.Op Fl e Ar expiretime
.Op Fl s Ar newshell
.Op user
-.Pp
-.Nm
-.Op Fl oly
-.Op Fl a Ar list
-.Op Fl p Ar encpass
-.Op Fl e Ar expiretime
-.Op Fl s Ar newshell
-.Op Fl d Ar domain
-.Op Fl h Ar host
-.Op user
.Sh DESCRIPTION
The
.Nm
.Pq Dq \&:
separated list of all the
user database fields, although they may be empty.
+[Note that this only changes the user database,
+.Li master.passwd Ns .]
.It Fl p
The super-user is allowed to directly supply an encrypted password field,
in the format used by
.Xr crypt 3 ,
as an argument.
+[See the discussion in
+.Xr getpwent 3
+about types of passwords; this option may not be appropriate.]
.It Fl e Ar expiretime
Change the account expire time.
This option is used to set the expire time
user's login name
.It Password:
user's encrypted password
+[do
+.Em not
+use this to change a password; use
+.Xr passwd 1
+instead]
.It Uid:
user's login
.It Gid:
.It Expire:
account expiration time
.It Full Name:
-user's real name
-.It Office Location:
-user's office location (1)
-.It Office Phone:
-user's office phone (1)
-.It Home Phone:
-user's home phone (1)
-.It Other Information:
-any locally defined parameters for user (1)
+user's real name (*)
+.\"user's real name
+.\".It Office Location:
+.\"user's office location (1)
+.\".It Office Phone:
+.\"user's office phone (1)
+.\".It Home Phone:
+.\"user's home phone (1)
+.\".It Other Information:
+.\"any locally defined parameters for user (1)
.It Home Directory:
user's home directory
.It Shell:
user's login shell
.Pp
-.It NOTE(1) -
-In the actual master.passwd file, these fields are comma-delimited
-fields embedded in the FullName field.
+.It NOTE(*) -
+.\"In the actual master.passwd file, these fields are comma-delimited
+.\"fields embedded in the FullName field.
+Historically, the so-call
+.Qq GECOS
+field in the user database entry contain the full name plus other information.
+Only the full name is currently supported.
.El
.Pp
The
The
.Ar password
field contains the encrypted form of the user's password.
+Do
+.Em not
+use this to change a password; use
+.Xr passwd 1
+instead.
.Pp
The
.Ar uid
.Ar year
is the year.
.Pp
-Five fields are available for storing the user's
-.Ar full name , office location ,
-.Ar work
-and
-.Ar home telephone
-numbers and finally
-.Ar other information
-which is a single comma delimited string to represent any additional
-gcos fields (typically used for site specific user information).
-Note that
-.Xr finger 1
-will display the office location and office phone together under the
-heading
-.Ar Office: .
+.\"Five fields are available for storing the user's
+.\".Ar full name , office location ,
+.\".Ar work
+.\"and
+.\".Ar home telephone
+.\"numbers and finally
+.\".Ar other information
+.\"which is a single comma delimited string to represent any additional
+.\"gcos fields (typically used for site specific user information).
+.\"Note that
+.\".Xr finger 1
+.\"will display the office location and office phone together under the
+.\"heading
+.\".Ar Office: .
+The
+.Ar full name
+field contains the full name of the user.
.Pp
The user's
.Ar home directory
uses
.Xr pwd_mkdb 8
to update the user database.
+.Sh LOOKUPD AND DIRECTORY SERVICE AWARENESS
+User database entries (among other things) are under the control of
+.Xr lookupd 8
+and may be physically located in many different places, including local
+and remote
+.Xr netinfo 5
+databases, directory service agents such as LDAP servers and flat file databases
+such as
+.Li master.passwd .
+This version of
+.Nm
+is currently limited to changing user database entries in the flat file
+and local netinfo databases.
.Sh ENVIRONMENT
The
.Xr vi 1
for an explanation of the impact of setting the
.Ev PW_SCAN_BIG_IDS
environment variable.
-.Sh NIS INTERACTION
-The
-.Nm
-utility can also be used in conjunction with NIS, however some restrictions
-apply.
-Currently,
-.Nm
-can only make changes to the NIS passwd maps through
-.Xr rpc.yppasswdd 8 ,
-which normally only permits changes to a user's password, shell and GECOS
-fields.
-Except when invoked by the super-user on the NIS master server,
-.Nm
-(and, similarly,
-.Xr passwd 1 )
-cannot use the
-.Xr rpc.yppasswdd 8
-server to change other user information or
-add new records to the NIS passwd maps.
-Furthermore,
-.Xr rpc.yppasswdd 8
-requires password authentication before it will make any
-changes.
-The only user allowed to submit changes without supplying
-a password is the super-user on the NIS master server; all other users,
-including those with root privileges on NIS clients (and NIS slave
-servers) must enter a password.
