2020-11-24 10:09:37 +00:00
|
|
|
diff -up shadow-4.6/man/groupmems.8.xml.manfix shadow-4.6/man/groupmems.8.xml
|
|
|
|
--- shadow-4.6/man/groupmems.8.xml.manfix 2018-04-29 18:42:37.000000000 +0200
|
|
|
|
+++ shadow-4.6/man/groupmems.8.xml 2020-10-23 13:15:24.105387634 +0200
|
2020-05-14 22:43:01 +00:00
|
|
|
@@ -179,20 +179,10 @@
|
|
|
|
<refsect1 id='setup'>
|
|
|
|
<title>SETUP</title>
|
|
|
|
<para>
|
|
|
|
- The <command>groupmems</command> executable should be in mode
|
|
|
|
- <literal>2770</literal> as user <emphasis>root</emphasis> and in group
|
|
|
|
- <emphasis>groups</emphasis>. The system administrator can add users to
|
|
|
|
- group <emphasis>groups</emphasis> to allow or disallow them using the
|
|
|
|
- <command>groupmems</command> utility to manage their own group
|
|
|
|
- membership list.
|
|
|
|
+ In this operating system the <command>groupmems</command> executable
|
|
|
|
+ is not setuid and regular users cannot use it to manipulate
|
|
|
|
+ the membership of their own group.
|
|
|
|
</para>
|
|
|
|
-
|
|
|
|
- <programlisting>
|
|
|
|
- $ groupadd -r groups
|
|
|
|
- $ chmod 2770 groupmems
|
|
|
|
- $ chown root.groups groupmems
|
|
|
|
- $ groupmems -g groups -a gk4
|
|
|
|
- </programlisting>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1 id='configuration'>
|
2020-11-24 10:09:37 +00:00
|
|
|
diff -up shadow-4.6/man/chage.1.xml.manfix shadow-4.6/man/chage.1.xml
|
|
|
|
--- shadow-4.6/man/chage.1.xml.manfix 2018-04-29 18:42:37.000000000 +0200
|
|
|
|
+++ shadow-4.6/man/chage.1.xml 2020-10-23 13:15:24.105387634 +0200
|
2020-05-14 22:43:01 +00:00
|
|
|
@@ -102,6 +102,9 @@
|
|
|
|
Set the number of days since January 1st, 1970 when the password
|
|
|
|
was last changed. The date may also be expressed in the format
|
|
|
|
YYYY-MM-DD (or the format more commonly used in your area).
|
|
|
|
+ If the <replaceable>LAST_DAY</replaceable> is set to
|
|
|
|
+ <emphasis>0</emphasis> the user is forced to change his password
|
|
|
|
+ on the next log on.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
@@ -119,6 +122,13 @@
|
|
|
|
system again.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
+ For example the following can be used to set an account to expire
|
|
|
|
+ in 180 days:
|
|
|
|
+ </para>
|
|
|
|
+ <programlisting>
|
|
|
|
+ chage -E $(date -d +180days +%Y-%m-%d)
|
|
|
|
+ </programlisting>
|
|
|
|
+ <para>
|
|
|
|
Passing the number <emphasis remap='I'>-1</emphasis> as the
|
|
|
|
<replaceable>EXPIRE_DATE</replaceable> will remove an account
|
|
|
|
expiration date.
|
|
|
|
@@ -233,6 +243,18 @@
|
|
|
|
The <command>chage</command> program requires a shadow password file to
|
|
|
|
be available.
|
|
|
|
</para>
|
|
|
|
+ <para>
|
|
|
|
+ The chage program will report only the information from the shadow
|
|
|
|
+ password file. This implies that configuration from other sources
|
|
|
|
+ (e.g. LDAP or empty password hash field from the passwd file) that
|
|
|
|
+ affect the user's login will not be shown in the chage output.
|
|
|
|
+ </para>
|
|
|
|
+ <para>
|
|
|
|
+ The <command>chage</command> program will also not report any
|
|
|
|
+ inconsistency between the shadow and passwd files (e.g. missing x in
|
|
|
|
+ the passwd file). The <command>pwck</command> can be used to check
|
|
|
|
+ for this kind of inconsistencies.
