1.\" $NetBSD: pwd_mkdb.8,v 1.28 2010/08/18 10:00:49 wiz Exp $ 2.\" 3.\" Copyright (c) 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)pwd_mkdb.8 8.2 (Berkeley) 4/27/95 31.\" 32.Dd August 18, 2010 33.Dt PWD_MKDB 8 34.Os 35.Sh NAME 36.Nm pwd_mkdb 37.Nd generate the password databases 38.Sh SYNOPSIS 39.Nm 40.Op Fl BLlpsvw 41.Op Fl c Ar cachesize 42.Op Fl d Ar directory 43.Op Fl u Ar username 44.Op Fl V Ar version 45.Ar file 46.Sh DESCRIPTION 47.Nm 48creates 49.Xr db 3 50style secure and insecure databases for the specified file. 51These databases are then installed into 52.Dq Pa /etc/spwd.db 53and 54.Dq Pa /etc/pwd.db 55respectively. 56The file is installed into 57.Dq Pa /etc/master.passwd . 58The file must be in the correct format (see 59.Xr passwd 5 ) . 60It is important to note that the format used in this system is 61different from the historic Version 7 style format. 62.Pp 63The options are as follows: 64.Bl -tag -width flag 65.It Fl B 66Store data in big-endian format (see also 67.Fl L ) . 68.It Fl c Ar cachesize 69Specify the size of the memory cache in megabytes used by the 70hashing library. 71On systems with a large user base, a small cache size can lead to 72prohibitively long database file rebuild times. 73As a rough guide, the memory usage of 74.Nm 75in megabytes will be a little bit more than twice the figure 76specified here. 77If unspecified, this value will be calculated based on the size of 78the input file up to a maximum of 8 megabytes. 79.It Fl d Ar directory 80Change the root directory of the generated files from 81.Dq Pa / 82to 83.Ar directory . 84.It Fl L 85Store data in little-endian format (see also 86.Fl B ) . 87.It Fl l 88Use 89.Xr syslog 3 90to report errors. 91.It Fl p 92Create a Version 7 style password file and install it into 93.Dq Pa /etc/passwd . 94.It Fl s 95Update the secure database only. 96This is useful when only encrypted passwords have changed. 97This option negates the effect of any 98.Fl p 99option. 100.It Fl u Ar name 101Don't re-build the database files, but instead modify or add entries 102for the specified user only. 103This option may only be used when the line number and user name in 104the password file have not changed, or when adding a new user from 105the last line in the password file. 106.It Fl V Ar version 107Upgrade or downgrade databases to the numbered version. 108Version 109.Dv 0 110is the old format (up to and including 111.Nx 5.0 ) 112with the 4 byte time fields and version 113.Dv 1 114is the new format with the 8 byte time fields (greater than 115.Nx 5.0 ) . 116.Nx 5.0 117cannot read version 118.Dv 1 119databases. 120All versions above 121.Nx 5.0 122can read and write both version 123.Dv 0 124and version 125.Dv 1 126databases. 127By default the databases stay in the version they were before the command 128was run. 129.It Fl v 130Mention when a version change occurs. 131.It Fl w 132Print a warning if the system is using old style databases. 133.El 134.Pp 135The two databases differ in that the secure version contains the user's 136encrypted password and the insecure version has an asterisk 137.Pq Dq * . 138.Pp 139The databases are used by the C library password routines (see 140.Xr getpwent 3 ) . 141.Sh FILES 142.Bl -tag -width Pa -compact 143.It Pa /etc/master.passwd 144The current password file. 145.It Pa /etc/passwd 146A Version 7 format password file. 147.It Pa /etc/pwd.db 148The insecure password database file. 149.It Pa /etc/pwd.db.tmp 150A temporary file. 151.It Pa /etc/spwd.db 152The secure password database file. 153.It Pa /etc/spwd.db.tmp 154A temporary file. 155.El 156.Sh EXIT STATUS 157.Nm 158exits zero on success, non-zero on failure. 159.Sh COMPATIBILITY 160Previous versions of the system had a program similar to 161.Nm 162which built 163.Em dbm 164style databases for the password file but depended on the calling programs 165to install them. 166The program was renamed in order that previous users of the program 167not be surprised by the changes in functionality. 168.Sh SEE ALSO 169.Xr chpass 1 , 170.Xr passwd 1 , 171.Xr pwhash 1 , 172.Xr db 3 , 173.Xr getpwent 3 , 174.Xr pw_mkdb 3 , 175.Xr syslog 3 , 176.Xr passwd 5 , 177.Xr useradd 8 , 178.Xr userdel 8 , 179.Xr usermod 8 , 180.Xr vipw 8 181.Sh BUGS 182Because of the necessity for atomic update of the password files, 183.Nm 184uses 185.Xr rename 2 186to install them. 187This, however, requires that the file specified on the command line live 188on the same file system as the 189.Dq Pa /etc 190directory. 191.Pp 192There are the obvious races with multiple people running 193.Nm 194on different password files at the same time. 195The front-ends to 196.Xr chpass 1 , 197.Xr passwd 1 , 198.Xr useradd 8 , 199.Xr userdel 8 , 200.Xr usermod 8 , 201and 202.Xr vipw 8 203handle the locking necessary to avoid this problem. 204.Pp 205The database files are copied when the 206.Fl u 207option is used. 208Real locking would make this unnecessary. 209.Pp 210Although the DB format is endian-transparent, the data stored in 211the DB is not. 212Also, the format doesn't lend itself to insertion or removal of 213records from arbitrary locations in the password file. 214This is difficult to fix without breaking compatibility. 215.Pp 216Using the 217.Fl u 218option on a system where multiple users share the same UID can have 219unexpected results. 220