chpass.tproj/chpass.1

   1 .\" Copyright (c) 1988, 1990, 1993
   2 .\"     The Regents of the University of California.  All rights reserved.
   3 .\"
   4 .\" Redistribution and use in source and binary forms, with or without
   5 .\" modification, are permitted provided that the following conditions
   6 .\" are met:
   7 .\" 1. Redistributions of source code must retain the above copyright
   8 .\"    notice, this list of conditions and the following disclaimer.
   9 .\" 2. Redistributions in binary form must reproduce the above copyright
  10 .\"    notice, this list of conditions and the following disclaimer in the
  11 .\"    documentation and/or other materials provided with the distribution.
  12 .\" 3. All advertising materials mentioning features or use of this software
  13 .\"    must display the following acknowledgement:
  14 .\"     This product includes software developed by the University of
  15 .\"     California, Berkeley and its contributors.
  16 .\" 4. Neither the name of the University nor the names of its contributors
  17 .\"    may be used to endorse or promote products derived from this software
  18 .\"    without specific prior written permission.
  19 .\"
  20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30 .\" SUCH DAMAGE.
  31 .\"
  32 .\"     @(#)chpass.1    8.2 (Berkeley) 12/30/93
  33 .\" $FreeBSD: src/usr.bin/chpass/chpass.1,v 1.34 2002/12/24 13:41:47 ru Exp $
  34 .\"
  35 .Dd December 30, 1993
  36 .Dt CHPASS 1
  37 .Os
  38 .Sh NAME
  39 .Nm chpass ,
  40 .Nm chfn ,
  41 .Nm chsh ,
  42 .Nd add or change user database information
  43 .Sh SYNOPSIS
  44 .Nm
  45 .Op Fl a Ar list
  46 .Op Fl p Ar encpass
  47 .Op Fl e Ar expiretime
  48 .Op Fl s Ar newshell
  49 .Op user
  50 .Sh DESCRIPTION
  51 The
  52 .Nm
  53 utility
  54 allows editing of the user database information associated
  55 with
  56 .Ar user
  57 or, by default, the current user.
  58 .Pp
  59 The
  60 .Nm chfn ,
  61 and
  62 .Nm chsh
  63 utilities behave identically to
  64 .Nm .
  65 (There is only one program.)
  66 .Pp
  67 The information is formatted and supplied to an editor for changes.
  68 .Pp
  69 Only the information that the user is allowed to change is displayed.
  70 .Pp
  71 The options are as follows:
  72 .Bl -tag -width indent
  73 .It Fl a
  74 The super-user is allowed to directly supply a user database
  75 entry, in the format specified by
  76 .Xr passwd 5 ,
  77 as an argument.
  78 This argument must be a colon
  79 .Pq Dq \&:
  80 separated list of all the
  81 user database fields, although they may be empty.
  82 [Note that this only changes the user database,
  83 .Li master.passwd Ns .]
  84 .It Fl p
  85 The super-user is allowed to directly supply an encrypted password field,
  86 in the format used by
  87 .Xr crypt 3 ,
  88 as an argument.
  89 [See the discussion in
  90 .Xr getpwent 3
  91 about types of passwords; this option may not be appropriate.]
  92 .It Fl e Ar expiretime
  93 Change the account expire time.
  94 This option is used to set the expire time
  95 from a script as if it was done in the interactive editor.
  96 .It Fl s Ar newshell
  97 Attempt to change the user's shell to
  98 .Ar newshell .
  99 .El
 100 .Pp
 101 Possible display items are as follows:
 102 .Pp
 103 .Bl -tag -width "Other Information:" -compact -offset indent
 104 .It Login:
 105 user's login name
 106 .It Password:
 107 user's encrypted password
 108 [do
 109 .Em not
 110 use this to change a password; use
 111 .Xr passwd 1
 112 instead]
 113 .It Uid:
 114 user's login
 115 .It Gid:
 116 user's login group
 117 .It Class:
 118 user's general classification
 119 .It Change:
 120 password change time
 121 .It Expire:
 122 account expiration time
 123 .It Full Name:
 124 user's real name (*)
 125 .\"user's real name
 126 .\".It Office Location:
 127 .\"user's office location (1)
 128 .\".It Office Phone:
 129 .\"user's office phone (1)
 130 .\".It Home Phone:
 131 .\"user's home phone (1)
 132 .\".It Other Information:
 133 .\"any locally defined parameters for user (1)
 134 .It Home Directory:
 135 user's home directory
 136 .It Shell:
 137 user's login shell
 138 .Pp
 139 .It NOTE(*) -
 140 .\"In the actual master.passwd file, these fields are comma-delimited
 141 .\"fields embedded in the FullName field.
 142 Historically, the so-call
 143 .Qq GECOS
 144 field in the user database entry contain the full name plus other information.
 145 Only the full name is currently supported.
 146 .El
 147 .Pp
 148 The
 149 .Ar login
 150 field is the user name used to access the computer account.
 151 .Pp
 152 The
 153 .Ar password
 154 field contains the encrypted form of the user's password.
 155 Do
 156 .Em not
 157 use this to change a password; use
 158 .Xr passwd 1
 159 instead.
