rpms/shadow-utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity
e78f6ce534
shadow-utils/shadow-4.8.1-manfix.patch

342 lines
12 KiB
Diff
Raw Normal View History

RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/shadow-utils#9f643a301165a0b1bb1fcb7b9c425809d5791a2f
2020-10-15 16:33:35 +00:00
diff -up shadow-4.8.1/man/chage.1.xml.manfix shadow-4.8.1/man/chage.1.xml
--- shadow-4.8.1/man/chage.1.xml.manfix 2019-10-05 01:28:34.000000000 +0200
+++ shadow-4.8.1/man/chage.1.xml 2020-03-17 15:34:48.750414984 +0100
@@ -102,6 +102,9 @@
Set the number of days since January 1st, 1970 when the password
was last changed. The date may also be expressed in the format
YYYY-MM-DD (or the format more commonly used in your area).
+ If the <replaceable>LAST_DAY</replaceable> is set to
+ <emphasis>0</emphasis> the user is forced to change his password
+ on the next log on.
</para>
</listitem>
</varlistentry>
@@ -119,6 +122,13 @@
system again.
</para>
<para>
+ For example the following can be used to set an account to expire
+ in 180 days:
+ </para>
+ <programlisting>
+ chage -E $(date -d +180days +%Y-%m-%d)
+ </programlisting>
+ <para>
Passing the number <emphasis remap='I'>-1</emphasis> as the
<replaceable>EXPIRE_DATE</replaceable> will remove an account
expiration date.
@@ -239,6 +249,18 @@
The <command>chage</command> program requires a shadow password file to
be available.
</para>
+ <para>
+ The chage program will report only the information from the shadow
+ password file. This implies that configuration from other sources
+ (e.g. LDAP or empty password hash field from the passwd file) that
+ affect the user's login will not be shown in the chage output.
+ </para>
+ <para>
+ The <command>chage</command> program will also not report any
+ inconsistency between the shadow and passwd files (e.g. missing x in
+ the passwd file). The <command>pwck</command> can be used to check
+ for this kind of inconsistencies.
+ </para>
<para>The <command>chage</command> command is restricted to the root
user, except for the <option>-l</option> option, which may be used by
an unprivileged user to determine when their password or account is due
diff -up shadow-4.8.1/man/groupadd.8.xml.manfix shadow-4.8.1/man/groupadd.8.xml
--- shadow-4.8.1/man/groupadd.8.xml.manfix 2020-03-17 15:34:48.745414917 +0100
+++ shadow-4.8.1/man/groupadd.8.xml 2020-03-17 15:34:48.750414984 +0100
@@ -320,13 +320,13 @@
<varlistentry>
<term><replaceable>4</replaceable></term>
<listitem>
- <para>GID not unique (when <option>-o</option> not used)</para>
+ <para>GID is already used (when called without <option>-o</option>)</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>9</replaceable></term>
<listitem>
- <para>group name not unique</para>
+ <para>group name is already used</para>
</listitem>
</varlistentry>
<varlistentry>
diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xml
--- shadow-4.8.1/man/groupmems.8.xml.manfix 2020-03-17 15:34:48.750414984 +0100
+++ shadow-4.8.1/man/groupmems.8.xml 2020-03-17 15:41:13.383588722 +0100
@@ -179,20 +179,10 @@
<refsect1 id='setup'>
<title>SETUP</title>
<para>
- The <command>groupmems</command> executable should be in mode
- <literal>2710</literal> as user <emphasis>root</emphasis> and in group
- <emphasis>groups</emphasis>. The system administrator can add users to
- group <emphasis>groups</emphasis> to allow or disallow them using the
- <command>groupmems</command> utility to manage their own group
- membership list.
+ In this operating system the <command>groupmems</command> executable
+ is not setuid and regular users cannot use it to manipulate
+ the membership of their own group.
