Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
PW.CONF(5)		    BSD	File Formats Manual		    PW.CONF(5)

     pw.conf --	format of the pw.conf configuration file

     The file /etc/pw.conf contains configuration data for the pw(8) utility.
     The pw(8) utility is used for maintenance of the system password and
     group files, allowing users and groups to be added, deleted and changed.
     This file may be modified via the pw(8) command using the useradd command
     and the -D	option,	or by editing it directly with a text editor.

     Each line in /etc/pw.conf is treated either a comment or as configuration
     data; blank lines and lines commencing with a `#' character are consid-
     ered comments, and	any remaining lines are	examined for a leading key-
     word, followed by corresponding data.

     Keywords recognized by pw(8) are:
	   defaultpasswd  affect passwords generated for new users
	   reuseuids	  reuse	gaps in	uid sequences
	   reusegids	  reuse	gaps in	gid sequences
	   nispasswd	  path to the NIS passwd database
	   skeleton	  where	to obtain default home contents
	   newmail	  mail to send to new users
	   logfile	  log user/group modifications to this file
	   home		  root directory for home directories
	   homemode	  permissions for home directory
	   shellpath	  paths	in which to locate shell programs
	   shells	  list of valid	shells (without	path)
	   defaultshell	  default shell	(without path)
	   defaultgroup	  default group
	   extragroups	  add new users	to this	groups
	   defaultclass	  place	new users in this login	class
	   maxuid	  range	of valid default user ids
	   maxgid	  range	of valid default group ids
	   expire_days	  days after which account expires
	   password_days  days after which password expires

     Valid values for defaultpasswd are:
	   no		  disable login	on newly created accounts
	   yes		  force	the password to	be the account name
	   none		  force	a blank	password
	   random	  generate a random password

     The second	and third options are insecure and should be avoided if	possi-
     ble on a publicly accessible system.  The first option requires that the
     superuser run passwd(1) to	set a password before the account may be used.
     This may also be useful for creating administrative accounts.  The	final
     option causes pw(8) to respond by printing	a randomly generated password
     on	stdout.	 This is the preferred and most	secure option.	The pw(8)
     utility also provides a method of setting a specific password for the new
     user via a	filehandle (command lines are not secure).

     Both reuseuids and	reusegids determine the	method by which	new user and
     group id numbers are generated.  A	`yes' in this field will cause pw(8)
     to	search for the first unused user or group id within the	allowed	range,
     whereas a `no' will ensure	that no	other existing user or group id	within
     the range is numerically lower than the new one generated,	and therefore
     avoids reusing gaps in the	user or	group id sequence that are caused by
     previous user or group deletions.	Note that if the default group is not
     specified using the defaultgroup keyword, pw(8) will create a new group
     for the user and attempt to keep the new user's uid and gid the same.  If
     the new user's uid	is currently in	use as a group id, then	the next
     available group id	is chosen instead.

     On	NIS servers which maintain a separate passwd database to
     /etc/master.passwd, this option allows the	additional file	to be concur-
     rently updated as user records are	added, modified	or removed.  If	blank
     or	set to 'no', no	additional database is updated.	 An absolute pathname
     must be used.

     The skeleton keyword nominates a directory	from which the contents	of a
     user's new	home directory is constructed.	This is	/usr/share/skel	by de-
     fault.  The pw(8)'s -m option causes the user's home directory to be cre-
     ated and populated	using the files	contained in the skeleton directory.

     To	send an	initial	email to new users, the	newmail	keyword	may be used to
     specify a path name to a file containing the message body of the message
     to	be sent.  To avoid sending mail	when accounts are created, leave this
     entry blank or specify `no'.

     The logfile option	allows logging of password file	modifications into the
     nominated log file.  To avoid creating or adding to such a	logfile, then
     leave this	field blank or specify `no'.

     The home keyword is mandatory.  This specifies the	location of the	direc-
     tory in which all new user	home directories are created.

     The homemode keyword is optional.	It specifies the creation mask of the
     user's home directory and is modified by umask(2).

     The shellpath keyword specifies a list of directories - separated by
     colons `:'	- which	contain	the programs used by the login shells.

     The shells	keyword	specifies a list of programs available for use as lo-
     gin shells.  This list is a comma-separated list of shell names which
     should not	contain	a path.	 These shells must exist in one	of the direc-
     tories nominated by shellpath.

     The defaultshell keyword nominates	which shell program to use for new
     users when	none is	specified on the pw(8) command line.

     The defaultgroup keyword defines the primary group	(the group id number
     in	the password file) used	for new	accounts.  If left blank, or the word
     `no' is used, then	each new user will have	a corresponding	group of their
     own created automatically.	 This is the recommended procedure for new
     users as it best secures each user's files	against	interference by	other
     users of the system irrespective of the umask normally used by the	user.

     The extragroups keyword provides an automatic means of placing new	users
     into groups within	the /etc/groups	file.  This is useful where all	users
     share some	resources, and is preferable to	placing	users into the same
     primary group.  The effect	of this	keyword	can be overridden using	the -G
     option on the pw(8) command line.

     The defaultclass field determines the login class (See login.conf(5))
     that new users will be allocated unless overwritten by pw(8).

     The minuid, maxuid, mingid, maxgid	keywords determine the allowed ranges
     of	automatically allocated	user and group id numbers.  The	default	values
     for both user and group ids are 1000 and 32000 as minimum and maximum re-
     spectively.  The user and group id's actually used	when creating an ac-
     count with	pw(8) may be overridden	using the -u and -g command line op-

     The expire_days and password_days are used	to automatically calculate the
     number of days from the date on which an account is created when the ac-
     count will	expire or the user will	be forced to change the	account's
     password.	A value	of `0' in either field will disable the	corresponding
     (account or password) expiration date.

     The maximum line length of	/etc/pw.conf is	1024 characters.  Longer lines
     will be skipped and treated as comments.


     passwd(1),	umask(2), group(5), login.conf(5), passwd(5), pw(8)

BSD				March 30, 2007				   BSD


Want to link to this manual page? Use this URL:

home | help