passmgmt(1M)passmgmt(1M)NAMEpassmgmt - password files management
SYNOPSISpassmgmt-a options name
passmgmt-m options name
passmgmt-d name
DESCRIPTION
The passmgmt command updates information in the password files. This
command works with both /etc/passwd and /etc/shadow. If there is no
/etc/shadow, any changes made by passmgmt will only go into /etc/passwd.
If the shadow file is not present, the -f and -e options have no effect,
because the data fields they modify are not present in the base password
file.
passmgmt-a
adds an entry for user name to the password files.
passmgmt-a +name
adds an NIS entry to the password files. This command does not create
any directory for the new user and the new login remains locked (with the
string *LK* in the password field) until the passwd(1) command is
executed to set the password.
passmgmt-m
modifies the entry for username in the password files. The name field in
the /etc/shadow entry and all the fields (except the password field) in
the /etc/passwd entry can be modified by this command. Only fields
entered on the command line will be modified.
passmgmt-d
deletes the entry for username from the password files. It will not
remove any files that the user owns on the system; they must be removed
manually.
passmgmt-f days
sets the period of inactivity for username in the shadow password file.
passmgmt-e when
sets the expiration date for the account. The when argument is an input
string to the getdate(3) routine. If the environment variable DATEMSK is
not set, the file /etc/datemsk is used by getdate to process this input
argument. Errors from getdate processing are reported. Expiration dates
Page 1
passmgmt(1M)passmgmt(1M)
must be greater than today.
The following options are available:
-ccomment A short description of the login. It is limited to a maximum
of 128 characters and defaults to an empty field.
-hhomedir Home directory of name. It is limited to a maximum of 256
characters and defaults to /usr/people.
-uuid UID of the name. This number must range from 0 to the
maximum non-negative value for the system. It defaults to
the next available UID greater than 99. For an NIS entry,
the default is 0. Without the -o option, it enforces the
uniqueness of a UID.
-o This option allows a UID to be non-unique. It is used only
with the -u option.
-ggid GID of the name. This number must range from 0 to the
maximum non-negative value for the system. The default is 1
for a local entry and 0 for an NIS entry.
-sshell Login shell for name. It should be the full pathname of the
program that will be executed when the user logs in. The
maximum length of shell is 255 characters. The default is
for this field to be set to /bin/sh.
-llogname This option changes the name to logname. It also can change
a local entry to an NIS entry by
passmgmt-m -l +name name
or change an NIS entry to a local entry by
passmgmt-m -l name +name
It is used only with the -m option.
The total size of each login entry is limited to a maximum of 4095 bytes
(BUFSIZ-1, defined in /usr/include/stdio.h) in each of the password
files.
CAVEAT
The passmgmt-m -u command will erase all usage, limit, privilege, and
accumulated accounting information of the user whose UID is altered.
FILES
/etc/passwd
/etc/shadow
/etc/opasswd
/etc/oshadow
Page 2
passmgmt(1M)passmgmt(1M)SEE ALSOpasswd(1), ypchpass(1), yppasswd(1), passwd(4), shadow(4).
DIAGNOSTICS
The passmgmt command exits with one of the following values:
0 SUCCESS.
1 Permission denied.
2 Invalid command syntax. Usage message of the passmgmt command will
be displayed.
3 Invalid argument provided to an option.
4 UID in use.
5 Inconsistent password files (e.g., name is in the /etc/passwd file
and not in the /etc/shadow file, or vice versa).
6 Unexpected failure. Password files unchanged.
7 Unexpected failure. Password file(s) missing.
8 Password file(s) busy. Try again later. A
9 name does not exist (if -m or -d is specified), already exists (if
-a is specified), or logname already exists (if -m -l is specified).
NOTE
You cannot use a colon or <cr> as part of an argument because it will be
interpreted as a field separator in the password file.
If the shadow file is used, the NIS entries get the password from the
shadow file exclusively and must have an entry for each NIS user name.
This will not permit the use of the general NIS entry, +::0:0:::, or
netgroup expansions.
Trusted IRIX restrictions
passmgmt should only be executed by root at the label dblow, the same
label as that on both /etc/passwd and /etc/shadow.
Page 3