update-passwd - safely update /etc/passwd, /etc/shadow and /etc/group
handles updates of /etc/passwd, /etc/shadow and /etc/group
on running Debian systems. It compares the current files to master copies,
distributed in the base-passwd package, and updates all entries in the global
system range (that is, 0–99).
follows the usual GNU command line syntax, with long
options starting with two dashes (‘-’).
- -p, --passwd-master=FILE
- Use FILE as the master copy of the passwd database. The
default value is /usr/share/base-passwd/passwd.master.
- -g, --group-master=FILE
- Use FILE as the master copy of the group database. The
default value is /usr/share/base-passwd/group.master.
- -P, --passwd=FILE
- Use FILE as the system passwd database. The default value
- -S, --shadow=FILE
- Use FILE as the system shadow database. The default value
- -G, --group=FILE
- Use FILE as the system group database. The default value is
- -s, --sanity-check
- Only perform sanity-checks but don't do anything.
- -v, --verbose
- Give detailed information about what we are doing. A second
-v gives additional detail.
- -n, --dry-run
- Don't do anything but only show what we would do.
- -L, --no-locking
- Don't attempt to lock the account database. This should
only be used for debugging purposes. I repeat: do not do this unless
you are really sure you need this!
- -h, --help
- Show a summary of how to use update-passwd.
- -V, --version
- Show the version number
- If this environment variable is sent and the
--dry-run flag was not given, update-passwd uses debconf to
prompt for whether to make changes. Each proposed change will produce a
separate prompt. User or group removals, UID or GID changes, and home
directory changes will be asked with high priority. User or group
additions and shell changes will be asked with medium priority. Questions
about whether to move entries above the NIS compat inclusion entry or
whether to change the GECOS of a user are asked at low priority.
At this moment update-passwd
does not verify the shadow-file. It should
check if the entries in the passwd are also in shadow and vice versa, and that
passwords are not present in both files.
Wichert Akkerman <email@example.com>
This program was written for the Debian project, and is copyright
1999–2002 Wichert Akkerman and copyright 2002, 2003 Colin Watson. It is
distributed under version 2 of the GNU General Public License.