1NEWUSERS(8) System Management Commands NEWUSERS(8)
2
6 newusers - update and create new users in batch
7
9 newusers [options new_users]
10
12 The newusers command reads a file of user name and clear-text password
13 pairs and uses this information to update a group of existing users or
14 to create new users. Each line is in the same format as the standard
15 password file (see passwd(5)) with the exceptions explained below:
16 pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
18 pw_name
20 This is the name of the user.
21 It can be the name of a new user or the name of an existing user
23 (or an user created before by newusers). In case of an existing
24 user, the user´s information will be changed, otherwise a new user
25 will be created.
26 pw_passwd
28 This field will be encrypted and used as the new value of the
29 encrypted password.
30 pw_uid
32 This field is used to define the UID of the user.
33 If the field is empty, an new (unused) UID will be defined
35 automatically by newusers.
36 If this field contains a number, this number will be used as the
38 UID.
39 If this field contains the name of an existing user (or the name of
41 an user created before by newusers), the UID of the specified user
42 will be used.
43 If the UID of an existing user is changed, the files ownership of
45 the user´s file should be fixed manually.
46 pw_gid
48 This field is used to define the primary group ID for the user.
49 If this field contains the name of an existing group (or a group
51 created before by newusers), the GID of this group will be used as
52 the primary group ID for the user.
53 If this field is a number, this number will be used as the primary
55 group ID of the user. If no groups exist with this GID, a new group
56 will be created with this GID, and the name of the user.
57 If this field is empty, a new group will be created with the name
59 of the user and a GID will be automatically defined by newusers to
60 be used as the primary group ID for the user and as the GID for the
61 new group.
62 If this field contains the name of a group which does not exist
64 (and was not created earlier wbefore by newusers), a new group will
65 be created with the specified name and a GID will be automatically
66 defined by newusers to be used as the primary group ID for the user
67 and Gs the ID for the new group.
68 pw_gecos
70 This field is copied in the GECOS field of the user.
71 pw_dir
73 This field is used to define the home directory of the user.
74 If this field does not specify an existing directory, the specified
76 directory is created, with ownership set to the user being created
77 or updated and its primary group. Note that newusers does not
78 create parent directories of the new user's home directory. The
79 newusers command will fail to create the home directory if the
80 parent directories do not exist, and will send a message to stderr
81 informing the user of the failure. The newusers command will not
82 halt or return a failure to the calling shell if it fails to create
83 the home directory, it will continue to process the batch of new
84 users specified.
85 If the home directory of an existing user is changed, newusers does
87 not move or copy the content of the old directory to the new
88 location. This should be done manually.
89 pw_shell
91 This field defines the shell of the user. No checks are performed
92 on this field.
93 newusers first tries to create or change all the specified users, and
95 then write these changes to the user or group databases. If an error
96 occurs (except in the final writes to the databases), no changes are
97 committed to the databases.
98 This command is intended to be used in a large system environment where
100 many accounts are updated at a single time.
101
103 The options which apply to the newusers command are:
104 -c, --crypt-method
106 Use the specified method to encrypt the passwords.
107 The available methods are DES, MD5, NONE, and SHA256 or SHA512 if
109 your libc support these methods.
110 -h, --help
112 Display help message and exit.
113 -r, --system
115 Create a system account.
116 System users will be created with no aging information in
118 /etc/shadow, and their numeric identifiers are choosen in the
119 SYS_UID_MIN-SYS_UID_MAX range, defined in login.defs, instead of
120 UID_MIN-UID_MAX (and their GID counterparts for the creation of
121 groups).
122 -s, --sha-rounds
124 Use the specified number of rounds to encrypt the passwords.
125 The value 0 means that the system will choose the default number of
127 rounds for the crypt method (5000).
128 A minimal value of 1000 and a maximal value of 999,999,999 will be
130 enforced.
131 You can only use this option with the SHA256 or SHA512 crypt
133 method.
134 By default, the number of rounds is defined by the
136 SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
137 /etc/login.defs.
138
140 The input file must be protected since it contains unencrypted
141 passwords.
142 You should make sure the passwords and the encryption method respect
144 the system´s password policy.
145
147 The following configuration variables in /etc/login.defs change the
148 behavior of this tool:
149 ENCRYPT_METHOD (string)
151 This defines the system default encryption algorithm for encrypting
152 passwords (if no algorithm are specified on the command line).