-(The super-user on the NIS master is allowed to bypass these restrictions
-largely for convenience: a user with root access
-to the NIS master server already has the privileges required to make
-updates to the NIS maps, but editing the map source files by hand can
-be cumbersome.
-.Pp
-Note: these exceptions only apply when the NIS master server is a
-.Fx
-system).
-.Pp
-Consequently, except where noted, the following restrictions apply when
-.Nm
-is used with NIS:
-.Bl -enum -offset indent
-.It
-.Em "Only the shell and GECOS information may be changed" .
-All other
-fields are restricted, even when
-.Nm
-is invoked by the super-user.
-While support for
-changing other fields could be added, this would lead to
-compatibility problems with other NIS-capable systems.
-Even though the super-user may supply data for other fields
-while editing an entry, the extra information (other than the
-password -- see below) will be silently discarded.
-.Pp
-Exception: the super-user on the NIS master server is permitted to
-change any field.
-.Pp
-.It
-.Em "Password authentication is required" .
-The
-.Nm
-utility will prompt for the user's NIS password before effecting
-any changes.
-If the password is invalid, all changes will be
-discarded.
-.Pp
-Exception: the super-user on the NIS master server is allowed to
-submit changes without supplying a password.
-(The super-user may
-choose to turn off this feature using the
-.Fl o
-flag, described below.)
-.It
-.Em "Adding new records to the local password database is discouraged" .
-The
-.Nm
-utility will allow the administrator to add new records to the
-local password database while NIS is enabled, but this can lead to
-some confusion since the new records are appended to the end of
-the master password file, usually after the special NIS '+' entries.
-The administrator should use
-.Xr vipw 8
-to modify the local password
-file when NIS is running.
-.Pp
-The super-user on the NIS master server is permitted to add new records
-to the NIS password maps, provided the
-.Xr rpc.yppasswdd 8
-server has been started with the
-.Fl a
-flag to permitted additions (it refuses them by default).
-The
-.Nm
-utility tries to update the local password database by default; to update the
-NIS maps instead, invoke chpass with the
-.Fl y
-flag.
-.It
-.Em "Password changes are not permitted".
-Users should use
-.Xr passwd 1
-or
-.Xr yppasswd 1
-to change their NIS passwords.
-The super-user is allowed to specify
-a new password (even though the
-.Dq Password:
-field does not show
-up in the editor template, the super-user may add it back by hand),
-but even the super-user must supply the user's original password
-otherwise
-.Xr rpc.yppasswdd 8
-will refuse to update the NIS maps.
-.Pp
-Exception: the super-user on the NIS master server is permitted to
-change a user's NIS password with
-.Nm .
-.El
-.Pp
-There are also a few extra option flags that are available when
-.Nm
-is compiled with NIS support:
-.Bl -tag -width indent
-.It Fl l
-Force
-.Nm
-to modify the local copy of a user's password
-information in the even that a user exists in both
-the local and NIS databases.
-.It Fl y
-Opposite effect of
-.Fl l .
-This flag is largely redundant since
-.Nm
-operates on NIS entries by default if NIS is enabled.
-.It Fl d Ar domain
-Specify a particular NIS domain.
-The
-.Nm
-utility uses the system domain name by default, as set by the
-.Xr domainname 1
-utility.
-The
-.Fl d
-option can be used to override a default, or to specify a domain
-when the system domain name is not set.
-.It Fl h Ar host
-Specify the name or address of an NIS server to query.
-Normally,
-.Nm
-will communicate with the NIS master host specified in the
-.Pa master.passwd
-or
-.Pa passwd
-maps.
-On hosts that have not been configured as NIS clients, there is
-no way for the program to determine this information unless the user
-provides the hostname of a server.
-Note that the specified hostname need
-not be that of the NIS master server; the name of any server, master or
-slave, in a given NIS domain will do.
-.Pp
-When using the
-.Fl d
-option, the hostname defaults to
-.Dq localhost .
-The
-.Fl h
-option can be used in conjunction with the
-.Fl d
-option, in which case the user-specified hostname will override
-the default.
-.Pp
-.It Fl o
-Force the use of RPC-based updates when communicating with
-.Xr rpc.yppasswdd 8
-.Pq Dq old-mode .
-When invoked by the super-user on the NIS master server,
-.Nm
-allows unrestricted changes to the NIS passwd maps using dedicated,
-non-RPC-based mechanism (in this case, a
-.Ux
-domain socket). The
-.Fl o
-flag can be used to force
-.Nm
-to use the standard update mechanism instead.
-This option is provided
-mainly for testing purposes.
-.El
.Sh FILES
.Bl -tag -width /etc/master.passwd -compact
.It Pa /etc/master.passwd
projects / apple / system_cmds.git / blobdiff