pw/pw.conf.5

   1 .\" Copyright (C) 1996
   2 .\" David L. Nugent.  All rights reserved.
   3 .\"
   4 .\" Redistribution and use in source and binary forms, with or without
   5 .\" modification, are permitted provided that the following conditions
   6 .\" are met:
   7 .\" 1. Redistributions of source code must retain the above copyright
   8 .\"    notice, this list of conditions and the following disclaimer.
   9 .\" 2. Redistributions in binary form must reproduce the above copyright
  10 .\"    notice, this list of conditions and the following disclaimer in the
  11 .\"    documentation and/or other materials provided with the distribution.
  12 .\"
  13 .\" THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND
  14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  16 .\" ARE DISCLAIMED.  IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE
  17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  23 .\" SUCH DAMAGE.
  24 .\"
  25 .\"     $Id: pw.conf.5,v 1.1.1.3 1996/12/10 23:58:59 joerg Exp $
  26 .\"
  27 .Dd December 9, 1996
  28 .Dt PW.CONF 5
  29 .Os
  30 .Sh NAME
  31 .Nm pw.conf
  32 .Nd format of the pw.conf configuration file
  33 .Sh DESCRIPTION
  34 The file
  35 .Aq Pa /etc/pw.conf
  36 contains configuration data for the
  37 .Xr pw 8
  38 program.
  39 The
  40 .Xr pw 8
  41 program is used for maintenance of the system password and group
  42 files, allowing users and groups to be added, deleted and changed.
  43 This file may be modified via the
  44 .Xr pw 8
  45 command using the
  46 .Ql \&useradd
  47 command and the
  48 .Ql \&-D
  49 option, or by editing it directly with a text editor.
  50 .Pp
  51 Each line in
  52 .Aq Pa /etc/pw.conf
  53 is treated either a comment or as configuration data;
  54 blank lines and lines commencing with a
  55 .Ql \&#
  56 character are considered comments, and any remaining lines are
  57 examined for a leading keyword, followed by corresponding data.
  58 .Pp
  59 Keywords recognised by
  60 .Xr pw 8
  61 are:
  62 .Bl -tag -width password_days -offset indent -compact
  63 .It defaultpasswd
  64 affects passwords generated for new users
  65 .It reuseuids
  66 reuse gaps in uid sequences
  67 .It reusegids
  68 reuse gaps in gid sequences
  69 .It skeleton
  70 where to obtain default home contents
  71 .It newmail
  72 mail to send to new users
  73 .It logfile
  74 log user/group modifications to this file
  75 .It home
  76 root directory for home directories
  77 .It shellpath
  78 paths in which to locate shell programs
  79 .It shells
  80 list of valid shells (without path)
  81 .It defaultshell
  82 default shell (without path)
  83 .It defaultgroup
  84 default group
  85 .It extragroups
  86 add new users to this groups
  87 .It defaultclass
  88 place new users in this login class
  89 .It minuid
  90 .It maxuid
  91 range of valid default user ids
  92 .It mingid
  93 .It maxgid
  94 range of valid default group ids
  95 .It expire_days
  96 days after which account expires
  97 .It password_days
  98 days after which password expires
  99 .El
 100 .Pp
 101 Valid values for
 102 .Ar defaultpasswd
 103 are
 104 .Bl -tag -width password_days -offset indent -compact
 105 .It no
 106 disables login on newly created accounts
 107 .It yes
 108 forces the password to be the account name
 109 .It none
 110 forces a blank password
 111 .It random
 112 Generates a random password
 113 .El
 114 .Pp
 115 The second and third options are insecure and should be avoided if
 116 possible on a publicly accessible system.
 117 The first option requires that the superuser run
 118 .Xr passwd 1
 119 to set a password before the account may be used.
 120 This may also be useful for creating administrative accounts.
 121 The final option causes
 122 .Xr pw 8
 123 to respond by printing a randomly generated password on stdout.
 124 This is the preferred and most secure option.
 125 .Xr pw 8
 126 also provides a method of setting a specific password for the new
 127 user via a filehandle (command lines are not secure).
 128 .Pp
 129 Both
 130 .Ar reuseuids
 131 and
 132 .Ar reusegids
 133 determine the method by which new user and group id numbers are
 134 generated.
 135 A
 136 .Ql \&yes
 137 in this field will cause
 138 .Xr pw 8
 139 to search for the first unused user or group id within the allowed
 140 range, whereas a
 141 .Ql \&no
 142 will ensure that no other existing user or group id within the range
 143 is numerically lower than the new one generated, and therefore avoids
 144 reusing gaps in the user or group id sequence that are caused by
 145 previous user or group deletions.
