1.\" $OpenBSD: chpass.1,v 1.35 2009/10/22 12:35:53 sobrado Exp $ 2.\" $NetBSD: chpass.1,v 1.7 1996/05/15 21:50:40 jtc Exp $ 3.\" 4.\" Copyright (c) 1988, 1990, 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)chpass.1 8.2 (Berkeley) 12/30/93 32.\" 33.Dd $Mdocdate: October 22 2009 $ 34.Dt CHPASS 1 35.Os 36.Sh NAME 37.Nm chpass , 38.Nm chfn , 39.Nm chsh 40.Nd add or change user database information 41.Sh SYNOPSIS 42.Nm chpass 43.Op Fl ly 44.Op Fl s Ar newshell 45.Op Ar user 46.Nm chpass 47.Op Fl l 48.Fl a Ar list 49.Sh DESCRIPTION 50.Nm chpass 51allows editing of the user database information associated 52with 53.Ar user , 54or, by default, the current user. 55The information is formatted and supplied to an editor for changes. 56.Pp 57Only the information that the user is allowed to change is displayed. 58.Pp 59If YP is enabled change requests are first tried in the local database, 60and then in the YP database, if there was no entry to change locally. 61.Pp 62.Nm chfn 63and 64.Nm chsh 65are synonyms for 66.Nm chpass . 67.Pp 68The options are as follows: 69.Bl -tag -width Ds 70.It Fl a Ar list 71The superuser is allowed to directly supply a user database 72entry, in the format specified by 73.Xr passwd 5 , 74as an argument. 75This argument must be a colon 76.Pq Sq \&: 77separated list of all the 78user database fields, although they may be empty. 79This operation is not supported in YP environments; only local additions 80can be performed which requires the 81.Fl l 82flag to be specified. 83.It Fl l 84In environments where YP is enabled, always alter local information as 85opposed to information in YP. 86.It Fl s Ar newshell 87Attempts to change the user's shell to 88.Ar newshell . 89.It Fl y 90In environments where YP is enabled, always change the YP entry, even if this 91is a modification request and there is a local entry for the specified user. 92.El 93.Pp 94Possible display items are as follows: 95.Pp 96.Bl -tag -width "Office Location:" -compact -offset indent 97.It Login: 98user's login name 99.It Password: 100user's encrypted password 101.It Uid: 102user's login 103.It Gid: 104user's login group 105.It Change: 106password change time 107.It Expire: 108account expiration time 109.It Class: 110user's general classification 111.It Home Directory: 112user's home directory 113.It Shell: 114user's login shell 115.It Full Name: 116user's real name 117.It Office Location: 118user's office location 119.It Office Phone: 120user's office phone 121.It Home Phone: 122user's home phone 123.El 124.Pp 125The 126.Ar login 127field is the user name used to access the computer account. 128.Pp 129The 130.Ar password 131field contains the encrypted form of the user's password. 132.Pp 133The 134.Ar uid 135field is the number associated with the 136.Ar login 137field. 138Both of these fields should be unique across the system (and often 139across a group of systems) as they control file access. 140.Pp 141While it is possible to have multiple entries with identical login names 142and/or identical user IDs, it is usually a mistake to do so. 143Routines that manipulate these files will often return only one of the multiple 144entries, and that one by random selection. 145.Pp 146The 147.Ar group 148field is the group that the user will be placed in at login. 149Since BSD supports multiple groups (see 150.Xr groups 1 ) , 151this field currently has little special meaning. 152This field may be filled in with either a number or a group name (see 153.Xr group 5 ) . 154.Pp 155The 156.Ar change 157field is the date by which the password must be changed. 158.Pp 159The 160.Ar expire 161field is the date on which the account expires. 162.Pp 163Both the 164.Ar change 165and 166.Ar expire 167fields should be entered in the form ``month day year'' where 168.Ar month 169is the month name (the first three characters are sufficient), 170.Ar day 171is the day of the month, and 172.Ar year 173is the year. 174.Pp 175The 176.Ar class 177field specifies a key in the 178.Xr login.conf 5 179database of login class attributes. 180If empty, the 181.Dq default 182record is used. 183.Pp 184The user's 185.Ar home directory 186is the full 187.Ux 188path name where the user will be placed at login. 189.Pp 190The 191.Ar shell 192field is the command interpreter the user prefers. 193If the 194.Ar shell 195field is empty, the Bourne shell 196.Pq Pa /bin/sh 197is assumed. 198When altering a login shell, and not the superuser, the user 199may not change from a non-standard shell or to a non-standard 200shell. 201Non-standard is defined as a shell not found in 202.Pa /etc/shells . 203.Pp 204The last four fields are for storing the user's 205.Ar full name , office location , 206and 207.Ar work 208and 209.Ar home telephone 210numbers. 211.Pp 212Once the information has been verified, 213.Nm 214uses 215.Xr pwd_mkdb 8 216to update the user database. 217.Sh ENVIRONMENT 218The 219.Xr vi 1 220editor will be used unless the environment variable 221.Ev EDITOR 222is set to 223an alternate editor. 224When the editor terminates, the information is re-read and used to 225update the user database itself. 226Only the user, or the superuser, may edit the information associated 227with the user. 228.Sh FILES 229.Bl -tag -width /var/tmp/pw.XXXXXXXXXX -compact 230.It Pa /etc/master.passwd 231user database 232.It Pa /etc/passwd 233a Version 7 format password file 234.It Pa /etc/ptmp 235lock file for the passwd database 236.It Pa /etc/shells 237list of approved shells 238.It Pa /var/tmp/pw.XXXXXXXXXX 239temporary copy of the user passwd information 240.El 241.Sh DIAGNOSTICS 242.Bl -diag 243.It "Attempting lock password file, please wait or press ^C to abort" 244.Pp 245The password file is currently locked by another process; 246.Nm 247will keep trying to lock the password file until it succeeds or 248the user hits the interrupt character (control-C by default). 249If 250.Nm 251is interrupted while trying to gain the lock any changes made will be lost. 252.Pp 253If the process holding the lock was prematurely terminated the lock 254file may be stale and 255.Nm 256will wait forever trying to lock the password file. 257To determine whether a live process is actually holding the lock, the 258admin may run the following: 259.Bd -literal -offset indent 260$ fstat /etc/ptmp 261.Ed 262.Pp 263If no process is listed, it is safe to remove the 264.Pa /etc/ptmp 265file to clear the error. 266.El 267.Sh SEE ALSO 268.Xr finger 1 , 269.Xr login 1 , 270.Xr passwd 1 , 271.Xr getusershell 3 , 272.Xr login.conf 5 , 273.Xr passwd 5 , 274.Xr pwd_mkdb 8 , 275.Xr vipw 8 276.Rs 277.%A Robert Morris 278.%A Ken Thompson 279.%T "UNIX Password Security" 280.Re 281.Sh HISTORY 282The 283.Nm 284command appeared in 285.Bx 4.3 Reno . 286.Sh BUGS 287User information should (and eventually will) be stored elsewhere. 288