hpass",sha.sha256(io.read("*")..s))
+os.setuattr(tA[1],"salt",s)
diff --git a/modules/base/header.lua b/modules/base/header.lua
index fd372e3..28d07d3 100644
--- a/modules/base/header.lua
+++ b/modules/base/header.lua
@@ -112,7 +112,9 @@ do -- so local works
   local f = fs.open("/boot/sys/users.dat","wb")
   if f then
    for k,v in pairs(ut) do
-    fs.write(f,k.."\t"..v[1].."\t"..v[2].."\n")
+    for l,m in pairs(v) do
+     fs.write(f,k.."\t"..l.."\t"..m.."\n")
+    end
    end
    fs.close(f)
    return true
@@ -125,9 +127,10 @@ do -- so local works
   local C=fs.readall(f)
   fs.close(f)
   for line in C:gmatch("[^\n]+") do
-   local username,hpass,salt = line:match("(.+)\t(.+)\t(.+)")
-   if username and hpass and salt then
-    ut[username] = {hpass,salt}
+   local username,field,val = line:match("(.+)\t(.+)\t(.+)")
+   if username and field and val then
+    if not ut[username] then ut[username] = {} end
+    ut[username][field] = val
    end
   end
  end
@@ -153,7 +156,7 @@ do -- so local works
  function os.verifyuser(username,pass)
   if sha then
    if ut[username] then
-    if sha.sha256(pass..ut[username][2]) == ut[username][1] then
+    if sha.sha256(pass..ut[username].salt) == ut[username].hpass then
      return true
     end
    end
@@ -168,16 +171,24 @@ do -- so local works
   end
   return S
  end
- function os.setuser(username,hpass,salt,...)
-  if tT[cT].u == "superuser" then
-   if hpass == nil then
+ function os.setuattr(username,field,val)
+  if os.getuid() == "superuser" or os.getuid() == username then
+   if not field then
     ut[username] = nil
    else
-    ut[username] = {hpass, salt,...}
+    if not ut[username] then ut[username] = {} end
+    ut[username][field] = val
+    log("set "..username.."."..field.." to "..val)
     flushut()
    end
   end
  end
+ function os.getuattr(username,field)
+  if os.getuid() == "superuser" or os.getuid() == username then
+   local uT = ut[username] or {}
+   return uT[field]
+  end
+ end
  function os.su(user,pass)
   if os.verifyuser(user,pass) then
    log(tT[cT].u .. " su'd to "..user,6,1,true)