.\" SUCH DAMAGE.
.\"
.\" @(#)chpass.1 8.2 (Berkeley) 12/30/93
-.\" $Id: chpass.1,v 1.15 1999/02/23 02:41:26 ghelmer Exp $
+.\" $FreeBSD$
.\"
.Dd December 30, 1993
.Dt CHPASS 1
.Os
.Sh NAME
-.Nm chpass, chfn, chsh, ypchpass, ypchfn, ypchsh
+.Nm chpass ,
+.Nm chfn ,
+.Nm chsh ,
+.Nm ypchpass ,
+.Nm ypchfn ,
+.Nm ypchsh
.Nd add or change user database information
.Sh SYNOPSIS
-.Nm chpass
+.Nm
+.Op Fl a Ar list
+.Op Fl p Ar encpass
+.Op Fl e Ar expiretime
+.Op Fl s Ar newshell
+.Op user
+.Pp
+.Nm
+.Op Fl oly
.Op Fl a Ar list
.Op Fl p Ar encpass
+.Op Fl e Ar expiretime
.Op Fl s Ar newshell
+.Op Fl d Ar domain
+.Op Fl h Ar host
.Op user
.Sh DESCRIPTION
The
-.Nm chpass
+.Nm
program
allows editing of the user database information associated
with
Only the information that the user is allowed to change is displayed.
.Pp
The options are as follows:
-.Bl -tag -width flag
+.Bl -tag -width indent
.It Fl a
The super-user is allowed to directly supply a user database
entry, in the format specified by
.Xr passwd 5 ,
as an argument.
-This argument must be a colon (``:'') separated list of all the
+This argument must be a colon
+.Pq Dq \&:
+separated list of all the
user database fields, although they may be empty.
.It Fl p
The super-user is allowed to directly supply an encrypted password field,
in the format used by
.Xr crypt 3 ,
as an argument.
-.It Fl s
-The
-.Fl s
-option attempts to change the user's shell to
+.It Fl e Ar expiretime
+Change the account expire time.
+This option is used to set the expire time
+from a script as if it was done in the interactive editor.
+.It Fl s Ar newshell
+Attempt to change the user's shell to
.Ar newshell .
.El
.Pp
The
.Ar class
field references class descriptions in
-.Ar /etc/login.conf
+.Pa /etc/login.conf
and is typically used to initialize the user's system resource limits
when they login.
.Pp
.Ar change
and
.Ar expire
-fields should be entered in the form ``month day year'' where
+fields should be entered in the form
+.Dq month day year
+where
.Ar month
is the month name (the first three characters are sufficient),
.Ar day
.Pp
The user's
.Ar home directory
-is the full UNIX path name where the user
+is the full
+.Ux
+path name where the user
will be placed at login.
.Pp
The
.Pa /etc/shells .
.Pp
Once the information has been verified,
-.Nm chpass
+.Nm
uses
.Xr pwd_mkdb 8
to update the user database.
.Sh ENVIRONMENT
The
.Xr vi 1
-editor will be used unless the environment variable EDITOR is set to
+editor will be used unless the environment variable
+.Ev EDITOR
+is set to
an alternate editor.
When the editor terminates, the information is re-read and used to
update the user database itself.
Only the user, or the super-user, may edit the information associated
with the user.
+.Pp
+See
+.Xr pwd_mkdb 8
+for an explanation of the impact of setting the
+.Ev PW_SCAN_BIG_IDS
+environment variable.
.Sh NIS INTERACTION
.Nm Chpass
can also be used in conjunction with NIS, however some restrictions
apply.
Currently,
-.Nm chpass
+.Nm
can only make changes to the NIS passwd maps through
.Xr rpc.yppasswdd 8 ,
which normally only permits changes to a user's password, shell and GECOS
-fields. Except when invoked by the super-user on the NIS master server,
-.Nm chpass
+fields.
+Except when invoked by the super-user on the NIS master server,
+.Nm
(and, similarly,
.Xr passwd 1 )
can not use the
Furthermore,
.Xr rpc.yppasswdd 8
requires password authentication before it will make any
-changes. The only user allowed to submit changes without supplying
+changes.
+The only user allowed to submit changes without supplying
a password is the super-user on the NIS master server; all other users,
including those with root privileges on NIS clients (and NIS slave
servers) must enter a password.
be cumbersome.
.Pp
Note: these exceptions only apply when the NIS master server is a
-FreeBSD system.)
+.Fx
+system).
.Pp
Consequently, except where noted, the following restrictions apply when
-.Nm chpass
+.Nm
is used with NIS:
.Bl -enum -offset indent
.It
-.Pa Only the shell and GECOS information may be changed.
+.Em "Only the shell and GECOS information may be changed" .