|
|
|
|
+ </para>
|
|
|
|
<para>The <command>chage</command> command is restricted to the root
|
|
|
|
user, except for the <option>-l</option> option, which may be used by
|
|
|
|
an unprivileged user to determine when their password or account is due
|
2020-11-24 10:09:37 +00:00
|
|
|
diff -up shadow-4.6/man/ja/man5/login.defs.5.manfix shadow-4.6/man/ja/man5/login.defs.5
|
|
|
|
--- shadow-4.6/man/ja/man5/login.defs.5.manfix 2018-04-29 18:42:37.000000000 +0200
|
|
|
|
+++ shadow-4.6/man/ja/man5/login.defs.5 2020-10-23 13:15:24.106387639 +0200
|
|
|
|
@@ -147,10 +147,6 @@ 以下の参照表は、
|
2020-05-14 22:43:01 +00:00
|
|
|
shadow パスワード機能のどのプログラムが
|
|
|
|
どのパラメータを使用するかを示したものである。
|
|
|
|
.na
|
|
|
|
-.IP chfn 12
|
|
|
|
-CHFN_AUTH CHFN_RESTRICT
|
|
|
|
-.IP chsh 12
|
|
|
|
-CHFN_AUTH
|
|
|
|
.IP groupadd 12
|
|
|
|
GID_MAX GID_MIN
|
|
|
|
.IP newusers 12
|
2020-11-24 10:09:37 +00:00
|
|
|
diff -up shadow-4.6/man/login.defs.5.xml.manfix shadow-4.6/man/login.defs.5.xml
|
|
|
|
--- shadow-4.6/man/login.defs.5.xml.manfix 2018-04-29 18:42:37.000000000 +0200
|
|
|
|
+++ shadow-4.6/man/login.defs.5.xml 2020-10-23 13:15:43.280475188 +0200
|
|
|
|
@@ -162,6 +162,27 @@
|
2020-05-14 22:43:01 +00:00
|
|
|
long numeric parameters is machine-dependent.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
+ <para>
|
|
|
|
+ Please note that the parameters in this configuration file control the
|
|
|
|
+ behavior of the tools from the shadow-utils component. None of these
|
|
|
|
+ tools uses the PAM mechanism, and the utilities that use PAM (such as the
|
|
|
|
+ passwd command) should be configured elsewhere. The only values that
|
|
|
|
+ affect PAM modules are <emphasis>ENCRYPT_METHOD</emphasis> and <emphasis>SHA_CRYPT_MAX_ROUNDS</emphasis>
|
|
|
|
+ for pam_unix module, <emphasis>FAIL_DELAY</emphasis> for pam_faildelay module,
|
|
|
|
+ and <emphasis>UMASK</emphasis> for pam_umask module. Refer to
|
|
|
|
+ pam(8) for more information.
|
|
|
|
+ </para>
|
2020-11-24 10:09:37 +00:00
|
|
|
+
|
|
|
|
+ <para>
|
|
|
|
+ Please also take into account that this man page is generic and some of
|
|
|
|
+ the options may be unsupported by currently installed tools. In case of
|
|
|
|
+ doubt check <xref linkend="cross_references"/> and
|
|
|
|
+ <xref linkend="see_also"/>. For example see
|
|
|
|
+ <citerefentry><refentrytitle>login</refentrytitle>
|
|
|
|
+ <manvolnum>1</manvolnum></citerefentry> for login specific options such
|
|
|
|
+ as <emphasis>LOGIN_STRING</emphasis>.
|
|
|
|
+ </para>
|
2020-05-14 22:43:01 +00:00
|
|
|
+
|
|
|
|
<para>The following configuration items are provided:</para>
|
|
|
|
|
|
|
|
<variablelist remap='IP'>
|
2020-11-24 10:09:37 +00:00
|
|
|
@@ -252,16 +273,6 @@
|
2020-05-14 22:43:01 +00:00
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
- <term>chfn</term>
|
|
|
|
- <listitem>
|
|
|
|
- <para>
|
|
|
|
- <phrase condition="no_pam">CHFN_AUTH</phrase>
|
|
|
|
- CHFN_RESTRICT
|
|
|
|
- <phrase condition="no_pam">LOGIN_STRING</phrase>
|
|
|
|
- </para>
|
|
|
|
- </listitem>
|
|
|
|
- </varlistentry>
|
|
|
|
- <varlistentry>
|
|
|
|
<term>chgpasswd</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
2020-11-24 10:09:37 +00:00
|
|
|
@@ -282,14 +293,6 @@
|
2020-05-14 22:43:01 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
- <varlistentry condition="no_pam">
|
|
|
|
- <term>chsh</term>
|
|
|
|
- <listitem>
|
|
|
|
- <para>
|
|
|
|
- CHSH_AUTH LOGIN_STRING
|
|
|
|
- </para>
|
|
|
|
- </listitem>
|
|
|
|
- </varlistentry>
|
|
|
|
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
|
|
|
|
<!-- faillog: no variables -->
|
|
|
|
<varlistentry>
|
2020-11-24 10:09:37 +00:00
|
|
|
@@ -350,34 +353,6 @@
|
2020-05-14 22:43:01 +00:00
|
|
|
</varlistentry>
|
|
|
|
<!-- id: no variables -->
|
|
|
|
<!-- lastlog: no variables -->
|
|
|
|
- <varlistentry>
|
|
|
|
- <term>login</term>
|
|
|
|
- <listitem>
|
|
|
|
- <para>
|
|
|
|
- <phrase condition="no_pam">CONSOLE</phrase>
|
|
|
|
- CONSOLE_GROUPS DEFAULT_HOME
|
|
|
|
- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
