xref: /netbsd-src/usr.sbin/pwd_mkdb/pwd_mkdb.8 (revision de4fa6c51a9708fc05f88b618fa6fad87c9508ec) 
1.\"	$NetBSD: pwd_mkdb.8,v 1.26 2009/06/19 05:50:39 wiz Exp $
2.\"
3.\" Copyright (c) 1991, 1993
4.\"	The Regents of the University of California.  All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\" 3. Neither the name of the University nor the names of its contributors
15.\"    may be used to endorse or promote products derived from this software
16.\"    without specific prior written permission.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28.\" SUCH DAMAGE.
29.\"
30.\"	from: @(#)pwd_mkdb.8	8.2 (Berkeley) 4/27/95
31.\"
32.Dd June 18, 2009
33.Dt PWD_MKDB 8
34.Os
35.Sh NAME
36.Nm pwd_mkdb
37.Nd generate the password databases
38.Sh SYNOPSIS
39.Nm
40.Op Fl BLpsvw
41.Op Fl c Ar cachesize
42.Op Fl d Ar directory
43.Op Fl u Ar username
44.Op Fl V Ar version
45.Ar file
46.Sh DESCRIPTION
47.Nm
48creates
49.Xr db 3
50style secure and insecure databases for the specified file.
51These databases are then installed into
52.Dq Pa /etc/spwd.db
53and
54.Dq Pa /etc/pwd.db
55respectively.
56The file is installed into
57.Dq Pa /etc/master.passwd .
58The file must be in the correct format (see
59.Xr passwd 5 ) .
60It is important to note that the format used in this system is
61different from the historic Version 7 style format.
62.Pp
63The options are as follows:
64.Bl -tag -width flag
65.It Fl B
66Store data in big-endian format (see also
67.Fl L ) .
68.It Fl c Ar cachesize
69Specify the size of the memory cache in megabytes used by the
70hashing library.
71On systems with a large user base, a small cache size can lead to
72prohibitively long database file rebuild times.
73As a rough guide, the memory usage of
74.Nm
75in megabytes will be a little bit more than twice the figure
76specified here.
77If unspecified, this value will be calculated based on the size of
78the input file up to a maximum of 8 megabytes.
79.It Fl d Ar directory
80Change the root directory of the generated files from
81.Dq Pa /
82to
83.Ar directory .
84.It Fl L
85Store data in little-endian format (see also
86.Fl B ) .
87.It Fl p
88Create a Version 7 style password file and install it into
89.Dq Pa /etc/passwd .
90.It Fl s
91Update the secure database only.
92This is useful when only encrypted passwords have changed.
93This option negates the effect of any
94.Fl p
95option.
96.It Fl u Ar name
97Don't re-build the database files, but instead modify or add entries
98for the specified user only.
99This option may only be used when the line number and user name in
100the password file have not changed, or when adding a new user from
101the last line in the password file.
102.It Fl V Ar version
103Upgrade or downgrade databases to the numbered version.
104Version
105.Dv 0
106is the old format (up to and including
107.Nx 5.0 )
108with the 4 byte time fields and version
109.Dv 1
110is the new format with the 8 byte time fields (greater than
111.Nx 5.0 ) .
112.Nx 5.0
113cannot read version
114.Dv 1
115databases.
116All versions above
117.Nx 5.0
118can read and write both version
119.Dv 0
120and version
121.Dv 1
122databases.
123By default the databases stay in the version they were before the command
124was run.
125.It Fl v
126Mention when a version change occurs.
127.It Fl w
128Print a warning if the system is using old style databases.
129.El
130.Pp
131The two databases differ in that the secure version contains the user's
132encrypted password and the insecure version has an asterisk
133.Pq Dq * .
134.Pp
135The databases are used by the C library password routines (see
136.Xr getpwent 3 ) .
137.Sh EXIT STATUS
138.Nm
139exits zero on success, non-zero on failure.
140.Sh FILES
141.Bl -tag -width Pa -compact
142.It Pa /etc/master.passwd
143The current password file.
144.It Pa /etc/passwd
145A Version 7 format password file.
146.It Pa /etc/pwd.db
147The insecure password database file.
148.It Pa /etc/pwd.db.tmp
149A temporary file.
150.It Pa /etc/spwd.db
151The secure password database file.
152.It Pa /etc/spwd.db.tmp
153A temporary file.
154.El
155.Sh SEE ALSO
156.Xr chpass 1 ,
157.Xr passwd 1 ,
158.Xr pwhash 1 ,
159.Xr db 3 ,
160.Xr getpwent 3 ,
161.Xr pw_mkdb 3 ,
162.Xr passwd 5 ,
163.Xr useradd 8 ,
164.Xr userdel 8 ,
165.Xr usermod 8 ,
166.Xr vipw 8
167.Sh COMPATIBILITY
168Previous versions of the system had a program similar to
169.Nm
170which built
171.Em dbm
172style databases for the password file but depended on the calling programs
173to install them.
174The program was renamed in order that previous users of the program
175not be surprised by the changes in functionality.
176.Sh BUGS
177Because of the necessity for atomic update of the password files,
178.Nm
179uses
180.Xr rename 2
181to install them.
182This, however, requires that the file specified on the command line live
183on the same file system as the
184.Dq Pa /etc
185directory.
186.Pp
187There are the obvious races with multiple people running
188.Nm
189on different password files at the same time.
190The front-ends to
191.Xr chpass 1 ,
192.Xr passwd 1 ,
193.Xr useradd 8 ,
194.Xr userdel 8 ,
195.Xr usermod 8 ,
196and
197.Xr vipw 8
198handle the locking necessary to avoid this problem.
199.Pp
200The database files are copied when the
201.Fl u
202option is used.
203Real locking would make this unnecessary.
204.Pp
205Although the DB format is endian-transparent, the data stored in
206the DB is not.
207Also, the format doesn't lend itself to insertion or removal of
208records from arbitrary locations in the password file.
209This is difficult to fix without breaking compatibility.
210.Pp
211Using the
212.Fl u
213option on a system where multiple users share the same UID can have
214unexpected results.
215