xref: /freebsd/usr.sbin/pw/pw.conf.5 (revision 5773cccf19ef7b97e56c1101aa481c43149224da)
1.\" Copyright (C) 1996
2.\" David L. Nugent.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd December 9, 1996
28.Dt PW.CONF 5
29.Os
30.Sh NAME
31.Nm pw.conf
32.Nd format of the pw.conf configuration file
33.Sh DESCRIPTION
34The file
35.Aq Pa /etc/pw.conf
36contains configuration data for the
37.Xr pw 8
38program.
39The
40.Xr pw 8
41program is used for maintenance of the system password and group
42files, allowing users and groups to be added, deleted and changed.
43This file may be modified via the
44.Xr pw 8
45command using the
46.Ar useradd
47command and the
48.Fl D
49option, or by editing it directly with a text editor.
50.Pp
51Each line in
52.Aq Pa /etc/pw.conf
53is treated either a comment or as configuration data;
54blank lines and lines commencing with a
55.Ql \&#
56character are considered comments, and any remaining lines are
57examined for a leading keyword, followed by corresponding data.
58.Pp
59Keywords recognized by
60.Xr pw 8
61are:
62.Bl -tag -width password_days -offset indent -compact
63.It defaultpasswd
64affect passwords generated for new users
65.It reuseuids
66reuse gaps in uid sequences
67.It reusegids
68reuse gaps in gid sequences
69.It nispasswd
70path to the NIS passwd database
71.It skeleton
72where to obtain default home contents
73.It newmail
74mail to send to new users
75.It logfile
76log user/group modifications to this file
77.It home
78root directory for home directories
79.It shellpath
80paths in which to locate shell programs
81.It shells
82list of valid shells (without path)
83.It defaultshell
84default shell (without path)
85.It defaultgroup
86default group
87.It extragroups
88add new users to this groups
89.It defaultclass
90place new users in this login class
91.It minuid
92.It maxuid
93range of valid default user ids
94.It mingid
95.It maxgid
96range of valid default group ids
97.It expire_days
98days after which account expires
99.It password_days
100days after which password expires
101.El
102.Pp
103Valid values for
104.Ar defaultpasswd
105are:
106.Bl -tag -width password_days -offset indent -compact
107.It no
108disable login on newly created accounts
109.It yes
110force the password to be the account name
111.It none
112force a blank password
113.It random
114generate a random password
115.El
116.Pp
117The second and third options are insecure and should be avoided if
118possible on a publicly accessible system.
119The first option requires that the superuser run
120.Xr passwd 1
121to set a password before the account may be used.
122This may also be useful for creating administrative accounts.
123The final option causes
124.Xr pw 8
125to respond by printing a randomly generated password on stdout.
126This is the preferred and most secure option.
127.Xr Pw 8
128also provides a method of setting a specific password for the new
129user via a filehandle (command lines are not secure).
130.Pp
131Both
132.Ar reuseuids
133and
134.Ar reusegids
135determine the method by which new user and group id numbers are
136generated.
137A
138.Ql \&yes
139in this field will cause
140.Xr pw 8
141to search for the first unused user or group id within the allowed
142range, whereas a
143.Ql \&no
144will ensure that no other existing user or group id within the range
145is numerically lower than the new one generated, and therefore avoids
146reusing gaps in the user or group id sequence that are caused by
147previous user or group deletions.
148Note that if the default group is not specified using the
149.Ar defaultgroup
150keyword,
151.Xr pw 8
152will create a new group for the user and attempt to keep the new
153user's uid and gid the same.
154If the new user's uid is currently in use as a group id, then the next
155available group id is chosen instead.
156.Pp
157On NIS servers which maintain a separate passwd database to
158.Pa /etc/master.passwd ,
159this option allows the additional file to be concurrently updated
160as user records are added, modified or removed.
161If blank or set to 'no', no additional database is updated.
162An absolute pathname must be used.
163.Pp
164The
165.Ar skeleton
166keyword nominates a directory from which the contents of a user's
167new home directory is constructed.
168This is
169.Pa /usr/share/skel
170by default.
171.Xr Pw 8 Ns 's
172.Fl m
173option causes the user's home directory to be created and populated
174using the files contained in the
175.Ar skeleton
176directory.
177.Pp
178To send an initial email to new users, the
179.Ar newmail
180keyword may be used to specify a path name to a file containing
181the message body of the message to be sent.
182To avoid sending mail when accounts are created, leave this entry
183blank or specify
184.Ql \&no .
185.Pp
186The
187.Ar logfile
188option allows logging of password file modifications into the
189nominated log file.
190To avoid creating or adding to such a logfile, then leave this
191field blank or specify
192.Ql \&no .
193.Pp
194The
195.Ar home
196keyword is mandatory.
197This specifies the location of the directory in which all new user
198home directories are created.
199.Pp
200.Ar shellpath
201specifies a list of directories - separated by colons
202.Ql \&:
203- which contain the programs used by the login shells.
204.Pp
205The
206.Ar shells
207keyword specifies a list of programs available for use as login
208shells.
209This list is a comma-separated list of shell names which should
210not contain a path.
211These shells must exist in one of the directories nominated by
212.Ar shellpath .
213.Pp
214The
215.Ar defaultshell
216keyword nominates which shell program to use for new users when
217none is specified on the
218.Xr pw 8
219command line.
220.Pp
221The
222.Ar defaultgroup
223keyword defines the primary group (the group id number in the
224password file) used for new accounts.
225If left blank, or the word
226.Ql \&no
227is used, then each new user will have a corresponding group of
228their own created automatically.
229This is the recommended procedure for new users as it best secures each
230user's files against interference by other users of the system
231irrespective of the
232.Em umask
233normally used by the user.
234.Pp
235.Ar extragroups
236provides an automatic means of placing new users into groups within
237the
238.Pa /etc/groups
239file.
240This is useful where all users share some resources, and is preferable
241to placing users into the same primary group.
242The effect of this keyword can be overridden using the
243.Fl G
244option on the
245.Xr pw 8
246command line.
247.Pp
248The
249.Ar defaultclass
250field determines the login class (See
251.Xr login.conf 5 )
252that new users will be allocated unless overwritten by
253.Xr pw 8 .
254.Pp
255The
256.Ar minuid ,
257.Ar maxuid ,
258.Ar mingid ,
259.Ar maxgid
260keywords determines the allowed ranges of automatically allocated user
261and group id numbers.
262The default values for both user and group ids are 1000 and 32000 as
263minimum and maximum respectively.
264The user and group id's actually used when creating an account with
265.Xr pw 8
266may be overridden using the
267.Fl u
268and
269.Fl g
270command line options.
271.Pp
272The
273.Ar expire_days
274and
275.Ar password_days
276are used to automatically calculate the number of days from the date
277on which an account is created when the account will expire or the
278user will be forced to change the account's password.
279A value of
280.Ql \&0
281in either field will disable the corresponding (account or password)
282expiration date.
283.Sh LIMITS
284The maximum line length of
285.Pa /etc/pw.conf
286is 1024 characters.
287Longer lines will be skipped and treated
288as comments.
289.Sh FILES
290.Bl -tag -width /etc/master.passwd -compact
291.It Pa /etc/pw.conf
292.It Pa /etc/passwd
293.It Pa /etc/master.passwd
294.It Pa /etc/group
295.El
296.Sh SEE ALSO
297.Xr passwd 1 ,
298.Xr group 5 ,
299.Xr login.conf 5 ,
300.Xr passwd 5 ,
301.Xr pw 8
302