This guide will let you know how to manage FreeBSD accounts using pw, a critical application which can manipulate a lot of things that have to do with the /etc/passwd file and /etc/groups file. It can also set certain things like how long the account can be active, until what date it is active and other cool things. The easiest way to learn how to use pw is to play with it on a test install.
- Local root access on the box or having your user in the wheel group so you can su to root.
- A SSH client like puTTy or SecureCRT (only if not logging on locally).
There is no installation needed for this. As long as you have a FreeBSD system with version 5.x or 4.x (I don’t doubt it is the same app, which minimally changes from version to version).
pw user help
Usage of pw is really easy, the man page however makes it look like it is the hardest tool ever to use, in fact it comes with its in built in help menu.
usage: pw [user|group|lock|unlock] [add|del|mod|show|next] [help|switches/values]
First off, we will start with how we can manipulate users. This includes adding, modifying and deleting users. With a simple command like the following, we can see what we can do if we want to add a user:
# pw user add help
usage: pw useradd [name] [switches] -V etcdir alternate /etc location -C config configuration file -q quiet operation Adding users: -n name login name -u uid user id -c comment user name/comment -d directory home directory -e date account expiry date -p date password expiry date -g grp initial group -G grp1,grp2 additional groups -m [ -k dir ] create and set up home -s shell name of login shell -o duplicate uid ok -L class user class -h fd read password on fd -Y update NIS maps -N no update Setting defaults: -V etcdir alternate /etc location -D set user defaults -b dir default home root dir -e period default expiry period -p period default password change period -g group default group -G grp1,grp2 additional groups -L class default user class -k dir default home skeleton -u min,max set min,max uids -i min,max set min,max gids -w method set default password method -s shell default shell -y path set NIS passwd file path
As you can see there are quite a few options. Let’s say you want to add a user called “myname” with a homedir which is located at /usr/home/special/myname and with a shell of usr/local/bin/bash
# pw user add myname -d /usr/home/special/myname -s /usr/local/bin/bash -m
If all went well, we should now have a user called “myname” with a homedir there where you specified it, and with the bash shell as his default shell.
Now lets say we want to delete this same user, as his term has expired, or just to clean it up as he is not needed anymore, the easiest way to do this is:
# pw user del myname
Of course the del command of pw also has a few options
# pw user del help
usage: pw userdel [uid|name] [switches] -V etcdir alternate /etc location -n name login name -u uid user id -Y update NIS maps -r remove home & contents
So even better to remove the user “myname” would be to use:
# pw user del myname -r
This would remove the users home dir as well as all the content he currently has. I personally don’t suggest this, I make a backup, and or move the files to another space, and just remove the user, so if later someone needs files that user had, I can still retrieve them, and get them to whomever wants them.
Now that we know how to create and delete users; how about being able to modify them? We maybe want to set a new date that this account will last to, or a new date for the password change to occur. pw user mod helps us with that. It has quite a few options as well.
# pw user mod help
usage: pw usermod [uid|name] [switches] -V etcdir alternate /etc location -C config configuration file -q quiet operation -F force add if no user -n name login name -u uid user id -c comment user name/comment -d directory home directory -e date account expiry date -p date password expiry date -g grp initial group -G grp1,grp2 additional groups -l name new login name -L class user class -m [ -k dir ] create and set up home -s shell name of login shell -w method set new password using method -h fd read password on fd -Y update NIS maps -N no update
Now let's say we still have our lovely user called "myname" (Quick, re-add the user again, before i notice it was gone ;-P), and we want to add him to another group, the wheel group, so he can use "su" to root.# pw user mod myname -G wheel
If no output is shown, it all went well. If there is an error it will let you know. Now when you log in with the user "myname" you can su, and become root.
pw group help
Now that we know how to manipulate users, or at least quite a bit, but we also want to be able to manipulate groups. Manipulating groups, is the same as a user, except that instead of pw user help, we type pw group help.# pw group add helpusage: pw groupadd [group|gid] [switches] -V etcdir alternate /etc location -C config configuration file -q quiet operation -n group group name -g gid group id -M usr1,usr2 add users as group members -o duplicate gid ok -Y update NIS maps -N no update
From this we can see that there are a lot less switches we can use to modify how pw acts. Adding a group is as easy as adding a user, or even yet easier. For instance if we want to create a group called "mygroup" and add the user "myname" to that group, we can call pw as follows:# pw group add mygroup -M myname
Okay, so that's all fine and dandy, but what about deleting a group you have justed added? It's just as easy as removing a user, it has some options, but none of them you will ever use, or its highly unlikely you will.# pw group del helpusage: pw groupdel [group|gid] [switches] -V etcdir alternate /etc location -n name group name -g gid group id -Y update NIS maps
As you have probably noticed, from the above is that a simple command like below will simply do the job, and its easier to remember.# pw group del mygroup
Figuring out how to modify groups is something I will leave up to the reader. Remember, you can type just pw to see all the options.# pw group mod help
Be careful and pw can be a very useful utility in your daily admining.