1.\" Copyright (C) 1996 2.\" David L. Nugent. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd March 30, 2007 26.Dt PW.CONF 5 27.Os 28.Sh NAME 29.Nm pw.conf 30.Nd format of the pw.conf configuration file 31.Sh DESCRIPTION 32The file 33.Pa /etc/pw.conf 34contains configuration data for the 35.Xr pw 8 36utility. 37The 38.Xr pw 8 39utility is used for maintenance of the system password and group 40files, allowing users and groups to be added, deleted and changed. 41This file may be modified via the 42.Xr pw 8 43command using the 44.Ar useradd 45command and the 46.Fl D 47option, or by editing it directly with a text editor. 48.Pp 49Each line in 50.Pa /etc/pw.conf 51is treated either a comment or as configuration data; 52blank lines and lines commencing with a 53.Ql \&# 54character are considered comments, and any remaining lines are 55examined for a leading keyword, followed by corresponding data. 56.Pp 57Keywords recognized by 58.Xr pw 8 59are: 60.Bl -tag -width password_days -offset indent -compact 61.It defaultpasswd 62affect passwords generated for new users 63.It reuseuids 64reuse gaps in uid sequences 65.It reusegids 66reuse gaps in gid sequences 67.It nispasswd 68path to the 69.Tn NIS 70passwd database 71.It skeleton 72where to obtain default home contents 73.It newmail 74mail to send to new users 75.It logfile 76log user/group modifications to this file 77.It home 78root directory for home directories 79.It homemode 80permissions for home directory 81.It shellpath 82paths in which to locate shell programs 83.It shells 84list of valid shells (without path) 85.It defaultshell 86default shell (without path) 87.It defaultgroup 88default group 89.It extragroups 90add new users to this groups 91.It defaultclass 92place new users in this login class 93.It minuid 94.It maxuid 95range of valid default user ids 96.It mingid 97.It maxgid 98range of valid default group ids 99.It expire_days 100days after which account expires 101.It password_days 102days after which password expires 103.El 104.Pp 105Valid values for 106.Ar defaultpasswd 107are: 108.Bl -tag -width password_days -offset indent -compact 109.It no 110disable login on newly created accounts 111.It yes 112force the password to be the account name 113.It none 114force a blank password 115.It random 116generate a random password 117.El 118.Pp 119The second and third options are insecure and should be avoided if 120possible on a publicly accessible system. 121The first option requires that the superuser run 122.Xr passwd 1 123to set a password before the account may be used. 124This may also be useful for creating administrative accounts. 125The final option causes 126.Xr pw 8 127to respond by printing a randomly generated password on stdout. 128This is the preferred and most secure option. 129The 130.Xr pw 8 131utility also provides a method of setting a specific password for the new 132user via a filehandle (command lines are not secure). 133.Pp 134Both 135.Ar reuseuids 136and 137.Ar reusegids 138determine the method by which new user and group id numbers are 139generated. 140A 141.Ql \&yes 142in this field will cause 143.Xr pw 8 144to search for the first unused user or group id within the allowed 145range, whereas a 146.Ql \&no 147will ensure that no other existing user or group id within the range 148is numerically lower than the new one generated, and therefore avoids 149reusing gaps in the user or group id sequence that are caused by 150previous user or group deletions. 151Note that if the default group is not specified using the 152.Ar defaultgroup 153keyword, 154.Xr pw 8 155will create a new group for the user and attempt to keep the new 156user's uid and gid the same. 157If the new user's uid is currently in use as a group id, then the next 158available group id is chosen instead. 159.Pp 160On 161.Tn NIS 162servers which maintain a separate passwd database to 163.Pa /etc/master.passwd , 164this option allows the additional file to be concurrently updated 165as user records are added, modified or removed. 166If blank or set to 'no', no additional database is updated. 