1.\" $NetBSD: chpass.1,v 1.23 2006/10/07 20:09:09 elad Exp $ 2.\" 3.\" Copyright (c) 1988, 1990, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)chpass.1 8.2 (Berkeley) 12/30/93 31.\" 32.Dd October 7, 2006 33.Dt CHPASS 1 34.Os 35.Sh NAME 36.Nm chpass , 37.Nm chfn , 38.Nm chsh 39.Nd add or change user database information 40.Sh SYNOPSIS 41.Nm 42.Op Fl a Ar list 43.Op Fl s Ar newshell 44.Op Fl l 45.Op user 46.Nm chpass 47.Op Fl a Ar list 48.Op Fl s Ar newshell 49.Op Fl y 50.Op user 51.Sh DESCRIPTION 52.Nm 53allows editing of the user database information associated 54with 55.Ar user 56or, by default, the current user. 57The information is formatted and supplied to an editor for changes. 58.Pp 59Only the information that the user is allowed to change is displayed. 60.Pp 61The options are as follows: 62.Bl -tag -width Ds 63.It Fl a 64The super-user is allowed to directly supply a user database 65entry, in the format specified by 66.Xr passwd 5 , 67as an argument. 68This argument must be a colon 69.Pq Dq \&: 70separated list of all the 71user database fields, although they may be empty. 72.It Fl s 73The 74.Fl s 75option attempts to change the user's shell to 76.Ar newshell . 77.It Fl l 78This option causes the password to be updated only in the local 79password file. 80When changing only the local password, 81.Xr pwd_mkdb 8 82is used to update the password databases. 83.It Fl y 84This forces the YP password database entry to be changed, even if 85the user has an entry in the local database. 86The 87.Xr rpc.yppasswdd 8 88daemon should be running on the YP master server. 89.El 90.Pp 91Possible display items are as follows: 92.Pp 93.Bl -tag -width "Home Directory:" -compact -offset indent 94.It Login : 95user's login name 96.It Password : 97user's encrypted password 98.It Uid : 99user's login 100.It Gid : 101user's login group 102.It Change : 103password change time 104.It Expire : 105account expiration time 106.It Class : 107user's general classification 108.It Home Directory : 109user's home directory 110.It Shell : 111user's login shell 112.It Full Name : 113user's real name 114.It Location : 115user's normal location 116.It Home Phone : 117user's home phone 118.It Office Phone : 119user's office phone 120.El 121.Pp 122The 123.Ar login 124field is the user name used to access the computer account. 125.Pp 126The 127.Ar password 128field contains the encrypted form of the user's password. 129.Pp 130The 131.Ar uid 132field is the number associated with the 133.Ar login 134field. 135Both of these fields should be unique across the system (and often 136across a group of systems) as they control file access. 137.Pp 138While it is possible to have multiple entries with identical login names 139and/or identical user id's, it is usually a mistake to do so. 140Routines 141that manipulate these files will often return only one of the multiple 142entries, and that one by random selection. 143.Pp 144The 145.Ar group 146field is the group that the user will be placed in at login. 147Since 148.Bx 149supports multiple groups (see 150.Xr groups 1 ) 151this field currently has little special meaning. 152This field may be filled in with either a number or a group name (see 153.Xr group 5 ) . 154.Pp 155The 156.Ar change 157field is the date by which the password must be changed. 158.Pp 159The 160.Ar expire 161field is the date on which the account expires. 162.Pp 163Both the 164.Ar change 165and 166.Ar expire 167fields should be entered in the form 168.Dq month day year 169where 170.Ar month 171is the month name (the first three characters are sufficient), 172.Ar day 173is the day of the month, and 174.Ar year 175is the year. 176.Pp 177The 178.Ar class 179field is a key for a user's login class. 180Login classes are defined in 181.Xr login.conf 5 , 182which is a 183.Xr termcap 5 184style database of user attributes, accounting, resource and 185environment settings. 186.Pp 187The user's 188.Ar home directory 189is the full 190.Ux 191path name where the user will be placed at login. 192.Pp 193The 194.Ar shell 195field is the command interpreter the user prefers. 196If the 197.Ar shell 198field is empty, the Bourne shell, 199.Pa /bin/sh , 200is assumed. 201When altering a login shell, and not the super-user, the user 202may not change from a non-standard shell or to a non-standard 203shell. 204Non-standard is defined as a shell not found in 205.Pa /etc/shells . 206.Pp 207The last four fields are for storing the user's 208.Ar full name , office location , 209and 210.Ar home 211and 212.Ar work telephone 213numbers. 214.Pp 215Once the information has been verified, 216.Nm 217uses 218.Xr pwd_mkdb 8 219to update the user database. 220.Sh ENVIRONMENT 221The 222.Xr vi 1 223editor will be used unless the environment variable 224.Ev EDITOR 225is set to an alternative editor. 226When the editor terminates, the information is re-read and used to 227update the user database itself. 228Only the user, or the super-user, may edit the information associated 229with the user. 230.Sh FILES 231.Bl -tag -width /etc/master.passwd -compact 232.It Pa /etc/master.passwd 233The user database 234.It Pa /etc/passwd 235A Version 7 format password file 236.It Pa /etc/ptmp 237Lock file for the passwd database 238.It Pa /tmp/pw.XXXXXX 239Temporary copy of the user passwd information 240.It Pa /etc/shells 241The list of approved shells 242.El 243.Sh SEE ALSO 244.Xr finger 1 , 245.Xr login 1 , 246.Xr passwd 1 , 247.Xr pwhash 1 , 248.Xr getusershell 3 , 249.Xr passwd 5 , 250.Xr passwd.conf 5 , 251.Xr pwd_mkdb 8 , 252.Xr vipw 8 253.Rs 254.%A Robert Morris 255.%A Ken Thompson 256.%T "UNIX Password Security" 257.Re 258.Sh HISTORY 259The 260.Nm 261command appeared in 262.Bx 4.3 Reno . 263.Sh BUGS 264This program's interface is poorly suited to cryptographic systems such as 265Kerberos, and consequently Kerberos password changing is not a feature of 266this program. 267.Pp 268User information should (and eventually will) be stored elsewhere. 269