293 useradd/del/mod should be ZFS-aware

[illumos-gate.git] / usr / src / man / man1m / passmgmt.1m

'\" te
.\"  Copyright 1989 AT&T Copyright (c) 2007 Sun Microsystems, Inc. All Rights Reserved.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH PASSMGMT 1M "Aug 27, 2007"
.SH NAME
passmgmt \- password files management
.SH SYNOPSIS
.LP
.nf
\fBpassmgmt\fR \fB-a\fR \fIoptions\fR \fIname\fR
.fi

.LP
.nf
\fBpassmgmt\fR \fB-m\fR \fIoptions\fR \fIname\fR
.fi

.LP
.nf
\fBpassmgmt\fR \fB-d\fR \fIname\fR
.fi

.SH DESCRIPTION
.sp
.LP
The \fBpassmgmt\fR command updates information in the password files. This
command works with both \fB/etc/passwd\fR and \fB/etc/shadow\fR.
.sp
.LP
\fBpassmgmt\fR \fB-a\fR adds an entry for user \fIname\fR to the password
files. This command does not create any directory for the new user and the new
login remains locked (with the string \fB*LK*\fR in the password field) until
the \fBpasswd\fR(1) command is executed to set the password.
.sp
.LP
\fBpassmgmt\fR \fB-m\fR modifies the entry for user \fIname\fR in the password
files. The name field in the \fB/etc/shadow\fR entry and all the fields (except
the password field) in the \fB/etc/passwd\fR entry can be modified by this
command. Only fields entered on the command line will be modified.
.sp
.LP
\fBpassmgmt\fR \fB-d\fR deletes the entry for user \fIname\fR from the password
files. It will not remove any files that the user owns on the system; they must
be removed manually.
.sp
.LP
\fBpassmgmt\fR can be used only by the super-user.
.SH OPTIONS
.sp
.ne 2
.na
\fB\fB\fR\fB-c\fR \fIcomment\fR\fR
.ad
.RS 16n
A short description of the login, enclosed in quotes. It is limited to a
maximum of 128 characters and defaults to an empty field.
.RE

.sp
.ne 2
.na
\fB\fB-e\fR \fIexpire\fR\fR
.ad
.RS 16n
Specify the expiration date for a login. After this date, no user will be able
to access this login. The expire option argument is a date entered using one of
the date formats included in the template file \fB/etc/datemsk\fR. See
\fBgetdate\fR(3C).
.RE

.sp
.ne 2
.na
\fB\fB-f\fR \fIinactive\fR\fR
.ad
.RS 16n
The maximum number of days allowed between uses of a login ID before that
\fBID\fR is declared invalid. Normal values are positive integers. A value of
\fB0\fR defeats the status.
.sp
Changing the password reactivates an account for the inactivity period.
.RE

.sp
.ne 2
.na
\fB\fB\fR\fB-g\fR \fIgid\fR\fR
.ad
.RS 16n
\fBGID\fR of \fIname\fR. This number must range from 0 to the maximum
non-negative value for the system. The default is 1.
.RE

.sp
.ne 2
.na
\fB\fB\fR\fB-h\fR \fIhomedir\fR\fR
.ad
.RS 16n
Home directory of \fIname\fR. It is limited to a maximum of 256 characters and
defaults to \fB/usr/\fR\fIname\fR.
.RE

.sp
.ne 2
.na
\fB\fB-K\fR \fIkey=value\fR\fR
.ad
.RS 16n
Set a \fIkey=value\fR pair. See \fBuser_attr\fR(4), \fBauth_attr\fR(4), and
\fBprof_attr\fR(4). The valid \fIkey=value\fR pairs are defined in
\fBuser_attr\fR(4), but the "type" key is subject to the \fBusermod\fR(1M) and
\fBrolemod\fR(1M) restrictions. Multiple \fIkey=value\fR pairs may be added
with multiple \fB-K\fR options.
.RE

.sp
.ne 2
.na
\fB\fB-k\fR \fIskel_dir\fR\fR
.ad
.RS 16n
A directory that contains skeleton information (such as \fB\&.profile\fR) that
can be copied into a new user's home directory. This directory must already
exist. The system provides the \fB/etc/skel\fR directory that can be used for
this purpose.
.RE