All other
fields are restricted, even when
-.Nm chpass
+.Nm
is invoked by the super-user.
While support for
changing other fields could be added, this would lead to
change any field.
.Pp
.It
-.Pa Password authentication is required.
+.Em "Password authentication is required" .
.Nm Chpass
will prompt for the user's NIS password before effecting
-any changes. If the password is invalid, all changes will be
+any changes.
+If the password is invalid, all changes will be
discarded.
.Pp
Exception: the super-user on the NIS master server is allowed to
-submit changes without supplying a password. (The super-user may
+submit changes without supplying a password.
+(The super-user may
choose to turn off this feature using the
.Fl o
flag, described below.)
.It
-.Pa Adding new records to the local
-.Pa password database is discouraged.
+.Em "Adding new records to the local password database is discouraged" .
.Nm Chpass
will allow the administrator to add new records to the
local password database while NIS is enabled, but this can lead to
.Fl y
flag.
.It
-.Pa Password changes are not permitted.
+.Em "Password changes are not permitted".
Users should use
.Xr passwd 1
or
.Xr yppasswd 1
-to change their NIS passwords. The super-user is allowed to specify
-a new password (even though the ``Password:'' field does not show
+to change their NIS passwords.
+The super-user is allowed to specify
+a new password (even though the
+.Dq Password:
+field does not show
up in the editor template, the super-user may add it back by hand),
but even the super-user must supply the user's original password
otherwise
.Pp
Exception: the super-user on the NIS master server is permitted to
change a user's NIS password with
-.Nm chpass .
+.Nm .
.El
.Pp
There are also a few extra option flags that are available when
-.Nm chpass
+.Nm
is compiled with NIS support:
-.Bl -tag -width flag
+.Bl -tag -width indent
.It Fl l
-The
-.Fl l
-flag forces
-.Nm chpass
+Force
+.Nm
to modify the local copy of a user's password
information in the even that a user exists in both
the local and NIS databases.
.It Fl y
-This flag has the opposite effect of
+Opposite effect of
.Fl l .
This flag is largely redundant since
-.Nm chpass
+.Nm
operates on NIS entries by default if NIS is enabled.
.It Fl d Ar domain
Specify a particular NIS domain.
.Nm Chpass
uses the system domain name by default, as set by the
.Xr domainname 1
-command. The
+command.
+The
.Fl d
option can be used to override a default, or to specify a domain
when the system domain name is not set.
.It Fl h Ar host
-Specify the name or address of an NIS server to query. Normally,
-.Nm chpass
+Specify the name or address of an NIS server to query.
+Normally,
+.Nm
will communicate with the NIS master host specified in the
.Pa master.passwd
or
.Pa passwd
-maps. On hosts that have not been configured as NIS clients, there is
+maps.
+On hosts that have not been configured as NIS clients, there is
no way for the program to determine this information unless the user
-provides the hostname of a server. Note that the specified hostname need
+provides the hostname of a server.
+Note that the specified hostname need
not be that of the NIS master server; the name of any server, master or
slave, in a given NIS domain will do.
.Pp
When using the
.Fl d
-option, the hostname defaults to ``localhost.'' The
+option, the hostname defaults to
+.Dq localhost .
+The
.Fl h
option can be used in conjunction with the
.Fl d
.It Fl o
Force the use of RPC-based updates when communicating with
.Xr rpc.yppasswdd 8
-(``old-mode'').
+.Pq Dq old-mode .
When invoked by the super-user on the NIS master server,
-.Nm chpass
+.Nm
allows unrestricted changes to the NIS passwd maps using dedicated,
-non-RPC-based mechanism (in this case, a UNIX domain socket). The
+non-RPC-based mechanism (in this case, a
+.Ux
+domain socket). The
.Fl o
flag can be used to force
-.Nm chpass
-to use the standard update mechanism instead. This option is provided
+.Nm
+to use the standard update mechanism instead.
+This option is provided
mainly for testing purposes.
.El
.Pp
.Sh FILES
.Bl -tag -width /etc/master.passwd -compact
.It Pa /etc/master.passwd
-The user database
+the user database
.It Pa /etc/passwd
-A Version 7 format password file
+a Version 7 format password file
.It Pa /etc/chpass.XXXXXX
-Temporary copy of the password file
+temporary copy of the password file
.It Pa /etc/shells
-The list of approved shells
+the list of approved shells
.El
.Sh SEE ALSO
.Xr finger 1 ,
and
.Xr ypchsh 1
commands are really only links to
-.Nm chpass .
+.Nm .
.Sh BUGS
User information should (and eventually will) be stored elsewhere.
.Sh HISTORY
git.ckatri.com / pw-darwin.git / blobdiff