port-arm32: Re: How to change login shell in the password database

Subject: Re: How to change login shell in the password database
To: RiscBSD Mailing List <port-arm32@NetBSD.ORG>
From: Kjetil B. Thomassen <kjetil.b.thomassen@eunet.no>
List: port-arm32
Date: 05/04/1997 22:32:20

On Sun 04 May, Laurent DOMISSE wrote:
> I would like to use tcsh instaed of csh but I have problem ! :(
> I've change /bin/csh to /usr/local/bin/tcsh in passwd and
> master.passwd files...but it always use csh !
> How can I rebuild the password database to update this ?

Here is a quote from an earlier email to this mailing list
that tries to explain how the password database is organized:

> From: ws@kurt.tools.de (Wolfgang Solfrank)
> Date: Thu, 27 Feb 1997 17:44:53 +0100
>> From: Jasper Wallace <jasper@ivision.co.uk>
>> Date: Thu, 27 Feb 1997 16:27:22 +0000 (GMT)
>> 
>> master.passwd and passwd work like this:
>> 
>> master.passwd stores all the username information and their (encrypted)
>>               password. It is only accessible by root and is only used for
>>               adding and administrating users.
>> 
>> passwd is produced from master.passwd by the 'pwd_mkdb' program which at the
>>        same time adds information to the password database (/etc/spwd.db).
>> 
>> The point of all this is that
>> 
>> a) programs that want to can get information about users from /etc/passwd
>> (e.g. for finger, e-mail etc) and these programs *don't* need to be run as
>> root - this makies the system more secure.
>> 
>> b) a limited\ and smaller number of programs are alowed to read your password
>> from /etc/spwd.db, e.g. login, passwd itself, etc..
>> 
>> This is called password shadowing, it trys to prevent people getting other
>> peoples passwords.
>> 
>> So just removing lines in passwd and master.passwd will just confuse
>> everything. see these manual pages for more info...
>> 
>> man 5 passwd
>> man 8 pwd_mkdb
>> man 1 passwd
>> man 8 vipw
>> man 8 adduser
>
> More or less correct.  The only slightly incorrect thing is that programs
> under a) aren't expected to access /etc/passwd, but /etc/pwd.db (which is
> generated by pwd_mkdb just like /etc/spwd.db).  These /etc/pwd.db and
> /etc/spwd.db files are hashed versions of /etc/passwd and /etc/master.passwd
> resp.  These are used for faster access, albeit this will only be noticable
> on really large user databases.

In other words, you have to edit master.passwd and then run pwd_mkdb
or use vipw to edit the password file. This will do all this for you.

Also, Rob Black wrote:
> AFAIK, vipw uses the environment variable EDITOR to decide what editor
> to use and defaults to vi if none is found. Personally I 'setenv EDITOR
> joe' before running vipw and can then edit the passwords file in the
> slightly more friendly Joe editor.
 
I hope this helps.

The search facility can be found at:
http://noxious.muscat.co.uk/riscbsd/

Kjetil B.