 160 .Pp
 161 The
 162 .Ar uid
 163 field is the number associated with the
 164 .Ar login
 165 field.
 166 Both of these fields should be unique across the system (and often
 167 across a group of systems) as they control file access.
 168 .Pp
 169 While it is possible to have multiple entries with identical login names
 170 and/or identical user id's, it is usually a mistake to do so.  Routines
 171 that manipulate these files will often return only one of the multiple
 172 entries, and that one by random selection.
 173 .Pp
 174 The
 175 .Ar group
 176 field is the group that the user will be placed in at login.
 177 Since
 178 .Bx
 179 supports multiple groups (see
 180 .Xr groups 1 )
 181 this field currently has little special meaning.
 182 This field may be filled in with either a number or a group name (see
 183 .Xr group 5 ) .
 184 .Pp
 185 The
 186 .Ar class
 187 field references class descriptions in
 188 .Pa /etc/login.conf
 189 and is typically used to initialize the user's system resource limits
 190 when they login.
 191 .Pp
 192 The
 193 .Ar change
 194 field is the date by which the password must be changed.
 195 .Pp
 196 The
 197 .Ar expire
 198 field is the date on which the account expires.
 199 .Pp
 200 Both the
 201 .Ar change
 202 and
 203 .Ar expire
 204 fields should be entered in the form
 205 .Dq month day year
 206 where
 207 .Ar month
 208 is the month name (the first three characters are sufficient),
 209 .Ar day
 210 is the day of the month, and
 211 .Ar year
 212 is the year.
 213 .Pp
 214 .\"Five fields are available for storing the user's
 215 .\".Ar full name , office location ,
 216 .\".Ar work
 217 .\"and
 218 .\".Ar home telephone
 219 .\"numbers and finally
 220 .\".Ar other information
 221 .\"which is a single comma delimited string to represent any additional
 222 .\"gcos fields (typically used for site specific user information).
 223 .\"Note that
 224 .\".Xr finger 1
 225 .\"will display the office location and office phone together under the
 226 .\"heading
 227 .\".Ar Office: .
 228 The
 229 .Ar full name
 230 field contains the full name of the user.
 231 .Pp
 232 The user's
 233 .Ar home directory
 234 is the full
 235 .Ux
 236 path name where the user
 237 will be placed at login.
 238 .Pp
 239 The
 240 .Ar shell
 241 field is the command interpreter the user prefers.
 242 If the
 243 .Ar shell
 244 field is empty, the Bourne shell,
 245 .Pa /bin/sh ,
 246 is assumed.
 247 When altering a login shell, and not the super-user, the user
 248 may not change from a non-standard shell or to a non-standard
 249 shell.
 250 Non-standard is defined as a shell not found in
 251 .Pa /etc/shells .
 252 .Pp
 253 Once the information has been verified,
 254 .Nm
 255 uses
 256 .Xr pwd_mkdb 8
 257 to update the user database.
 258 .Sh LOOKUPD AND DIRECTORY SERVICE AWARENESS
 259 User database entries (among other things) are under the control of
 260 .Xr lookupd 8
 261 and may be physically located in many different places, including local
 262 and remote
 263 .Xr netinfo 5
 264 databases, directory service agents such as LDAP servers and flat file databases
 265 such as
 266 .Li master.passwd .
 267 This version of
 268 .Nm
 269 is currently limited to changing user database entries in the flat file
 270 and local netinfo databases.
 271 .Sh ENVIRONMENT
 272 The
 273 .Xr vi 1
 274 editor will be used unless the environment variable
 275 .Ev EDITOR
 276 is set to
 277 an alternate editor.
 278 When the editor terminates, the information is re-read and used to
 279 update the user database itself.
 280 Only the user, or the super-user, may edit the information associated
 281 with the user.
 282 .Pp
 283 See
 284 .Xr pwd_mkdb 8
 285 for an explanation of the impact of setting the
 286 .Ev PW_SCAN_BIG_IDS
 287 environment variable.
 288 .Sh FILES
 289 .Bl -tag -width /etc/master.passwd -compact
 290 .It Pa /etc/master.passwd
 291 the user database
 292 .It Pa /etc/passwd
 293 a Version 7 format password file
 294 .It Pa /etc/chpass.XXXXXX
 295 temporary copy of the password file
 296 .It Pa /etc/shells
 297 the list of approved shells
 298 .El
 299 .Sh SEE ALSO
 300 .Xr finger 1 ,
 301 .Xr login 1 ,
 302 .Xr passwd 1 ,
 303 .Xr getusershell 3 ,
 304 .Xr login.conf 5 ,
 305 .Xr passwd 5 ,
 306 .Xr pwd_mkdb 8 ,
 307 .Xr vipw 8
 308 .Rs
 309 .%A Robert Morris
 310 and
 311 .%A Ken Thompson
 312 .%T "UNIX Password security"
 313 .Re
 314 .Sh BUGS
 315 User information should (and eventually will) be stored elsewhere.
 316 .Sh HISTORY
 317 The
 318 .Nm
 319 utility appeared in
 320 .Bx 4.3 Reno .