pw.conf(5)
NAME
pw.conf - format of the pw.conf configuration file
DESCRIPTION
- The file #include </etc/pw.conf>
contains configuration data for the pw(8) utility. The
- pw(8) utility is
used for maintenance of the system password and group files, - allowing
users and groups to be added, deleted and changed. This - file may be modified via the pw(8) command using the useradd command and
- the -D option,
or by editing it directly with a text editor. - Each line in /etc/pw.conf is treated either a comment or as
- configuration
data; blank lines and lines commencing with a `#' character - are considered comments, and any remaining lines are examined for a
- leading keyword, followed by corresponding data.
- Keywords recognized by pw(8) are:
- defaultpasswd affect passwords generated for new
- users
reuseuids reuse gaps in uid sequences
reusegids reuse gaps in gid sequences
nispasswd path to the NIS passwd database
skeleton where to obtain default home contents
newmail mail to send to new users
logfile log user/group modifications to this - file
home root directory for home directories
shellpath paths in which to locate shell programs
shells list of valid shells (without path)
defaultshell default shell (without path)
defaultgroup default group
extragroups add new users to this groups
defaultclass place new users in this login class
minuid
maxuid range of valid default user ids
mingid
maxgid range of valid default group ids
expire_days days after which account expires
password_days days after which password expires - Valid values for defaultpasswd are:
- no disable login on newly created accounts
yes force the password to be the account - name
none force a blank password
random generate a random password - The second and third options are insecure and should be
- avoided if possible on a publicly accessible system. The first option re
- quires that the
superuser run passwd(1) to set a password before the account - may be used.
This may also be useful for creating administrative ac - counts. The final
option causes pw(8) to respond by printing a randomly gener - ated password
on stdout. This is the preferred and most secure option. - The pw(8)
utility also provides a method of setting a specific pass - word for the new
user via a filehandle (command lines are not secure). - Both reuseuids and reusegids determine the method by which
- new user and
group id numbers are generated. A `yes' in this field will - cause pw(8)
to search for the first unused user or group id within the - allowed range,
whereas a `no' will ensure that no other existing user or - group id within
the range is numerically lower than the new one generated, - and therefore
avoids reusing gaps in the user or group id sequence that - are caused by
previous user or group deletions. Note that if the default - group is not
specified using the defaultgroup keyword, pw(8) will create - a new group
for the user and attempt to keep the new user's uid and gid - the same. If
the new user's uid is currently in use as a group id, then - the next
available group id is chosen instead. - On NIS servers which maintain a separate passwd database to
/etc/master.passwd, this option allows the additional file - to be concurrently updated as user records are added, modified or re
- moved. If blank
or set to 'no', no additional database is updated. An abso - lute pathname
must be used. - The skeleton keyword nominates a directory from which the
- contents of a
user's new home directory is constructed. This is - /usr/share/skel by
default. The pw(8)'s -m option causes the user's home di - rectory to be
created and populated using the files contained in the - skeleton directory.
- To send an initial email to new users, the newmail keyword
- may be used to
specify a path name to a file containing the message body of - the message
to be sent. To avoid sending mail when accounts are creat - ed, leave this
entry blank or specify `no'. - The logfile option allows logging of password file modifica
- tions into the
nominated log file. To avoid creating or adding to such a - logfile, then
leave this field blank or specify `no'. - The home keyword is mandatory. This specifies the location
- of the directory in which all new user home directories are created.
- The shellpath keyword specifies a list of directories - sep
- arated by
colons `:' - which contain the programs used by the login - shells.
- The shells keyword specifies a list of programs available
- for use as
login shells. This list is a comma-separated list of shell - names which
should not contain a path. These shells must exist in one - of the directories nominated by shellpath.
- The defaultshell keyword nominates which shell program to
- use for new
users when none is specified on the pw(8) command line. - The defaultgroup keyword defines the primary group (the
- group id number
in the password file) used for new accounts. If left blank, - or the word
`no' is used, then each new user will have a corresponding - group of their
own created automatically. This is the recommended proce - dure for new
users as it best secures each user's files against interfer - ence by other
users of the system irrespective of the umask normally used - by the user.
- The extragroups keyword provides an automatic means of plac
- ing new users
into groups within the /etc/groups file. This is useful - where all users
share some resources, and is preferable to placing users in - to the same
primary group. The effect of this keyword can be overridden - using the -G
option on the pw(8) command line. - The defaultclass field determines the login class (See lo
- gin.conf(5))
that new users will be allocated unless overwritten by - pw(8).
- The minuid, maxuid, mingid, maxgid keywords determine the
- allowed ranges
of automatically allocated user and group id numbers. The - default values
for both user and group ids are 1000 and 32000 as minimum - and maximum
respectively. The user and group id's actually used when - creating an
account with pw(8) may be overridden using the -u and -g - command line
options. - The expire_days and password_days are used to automatically
- calculate the
number of days from the date on which an account is created - when the
account will expire or the user will be forced to change the - account's
password. A value of `0' in either field will disable the - corresponding
(account or password) expiration date.
LIMITS
- The maximum line length of /etc/pw.conf is 1024 characters.
- Longer lines
will be skipped and treated as comments.
FILES
/etc/pw.conf
/etc/passwd
/etc/master.passwd
/etc/group
SEE ALSO
- passwd(1), group(5), login.conf(5), passwd(5), pw(8)
- BSD December 9, 1996