167An absolute pathname must be used. 168.Pp 169The 170.Ar skeleton 171keyword nominates a directory from which the contents of a user's 172new home directory is constructed. 173This is 174.Pa /usr/share/skel 175by default. 176The 177.Xr pw 8 Ns 's 178.Fl m 179option causes the user's home directory to be created and populated 180using the files contained in the 181.Ar skeleton 182directory. 183.Pp 184To send an initial email to new users, the 185.Ar newmail 186keyword may be used to specify a path name to a file containing 187the message body of the message to be sent. 188To avoid sending mail when accounts are created, leave this entry 189blank or specify 190.Ql \&no . 191.Pp 192The 193.Ar logfile 194option allows logging of password file modifications into the 195nominated log file. 196To avoid creating or adding to such a logfile, then leave this 197field blank or specify 198.Ql \&no . 199.Pp 200The 201.Ar home 202keyword is mandatory. 203This specifies the location of the directory in which all new user 204home directories are created. 205.Pp 206The 207.Ar homemode 208keyword is optional. 209It specifies the creation mask of the user's home directory and is modified by 210.Xr umask 2 . 211.Pp 212The 213.Ar shellpath 214keyword specifies a list of directories - separated by colons 215.Ql \&: 216- which contain the programs used by the login shells. 217.Pp 218The 219.Ar shells 220keyword specifies a list of programs available for use as login 221shells. 222This list is a comma-separated list of shell names which should 223not contain a path. 224These shells must exist in one of the directories nominated by 225.Ar shellpath . 226.Pp 227The 228.Ar defaultshell 229keyword nominates which shell program to use for new users when 230none is specified on the 231.Xr pw 8 232command line. 233.Pp 234The 235.Ar defaultgroup 236keyword defines the primary group (the group id number in the 237password file) used for new accounts. 238If left blank, or the word 239.Ql \&no 240is used, then each new user will have a corresponding group of 241their own created automatically. 242This is the recommended procedure for new users as it best secures each 243user's files against interference by other users of the system 244irrespective of the 245.Em umask 246normally used by the user. 247.Pp 248The 249.Ar extragroups 250keyword provides an automatic means of placing new users into groups within 251the 252.Pa /etc/groups 253file. 254This is useful where all users share some resources, and is preferable 255to placing users into the same primary group. 256The effect of this keyword can be overridden using the 257.Fl G 258option on the 259.Xr pw 8 260command line. 261.Pp 262The 263.Ar defaultclass 264field determines the login class (See 265.Xr login.conf 5 ) 266that new users will be allocated unless overwritten by 267.Xr pw 8 . 268.Pp 269The 270.Ar minuid , 271.Ar maxuid , 272.Ar mingid , 273.Ar maxgid 274keywords determine the allowed ranges of automatically allocated user 275and group id numbers. 276The default values for both user and group ids are 1000 and 32000 as 277minimum and maximum respectively. 278The user and group id's actually used when creating an account with 279.Xr pw 8 280may be overridden using the 281.Fl u 282and 283.Fl g 284command line options. 285.Pp 286The 287.Ar expire_days 288and 289.Ar password_days 290are used to automatically calculate the number of days from the date 291on which an account is created when the account will expire or the 292user will be forced to change the account's password. 293A value of 294.Ql \&0 295in either field will disable the corresponding (account or password) 296expiration date. 297.Sh LIMITS 298The maximum line length of 299.Pa /etc/pw.conf 300is 1024 characters. 301Longer lines will be skipped and treated 302as comments. 303.Sh FILES 304.Bl -tag -width /etc/master.passwd -compact 305.It Pa /etc/pw.conf 306.It Pa /etc/passwd 307.It Pa /etc/master.passwd 308.It Pa /etc/group 309.El 310.Sh SEE ALSO 311.Xr passwd 1 , 312.Xr umask 2 , 313.Xr group 5 , 314.Xr login.conf 5 , 315.Xr passwd 5 , 316.Xr pw 8 317