pw/pw.conf.5

   1 .\" Copyright (C) 1996
   2 .\" David L. Nugent.  All rights reserved.
   3 .\"
   4 .\" Redistribution and use in source and binary forms, with or without
   5 .\" modification, are permitted provided that the following conditions
   6 .\" are met:
   7 .\" 1. Redistributions of source code must retain the above copyright
   8 .\"    notice, this list of conditions and the following disclaimer.
   9 .\" 2. Redistributions in binary form must reproduce the above copyright
  10 .\"    notice, this list of conditions and the following disclaimer in the
  11 .\"    documentation and/or other materials provided with the distribution.
  12 .\"
  13 .\" THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND
  14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  16 .\" ARE DISCLAIMED.  IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE
  17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  23 .\" SUCH DAMAGE.
  24 .\"
  25 .\" $FreeBSD$
  26 .\"
  27 .Dd December 9, 1996
  28 .Dt PW.CONF 5
  29 .Os
  30 .Sh NAME
  31 .Nm pw.conf
  32 .Nd format of the pw.conf configuration file
  33 .Sh DESCRIPTION
  34 The file
  35 .In /etc/pw.conf
  36 contains configuration data for the
  37 .Xr pw 8
  38 utility.
  39 The
  40 .Xr pw 8
  41 utility is used for maintenance of the system password and group
  42 files, allowing users and groups to be added, deleted and changed.
  43 This file may be modified via the
  44 .Xr pw 8
  45 command using the
  46 .Ar useradd
  47 command and the
  48 .Fl D
  49 option, or by editing it directly with a text editor.
  50 .Pp
  51 Each line in
  52 .Pa /etc/pw.conf
  53 is treated either a comment or as configuration data;
  54 blank lines and lines commencing with a
  55 .Ql \&#
  56 character are considered comments, and any remaining lines are
  57 examined for a leading keyword, followed by corresponding data.
  58 .Pp
  59 Keywords recognized by
  60 .Xr pw 8
  61 are:
  62 .Bl -tag -width password_days -offset indent -compact
  63 .It defaultpasswd
  64 affect passwords generated for new users
  65 .It reuseuids
  66 reuse gaps in uid sequences
  67 .It reusegids
  68 reuse gaps in gid sequences
  69 .It nispasswd
  70 path to the
  71 .Tn NIS
  72 passwd database
  73 .It skeleton
  74 where to obtain default home contents
  75 .It newmail
  76 mail to send to new users
  77 .It logfile
  78 log user/group modifications to this file
  79 .It home
  80 root directory for home directories
  81 .It shellpath
  82 paths in which to locate shell programs
  83 .It shells
  84 list of valid shells (without path)
  85 .It defaultshell
  86 default shell (without path)
  87 .It defaultgroup
  88 default group
  89 .It extragroups
  90 add new users to this groups
  91 .It defaultclass
  92 place new users in this login class
  93 .It minuid
  94 .It maxuid
  95 range of valid default user ids
  96 .It mingid
  97 .It maxgid
  98 range of valid default group ids
  99 .It expire_days
 100 days after which account expires
 101 .It password_days
 102 days after which password expires
 103 .El
 104 .Pp
 105 Valid values for
 106 .Ar defaultpasswd
 107 are:
 108 .Bl -tag -width password_days -offset indent -compact
 109 .It no
 110 disable login on newly created accounts
 111 .It yes
 112 force the password to be the account name
 113 .It none
 114 force a blank password
 115 .It random
 116 generate a random password
 117 .El
 118 .Pp
 119 The second and third options are insecure and should be avoided if
 120 possible on a publicly accessible system.
 121 The first option requires that the superuser run
 122 .Xr passwd 1
 123 to set a password before the account may be used.
 124 This may also be useful for creating administrative accounts.
 125 The final option causes
 126 .Xr pw 8
 127 to respond by printing a randomly generated password on stdout.
 128 This is the preferred and most secure option.
 129 The
 130 .Xr pw 8
 131 utility also provides a method of setting a specific password for the new
 132 user via a filehandle (command lines are not secure).
 133 .Pp
 134 Both
 135 .Ar reuseuids
 136 and
 137 .Ar reusegids
 138 determine the method by which new user and group id numbers are
 139 generated.
 140 A
 141 .Ql \&yes
 142 in this field will cause
 143 .Xr pw 8
 144 to search for the first unused user or group id within the allowed
 145 range, whereas a
 146 .Ql \&no
 147 will ensure that no other existing user or group id within the range
 148 is numerically lower than the new one generated, and therefore avoids
 149 reusing gaps in the user or group id sequence that are caused by
 150 previous user or group deletions.
 151 Note that if the default group is not specified using the
 152 .Ar defaultgroup
 153 keyword,
 154 .Xr pw 8
 155 will create a new group for the user and attempt to keep the new
 156 user's uid and gid the same.
