'\" te .\" Copyright 1989 AT&T Copyright (c) 2007 Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] .TH PASSMGMT 1M "Aug 27, 2007" .SH NAME passmgmt \- password files management .SH SYNOPSIS .LP .nf \fBpassmgmt\fR \fB-a\fR \fIoptions\fR \fIname\fR .fi .LP .nf \fBpassmgmt\fR \fB-m\fR \fIoptions\fR \fIname\fR .fi .LP .nf \fBpassmgmt\fR \fB-d\fR \fIname\fR .fi .SH DESCRIPTION .sp .LP The \fBpassmgmt\fR command updates information in the password files. This command works with both \fB/etc/passwd\fR and \fB/etc/shadow\fR. .sp .LP \fBpassmgmt\fR \fB-a\fR adds an entry for user \fIname\fR to the password files. This command does not create any directory for the new user and the new login remains locked (with the string \fB*LK*\fR in the password field) until the \fBpasswd\fR(1) command is executed to set the password. .sp .LP \fBpassmgmt\fR \fB-m\fR modifies the entry for user \fIname\fR in the password files. The name field in the \fB/etc/shadow\fR entry and all the fields (except the password field) in the \fB/etc/passwd\fR entry can be modified by this command. Only fields entered on the command line will be modified. .sp .LP \fBpassmgmt\fR \fB-d\fR deletes the entry for user \fIname\fR from the password files. It will not remove any files that the user owns on the system; they must be removed manually. .sp .LP \fBpassmgmt\fR can be used only by the super-user. .SH OPTIONS .sp .ne 2 .na \fB\fB\fR\fB-c\fR \fIcomment\fR\fR .ad .RS 16n A short description of the login, enclosed in quotes. It is limited to a maximum of 128 characters and defaults to an empty field. .RE .sp .ne 2 .na \fB\fB-e\fR \fIexpire\fR\fR .ad .RS 16n Specify the expiration date for a login. After this date, no user will be able to access this login. The expire option argument is a date entered using one of the date formats included in the template file \fB/etc/datemsk\fR. See \fBgetdate\fR(3C). .RE .sp .ne 2 .na \fB\fB-f\fR \fIinactive\fR\fR .ad .RS 16n The maximum number of days allowed between uses of a login ID before that \fBID\fR is declared invalid. Normal values are positive integers. A value of \fB0\fR defeats the status. .sp Changing the password reactivates an account for the inactivity period. .RE .sp .ne 2 .na \fB\fB\fR\fB-g\fR \fIgid\fR\fR .ad .RS 16n \fBGID\fR of \fIname\fR. This number must range from 0 to the maximum non-negative value for the system. The default is 1. .RE .sp .ne 2 .na \fB\fB\fR\fB-h\fR \fIhomedir\fR\fR .ad .RS 16n Home directory of \fIname\fR. It is limited to a maximum of 256 characters and defaults to \fB/usr/\fR\fIname\fR. .RE .sp .ne 2 .na \fB\fB-K\fR \fIkey=value\fR\fR .ad .RS 16n Set a \fIkey=value\fR pair. See \fBuser_attr\fR(4), \fBauth_attr\fR(4), and \fBprof_attr\fR(4). The valid \fIkey=value\fR pairs are defined in \fBuser_attr\fR(4), but the "type" key is subject to the \fBusermod\fR(1M) and \fBrolemod\fR(1M) restrictions. Multiple \fIkey=value\fR pairs may be added with multiple \fB-K\fR options. .RE .sp .ne 2 .na \fB\fB-k\fR \fIskel_dir\fR\fR .ad .RS 16n A directory that contains skeleton information (such as \fB\&.profile\fR) that can be copied into a new user's home directory. This directory must already exist. The system provides the \fB/etc/skel\fR directory that can be used for this purpose. .RE .sp .ne 2 .na \fB\fB-l\fR \fIlogname\fR\fR .ad .RS 16n This option changes the \fIname\fR to \fIlogname\fR. It is used only with the \fB-m\fR option. The total size of each login entry is limited to a maximum of 511 bytes in each of the password files. .RE .sp .ne 2 .na \fB\fB-o\fR\fR .ad .RS 16n This option allows a \fBUID\fR to be non-unique. It is used only with the \fB-u\fR option. .RE .sp .ne 2 .na \fB\fB\fR\fB-s\fR \fIshell\fR\fR .ad .RS 16n Login shell for \fIname\fR. It should be the full pathname of the program that will be executed when the user logs in. The maximum size of \fIshell\fR is 256 characters. The default is for this field to be empty and to be interpreted as \fB/usr/bin/sh\fR. .RE .sp .ne 2 .na \fB\fB\fR\fB-u\fR \fIuid\fR\fR .ad .RS 16n \fBUID\fR of the \fIname\fR. This number must range from 0 to the maximum non-negative value for the system. It defaults to the next available \fBUID\fR greater than 99. Without the \fB-o\fR option, it enforces the uniqueness of a \fBUID.\fR .RE .SH FILES .sp .in +2 .nf \fB/etc/passwd\fR \fB/etc/shadow\fR \fB/etc/opasswd\fR \fB/etc/oshadow\fR .fi .in -2 .sp .SH ATTRIBUTES .sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp .sp .TS box; c | c l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE _ Interface Stability Evolving .TE .SH SEE ALSO .sp .LP \fBpasswd\fR(1), \fBrolemod\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBusermod\fR(1M), \fBauth_attr\fR(4), \fBpasswd\fR(4), \fBprof_attr\fR(4), \fBshadow\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) .SH EXIT STATUS .sp .LP The \fBpassmgmt\fR command exits with one of the following values: .sp .ne 2 .na \fB\fB0\fR\fR .ad .RS 5n Success. .RE .sp .ne 2 .na \fB\fB1\fR\fR .ad .RS 5n Permission denied. .RE .sp .ne 2 .na \fB\fB2\fR\fR .ad .RS 5n Invalid command syntax. Usage message of the \fBpassmgmt\fR command is displayed. .RE .sp .ne 2 .na \fB\fB3\fR\fR .ad .RS 5n Invalid argument provided to option. .RE .sp .ne 2 .na \fB\fB4\fR\fR .ad .RS 5n UID in use. .RE .sp .ne 2 .na \fB\fB5\fR\fR .ad .RS 5n Inconsistent password files (for example, \fIname\fR is in the \fB/etc/passwd\fR file and not in the \fB/etc/shadow\fR file, or vice versa). .RE .sp .ne 2 .na \fB\fB6\fR\fR .ad .RS 5n Unexpected failure. Password files unchanged. .RE .sp .ne 2 .na \fB\fB7\fR\fR .ad .RS 5n Unexpected failure. Password file(s) missing. .RE .sp .ne 2 .na \fB\fB8\fR\fR .ad .RS 5n Password file(s) busy. Try again later. .RE .sp .ne 2 .na \fB\fB9\fR\fR .ad .RS 5n \fIname\fR does not exist (if \fB-m\fR or \fB-d\fR is specified), already exists (if \fB-a\fR is specified), or \fBlogname\fR already exists (if \fB\fR\fB-m\fR \fB-l\fR is specified). .RE .SH NOTES .sp .LP Do not use a colon (\fB:\fR) or \fBRETURN\fR as part of an argument. It is interpreted as a field separator in the password file. The \fBpassmgmt\fR command will be removed in a future release. Its functionality has been replaced and enhanced by \fBuseradd\fR, \fBuserdel\fR, and \fBusermod\fR. These commands are currently available. .sp .LP This command only modifies password definitions in the local \fB/etc/passwd\fR and \fB/etc/shadow\fR files. If a network nameservice such as \fBNIS\fR or \fBNIS+\fR is being used to supplement the local files with additional entries, \fBpassmgmt\fR cannot change information supplied by the network nameservice.