'\" t .\" Title: pwconv .\" Author: Marek MichaƂkiewicz .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 02/04/2024 .\" Manual: System Management Commands .\" Source: shadow-utils 4.13 .\" Language: English .\" .TH "PWCONV" "8" "02/04/2024" "shadow\-utils 4\&.13" "System Management Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pwconv, pwunconv, grpconv, grpunconv \- convert to and from shadow passwords and groups .SH "SYNOPSIS" .HP \w'\fBpwconv\fR\ 'u \fBpwconv\fR [\fIoptions\fR] .HP \w'\fBpwunconv\fR\ 'u \fBpwunconv\fR [\fIoptions\fR] .HP \w'\fBgrpconv\fR\ 'u \fBgrpconv\fR [\fIoptions\fR] .HP \w'\fBgrpunconv\fR\ 'u \fBgrpunconv\fR [\fIoptions\fR] .SH "DESCRIPTION" .PP The \fBpwconv\fR command creates \fIshadow\fR from \fIpasswd\fR and an optionally existing \fIshadow\fR\&. .PP The \fBpwunconv\fR command creates \fIpasswd\fR from \fIpasswd\fR and \fIshadow\fR and then removes \fIshadow\fR\&. .PP The \fBgrpconv\fR command creates \fIgshadow\fR from \fIgroup\fR and an optionally existing \fIgshadow\fR\&. .PP The \fBgrpunconv\fR command creates \fIgroup\fR from \fIgroup\fR and \fIgshadow\fR and then removes \fIgshadow\fR\&. .PP These four programs all operate on the normal and shadow password and group files: /etc/passwd, /etc/group, /etc/shadow, and /etc/gshadow\&. .PP Each program acquires the necessary locks before conversion\&. \fBpwconv\fR and \fBgrpconv\fR are similar\&. First, entries in the shadowed file which don\*(Aqt exist in the main file are removed\&. Then, shadowed entries which don\*(Aqt have `x\*(Aq as the password in the main file are updated\&. Any missing shadowed entries are added\&. Finally, passwords in the main file are replaced with `x\*(Aq\&. These programs can be used for initial conversion as well to update the shadowed file if the main file is edited by hand\&. .PP \fBpwconv\fR will use the values of \fIPASS_MIN_DAYS\fR, \fIPASS_MAX_DAYS\fR, and \fIPASS_WARN_AGE\fR from /etc/login\&.defs when adding new entries to /etc/shadow\&. .PP Likewise \fBpwunconv\fR and \fBgrpunconv\fR are similar\&. Passwords in the main file are updated from the shadowed file\&. Entries which exist in the main file but not in the shadowed file are left alone\&. Finally, the shadowed file is removed\&. Some password aging information is lost by \fBpwunconv\fR\&. It will convert what it can\&. .SH "OPTIONS" .PP The options which apply to the \fBpwconv\fR, \fBpwunconv\fR, \fBgrpconv\fR, and \fBgrpunconv\fR commands are: .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Display help message and exit\&. .RE .PP \fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR .RS 4 Apply changes in the \fICHROOT_DIR\fR directory and use the configuration files from the \fICHROOT_DIR\fR directory\&. Only absolute paths are supported\&. .RE .SH "BUGS" .PP Errors in the password or group files (such as invalid or duplicate entries) may cause these programs to loop forever or fail in other strange ways\&. Please run \fBpwck\fR and \fBgrpck\fR to correct any such errors before converting to or from shadow passwords or groups\&. .SH "CONFIGURATION" .PP The following configuration variable in /etc/login\&.defs changes the behavior of \fBgrpconv\fR and \fBgrpunconv\fR: .PP \fBMAX_MEMBERS_PER_GROUP\fR (number) .RS 4 Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in /etc/group (with the same name, same password, and same GID)\&. .sp The default value is 0, meaning that there are no limits in the number of members in a group\&. .sp This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&. .sp If you need to enforce such limit, you can use 25\&. .sp Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&. .RE .PP The following configuration variables in /etc/login\&.defs change the behavior of \fBpwconv\fR: .PP \fBPASS_MAX_DAYS\fR (number) .RS 4 The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&. .RE .PP \fBPASS_MIN_DAYS\fR (number) .RS 4 The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, 0 will be assumed (which disables the restriction)\&. .RE .PP \fBPASS_WARN_AGE\fR (number) .RS 4 The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&. .RE .SH "FILES" .PP /etc/login\&.defs .RS 4 Shadow password suite configuration\&. .RE .SH "SEE ALSO" .PP \fBgrpck\fR(8), \fBlogin.defs\fR(5), \fBpwck\fR(8)\&.