Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PW.CONF(5)		      File Formats Manual		    PW.CONF(5)

NAME
       pw.conf -- format of the	pw.conf	configuration file

DESCRIPTION
       The  file  /etc/pw.conf contains	configuration data for the pw(8) util-
       ity.  The pw(8) utility is used for maintenance of the system  password
       and  group  files,  allowing  users and groups to be added, deleted and
       changed.	 This file may be modified via the  pw(8)  command  using  the
       useradd	command	 and  the  -D option, or by editing it directly	with a
       text editor.

       Each line in /etc/pw.conf is treated either a comment or	as  configura-
       tion  data;  blank  lines and lines commencing with a `#' character are
       considered comments, and	any remaining lines are	examined for a leading
       keyword,	followed by corresponding data.

       Keywords	recognized by pw(8) are:
	     defaultpasswd  affect passwords generated for new users
	     reuseuids	    reuse gaps in uid sequences
	     reusegids	    reuse gaps in gid sequences
	     nispasswd	    path to the	NIS passwd database
	     skeleton	    where to obtain default home contents
	     newmail	    mail to send to new	users
	     logfile	    log	user/group modifications to this file
	     home	    root directory for home directories
	     homemode	    permissions	for home directory
	     shellpath	    paths in which to locate shell programs
	     shells	    list of valid shells (without path)
	     defaultshell   default shell (without path)
	     defaultgroup   default group
	     extragroups    add	new users to this groups
	     defaultclass   place new users in this login class
	     minuid
	     maxuid	    range of valid default user	ids
	     mingid
	     maxgid	    range of valid default group ids
	     expire_days    days after which account expires
	     password_days  days after which password expires

       Valid values for	defaultpasswd are:
	     no		    disable login on newly created accounts
	     yes	    force the password to be the account name
	     none	    force a blank password
	     random	    generate a random password

       The second and third options are	insecure and should be avoided if pos-
       sible on	a publicly accessible system.  The first option	requires  that
       the superuser run passwd(1) to set a password before the	account	may be
       used.   This  may  also be useful for creating administrative accounts.
       The final option	causes pw(8) to	respond	by printing a randomly	gener-
       ated password on	stdout.	 This is the preferred and most	secure option.
       The pw(8) utility also provides a method	of setting a specific password
       for the new user	via a filehandle (command lines	are not	secure).

       Both reuseuids and reusegids determine the method by which new user and
       group id	numbers	are generated.	A `yes'	in this	field will cause pw(8)
       to  search  for	the  first  unused user	or group id within the allowed
       range, whereas a	`no' will ensure that no other existing	user or	 group
       id  within  the	range is numerically lower than	the new	one generated,
       and therefore avoids reusing gaps in the	user or	group id sequence that
       are caused by previous user or group deletions.	Note that if  the  de-
       fault group is not specified using the defaultgroup keyword, pw(8) will
       create  a new group for the user	and attempt to keep the	new user's uid
       and gid the same.  If the new user's uid	is currently in	use as a group
       id, then	the next available group id is chosen instead.

       On  NIS	servers	 which	maintain  a  separate	passwd	 database   to
       /etc/master.passwd,  this  option allows	the additional file to be con-
       currently updated as user records are added, modified or	 removed.   If
       blank  or  set to 'no', no additional database is updated.  An absolute
       pathname	must be	used.

       The skeleton keyword nominates a	directory from which the contents of a
       user's new home directory is constructed.  This is  /usr/share/skel  by
       default.	  The pw(8)'s -m option	causes the user's home directory to be
       created and populated using the files contained in the skeleton	direc-
       tory.

       To  send	an initial email to new	users, the newmail keyword may be used
       to specify a path name to a file	containing the	message	 body  of  the
       message	to  be sent.  To avoid sending mail when accounts are created,
       leave this entry	blank or specify `no'.

       The logfile option allows logging of password file  modifications  into
       the nominated log file.	To avoid creating or adding to such a logfile,
       then leave this field blank or specify `no'.

       The  home keyword is mandatory.	This specifies the location of the di-
       rectory in which	all new	user home directories are created.

       The homemode keyword is optional.  It specifies the  creation  mask  of
       the user's home directory and is	modified by umask(2).

       The  shellpath  keyword	specifies a list of directories	- separated by
       colons `:' - which contain the programs used by the login shells.

       The shells keyword specifies a list of programs available  for  use  as
       login shells.  This list	is a comma-separated list of shell names which
       should  not  contain a path.  These shells must exist in	one of the di-
       rectories nominated by shellpath.

       The defaultshell	keyword	nominates which	shell program to use  for  new
       users when none is specified on the pw(8) command line.

       The defaultgroup	keyword	defines	the primary group (the group id	number
       in  the	password  file)	 used for new accounts.	 If left blank,	or the
       word `no' is used, then each new	user will have a  corresponding	 group
       of  their own created automatically.  This is the recommended procedure
       for new users as	it best	secures	each user's files against interference
       by other	users of the system irrespective of the	umask normally used by
       the user.

       The extragroups keyword provides	an  automatic  means  of  placing  new
       users  into  groups  within the /etc/groups file.  This is useful where
       all users share some resources, and is preferable to placing users into
       the same	primary	group.	The effect of this keyword can	be  overridden
       using the -G option on the pw(8)	command	line.

       The  defaultclass  field	determines the login class (See	login.conf(5))
       that new	users will be allocated	unless overwritten by pw(8).

       The minuid, maxuid,  mingid,  maxgid  keywords  determine  the  allowed
       ranges  of  automatically allocated user	and group id numbers.  The de-
       fault values for	both user and group ids	are 1000 and 32000 as  minimum
       and  maximum  respectively.  The	user and group id's actually used when
       creating	an account with	pw(8) may be overridden	using the  -u  and  -g
       command line options.

       The  expire_days	 and password_days are used to automatically calculate
       the number of days from the date	on which an account  is	 created  when
       the  account  will  expire or the user will be forced to	change the ac-
       count's password.  A value of `0' in either field will disable the cor-
       responding (account or password)	expiration date.

LIMITS
       The maximum line	length of /etc/pw.conf	is  1024  characters.	Longer
       lines will be skipped and treated as comments.

FILES
       /etc/pw.conf
       /etc/passwd
       /etc/master.passwd
       /etc/group

SEE ALSO
       passwd(1), umask(2), group(5), login.conf(5), passwd(5),	pw(8)

FreeBSD	13.2			March 30, 2007			    PW.CONF(5)

NAME | DESCRIPTION | LIMITS | FILES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pw.conf&sektion=5&manpath=FreeBSD+14.0-RELEASE+and+Ports>

home | help