.sp
.ne 2
.na
\fB\fB-l\fR \fIlogname\fR\fR
.ad
.RS 16n
This option changes the \fIname\fR to \fIlogname\fR. It is used only with the
\fB-m\fR option. The total size of each login entry is limited to a maximum of
511 bytes in each of the password files.
.RE

.sp
.ne 2
.na
\fB\fB-o\fR\fR
.ad
.RS 16n
This option allows a \fBUID\fR to be non-unique. It is used only with the
\fB-u\fR option.
.RE

.sp
.ne 2
.na
\fB\fB\fR\fB-s\fR \fIshell\fR\fR
.ad
.RS 16n
Login shell for \fIname\fR. It should be the full pathname of the program that
will be executed when the user logs in. The maximum size of \fIshell\fR is 256
characters. The default is for this field to be empty and to be interpreted as
\fB/usr/bin/sh\fR.
.RE

.sp
.ne 2
.na
\fB\fB\fR\fB-u\fR \fIuid\fR\fR
.ad
.RS 16n
\fBUID\fR of the \fIname\fR. This number must range from 0 to the maximum
non-negative value for the system. It defaults to the next available \fBUID\fR
greater than 99. Without the \fB-o\fR option, it enforces the uniqueness of a
\fBUID.\fR
.RE

.SH FILES
.sp
.in +2
.nf
\fB/etc/passwd\fR
\fB/etc/shadow\fR
\fB/etc/opasswd\fR
\fB/etc/oshadow\fR              
.fi
.in -2
.sp

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE  ATTRIBUTE VALUE
_
Interface Stability     Evolving
.TE

.SH SEE ALSO
.sp
.LP
\fBpasswd\fR(1), \fBrolemod\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M),
\fBusermod\fR(1M), \fBauth_attr\fR(4), \fBpasswd\fR(4), \fBprof_attr\fR(4),
\fBshadow\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5)
.SH EXIT STATUS
.sp
.LP
The \fBpassmgmt\fR command exits with one of the following values:
.sp
.ne 2
.na
\fB\fB0\fR\fR
.ad
.RS 5n
Success.
.RE

.sp
.ne 2
.na
\fB\fB1\fR\fR
.ad
.RS 5n
Permission denied.
.RE

.sp
.ne 2
.na
\fB\fB2\fR\fR
.ad
.RS 5n
Invalid command syntax. Usage message of the \fBpassmgmt\fR command is
displayed.
.RE

.sp
.ne 2
.na
\fB\fB3\fR\fR
.ad
.RS 5n
Invalid argument provided to option.
.RE

.sp
.ne 2
.na
\fB\fB4\fR\fR
.ad
.RS 5n
UID in use.
.RE

.sp
.ne 2
.na
\fB\fB5\fR\fR
.ad
.RS 5n
Inconsistent password files (for example, \fIname\fR is in the
\fB/etc/passwd\fR file and not in the \fB/etc/shadow\fR file, or vice versa).
.RE

.sp
.ne 2
.na
\fB\fB6\fR\fR
.ad
.RS 5n
Unexpected failure. Password files unchanged.
.RE

.sp
.ne 2
.na
\fB\fB7\fR\fR
.ad
.RS 5n
Unexpected failure. Password file(s) missing.
.RE

.sp
.ne 2
.na
\fB\fB8\fR\fR
.ad
.RS 5n
Password file(s) busy. Try again later.
.RE

.sp
.ne 2
.na
\fB\fB9\fR\fR
.ad
.RS 5n
\fIname\fR does not exist (if \fB-m\fR or \fB-d\fR is specified), already
exists (if \fB-a\fR is specified), or \fBlogname\fR already exists (if
\fB\fR\fB-m\fR \fB-l\fR is specified).
.RE

.SH NOTES
.sp
.LP
Do not use a colon (\fB:\fR) or \fBRETURN\fR as part of an argument. It is
interpreted as a field separator in the password file. The \fBpassmgmt\fR
command will be removed in a future release. Its functionality has been
replaced and enhanced by \fBuseradd\fR, \fBuserdel\fR, and \fBusermod\fR. These
commands are currently available.
.sp
.LP
This command only modifies password definitions in the local \fB/etc/passwd\fR
and \fB/etc/shadow\fR files. If a network nameservice such as \fBNIS\fR or
\fBNIS+\fR is being used to supplement the local files with additional entries,
\fBpassmgmt\fR cannot change information supplied by the network nameservice.