1.\" Copyright (C) 1996 2.\" David L. Nugent. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $Id: pw.conf.5,v 1.1.1.2 1996/12/09 23:55:22 joerg Exp $ 26.\" 27.Dd December 9, 1996 28.Dt PW.CONF 5 29.Os 30.Sh NAME 31.Nm pw.conf 32.Nd format of the pw.conf configuration file 33.Sh DESCRIPTION 34The file 35.Aq Pa /etc/pw.conf 36contains configuration data for the 37.Xr pw 8 38program. 39The 40.Xr pw 8 41program is used for maintenance of the system password and group 42files, allowing users and groups to be added, deleted and changed. 43This file may be modified via the 44.Xr pw 8 45command using the 46.Ql \&useradd 47command and the 48.Ql \&-D 49option, or by editing it directly with a text editor. 50.Pp 51Each line in 52.Aq Pa /etc/pw.conf 53is treated either a comment or as configuration data; 54blank lines and lines commencing with a 55.Ql \&# 56character are considered comments, and any remaining lines are 57examined for a leading keyword, followed by corresponding data. 58.Pp 59Keywords recognised by 60.Xr pw 8 61are: 62.Bl -tag -width password_days -offset indent -compact 63.It defaultpasswd 64affects passwords generated for new users 65.It reuseuids 66reuse gaps in uid sequences 67.It reusegids 68reuse gaps in gid sequences 69.It skeleton 70where to obtain default home contents 71.It newmail 72mail to send to new users 73.It logfile 74log user/group modifications to this file 75.It home 76root directory for home directories 77.It shellpath 78paths in which to locate shell programs 79.It shells 80list of valid shells (without path) 81.It defaultshell 82default shell (without path) 83.It defaultgroup 84default group 85.It extragroups 86add new users to this groups 87.It defaultclass 88place new users in this login class 89.It minuid 90.It maxuid 91range of valid default user ids 92.It mingid 93.It maxgid 94range of valid default group ids 95.It expire_days 96days after which account expires 97.It password_days 98days after which password expires 99.El 100.Pp 101Valid values for 102.Ar defaultpasswd 103are 104.Bl -tag -width password_days -offset indent -compact 105.It no 106disables login on newly created accounts 107.It yes 108forces the password to be the account name 109.It none 110forces a blank password 111.It random 112Generates a random password 113.El 114.Pp 115The second and third options are insecure and should be avoided if 116possible on a publicly accessible system. 117The first option requires that the superuser run 118.Xr passwd 1 119to set a password before the account may be used. 120This may also be useful for creating administrative accounts. 121The final option causes 122.Xr pw 8 123to respond by printing a randomly generated password on stdout. 124This is the preferred and most secure option. 125.Xr pw 8 126also provides a method of setting a specific password for the new 127user via a filehandle (command lines are not secure). 128.Pp 129Both 130.Ar reuseuids 131and 132.Ar reusegids 133determine the method by which new user and group id numbers are 134generated. 135A 136.Ql \&yes 137in this field will cause 138.Xr pw 8 139to search for the first unused user or group id within the allowed 140range, whereas a 141.Ql \&no 142will ensure that no other existing user or group id within the range 143is numerically lower than the new one generated, and therefore avoids 144reusing gaps in the user or group id sequence that are caused by 145previous user or group deletions. 146Note that if the default group is not specified using the 147.Ar defaultgroup 148keyword, 149.Xr pw 8 150will create a new group for the user and attempt to keep the new 151user's uid and gid the same. 152If the new user's uid is currently in use as a group id, then the next 153available group id is chosen instead. 154.Pp 155The 156.Ar skeleton 157keyword nominates a directory from which the contents of a user's 158new home directory is constructed. 159This is 160.Pa /usr/share/skel 161by default. 162.Xr pw 8 's 163.Ql \&-m 164option causes the user's home directory to be created and populated 165using the files contained in the 166.Ar skeleton 167directory. 168.Pp 169To send an initial email to new users, the 170.Ar newmail 171keyword may be used to specify a path name to a file containing 172the message body of the message to be sent. 173To avoid sending mail when accounts are created, leave this entry 174blank or specify 175.Ql \&no . 176.Pp 177The 178.Ar logfile 179option allows logging of password file modifications into the 180nominated log file. 181To avoid creating or adding to such a logfile, then leave this 182field blank or specify 183.Ql \&no . 184.Pp 185The 186.Ar home 187keyword is mandatory. 188This specifies the location of the directory in which all new user 189home directories are created. 190.Pp 191.Ar shellpath 192specifies a list of directories - separated by colons 193.Ql \&: 194- which contain the programs used by the login shells. 195.Pp 196The 197.Ar shells 198keyword specifies a list of programs available for use as login 199shells. 200This list is a comma-separated list of shell names which should 201not contain a path. 202These shells must exist in one of the directories nominated by 203.Ar shellpath . 204.Pp 205The 206.Ar defaultshell 207keyword nominates which shell program to use for new users when 208none is specified on the 209.Xr pw 8 210command line. 211.Pp 212The 213.Ar defaultgroup 214keyword defines the primary group (the group id number in the 215password file) used for new accounts. 216If left blank, or the word 217.Ql \&no 218is used, then each new user will have a corresponding group of 219their own created automatically. 220This is the recommended procedure for new users as it best secures each 221user's files against interference by other users of the system 222irrespective of the 223.Em umask 224normally used by the user. 225.Pp 226.Ar extragroups 227provides an automatic means of placing new users into groups within 228the 229.Pa /etc/groups 230file. 231This is useful where all users share some resources, and is preferable 232to placing users into the same primary group. 233The effect of this keyword can be overridden using the 234.Ql \&-G 235option on the 236.Xr pw 8 237command line. 238.Pp 239The 240.Ar defaultclass 241field determines the login class (See 242.Xr login.conf 5 ) 243that new users will be allocated unless overwritten by 244.Xr pw 8 . 245.Pp 246The 247.Ar minuid , 248.Ar maxuid , 249.Ar mingid , 250.Ar maxgid 251keywords determines the allowed ranges of automatically allocated user 252and group id numbers. 253The default values for both user and group ids are 1000 and 32000 as 254minimum and maximum respectively. 255The user and group id's actually used when creating an account with 256.Xr pw 8 257may be overridden using the 258.Ql \&-u 259and 260.Ql \&-g 261command line options. 262.Pp 263The 264.Ar expire_days 265and 266.Ar password_days 267are used to automatically calculate the number of days from the date 268on which an account is created when the account will expire or the 269user will be forced to change the account's password. 270A value of 271.Ql \&0 272in either field will disable the corresponding (account or password) 273expiration date. 274.Pp 275.Sh LIMITS 276The maximum line length of 277.Pa /etc/acct/pw.conf 278is 1024 characters. Longer lines will be skipped and treated 279as comments. 280.Sh FILES 281.Bl -tag -width /etc/master.passwd -compact 282.It Pa /etc/pw.conf 283.It Pa /etc/passwd 284.It Pa /etc/master.passwd 285.It Pa /etc/group 286.El 287.Sh SEE ALSO 288.Xr pw 8 , 289.Xr login.conf 5 , 290.Xr passwd 1 , 291.Xr passwd 5 , 292.Xr group 5 293 294 295