1.\" Copyright (C) 1996 2.\" David L. Nugent. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD: src/usr.sbin/pw/pw.conf.5,v 1.10.2.3 2001/07/22 12:41:27 dd Exp $ 26.\" 27.Dd December 9, 1996 28.Dt PW.CONF 5 29.Os 30.Sh NAME 31.Nm pw.conf 32.Nd format of the pw.conf configuration file 33.Sh DESCRIPTION 34The file 35.Aq Pa /etc/pw.conf 36contains configuration data for the 37.Xr pw 8 38program. 39The 40.Xr pw 8 41program is used for maintenance of the system password and group 42files, allowing users and groups to be added, deleted and changed. 43This file may be modified via the 44.Xr pw 8 45command using the 46.Ar useradd 47command and the 48.Fl D 49option, or by editing it directly with a text editor. 50.Pp 51Each line in 52.Aq Pa /etc/pw.conf 53is treated either a comment or as configuration data; 54blank lines and lines commencing with a 55.Ql \&# 56character are considered comments, and any remaining lines are 57examined for a leading keyword, followed by corresponding data. 58.Pp 59Keywords recognized by 60.Xr pw 8 61are: 62.Bl -tag -width password_days -offset indent -compact 63.It defaultpasswd 64affect passwords generated for new users 65.It reuseuids 66reuse gaps in uid sequences 67.It reusegids 68reuse gaps in gid sequences 69.It nispasswd 70path to the NIS passwd database 71.It skeleton 72where to obtain default home contents 73.It newmail 74mail to send to new users 75.It logfile 76log user/group modifications to this file 77.It home 78root directory for home directories 79.It shellpath 80paths in which to locate shell programs 81.It shells 82list of valid shells (without path) 83.It defaultshell 84default shell (without path) 85.It defaultgroup 86default group 87.It extragroups 88add new users to this groups 89.It defaultclass 90place new users in this login class 91.It minuid 92.It maxuid 93range of valid default user ids 94.It mingid 95.It maxgid 96range of valid default group ids 97.It expire_days 98days after which account expires 99.It password_days 100days after which password expires 101.El 102.Pp 103Valid values for 104.Ar defaultpasswd 105are: 106.Bl -tag -width password_days -offset indent -compact 107.It no 108disable login on newly created accounts 109.It yes 110force the password to be the account name 111.It none 112force a blank password 113.It random 114generate a random password 115.El 116.Pp 117The second and third options are insecure and should be avoided if 118possible on a publicly accessible system. 119The first option requires that the superuser run 120.Xr passwd 1 121to set a password before the account may be used. 122This may also be useful for creating administrative accounts. 123The final option causes 124.Xr pw 8 125to respond by printing a randomly generated password on stdout. 126This is the preferred and most secure option. 127.Xr Pw 8 128also provides a method of setting a specific password for the new 129user via a filehandle (command lines are not secure). 130.Pp 131Both 132.Ar reuseuids 133and 134.Ar reusegids 135determine the method by which new user and group id numbers are 136generated. 137A 138.Ql \&yes 139in this field will cause 140.Xr pw 8 141to search for the first unused user or group id within the allowed 142range, whereas a 143.Ql \&no 144will ensure that no other existing user or group id within the range 145is numerically lower than the new one generated, and therefore avoids 146reusing gaps in the user or group id sequence that are caused by 147previous user or group deletions. 148Note that if the default group is not specified using the 149.Ar defaultgroup 150keyword, 151.Xr pw 8 152will create a new group for the user and attempt to keep the new 153user's uid and gid the same. 154If the new user's uid is currently in use as a group id, then the next 155available group id is chosen instead. 156.Pp 157On NIS servers which maintain a separate passwd database to 158.Pa /etc/master.passwd , 159this option allows the additional file to be concurrently updated 160as user records are added, modified or removed. 161If blank or set to 'no', no additional database is updated. 162An absolute pathname must be used. 163.Pp 164The 165.Ar skeleton 166keyword nominates a directory from which the contents of a user's 167new home directory is constructed. 168This is 169.Pa /usr/share/skel 170by default. 171.Xr Pw 8 Ns 's 172.Fl m 173option causes the user's home directory to be created and populated 174using the files contained in the 175.Ar skeleton 176directory. 177.Pp 178To send an initial email to new users, the 179.Ar newmail 180keyword may be used to specify a path name to a file containing 181the message body of the message to be sent. 182To avoid sending mail when accounts are created, leave this entry 183blank or specify 184.Ql \&no . 185.Pp 186The 187.Ar logfile 188option allows logging of password file modifications into the 189nominated log file. 190To avoid creating or adding to such a logfile, then leave this 191field blank or specify 192.Ql \&no . 193.Pp 194The 195.Ar home 196keyword is mandatory. 197This specifies the location of the directory in which all new user 198home directories are created. 199.Pp 200.Ar shellpath 201specifies a list of directories - separated by colons 202.Ql \&: 203- which contain the programs used by the login shells. 204.Pp 205The 206.Ar shells 207keyword specifies a list of programs available for use as login 208shells. 209This list is a comma-separated list of shell names which should 210not contain a path. 211These shells must exist in one of the directories nominated by 212.Ar shellpath . 213.Pp 214The 215.Ar defaultshell 216keyword nominates which shell program to use for new users when 217none is specified on the 218.Xr pw 8 219command line. 220.Pp 221The 222.Ar defaultgroup 223keyword defines the primary group (the group id number in the 224password file) used for new accounts. 225If left blank, or the word 226.Ql \&no 227is used, then each new user will have a corresponding group of 228their own created automatically. 229This is the recommended procedure for new users as it best secures each 230user's files against interference by other users of the system 231irrespective of the 232.Em umask 233normally used by the user. 234.Pp 235.Ar extragroups 236provides an automatic means of placing new users into groups within 237the 238.Pa /etc/groups 239file. 240This is useful where all users share some resources, and is preferable 241to placing users into the same primary group. 242The effect of this keyword can be overridden using the 243.Fl G 244option on the 245.Xr pw 8 246command line. 247.Pp 248The 249.Ar defaultclass 250field determines the login class (See 251.Xr login.conf 5 ) 252that new users will be allocated unless overwritten by 253.Xr pw 8 . 254.Pp 255The 256.Ar minuid , 257.Ar maxuid , 258.Ar mingid , 259.Ar maxgid 260keywords determines the allowed ranges of automatically allocated user 261and group id numbers. 262The default values for both user and group ids are 1000 and 32000 as 263minimum and maximum respectively. 264The user and group id's actually used when creating an account with 265.Xr pw 8 266may be overridden using the 267.Fl u 268and 269.Fl g 270command line options. 271.Pp 272The 273.Ar expire_days 274and 275.Ar password_days 276are used to automatically calculate the number of days from the date 277on which an account is created when the account will expire or the 278user will be forced to change the account's password. 279A value of 280.Ql \&0 281in either field will disable the corresponding (account or password) 282expiration date. 283.Sh LIMITS 284The maximum line length of 285.Pa /etc/pw.conf 286is 1024 characters. 287Longer lines will be skipped and treated 288as comments. 289.Sh FILES 290.Bl -tag -width /etc/master.passwd -compact 291.It Pa /etc/pw.conf 292.It Pa /etc/passwd 293.It Pa /etc/master.passwd 294.It Pa /etc/group 295.El 296.Sh SEE ALSO 297.Xr passwd 1 , 298.Xr group 5 , 299.Xr login.conf 5 , 300.Xr passwd 5 , 301.Xr pw 8 302