NAME

passmgmt — password files management

SYNOPSIS

DESCRIPTION

The passmgmt command updates information in the password files. This command works with both /etc/passwd and /etc/shadow.

passmgmt -a adds an entry for user name to the password files. This command does not create any directory for the new user and, unless the -p option is provided to specify the password hash, the new login remains locked (with the string *LK* in the password field) until the password is changed.

passmgmt -m modifies the entry for user name in the password files. The name and password field in the /etc/shadow entry and all the fields (except the password field) in the /etc/passwd entry can be modified by this command. Only fields entered on the command line will be modified.

passmgmt -d deletes the entry for user name from the password files. It will not remove any files that the user owns on the system; they must be removed manually.

passmgmt can be used only by the super-user.

OPTIONS

-c comment

A short description of the login, enclosed in quotes. It is limited to a maximum of 128 characters and defaults to an empty field.

-e expire

Specify the expiration date for a login. After this date, the user will be able to access this login. The expire option argument is a date entered using one of the date formats included in the template file /etc/datemsk. See getdate(3c).

-f inactive

The maximum number of days allowed between uses of a login ID before that ID is declared invalid. Normal values are positive integers. A value of 0 defeats the status.

Changing the password reactivates an account for the inactivity period.

-g gid

The group ID for the login. This number must range from 0 to the maximum non-negative value for the system. The default is 1.

-h homedir

Home directory of name. It is limited to a maximum of 256 characters and defaults to /usr/name.

-K key=value

Set a key=value pair. See user_attr(5), auth_attr(5), and prof_attr(5). The valid key=value pairs are defined in user_attr(5), but the "type" key is subject to the usermod(8) and rolemod(8) restrictions. Multiple key=value pairs may be added with multiple -K options.

-k skel_dir

A directory that contains skeleton information (such as .profile) that can be copied into a new user's home directory. This directory must already exist. The system provides the /etc/skel directory that can be used for this purpose.

-l logname

This option changes the name to logname. It is used only with the -m option. The total size of each login entry is limited to a maximum of 511 bytes in each of the password files.

-o

This option allows a UID to be non-unique. It is used only with the -u option.

-p hash

Password hash for name. It should be an encrypted password generated by crypt(3c). The default value for this field is *LK* which results in any newly added login remaining locked until the password is changed.

-s shell

Login shell for name. It should be the full pathname of the program that will be executed when the user logs in. The maximum size of shell is 256 characters. The default is for this field to be empty and to be interpreted as /usr/bin/sh.

-u uid

UID of the name. This number must range from 0 to the maximum non-negative value for the system. It defaults to the next available UID greater than 99. Without the -o option, passmgmt enforces the uniqueness of a UID.

FILES

• /etc/passwd
• /etc/shadow
• /etc/user_attr
• /etc/opasswd
• /etc/oshadow
• /etc/ouser_attr

EXIT STATUS

The passmgmt command exits with one of the following values:

0

Success.

1

Permission denied.

2

Invalid command syntax. Usage message of the passmgmt command is displayed.

3

Invalid argument provided to option.

4

UID in use.

5

Inconsistent password files (for example, name is in the /etc/passwd file and not in the /etc/shadow file, or vice versa).

6

Unexpected failure. Password files unchanged.

7

Unexpected failure. Password file(s) missing.

8

Password file(s) busy. Try again later.

9

name does not exist (if -m or -d is specified), already exists (if -a is specified), or logname already exists (if -m -l is specified).

INTERFACE STABILITY

The command line interface of passmgmt is Evolving.

SEE ALSO

passwd(1), crypt(3c), auth_attr(5), passwd(5), prof_attr(5), shadow(5), user_attr(5), attributes(7), rolemod(8), useradd(8), userdel(8), usermod(8)

NOTES

A NEWLINE or a colon (:) cannot be used as part of an argument. (: is interpreted as a field separator in the password file).

This command only modifies password definitions in the local /etc/passwd and /etc/shadow files. If a network nameservice is being used to supplement the local files with additional entries, passmgmt cannot change information supplied by the network nameservice.