1.\" Copyright (C) 1996 2.\" David L. Nugent. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD: src/usr.sbin/pw/pw.conf.5,v 1.16 2007/03/30 11:23:10 le Exp $ 26.\" 27.Dd March 30, 2007 28.Dt PW.CONF 5 29.Os 30.Sh NAME 31.Nm pw.conf 32.Nd format of the pw.conf configuration file 33.Sh DESCRIPTION 34The file 35.Pa /etc/pw.conf 36contains configuration data for the 37.Xr pw 8 38utility. 39The 40.Xr pw 8 41utility is used for maintenance of the system password and group 42files, allowing users and groups to be added, deleted and changed. 43This file may be modified via the 44.Xr pw 8 45command using the 46.Ar useradd 47command and the 48.Fl D 49option, or by editing it directly with a text editor. 50.Pp 51Each line in 52.Pa /etc/pw.conf 53is treated either a comment or as configuration data; 54blank lines and lines commencing with a 55.Ql \&# 56character are considered comments, and any remaining lines are 57examined for a leading keyword, followed by corresponding data. 58.Pp 59Keywords recognized by 60.Xr pw 8 61are: 62.Bl -tag -width password_days -offset indent -compact 63.It defaultpasswd 64affect passwords generated for new users 65.It reuseuids 66reuse gaps in uid sequences 67.It reusegids 68reuse gaps in gid sequences 69.It nispasswd 70path to the 71.Tn NIS 72passwd database 73.It skeleton 74where to obtain default home contents 75.It newmail 76mail to send to new users 77.It logfile 78log user/group modifications to this file 79.It home 80root directory for home directories 81.It homemode 82permissions for home directory 83.It shellpath 84paths in which to locate shell programs 85.It shells 86list of valid shells (without path) 87.It defaultshell 88default shell (without path) 89.It defaultgroup 90default group 91.It extragroups 92add new users to this groups 93.It defaultclass 94place new users in this login class 95.It minuid 96.It maxuid 97range of valid default user ids 98.It mingid 99.It maxgid 100range of valid default group ids 101.It expire_days 102days after which account expires 103.It password_days 104days after which password expires 105.El 106.Pp 107Valid values for 108.Ar defaultpasswd 109are: 110.Bl -tag -width password_days -offset indent -compact 111.It no 112disable login on newly created accounts 113.It yes 114force the password to be the account name 115.It none 116force a blank password 117.It random 118generate a random password 119.El 120.Pp 121The second and third options are insecure and should be avoided if 122possible on a publicly accessible system. 123The first option requires that the superuser run 124.Xr passwd 1 125to set a password before the account may be used. 126This may also be useful for creating administrative accounts. 127The final option causes 128.Xr pw 8 129to respond by printing a randomly generated password on stdout. 130This is the preferred and most secure option. 131The 132.Xr pw 8 133utility also provides a method of setting a specific password for the new 134user via a filehandle (command lines are not secure). 135.Pp 136Both 137.Ar reuseuids 138and 139.Ar reusegids 140determine the method by which new user and group id numbers are 141generated. 142A 143.Ql \&yes 144in this field will cause 145.Xr pw 8 146to search for the first unused user or group id within the allowed 147range, whereas a 148.Ql \&no 149will ensure that no other existing user or group id within the range 150is numerically lower than the new one generated, and therefore avoids 151reusing gaps in the user or group id sequence that are caused by 152previous user or group deletions. 153Note that if the default group is not specified using the 154.Ar defaultgroup 155keyword, 156.Xr pw 8 157will create a new group for the user and attempt to keep the new 158user's uid and gid the same. 159If the new user's uid is currently in use as a group id, then the next 160available group id is chosen instead. 161.Pp 162On 163.Tn NIS 164servers which maintain a separate passwd database to 165.Pa /etc/master.passwd , 166this option allows the additional file to be concurrently updated 167as user records are added, modified or removed. 