|
|
|
|
- ENV_TZ ENVIRON_FILE</phrase>
|
|
|
|
- ERASECHAR FAIL_DELAY
|
|
|
|
- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
|
|
|
|
- FAKE_SHELL
|
|
|
|
- <phrase condition="no_pam">FTMP_FILE</phrase>
|
|
|
|
- HUSHLOGIN_FILE
|
|
|
|
- <phrase condition="no_pam">ISSUE_FILE</phrase>
|
|
|
|
- KILLCHAR
|
|
|
|
- <phrase condition="no_pam">LASTLOG_ENAB</phrase>
|
|
|
|
- LOGIN_RETRIES
|
|
|
|
- <phrase condition="no_pam">LOGIN_STRING</phrase>
|
|
|
|
- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
|
|
|
|
- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
|
|
|
|
- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
|
|
|
|
- QUOTAS_ENAB</phrase>
|
|
|
|
- TTYGROUP TTYPERM TTYTYPE_FILE
|
|
|
|
- <phrase condition="no_pam">ULIMIT UMASK</phrase>
|
|
|
|
- USERGROUPS_ENAB
|
|
|
|
- </para>
|
|
|
|
- </listitem>
|
|
|
|
- </varlistentry>
|
|
|
|
<!-- logoutd: no variables -->
|
|
|
|
<varlistentry>
|
|
|
|
<term>newgrp / sg</term>
|
2020-11-24 10:09:37 +00:00
|
|
|
@@ -405,17 +380,6 @@
|
2020-05-14 22:43:01 +00:00
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<!-- nologin: no variables -->
|
|
|
|
- <varlistentry condition="no_pam">
|
|
|
|
- <term>passwd</term>
|
|
|
|
- <listitem>
|
|
|
|
- <para>
|
|
|
|
- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
|
|
|
|
- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
|
|
|
|
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
|
|
|
|
- SHA_CRYPT_MIN_ROUNDS</phrase>
|
|
|
|
- </para>
|
|
|
|
- </listitem>
|
|
|
|
- </varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>pwck</term>
|
|
|
|
<listitem>
|
2020-11-24 10:09:37 +00:00
|
|
|
@@ -442,32 +406,6 @@
|
2020-05-14 22:43:01 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
- <varlistentry>
|
|
|
|
- <term>su</term>
|
|
|
|
- <listitem>
|
|
|
|
- <para>
|
|
|
|
- <phrase condition="no_pam">CONSOLE</phrase>
|
|
|
|
- CONSOLE_GROUPS DEFAULT_HOME
|
|
|
|
- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
|
|
|
|
- ENV_PATH ENV_SUPATH
|
|
|
|
- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
|
|
|
|
- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
|
|
|
|
- SULOG_FILE SU_NAME
|
|
|
|
- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
|
|
|
|
- SYSLOG_SU_ENAB
|
|
|
|
- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
|
|
|
|
- </para>
|
|
|
|
- </listitem>
|
|
|
|
- </varlistentry>
|
|
|
|
- <varlistentry>
|
|
|
|
- <term>sulogin</term>
|
|
|
|
- <listitem>
|
|
|
|
- <para>
|
|
|
|
- ENV_HZ
|
|
|
|
- <phrase condition="no_pam">ENV_TZ</phrase>
|
|
|
|
- </para>
|
|
|
|
- </listitem>
|
|
|
|
- </varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term>useradd</term>
|
|
|
|
<listitem>
|
2020-11-24 10:09:37 +00:00
|
|
|
diff -up shadow-4.6/man/shadow.5.xml.manfix shadow-4.6/man/shadow.5.xml
|
|
|
|
--- shadow-4.6/man/shadow.5.xml.manfix 2018-04-29 18:42:37.000000000 +0200
|
|
|
|
+++ shadow-4.6/man/shadow.5.xml 2020-10-23 13:15:24.106387639 +0200
|
2020-05-14 22:43:01 +00:00
|
|
|
@@ -129,7 +129,7 @@
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
The date of the last password change, expressed as the number
|
|
|
|
- of days since Jan 1, 1970.
|
|
|
|
+ of days since Jan 1, 1970 00:00 UTC.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
The value 0 has a special meaning, which is that the user
|
|
|
|
@@ -208,8 +208,8 @@
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
After expiration of the password and this expiration period is
|
|
|
|
- elapsed, no login is possible using the current user's
|
|
|
|
- password. The user should contact her administrator.
|
|
|
|
+ elapsed, no login is possible for the user.
|
|
|
|
+ The user should contact her administrator.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
An empty field means that there are no enforcement of an
|
|
|
|
@@ -224,7 +224,7 @@
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
The date of expiration of the account, expressed as the number
|
|
|
|
- of days since Jan 1, 1970.
