X-Git-Url: https://git.cameronkatri.com/pw-darwin.git/blobdiff_plain/e820aec2a742a2e63eec940aab1720b694e7dbdb..20929a4bb15d04607a63dc41ee257643f1c9181a:/adduser/adduser.8 diff --git a/adduser/adduser.8 b/adduser/adduser.8 index 4daa77e..f23ecff 100644 --- a/adduser/adduser.8 +++ b/adduser/adduser.8 @@ -1,6 +1,6 @@ .\" Copyright (c) 1995-1996 Wolfram Schneider . Berlin. .\" All rights reserved. -.\" Copyright (c) 2002 Michael Telahun Makonnen +.\" Copyright (c) 2002-2004 Michael Telahun Makonnen .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 14, 2002 +.Dd September 15, 2012 .Dt ADDUSER 8 .Os .Sh NAME @@ -34,11 +34,13 @@ .Nd command for adding new users .Sh SYNOPSIS .Nm -.Op Fl CENhq +.Op Fl CDENShq .Op Fl G Ar groups .Op Fl L Ar login_class +.Op Fl M Ar mode .Op Fl d Ar partition .Op Fl f Ar file +.Op Fl g Ar login_group .Op Fl k Ar dotdir .Op Fl m Ar message_file .Op Fl s Ar shell @@ -65,7 +67,9 @@ The user name is restricted to whatever .Xr pw 8 will accept. Generally this means it -may contain only lowercase characters or digits. +may contain only lowercase characters or digits but cannot begin with the +.Ql - +character. Maximum length is 16 characters. The reasons for this limit are historical. @@ -76,11 +80,11 @@ such a basic fundamental parameter in You can change .Dv UT_NAMESIZE in -.Pa /usr/include/utmp.h +.In utmp.h and recompile the world; people have done this and it works, but you will have problems with any precompiled programs, or source that assumes the 8-character -name limit and NIS. +name limit, such as NIS. The NIS protocol mandates an 8-character username. If you need a longer login name for e-mail addresses, you can define an alias in @@ -97,11 +101,13 @@ The .Ql \&: character is not allowed. .It shell -Only valid shells from the shell database +Unless the +.Fl S +argument is supplied only valid shells from the shell database .Pq Pa /etc/shells are allowed. -In -addition, only the base name of the shell is necessary, not the full path. +In addition, +either the base name or the full path of the shell may be supplied. .It UID Automatically generated or your choice. It must be less than 32000. @@ -123,9 +129,8 @@ they can safely run with a umask of 002 instead of the usual 022 and create files in their home directory without worrying about others being able to change them. .Pp -For a shared area you create a separate UID/GID (like cvs or ncvs on freefall), -you place each person that should be able to access this area into that new -group. +For a shared area you create a separate UID/GID, you place each person +that should be able to access this area into that new group. .Pp This model of UID/GID administration allows far greater flexibility than lumping users into groups and having to muck with the umask when working in a shared @@ -163,6 +168,16 @@ option. Home partition. Default partition, under which all user directories will be located. +The +.Pa /nonexistent +partition is considered special. +The +.Nm +script will not create and populate a home directory by that name. +Otherwise, +by default it attempts to create a home directory. +.It Fl D +Do not attempt to create the home directory. .It Fl E Disable the account. This option will lock the account by prepending the string @@ -189,10 +204,17 @@ If an error is encountered while processing an account, it will write a message to standard error and move to the next account. The format of the input file is described below. +.It Fl g Ar login_group +Normally, +if no login group is specified, +it is assumed to be the same as the username. +This option makes +.Ar login_group +the default. .It Fl G Ar groups -Additional groups. -By default, the user name is used as the login group. +Space-separated list of additional groups. This option allows the user to specify additional groups to add users to. +The user is a member of these groups in addition to their login group. .It Fl h Print a summary of options and exit. .It Fl k Ar directory @@ -217,6 +239,9 @@ Please note that the message file can reference the internal variables of the .Nm script. +.It Fl M Ar mode +Create the home directory with permissions set to +.Ar mode . .It Fl N Do not read the default configuration file. .It Fl q @@ -227,12 +252,16 @@ standard output. Default shell for new users. The .Ar shell -argument must be the base name of the shell, -.Em not -the full path. -It must exist in +argument may be the base name of the shell or the full path. +Unless the +.Fl S +argument is supplied the shell must exist in .Pa /etc/shells +or be the special shell +.Em nologin to be considered a valid shell. +.It Fl S +The existence or validity of the specified shell will not be checked. .It Fl u Ar uid Use UIDs from .Ar uid @@ -343,9 +372,15 @@ Full name and other extra information about the user. Home directory. If this field is left empty, it will be automatically created by appending the username to the home partition. +The +.Pa /nonexistent +home directory is considered special and +is understood to mean that no home directory is to be +created for the user. .It Ar shell Login shell. -This field should contain the full path to a valid login shell. +This field should contain either the base name or +the full path to a valid login shell. .It Ar password User password. This field should contain a plaintext string, which will @@ -360,7 +395,7 @@ and this field is empty, its contents will be used as a password. This field will be ignored if the -.Fl p +.Fl w option is used with a .Cm no or @@ -395,11 +430,13 @@ logfile for .Sh SEE ALSO .Xr chpass 1 , .Xr passwd 1 , +.Xr adduser.conf 5 , .Xr aliases 5 , .Xr group 5 , .Xr login.conf 5 , .Xr passwd 5 , .Xr shells 5 , +.Xr adding_user 8 , .Xr pw 8 , .Xr pwd_mkdb 8 , .Xr rmuser 8 , @@ -431,11 +468,12 @@ This means that shell commands can also be embedded in the message file. The .Nm utility attempts to mitigate the possibility of an attacker using this -feature by refusing to evaluate the file if it is not owned and writeable +feature by refusing to evaluate the file if it is not owned and writable only by the root user. In addition, shell special characters and operators will have to be escaped when used in the message file. .Pp -Also, password ageing and account expiry times are currently setable -only in batch mode. +Also, password ageing and account expiry times are currently settable +only in batch mode or when specified in +.Pa /etc/adduser.conf . The user should be able to set them in interactive mode as well.