1.\" Copyright (C) 1996 2.\" David L. Nugent. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY DAVID L. NUGENT AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL DAVID L. NUGENT OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd December 9, 1996 28.Dt PW.CONF 5 29.Os 30.Sh NAME 31.Nm pw.conf 32.Nd format of the pw.conf configuration file 33.Sh DESCRIPTION 34The file 35.In /etc/pw.conf 36contains configuration data for the 37.Xr pw 8 38utility. 39The 40.Xr pw 8 41utility is used for maintenance of the system password and group 42files, allowing users and groups to be added, deleted and changed. 43This file may be modified via the 44.Xr pw 8 45command using the 46.Ar useradd 47command and the 48.Fl D 49option, or by editing it directly with a text editor. 50.Pp 51Each line in 52.Pa /etc/pw.conf 53is treated either a comment or as configuration data; 54blank lines and lines commencing with a 55.Ql \&# 56character are considered comments, and any remaining lines are 57examined for a leading keyword, followed by corresponding data. 58.Pp 59Keywords recognized by 60.Xr pw 8 61are: 62.Bl -tag -width password_days -offset indent -compact 63.It defaultpasswd 64affect passwords generated for new users 65.It reuseuids 66reuse gaps in uid sequences 67.It reusegids 68reuse gaps in gid sequences 69.It nispasswd 70path to the 71.Tn NIS 72passwd database 73.It skeleton 74where to obtain default home contents 75.It newmail 76mail to send to new users 77.It logfile 78log user/group modifications to this file 79.It home 80root directory for home directories 81.It shellpath 82paths in which to locate shell programs 83.It shells 84list of valid shells (without path) 85.It defaultshell 86default shell (without path) 87.It defaultgroup 88default group 89.It extragroups 90add new users to this groups 91.It defaultclass 92place new users in this login class 93.It minuid 94.It maxuid 95range of valid default user ids 96.It mingid 97.It maxgid 98range of valid default group ids 99.It expire_days 100days after which account expires 101.It password_days 102days after which password expires 103.El 104.Pp 105Valid values for 106.Ar defaultpasswd 107are: 108.Bl -tag -width password_days -offset indent -compact 109.It no 110disable login on newly created accounts 111.It yes 112force the password to be the account name 113.It none 114force a blank password 115.It random 116generate a random password 117.El 118.Pp 119The second and third options are insecure and should be avoided if 120possible on a publicly accessible system. 121The first option requires that the superuser run 122.Xr passwd 1 123to set a password before the account may be used. 124This may also be useful for creating administrative accounts. 125The final option causes 126.Xr pw 8 127to respond by printing a randomly generated password on stdout. 128This is the preferred and most secure option. 129The 130.Xr pw 8 131utility also provides a method of setting a specific password for the new 132user via a filehandle (command lines are not secure). 133.Pp 134Both 135.Ar reuseuids 136and 137.Ar reusegids 138determine the method by which new user and group id numbers are 139generated. 140A 141.Ql \&yes 142in this field will cause 143.Xr pw 8 144to search for the first unused user or group id within the allowed 145range, whereas a 146.Ql \&no 147will ensure that no other existing user or group id within the range 148is numerically lower than the new one generated, and therefore avoids 149reusing gaps in the user or group id sequence that are caused by 150previous user or group deletions. 151Note that if the default group is not specified using the 152.Ar defaultgroup 153keyword, 154.Xr pw 8 155will create a new group for the user and attempt to keep the new 156user's uid and gid the same. 157If the new user's uid is currently in use as a group id, then the next 158available group id is chosen instead. 159.Pp 160On 161.Tn NIS 162servers which maintain a separate passwd database to 163.Pa /etc/master.passwd , 164this option allows the additional file to be concurrently updated 165as user records are added, modified or removed. 166If blank or set to 'no', no additional database is updated. 167An absolute pathname must be used. 168.Pp 169The 170.Ar skeleton 171keyword nominates a directory from which the contents of a user's 172new home directory is constructed. 173This is 174.Pa /usr/share/skel 175by default. 176The 177.Xr pw 8 Ns 's 178.Fl m 179option causes the user's home directory to be created and populated 180using the files contained in the 181.Ar skeleton 182directory. 183.Pp 184To send an initial email to new users, the 185.Ar newmail 186keyword may be used to specify a path name to a file containing 187the message body of the message to be sent. 188To avoid sending mail when accounts are created, leave this entry 189blank or specify 190.Ql \&no . 191.Pp 192The 193.Ar logfile 194option allows logging of password file modifications into the 195nominated log file. 196To avoid creating or adding to such a logfile, then leave this 197field blank or specify 198.Ql \&no . 199.Pp 200The 201.Ar home 202keyword is mandatory. 203This specifies the location of the directory in which all new user 204home directories are created. 205.Pp 206The 207.Ar shellpath 208keyword specifies a list of directories - separated by colons 209.Ql \&: 210- which contain the programs used by the login shells. 211.Pp 212The 213.Ar shells 214keyword specifies a list of programs available for use as login 215shells. 216This list is a comma-separated list of shell names which should 217not contain a path. 218These shells must exist in one of the directories nominated by 219.Ar shellpath . 220.Pp 221The 222.Ar defaultshell 223keyword nominates which shell program to use for new users when 224none is specified on the 225.Xr pw 8 226command line. 227.Pp 228The 229.Ar defaultgroup 230keyword defines the primary group (the group id number in the 231password file) used for new accounts. 232If left blank, or the word 233.Ql \&no 234is used, then each new user will have a corresponding group of 235their own created automatically. 236This is the recommended procedure for new users as it best secures each 237user's files against interference by other users of the system 238irrespective of the 239.Em umask 240normally used by the user. 241.Pp 242The 243.Ar extragroups 244keyword provides an automatic means of placing new users into groups within 245the 246.Pa /etc/groups 247file. 248This is useful where all users share some resources, and is preferable 249to placing users into the same primary group. 250The effect of this keyword can be overridden using the 251.Fl G 252option on the 253.Xr pw 8 254command line. 255.Pp 256The 257.Ar defaultclass 258field determines the login class (See 259.Xr login.conf 5 ) 260that new users will be allocated unless overwritten by 261.Xr pw 8 . 262.Pp 263The 264.Ar minuid , 265.Ar maxuid , 266.Ar mingid , 267.Ar maxgid 268keywords determine the allowed ranges of automatically allocated user 269and group id numbers. 270The default values for both user and group ids are 1000 and 32000 as 271minimum and maximum respectively. 272The user and group id's actually used when creating an account with 273.Xr pw 8 274may be overridden using the 275.Fl u 276and 277.Fl g 278command line options. 279.Pp 280The 281.Ar expire_days 282and 283.Ar password_days 284are used to automatically calculate the number of days from the date 285on which an account is created when the account will expire or the 286user will be forced to change the account's password. 287A value of 288.Ql \&0 289in either field will disable the corresponding (account or password) 290expiration date. 291.Sh LIMITS 292The maximum line length of 293.Pa /etc/pw.conf 294is 1024 characters. 295Longer lines will be skipped and treated 296as comments. 297.Sh FILES 298.Bl -tag -width /etc/master.passwd -compact 299.It Pa /etc/pw.conf 300.It Pa /etc/passwd 301.It Pa /etc/master.passwd 302.It Pa /etc/group 303.El 304.Sh SEE ALSO 305.Xr passwd 1 , 306.Xr group 5 , 307.Xr login.conf 5 , 308.Xr passwd 5 , 309.Xr pw 8 310