2 .\" David L. Nugent. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/usr.sbin/pw/pw.conf.5,v 1.10.2.3 2001/07/22 12:41:27 dd Exp $
26 .\" $DragonFly: src/usr.sbin/pw/pw.conf.5,v 1.2 2003/06/17 04:30:01 dillon Exp $
33 .Nd format of the pw.conf configuration file
37 contains configuration data for the
42 program is used for maintenance of the system password and group
43 files, allowing users and groups to be added, deleted and changed.
44 This file may be modified via the
50 option, or by editing it directly with a text editor.
54 is treated either a comment or as configuration data;
55 blank lines and lines commencing with a
57 character are considered comments, and any remaining lines are
58 examined for a leading keyword, followed by corresponding data.
60 Keywords recognized by
63 .Bl -tag -width password_days -offset indent -compact
65 affect passwords generated for new users
67 reuse gaps in uid sequences
69 reuse gaps in gid sequences
71 path to the NIS passwd database
73 where to obtain default home contents
75 mail to send to new users
77 log user/group modifications to this file
79 root directory for home directories
81 paths in which to locate shell programs
83 list of valid shells (without path)
85 default shell (without path)
89 add new users to this groups
91 place new users in this login class
94 range of valid default user ids
97 range of valid default group ids
99 days after which account expires
101 days after which password expires
107 .Bl -tag -width password_days -offset indent -compact
109 disable login on newly created accounts
111 force the password to be the account name
113 force a blank password
115 generate a random password
118 The second and third options are insecure and should be avoided if
119 possible on a publicly accessible system.
120 The first option requires that the superuser run
122 to set a password before the account may be used.
123 This may also be useful for creating administrative accounts.
124 The final option causes
126 to respond by printing a randomly generated password on stdout.
127 This is the preferred and most secure option.
129 also provides a method of setting a specific password for the new
130 user via a filehandle (command lines are not secure).
136 determine the method by which new user and group id numbers are
140 in this field will cause
142 to search for the first unused user or group id within the allowed
145 will ensure that no other existing user or group id within the range
146 is numerically lower than the new one generated, and therefore avoids
147 reusing gaps in the user or group id sequence that are caused by
148 previous user or group deletions.
149 Note that if the default group is not specified using the
153 will create a new group for the user and attempt to keep the new
154 user's uid and gid the same.
155 If the new user's uid is currently in use as a group id, then the next
156 available group id is chosen instead.
158 On NIS servers which maintain a separate passwd database to
159 .Pa /etc/master.passwd ,
160 this option allows the additional file to be concurrently updated
161 as user records are added, modified or removed.
162 If blank or set to 'no', no additional database is updated.
163 An absolute pathname must be used.
167 keyword nominates a directory from which the contents of a user's
168 new home directory is constructed.
174 option causes the user's home directory to be created and populated
175 using the files contained in the
179 To send an initial email to new users, the
181 keyword may be used to specify a path name to a file containing
182 the message body of the message to be sent.
183 To avoid sending mail when accounts are created, leave this entry
189 option allows logging of password file modifications into the
191 To avoid creating or adding to such a logfile, then leave this
192 field blank or specify
197 keyword is mandatory.
198 This specifies the location of the directory in which all new user
199 home directories are created.
202 specifies a list of directories - separated by colons
204 - which contain the programs used by the login shells.
208 keyword specifies a list of programs available for use as login
210 This list is a comma-separated list of shell names which should
212 These shells must exist in one of the directories nominated by
217 keyword nominates which shell program to use for new users when
218 none is specified on the
224 keyword defines the primary group (the group id number in the
225 password file) used for new accounts.
226 If left blank, or the word
228 is used, then each new user will have a corresponding group of
229 their own created automatically.
230 This is the recommended procedure for new users as it best secures each
231 user's files against interference by other users of the system
234 normally used by the user.
237 provides an automatic means of placing new users into groups within
241 This is useful where all users share some resources, and is preferable
242 to placing users into the same primary group.
243 The effect of this keyword can be overridden using the
251 field determines the login class (See
253 that new users will be allocated unless overwritten by
261 keywords determines the allowed ranges of automatically allocated user
262 and group id numbers.
263 The default values for both user and group ids are 1000 and 32000 as
264 minimum and maximum respectively.
265 The user and group id's actually used when creating an account with
267 may be overridden using the
271 command line options.
277 are used to automatically calculate the number of days from the date
278 on which an account is created when the account will expire or the
279 user will be forced to change the account's password.
282 in either field will disable the corresponding (account or password)
285 The maximum line length of
288 Longer lines will be skipped and treated
291 .Bl -tag -width /etc/master.passwd -compact
294 .It Pa /etc/master.passwd