UNIX System Administration Handbook - Evi Nemeth [57]
• Home phone number
The chfn command (passwd -g on Solaris) lets users change their own GECOS information. chfn is useful for keeping things like phone numbers up to date, but it can be misused: a user can change the information to be either obscene or incorrect. Our academic computing center, which caters to hordes of undergraduates, has disabled the chfn command.
Home directory
Users are placed in their home directories when they log in. If a user’s home directory is missing at login time, the system prints a message such as “no home directory.” Some systems allow the login to proceed and put the user in the root directory. Others do not allow logins without a valid home directory.
Be aware that if home directories are mounted over NFS, they may be unavailable in the event of server or network problems.
Login shell
The login shell is normally a command interpreter such as the Bourne shell or the C shell (/bin/sh or /bin/csh), but it can be any program. sh is the default on most systems and is used if /etc/passwd does not specify a login shell. Other common shells include ksh (the Korn shell), bash (the GNU Bourne again shell), and tcsh (a fancy C shell with command editing).
We recommend tcsh as the default shell for new users.
On most systems, users can change their shells with the chsh command. On Solaris, only the superuser can change a user’s shell (using passwd -e) unless NIS or NIS+ is in use. The file /etc/shells contains a list of shells that chsh will permit users to select; root can use chsh without restrictions. If you add entries to /etc/shells, be sure to use absolute paths since chsh and other programs expect them.
6.2 THE FREEBSD /ETC/MASTER.PASSWD FILE
On FreeBSD, the “real” password file is /etc/master.passwd. The /etc/passwd file exists for backward compatibility, but it is generated from the master.passwd file and is never edited directly. Whenever you modify /etc/master.passwd by running vipw, passwd, chfn, chsh, or chpass, /etc/passwd is generated for you along with a hashed representation of /etc/master.passwd created by the pwd_mkdb utility.
The master.passwd file functions as a shadow password file in that it is readable only by root (the derived /etc/passwd file does not contain any passwords). The master.passwd file also contains three additional fields not found in passwd:
• Login class
• Password change time
• Expiration time
The login class (if one is specified) refers to an entry in the /etc/login.conf file. Login classes determine user resource limits and control other login settings. See the next section for specifics.
The password change time field implements a policy known as “password aging.” It contains the time (in seconds since the UNIX epoch) after which the user will be forced to change his or her password. You can leave the field blank, indicating that the password never expires. We are not very enthusiastic about password aging; see page 657 for a more complete discussion.
The account expiration time gives the time and date (in seconds, as for password expiration) at which the user’s account will expire. The user cannot log in after this date unless the field is reset by an administrator. If this field is left blank, the account will not expire.
6.3 THE FREEBSD /ETC/LOGIN.CONF FILE
FreeBSD’s /etc/login.conf file sets account-related parameters for users and groups of users. Its format is similar to that of the termcap and printcap files and consists of colon-delimited key/value pairs and Boolean flags.
When a user logs in, the login class field of /etc/master.passwd determines which entry in /etc/login.conf to apply. If no login class has been specified by the user’s master.passwd entry, the default class is used.
A login.conf entry can set any of the following:
• Resource limits (maximum process size, number of open files, etc.)
• Session accounting limits (when logins are allowed, and for how long)
• Default environment variables
• Default paths (PATH, MANPATH, etc.)
• Location of the message