153 It can take one of these values:
155 · DES (default)
157 · MD5
159 · SHA256
161 · SHA512
163 Note: this parameter overrides the MD5_CRYPT_ENAB variable.
165 GID_MAX (number), GID_MIN (number)
167 Range of group IDs used for the creation of regular groups by
168 useradd, groupadd, or newusers.
169 MAX_MEMBERS_PER_GROUP (number)
171 Maximum members per group entry. When the maximum is reached, a
172 new group entry (line) is started in /etc/group (with the same
173 name, same password, and same GID).
174 The default value is 0, meaning that there are no limits in the
176 number of members in a group.
177 This feature (split group) permits to limit the length of lines
179 in the group file. This is useful to make sure that lines for
180 NIS groups are not larger than 1024 characters.
181 If you need to enforce such limit, you can use 25.
183 Note: split groups may not be supported by all tools (even in
185 the Shadow toolsuite). You should not use this variable unless
186 you really need it.
187 MD5_CRYPT_ENAB (boolean)
189 Indicate if passwords must be encrypted using the MD5-based
190 algorithm. If set to yes, new passwords will be encrypted using
191 the MD5-based algorithm compatible with the one used by recent
192 releases of FreeBSD. It supports passwords of unlimited length
193 and longer salt strings. Set to no if you need to copy
194 encrypted passwords to other systems which don´t understand the
195 new algorithm. Default is no.
196 This variable is superceded by the ENCRYPT_METHOD variable or
198 by any command line option used to configure the encryption
199 algorithm.
200 This variable is deprecated. You should use ENCRYPT_METHOD.
202 PASS_MAX_DAYS (number)
204 The maximum number of days a password may be used. If the
205 password is older than this, a password change will be forced.
206 If not specified, -1 will be assumed (which disables the
207 restriction).
208 PASS_MIN_DAYS (number)
210 The minimum number of days allowed between password changes.
211 Any password changes attempted sooner than this will be
212 rejected. If not specified, -1 will be assumed (which disables
213 the restriction).
214 PASS_WARN_AGE (number)
216 The number of days warning given before a password expires. A
217 zero means warning is given only upon the day of expiration, a
218 negative value means no warning is given. If not specified, no
219 warning will be provided.
220 SHA_CRYPT_MIN_ROUNDS (number), SHA_CRYPT_MAX_ROUNDS (number)
222 When ENCRYPT_METHOD is set to SHA256 or SHA512, this defines
223 the number of SHA rounds used by the encryption algorithm by
224 default (when the number of rounds is not specified on the
225 command line).
226 With a lot of rounds, it is more difficult to brute forcing the
228 password. But note also that more CPU resources will be needed
229 to authenticate users.
230 If not specified, the libc will choose the default number of
232 rounds (5000).
233 The values must be inside the 1000-999999999 range.
235 If only one of the SHA_CRYPT_MIN_ROUNDS or SHA_CRYPT_MAX_ROUNDS
237 values is set, then this value will be used.
238 If SHA_CRYPT_MIN_ROUNDS > SHA_CRYPT_MAX_ROUNDS, the highest
240 value will be used.
241 SYS_GID_MAX (number), SYS_GID_MIN (number)
243 Range of group IDs used for the creation of system groups by
244 useradd, groupadd, or newusers.
245 SYS_UID_MAX (number), SYS_UID_MIN (number)
247 Range of user IDs used for the creation of system users by
248 useradd or newusers.
249 UID_MAX (number), UID_MIN (number)
251 Range of user IDs used for the creation of regular users by
252 useradd or newusers.
253 UMASK (number)
255 The file mode creation mask is initialized to this value. If
256 not specified, the mask will be initialized to 022.
257 useradd and newusers use this mask to set the mode of the home
260 directory they create
261 It is also used by login to define users´ initial umask. Note
263 that this mask can be overriden by the user´s GECOS line (if
264 QUOTAS_ENAB is set) or by the specification of a limit with the
265 K identifier in limits(5).
266
268 /etc/passwd
269 User account information.
270 /etc/shadow
272 Secure user account information.
273 /etc/group
275 Group account information.
276 /etc/gshadow
278 Secure group account information.
279 /etc/login.defs
281 Shadow password suite configuration.
282
284 login.defs(5), passwd(1), useradd(8).
285System Management Commands 07/24/2009 NEWUSERS(8)