168If blank or set to 'no', no additional database is updated. 169An absolute pathname must be used. 170.Pp 171The 172.Ar skeleton 173keyword nominates a directory from which the contents of a user's 174new home directory is constructed. 175This is 176.Pa /usr/share/skel 177by default. 178The 179.Xr pw 8 Ns 's 180.Fl m 181option causes the user's home directory to be created and populated 182using the files contained in the 183.Ar skeleton 184directory. 185.Pp 186To send an initial email to new users, the 187.Ar newmail 188keyword may be used to specify a path name to a file containing 189the message body of the message to be sent. 190To avoid sending mail when accounts are created, leave this entry 191blank or specify 192.Ql \&no . 193.Pp 194The 195.Ar logfile 196option allows logging of password file modifications into the 197nominated log file. 198To avoid creating or adding to such a logfile, then leave this 199field blank or specify 200.Ql \&no . 201.Pp 202The 203.Ar home 204keyword is mandatory. 205This specifies the location of the directory in which all new user 206home directories are created. 207.Pp 208The 209.Ar homemode 210keyword is optional. 211It specifies the creation mask of the user's home directory and is modified by 212.Xr umask 2 . 213.Pp 214The 215.Ar shellpath 216keyword specifies a list of directories - separated by colons 217.Ql \&: 218- which contain the programs used by the login shells. 219.Pp 220The 221.Ar shells 222keyword specifies a list of programs available for use as login 223shells. 224This list is a comma-separated list of shell names which should 225not contain a path. 226These shells must exist in one of the directories nominated by 227.Ar shellpath . 228.Pp 229The 230.Ar defaultshell 231keyword nominates which shell program to use for new users when 232none is specified on the 233.Xr pw 8 234command line. 235.Pp 236The 237.Ar defaultgroup 238keyword defines the primary group (the group id number in the 239password file) used for new accounts. 240If left blank, or the word 241.Ql \&no 242is used, then each new user will have a corresponding group of 243their own created automatically. 244This is the recommended procedure for new users as it best secures each 245user's files against interference by other users of the system 246irrespective of the 247.Em umask 248normally used by the user. 249.Pp 250The 251.Ar extragroups 252keyword provides an automatic means of placing new users into groups within 253the 254.Pa /etc/groups 255file. 256This is useful where all users share some resources, and is preferable 257to placing users into the same primary group. 258The effect of this keyword can be overridden using the 259.Fl G 260option on the 261.Xr pw 8 262command line. 263.Pp 264The 265.Ar defaultclass 266field determines the login class (See 267.Xr login.conf 5 ) 268that new users will be allocated unless overwritten by 269.Xr pw 8 . 270.Pp 271The 272.Ar minuid , 273.Ar maxuid , 274.Ar mingid , 275.Ar maxgid 276keywords determine the allowed ranges of automatically allocated user 277and group id numbers. 278The default values for both user and group ids are 1000 and 32000 as 279minimum and maximum respectively. 280The user and group id's actually used when creating an account with 281.Xr pw 8 282may be overridden using the 283.Fl u 284and 285.Fl g 286command line options. 287.Pp 288The 289.Ar expire_days 290and 291.Ar password_days 292are used to automatically calculate the number of days from the date 293on which an account is created when the account will expire or the 294user will be forced to change the account's password. 295A value of 296.Ql \&0 297in either field will disable the corresponding (account or password) 298expiration date. 299.Sh LIMITS 300The maximum line length of 301.Pa /etc/pw.conf 302is 1024 characters. 303Longer lines will be skipped and treated 304as comments. 305.Sh FILES 306.Bl -tag -width /etc/master.passwd -compact 307.It Pa /etc/pw.conf 308.It Pa /etc/passwd 309.It Pa /etc/master.passwd 310.It Pa /etc/group 311.El 312.Sh SEE ALSO 313.Xr passwd 1 , 314.Xr umask 2 , 315.Xr group 5 , 316.Xr login.conf 5 , 317.Xr passwd 5 , 318.Xr pw 8 319