</para>
-
- <programlisting>
- $ groupadd -r groups
- $ chmod 2710 groupmems
- $ chown root.groups groupmems
- $ groupmems -g groups -a gk4
- </programlisting>
</refsect1>
<refsect1 id='configuration'>
diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/login.defs.5
--- shadow-4.8.1/man/ja/man5/login.defs.5.manfix 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/man/ja/man5/login.defs.5 2020-03-17 15:34:48.750414984 +0100
@@ -147,10 +147,6 @@ 以下の参照表は、
shadow パスワード機能のどのプログラムが
どのパラメータを使用するかを示したものである。
.na
-.IP chfn 12
-CHFN_AUTH CHFN_RESTRICT
-.IP chsh 12
-CHFN_AUTH
.IP groupadd 12
GID_MAX GID_MIN
.IP newusers 12
diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.xml
--- shadow-4.8.1/man/login.defs.5.xml.manfix 2020-01-17 16:47:56.000000000 +0100
+++ shadow-4.8.1/man/login.defs.5.xml 2020-03-17 15:34:48.750414984 +0100
@@ -164,6 +164,17 @@
long numeric parameters is machine-dependent.
</para>
+ <para>
+ Please note that the parameters in this configuration file control the
+ behavior of the tools from the shadow-utils component. None of these
+ tools uses the PAM mechanism, and the utilities that use PAM (such as the
+ passwd command) should be configured elsewhere. The only values that
+ affect PAM modules are <emphasis>ENCRYPT_METHOD</emphasis> and <emphasis>SHA_CRYPT_MAX_ROUNDS</emphasis>
+ for pam_unix module, <emphasis>FAIL_DELAY</emphasis> for pam_faildelay module,
+ and <emphasis>UMASK</emphasis> for pam_umask module. Refer to
+ pam(8) for more information.
+ </para>
+
<para>The following configuration items are provided:</para>
<variablelist remap='IP'>
@@ -256,16 +267,6 @@
</listitem>
</varlistentry>
<varlistentry>
- <term>chfn</term>
- <listitem>
- <para>
- <phrase condition="no_pam">CHFN_AUTH</phrase>
- CHFN_RESTRICT
- <phrase condition="no_pam">LOGIN_STRING</phrase>
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
<term>chgpasswd</term>
<listitem>
<para>
@@ -286,14 +287,6 @@
</para>
</listitem>
</varlistentry>
- <varlistentry condition="no_pam">
- <term>chsh</term>
- <listitem>
- <para>
- CHSH_AUTH LOGIN_STRING
- </para>
- </listitem>
- </varlistentry>
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
<!-- faillog: no variables -->
<varlistentry>
@@ -359,34 +352,6 @@
<para>LASTLOG_UID_MAX</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term>login</term>
- <listitem>
- <para>
- <phrase condition="no_pam">CONSOLE</phrase>
- CONSOLE_GROUPS DEFAULT_HOME
- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
- ENV_TZ ENVIRON_FILE</phrase>
- ERASECHAR FAIL_DELAY
- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
- FAKE_SHELL
- <phrase condition="no_pam">FTMP_FILE</phrase>
- HUSHLOGIN_FILE
- <phrase condition="no_pam">ISSUE_FILE</phrase>
- KILLCHAR
- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
- LOGIN_RETRIES
- <phrase condition="no_pam">LOGIN_STRING</phrase>
- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
- QUOTAS_ENAB</phrase>
- TTYGROUP TTYPERM TTYTYPE_FILE
- <phrase condition="no_pam">ULIMIT UMASK</phrase>
- USERGROUPS_ENAB
- </para>
- </listitem>
- </varlistentry>
<!-- logoutd: no variables -->
<varlistentry>
<term>newgrp / sg</term>
@@ -415,17 +380,6 @@
</listitem>
</varlistentry>
<!-- nologin: no variables -->
- <varlistentry condition="no_pam">
- <term>passwd</term>
- <listitem>
- <para>
- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
- SHA_CRYPT_MIN_ROUNDS</phrase>
- </para>
- </listitem>
- </varlistentry>
<varlistentry>
<term>pwck</term>
<listitem>
@@ -452,32 +406,6 @@
</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term>su</term>
- <listitem>
- <para>
- <phrase condition="no_pam">CONSOLE</phrase>
- CONSOLE_GROUPS DEFAULT_HOME
- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
- ENV_PATH ENV_SUPATH
- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
- SULOG_FILE SU_NAME
- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
- SYSLOG_SU_ENAB
- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>sulogin</term>
- <listitem>
- <para>
- ENV_HZ
- <phrase condition="no_pam">ENV_TZ</phrase>
- </para>
- </listitem>
- </varlistentry>
<varlistentry>
<term>useradd</term>
<listitem>
diff -up shadow-4.8.1/man/shadow.5.xml.manfix shadow-4.8.1/man/shadow.5.xml
--- shadow-4.8.1/man/shadow.5.xml.manfix 2019-12-01 17:52:32.000000000 +0100
+++ shadow-4.8.1/man/shadow.5.xml 2020-03-17 15:34:48.750414984 +0100
@@ -129,7 +129,7 @@
<listitem>
<para>
The date of the last password change, expressed as the number
- of days since Jan 1, 1970.