 146 Note that if the default group is not specified using the
 147 .Ar defaultgroup
 148 keyword,
 149 .Xr pw 8
 150 will create a new group for the user and attempt to keep the new
 151 user's uid and gid the same.
 152 If the new user's uid is currently in use as a group id, then the next
 153 available group id is chosen instead.
 154 .Pp
 155 The
 156 .Ar skeleton
 157 keyword nominates a directory from which the contents of a user's
 158 new home directory is constructed.
 159 This is
 160 .Pa /usr/share/skel
 161 by default.
 162 .Xr pw 8 's
 163 .Ql \&-m
 164 option causes the user's home directory to be created and populated
 165 using the files contained in the
 166 .Ar skeleton
 167 directory.
 168 .Pp
 169 To send an initial email to new users, the
 170 .Ar newmail
 171 keyword may be used to specify a path name to a file containing
 172 the message body of the message to be sent.
 173 To avoid sending mail when accounts are created, leave this entry
 174 blank or specify
 175 .Ql \&no .
 176 .Pp
 177 The
 178 .Ar logfile
 179 option allows logging of password file modifications into the
 180 nominated log file.
 181 To avoid creating or adding to such a logfile, then leave this
 182 field blank or specify
 183 .Ql \&no .
 184 .Pp
 185 The
 186 .Ar home
 187 keyword is mandatory.
 188 This specifies the location of the directory in which all new user
 189 home directories are created.
 190 .Pp
 191 .Ar shellpath
 192 specifies a list of directories - separated by colons
 193 .Ql \&:
 194 - which contain the programs used by the login shells.
 195 .Pp
 196 The
 197 .Ar shells
 198 keyword specifies a list of programs available for use as login
 199 shells.
 200 This list is a comma-separated list of shell names which should
 201 not contain a path.
 202 These shells must exist in one of the directories nominated by
 203 .Ar shellpath .
 204 .Pp
 205 The
 206 .Ar defaultshell
 207 keyword nominates which shell program to use for new users when
 208 none is specified on the
 209 .Xr pw 8
 210 command line.
 211 .Pp
 212 The
 213 .Ar defaultgroup
 214 keyword defines the primary group (the group id number in the
 215 password file) used for new accounts.
 216 If left blank, or the word
 217 .Ql \&no
 218 is used, then each new user will have a corresponding group of
 219 their own created automatically.
 220 This is the recommended procedure for new users as it best secures each
 221 user's files against interference by other users of the system
 222 irrespective of the
 223 .Em umask
 224 normally used by the user.
 225 .Pp
 226 .Ar extragroups
 227 provides an automatic means of placing new users into groups within
 228 the
 229 .Pa /etc/groups
 230 file.
 231 This is useful where all users share some resources, and is preferable
 232 to placing users into the same primary group.
 233 The effect of this keyword can be overridden using the
 234 .Ql \&-G
 235 option on the
 236 .Xr pw 8
 237 command line.
 238 .Pp
 239 The
 240 .Ar defaultclass
 241 field determines the login class (See
 242 .Xr login.conf 5 )
 243 that new users will be allocated unless overwritten by
 244 .Xr pw 8 .
 245 .Pp
 246 The
 247 .Ar minuid ,
 248 .Ar maxuid ,
 249 .Ar mingid ,
 250 .Ar maxgid
 251 keywords determines the allowed ranges of automatically allocated user
 252 and group id numbers.
 253 The default values for both user and group ids are 1000 and 32000 as
 254 minimum and maximum respectively.
 255 The user and group id's actually used when creating an account with
 256 .Xr pw 8
 257 may be overridden using the
 258 .Ql \&-u
 259 and
 260 .Ql \&-g
 261 command line options.
 262 .Pp
 263 The
 264 .Ar expire_days
 265 and
 266 .Ar password_days
 267 are used to automatically calculate the number of days from the date
 268 on which an account is created when the account will expire or the
 269 user will be forced to change the account's password.
 270 A value of
 271 .Ql \&0
 272 in either field will disable the corresponding (account or password)
 273 expiration date.
 274 .Pp
 275 .Sh LIMITS
 276 The maximum line length of
 277 .Pa /etc/pw.conf
 278 is 1024 characters. Longer lines will be skipped and treated
 279 as comments.
 280 .Sh FILES
 281 .Bl -tag -width /etc/master.passwd -compact
 282 .It Pa /etc/pw.conf
 283 .It Pa /etc/passwd
 284 .It Pa /etc/master.passwd
 285 .It Pa /etc/group
 286 .El
 287 .Sh SEE ALSO
 288 .Xr pw 8 ,
 289 .Xr login.conf 5 ,
 290 .Xr passwd 1 ,
 291 .Xr passwd 5 ,
 292 .Xr group 5
 293
 294