xref: /illumos-gate/usr/src/man/man8/passmgmt.8 (revision 6dde88b51419b99fe0aab8e56184c693945826b8)
te
Copyright 1989 AT&T Copyright (c) 2007 Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
PASSMGMT 8 "Feb 25, 2017"
NAME
passmgmt - password files management
SYNOPSIS

passmgmt -a options name

passmgmt -m options name

passmgmt -d name
DESCRIPTION

The passmgmt command updates information in the password files. This command works with both /etc/passwd and /etc/shadow.

passmgmt -a adds an entry for user name to the password files. This command does not create any directory for the new user and the new login remains locked (with the string *LK* in the password field) until the passwd(1) command is executed to set the password.

passmgmt -m modifies the entry for user name in the password files. The name field in the /etc/shadow entry and all the fields (except the password field) in the /etc/passwd entry can be modified by this command. Only fields entered on the command line will be modified.

passmgmt -d deletes the entry for user name from the password files. It will not remove any files that the user owns on the system; they must be removed manually.

passmgmt can be used only by the super-user.

OPTIONS
-c comment

A short description of the login, enclosed in quotes. It is limited to a maximum of 128 characters and defaults to an empty field.

-e expire

Specify the expiration date for a login. After this date, no user will be able to access this login. The expire option argument is a date entered using one of the date formats included in the template file /etc/datemsk. See getdate(3C).

-f inactive

The maximum number of days allowed between uses of a login ID before that ID is declared invalid. Normal values are positive integers. A value of 0 defeats the status. Changing the password reactivates an account for the inactivity period.

-g gid

GID of name. This number must range from 0 to the maximum non-negative value for the system. The default is 1.

-h homedir

Home directory of name. It is limited to a maximum of 256 characters and defaults to /usr/name.

-K key=value

Set a key=value pair. See user_attr(5), auth_attr(5), and prof_attr(5). The valid key=value pairs are defined in user_attr(5), but the "type" key is subject to the usermod(8) and rolemod(8) restrictions. Multiple key=value pairs may be added with multiple -K options.

-k skel_dir

A directory that contains skeleton information (such as .profile) that can be copied into a new user's home directory. This directory must already exist. The system provides the /etc/skel directory that can be used for this purpose.

-l logname

This option changes the name to logname. It is used only with the -m option. The total size of each login entry is limited to a maximum of 511 bytes in each of the password files.

-o

This option allows a UID to be non-unique. It is used only with the -u option.

-s shell

Login shell for name. It should be the full pathname of the program that will be executed when the user logs in. The maximum size of shell is 256 characters. The default is for this field to be empty and to be interpreted as /usr/bin/sh.

-u uid

UID of the name. This number must range from 0 to the maximum non-negative value for the system. It defaults to the next available UID greater than 99. Without the -o option, it enforces the uniqueness of a UID.

FILES
/etc/passwd
/etc/shadow
/etc/opasswd
/etc/oshadow 
ATTRIBUTES

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
SEE ALSO

passwd (1), auth_attr (5), passwd (5), prof_attr (5), shadow (5), user_attr (5), attributes (7), rolemod (8), useradd (8), userdel (8), usermod (8)

EXIT STATUS

The passmgmt command exits with one of the following values: 0

Success.

1

Permission denied.

2

Invalid command syntax. Usage message of the passmgmt command is displayed.

3

Invalid argument provided to option.

4

UID in use.

5

Inconsistent password files (for example, name is in the /etc/passwd file and not in the /etc/shadow file, or vice versa).

6

Unexpected failure. Password files unchanged.

7

Unexpected failure. Password file(s) missing.

8

Password file(s) busy. Try again later.

9

name does not exist (if -m or -d is specified), already exists (if -a is specified), or logname already exists (if -m -l is specified).

NOTES

Do not use a colon (:) or RETURN as part of an argument. It is interpreted as a field separator in the password file. The passmgmt command will be removed in a future release. Its functionality has been replaced and enhanced by useradd, userdel, and usermod. These commands are currently available.

This command only modifies password definitions in the local /etc/passwd and /etc/shadow files. If a network nameservice is being used to supplement the local files with additional entries, passmgmt cannot change information supplied by the network nameservice.