+ of days since Jan 1, 1970 00:00 UTC.
</para>
<para>
The value 0 has a special meaning, which is that the user
@@ -208,8 +208,8 @@
</para>
<para>
After expiration of the password and this expiration period is
- elapsed, no login is possible using the current user's
- password. The user should contact her administrator.
+ elapsed, no login is possible for the user.
+ The user should contact her administrator.
</para>
<para>
An empty field means that there are no enforcement of an
@@ -224,7 +224,7 @@
<listitem>
<para>
The date of expiration of the account, expressed as the number
- of days since Jan 1, 1970.
+ of days since Jan 1, 1970 00:00 UTC.
</para>
<para>
Note that an account expiration differs from a password
diff -up shadow-4.8.1/man/useradd.8.xml.manfix shadow-4.8.1/man/useradd.8.xml
--- shadow-4.8.1/man/useradd.8.xml.manfix 2020-03-17 15:34:48.745414917 +0100
+++ shadow-4.8.1/man/useradd.8.xml 2020-03-17 15:34:48.751414997 +0100
@@ -359,6 +359,11 @@
<option>CREATE_HOME</option> is not enabled, no home
directories are created.
</para>
+ <para>
+ The directory where the user's home directory is created must
+ exist and have proper SELinux context and permissions. Otherwise
+ the user's home directory cannot be created or accessed.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
diff -up shadow-4.8.1/man/usermod.8.xml.manfix shadow-4.8.1/man/usermod.8.xml
--- shadow-4.8.1/man/usermod.8.xml.manfix 2019-12-20 06:58:23.000000000 +0100
+++ shadow-4.8.1/man/usermod.8.xml 2020-03-17 15:34:48.751414997 +0100
@@ -143,7 +143,8 @@
If the <option>-m</option>
option is given, the contents of the current home directory will
be moved to the new home directory, which is created if it does
- not already exist.
+ not already exist. If the current home directory does not exist
+ the new home directory will not be created.
</para>
</listitem>
</varlistentry>
@@ -205,6 +206,12 @@
The group ownership of files outside of the user's home directory
must be fixed manually.
</para>
+ <para>
+ The change of the group ownership of files inside of the user's
+ home directory is also not done if the home dir owner uid is
+ different from the current or new user id. This is safety measure
+ for special home directories such as <filename>/</filename>.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -267,7 +274,8 @@
<listitem>
<para>
Move the content of the user's home directory to the new
- location.
+ location. If the current home directory does not exist
+ the new home directory will not be created.
</para>
<para>
This option is only valid in combination with the
@@ -381,6 +389,12 @@
must be fixed manually.
</para>
<para>
+ The change of the user ownership of files inside of the user's
+ home directory is also not done if the home dir owner uid is
+ different from the current or new user id. This is safety measure
+ for special home directories such as <filename>/</filename>.
+ </para>
+ <para>
No checks will be performed with regard to the
<option>UID_MIN</option>, <option>UID_MAX</option>,
<option>SYS_UID_MIN</option>, or <option>SYS_UID_MAX</option>
Reference in New Issue Copy Permalink