 157 If the new user's uid is currently in use as a group id, then the next
 158 available group id is chosen instead.
 159 .Pp
 160 On
 161 .Tn NIS
 162 servers which maintain a separate passwd database to
 163 .Pa /etc/master.passwd ,
 164 this option allows the additional file to be concurrently updated
 165 as user records are added, modified or removed.
 166 If blank or set to 'no', no additional database is updated.
 167 An absolute pathname must be used.
 168 .Pp
 169 The
 170 .Ar skeleton
 171 keyword nominates a directory from which the contents of a user's
 172 new home directory is constructed.
 173 This is
 174 .Pa /usr/share/skel
 175 by default.
 176 The
 177 .Xr pw 8 Ns 's
 178 .Fl m
 179 option causes the user's home directory to be created and populated
 180 using the files contained in the
 181 .Ar skeleton
 182 directory.
 183 .Pp
 184 To send an initial email to new users, the
 185 .Ar newmail
 186 keyword may be used to specify a path name to a file containing
 187 the message body of the message to be sent.
 188 To avoid sending mail when accounts are created, leave this entry
 189 blank or specify
 190 .Ql \&no .
 191 .Pp
 192 The
 193 .Ar logfile
 194 option allows logging of password file modifications into the
 195 nominated log file.
 196 To avoid creating or adding to such a logfile, then leave this
 197 field blank or specify
 198 .Ql \&no .
 199 .Pp
 200 The
 201 .Ar home
 202 keyword is mandatory.
 203 This specifies the location of the directory in which all new user
 204 home directories are created.
 205 .Pp
 206 The
 207 .Ar shellpath
 208 keyword specifies a list of directories - separated by colons
 209 .Ql \&:
 210 - which contain the programs used by the login shells.
 211 .Pp
 212 The
 213 .Ar shells
 214 keyword specifies a list of programs available for use as login
 215 shells.
 216 This list is a comma-separated list of shell names which should
 217 not contain a path.
 218 These shells must exist in one of the directories nominated by
 219 .Ar shellpath .
 220 .Pp
 221 The
 222 .Ar defaultshell
 223 keyword nominates which shell program to use for new users when
 224 none is specified on the
 225 .Xr pw 8
 226 command line.
 227 .Pp
 228 The
 229 .Ar defaultgroup
 230 keyword defines the primary group (the group id number in the
 231 password file) used for new accounts.
 232 If left blank, or the word
 233 .Ql \&no
 234 is used, then each new user will have a corresponding group of
 235 their own created automatically.
 236 This is the recommended procedure for new users as it best secures each
 237 user's files against interference by other users of the system
 238 irrespective of the
 239 .Em umask
 240 normally used by the user.
 241 .Pp
 242 The
 243 .Ar extragroups
 244 keyword provides an automatic means of placing new users into groups within
 245 the
 246 .Pa /etc/groups
 247 file.
 248 This is useful where all users share some resources, and is preferable
 249 to placing users into the same primary group.
 250 The effect of this keyword can be overridden using the
 251 .Fl G
 252 option on the
 253 .Xr pw 8
 254 command line.
 255 .Pp
 256 The
 257 .Ar defaultclass
 258 field determines the login class (See
 259 .Xr login.conf 5 )
 260 that new users will be allocated unless overwritten by
 261 .Xr pw 8 .
 262 .Pp
 263 The
 264 .Ar minuid ,
 265 .Ar maxuid ,
 266 .Ar mingid ,
 267 .Ar maxgid
 268 keywords determine the allowed ranges of automatically allocated user
 269 and group id numbers.
 270 The default values for both user and group ids are 1000 and 32000 as
 271 minimum and maximum respectively.
 272 The user and group id's actually used when creating an account with
 273 .Xr pw 8
 274 may be overridden using the
 275 .Fl u
 276 and
 277 .Fl g
 278 command line options.
 279 .Pp
 280 The
 281 .Ar expire_days
 282 and
 283 .Ar password_days
 284 are used to automatically calculate the number of days from the date
 285 on which an account is created when the account will expire or the
 286 user will be forced to change the account's password.
 287 A value of
 288 .Ql \&0
 289 in either field will disable the corresponding (account or password)
 290 expiration date.
 291 .Sh LIMITS
 292 The maximum line length of
 293 .Pa /etc/pw.conf
 294 is 1024 characters.
 295 Longer lines will be skipped and treated
 296 as comments.
 297 .Sh FILES
 298 .Bl -tag -width /etc/master.passwd -compact
 299 .It Pa /etc/pw.conf
 300 .It Pa /etc/passwd
 301 .It Pa /etc/master.passwd
 302 .It Pa /etc/group
 303 .El
 304 .Sh SEE ALSO
 305 .Xr passwd 1 ,
 306 .Xr group 5 ,
 307 .Xr login.conf 5 ,
 308 .Xr passwd 5 ,
 309 .Xr pw 8