| PW.CONF(5) | MidnightBSD File Formats Manual | PW.CONF(5) |
pw.conf — format
of the pw.conf configuration file
The file /etc/pw.conf contains
configuration data for the
pw(8) utility. The
pw(8) utility is used for
maintenance of the system password and group files, allowing users and
groups to be added, deleted and changed. This file may be modified via the
pw(8) command using the
useradd command and the -D
option, or by editing it directly with a text editor.
Each line in /etc/pw.conf is treated
either a comment or as configuration data; blank lines and lines commencing
with a ‘#’ character are considered
comments, and any remaining lines are examined for a leading keyword,
followed by corresponding data.
Keywords recognized by pw(8) are:
Valid values for defaultpasswd are:
The second and third options are insecure and should be avoided if possible on a publicly accessible system. The first option requires that the superuser run passwd(1) to set a password before the account may be used. This may also be useful for creating administrative accounts. The final option causes pw(8) to respond by printing a randomly generated password on stdout. This is the preferred and most secure option. The pw(8) utility also provides a method of setting a specific password for the new user via a filehandle (command lines are not secure).
Both reuseuids and
reusegids determine the method by which new user and
group id numbers are generated. A
‘yes’ in this field will cause
pw(8) to search for the first
unused user or group id within the allowed range, whereas a
‘no’ will ensure that no other
existing user or group id within the range is numerically lower than the new
one generated, and therefore avoids reusing gaps in the user or group id
sequence that are caused by previous user or group deletions. Note that if
the default group is not specified using the
defaultgroup keyword,
pw(8) will create a new group
for the user and attempt to keep the new user's uid and gid the same. If the
new user's uid is currently in use as a group id, then the next available
group id is chosen instead.
On NIS servers which maintain a separate passwd database to /etc/master.passwd, this option allows the additional file to be concurrently updated as user records are added, modified or removed. If blank or set to 'no', no additional database is updated. An absolute pathname must be used.
The skeleton keyword nominates a directory
from which the contents of a user's new home directory is constructed. This
is /usr/share/skel by default. The
pw(8)'s
-m option causes the user's home directory to be
created and populated using the files contained in the
skeleton directory.
To send an initial email to new users, the
newmail keyword may be used to specify a path name to
a file containing the message body of the message to be sent. To avoid
sending mail when accounts are created, leave this entry blank or specify
‘no’.
The logfile option allows logging of
password file modifications into the nominated log file. To avoid creating
or adding to such a logfile, then leave this field blank or specify
‘no’.
The home keyword is mandatory. This specifies the location of the directory in which all new user home directories are created.
The homemode keyword is optional. It specifies the creation mask of the user's home directory and is modified by umask(2).
The shellpath keyword specifies a list of
directories - separated by colons ‘:’
- which contain the programs used by the login shells.
The shells keyword specifies a list of programs available for use as login shells. This list is a comma-separated list of shell names which should not contain a path. These shells must exist in one of the directories nominated by shellpath.
The defaultshell keyword nominates which shell program to use for new users when none is specified on the pw(8) command line.
The defaultgroup keyword defines
the primary group (the group id number in the password file) used for new
accounts. If left blank, or the word
‘no’ is used, then each new user will
have a corresponding group of their own created automatically. This is the
recommended procedure for new users as it best secures each user's files
against interference by other users of the system irrespective of the
umask normally used
by the user.
The extragroups keyword provides an
automatic means of placing new users into groups within the
/etc/groups file. This is useful where all users
share some resources, and is preferable to placing users into the same
primary group. The effect of this keyword can be overridden using the
-G option on the
pw(8) command line.
The defaultclass field determines the login class (See login.conf(5)) that new users will be allocated unless overwritten by pw(8).
The minuid, maxuid,
mingid, maxgid keywords
determine the allowed ranges of automatically allocated user and group id
numbers. The default values for both user and group ids are 1000 and 32000
as minimum and maximum respectively. The user and group id's actually used
when creating an account with
pw(8) may be overridden using
the -u and -g command line
options.
The expire_days and
password_days are used to automatically calculate the
number of days from the date on which an account is created when the account
will expire or the user will be forced to change the account's password. A
value of ‘0’ in either field will
disable the corresponding (account or password) expiration date.
The maximum line length of /etc/pw.conf is 1024 characters. Longer lines will be skipped and treated as comments.
passwd(1), umask(2), group(5), login.conf(5), passwd(5), pw(8)
| March 30, 2007 | midnightbsd-3.1 |