|
|
|
|
+ of days since Jan 1, 1970 00:00 UTC.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Note that an account expiration differs from a password
|
2020-11-24 10:09:37 +00:00
|
|
|
diff -up shadow-4.6/man/useradd.8.xml.manfix shadow-4.6/man/useradd.8.xml
|
|
|
|
--- shadow-4.6/man/useradd.8.xml.manfix 2020-10-23 13:15:24.100387611 +0200
|
|
|
|
+++ shadow-4.6/man/useradd.8.xml 2020-10-23 13:15:24.106387639 +0200
|
2020-05-14 22:43:01 +00:00
|
|
|
@@ -347,6 +347,11 @@
|
|
|
|
<option>CREATE_HOME</option> is not enabled, no home
|
|
|
|
directories are created.
|
|
|
|
</para>
|
|
|
|
+ <para>
|
|
|
|
+ The directory where the user's home directory is created must
|
|
|
|
+ exist and have proper SELinux context and permissions. Otherwise
|
|
|
|
+ the user's home directory cannot be created or accessed.
|
|
|
|
+ </para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
2020-11-24 10:09:37 +00:00
|
|
|
diff -up shadow-4.6/man/usermod.8.xml.manfix shadow-4.6/man/usermod.8.xml
|
|
|
|
--- shadow-4.6/man/usermod.8.xml.manfix 2018-04-29 18:42:37.000000000 +0200
|
|
|
|
+++ shadow-4.6/man/usermod.8.xml 2020-10-23 13:15:24.106387639 +0200
|
2020-05-14 22:43:01 +00:00
|
|
|
@@ -132,7 +132,8 @@
|
|
|
|
If the <option>-m</option>
|
|
|
|
option is given, the contents of the current home directory will
|
|
|
|
be moved to the new home directory, which is created if it does
|
|
|
|
- not already exist.
|
|
|
|
+ not already exist. If the current home directory does not exist
|
|
|
|
+ the new home directory will not be created.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
@@ -256,7 +257,8 @@
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Move the content of the user's home directory to the new
|
|
|
|
- location.
|
|
|
|
+ location. If the current home directory does not exist
|
|
|
|
+ the new home directory will not be created.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
This option is only valid in combination with the
|
2020-11-24 10:09:37 +00:00
|
|
|
diff -up shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml.manfix shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml
|
|
|
|
--- shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml.manfix 2018-04-29 18:42:37.000000000 +0200
|
|
|
|
+++ shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml 2020-10-23 13:15:24.106387639 +0200
|
2020-05-14 22:43:01 +00:00
|
|
|
@@ -42,7 +42,7 @@
|
|
|
|
<para>
|
|
|
|
The default values for <option>SUB_GID_MIN</option>,
|
|
|
|
<option>SUB_GID_MAX</option>, <option>SUB_GID_COUNT</option>
|
|
|
|
- are respectively 100000, 600100000 and 10000.
|
|
|
|
+ are respectively 100000, 600100000 and 65536.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
2020-11-24 10:09:37 +00:00
|
|
|
diff -up shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml.manfix shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml
|
|
|
|
--- shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml.manfix 2018-04-29 18:42:37.000000000 +0200
|
|
|
|
+++ shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml 2020-10-23 13:15:24.106387639 +0200
|
2020-05-14 22:43:01 +00:00
|
|
|
@@ -42,7 +42,7 @@
|
|
|
|
<para>
|
|
|
|
The default values for <option>SUB_UID_MIN</option>,
|
|
|
|
<option>SUB_UID_MAX</option>, <option>SUB_UID_COUNT</option>
|
|
|
|
- are respectively 100000, 600100000 and 10000.
|
|
|
|
+ are respectively 100000, 600100000 and 65536.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
diff -up shadow-4.6/man/groupadd.8.xml.manfix shadow-4.6/man/groupadd.8.xml
|
2020-11-24 10:09:37 +00:00
|
|
|
--- shadow-4.6/man/groupadd.8.xml.manfix 2020-10-23 13:15:24.100387611 +0200
|
|
|
|
+++ shadow-4.6/man/groupadd.8.xml 2020-10-23 13:15:24.106387639 +0200
|
|
|
|
@@ -322,13 +322,13 @@
|
2020-05-14 22:43:01 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term><replaceable>4</replaceable></term>
|
|
|
|
<listitem>
|
|
|
|
- <para>GID not unique (when <option>-o</option> not used)</para>
|
|
|
|
+ <para>GID is already used (when called without <option>-o</option>)</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
|
|
<term><replaceable>9</replaceable></term>
|
|
|
|
<listitem>
|
|
|
|
- <para>group name not unique</para>
|
|
|
|
+ <para>group name is already used</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|