diff -up shadow-4.8/man/chage.1.xml.manfix shadow-4.8/man/chage.1.xml
--- shadow-4.8/man/chage.1.xml.manfix 2019-10-05 01:28:34.000000000 +0200
+++ shadow-4.8/man/chage.1.xml 2020-01-13 10:12:48.445155882 +0100
@@ -102,6 +102,9 @@
Set the number of days since January 1st, 1970 when the password
was last changed. The date may also be expressed in the format
YYYY-MM-DD (or the format more commonly used in your area).
+ If the LAST_DAY is set to
+ 0 the user is forced to change his password
+ on the next log on.
@@ -119,6 +122,13 @@
system again.
+ For example the following can be used to set an account to expire
+ in 180 days:
+
+
+ chage -E $(date -d +180days +%Y-%m-%d)
+
+
Passing the number -1 as the
EXPIRE_DATE will remove an account
expiration date.
@@ -239,6 +249,18 @@
The chage program requires a shadow password file to
be available.
+
+ The chage program will report only the information from the shadow
+ password file. This implies that configuration from other sources
+ (e.g. LDAP or empty password hash field from the passwd file) that
+ affect the user's login will not be shown in the chage output.
+
+
+ The chage program will also not report any
+ inconsistency between the shadow and passwd files (e.g. missing x in
+ the passwd file). The pwck can be used to check
+ for this kind of inconsistencies.
+ The chage command is restricted to the root
user, except for the option, which may be used by
an unprivileged user to determine when their password or account is due
diff -up shadow-4.8/man/groupadd.8.xml.manfix shadow-4.8/man/groupadd.8.xml
--- shadow-4.8/man/groupadd.8.xml.manfix 2020-01-13 10:12:48.432156100 +0100
+++ shadow-4.8/man/groupadd.8.xml 2020-01-13 10:13:06.096859122 +0100
@@ -320,13 +320,13 @@
4
- GID not unique (when not used)
+ GID is already used (when called without )9
- group name not unique
+ group name is already used
diff -up shadow-4.8/man/groupmems.8.xml.manfix shadow-4.8/man/groupmems.8.xml
--- shadow-4.8/man/groupmems.8.xml.manfix 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/man/groupmems.8.xml 2020-01-13 10:12:48.445155882 +0100
@@ -179,20 +179,10 @@
SETUP
- The groupmems executable should be in mode
- 2770 as user root and in group
- groups. The system administrator can add users to
- group groups to allow or disallow them using the
- groupmems utility to manage their own group
- membership list.
+ In this operating system the groupmems executable
+ is not setuid and regular users cannot use it to manipulate
+ the membership of their own group.
-
-
- $ groupadd -r groups
- $ chmod 2770 groupmems
- $ chown root.groups groupmems
- $ groupmems -g groups -a gk4
-
diff -up shadow-4.8/man/ja/man5/login.defs.5.manfix shadow-4.8/man/ja/man5/login.defs.5
--- shadow-4.8/man/ja/man5/login.defs.5.manfix 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/man/ja/man5/login.defs.5 2020-01-13 10:12:48.445155882 +0100
@@ -147,10 +147,6 @@ 以下の参照表は、
shadow パスワード機能のどのプログラムが
どのパラメータを使用するかを示したものである。
.na
-.IP chfn 12
-CHFN_AUTH CHFN_RESTRICT
-.IP chsh 12
-CHFN_AUTH
.IP groupadd 12
GID_MAX GID_MIN
.IP newusers 12
diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
--- shadow-4.8/man/login.defs.5.xml.manfix 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/man/login.defs.5.xml 2020-01-13 10:14:10.491776547 +0100
@@ -163,6 +163,17 @@
long numeric parameters is machine-dependent.
+
+ Please note that the parameters in this configuration file control the
+ behavior of the tools from the shadow-utils component. None of these
+ tools uses the PAM mechanism, and the utilities that use PAM (such as the
+ passwd command) should be configured elsewhere. The only values that
+ affect PAM modules are ENCRYPT_METHOD and SHA_CRYPT_MAX_ROUNDS
+ for pam_unix module, FAIL_DELAY for pam_faildelay module,
+ and UMASK for pam_umask module. Refer to
+ pam(8) for more information.
+
+
The following configuration items are provided:
@@ -254,16 +265,6 @@
- chfn
-
-
- CHFN_AUTH
- CHFN_RESTRICT
- LOGIN_STRING
-
-
-
- chgpasswd
@@ -284,14 +285,6 @@
-
- chsh
-
-
- CHSH_AUTH LOGIN_STRING
-
-
-
@@ -357,34 +350,6 @@
LASTLOG_UID_MAX
-
- login
-
-
- CONSOLE
- CONSOLE_GROUPS DEFAULT_HOME
- ENV_HZ ENV_PATH ENV_SUPATH
- ENV_TZ ENVIRON_FILE
- ERASECHAR FAIL_DELAY
- FAILLOG_ENAB
- FAKE_SHELL
- FTMP_FILE
- HUSHLOGIN_FILE
- ISSUE_FILE
- KILLCHAR
- LASTLOG_ENAB LASTLOG_UID_MAX
- LOGIN_RETRIES
- LOGIN_STRING
- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
- MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
- QUOTAS_ENAB
- TTYGROUP TTYPERM TTYTYPE_FILE
- ULIMIT UMASK
- USERGROUPS_ENAB
-
-
- newgrp / sg
@@ -412,17 +377,6 @@
-
- passwd
-
-
- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
- SHA_CRYPT_MAX_ROUNDS
- SHA_CRYPT_MIN_ROUNDS
-
-
- pwck
@@ -449,32 +403,6 @@
-
- su
-
-
- CONSOLE
- CONSOLE_GROUPS DEFAULT_HOME
- ENV_HZ ENVIRON_FILE
- ENV_PATH ENV_SUPATH
- ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
- MAIL_DIR MAIL_FILE QUOTAS_ENAB
- SULOG_FILE SU_NAME
- SU_WHEEL_ONLY
- SYSLOG_SU_ENAB
- USERGROUPS_ENAB
-
-
-
-
- sulogin
-
-
- ENV_HZ
- ENV_TZ
-
-
- useradd
diff -up shadow-4.8/man/shadow.5.xml.manfix shadow-4.8/man/shadow.5.xml
--- shadow-4.8/man/shadow.5.xml.manfix 2019-12-01 17:52:32.000000000 +0100
+++ shadow-4.8/man/shadow.5.xml 2020-01-13 10:12:48.446155865 +0100
@@ -129,7 +129,7 @@
The date of the last password change, expressed as the number
- of days since Jan 1, 1970.
+ of days since Jan 1, 1970 00:00 UTC.
The value 0 has a special meaning, which is that the user
@@ -208,8 +208,8 @@
After expiration of the password and this expiration period is
- elapsed, no login is possible using the current user's
- password. The user should contact her administrator.
+ elapsed, no login is possible for the user.
+ The user should contact her administrator.
An empty field means that there are no enforcement of an
@@ -224,7 +224,7 @@
The date of expiration of the account, expressed as the number
- of days since Jan 1, 1970.
+ of days since Jan 1, 1970 00:00 UTC.
Note that an account expiration differs from a password
diff -up shadow-4.8/man/useradd.8.xml.manfix shadow-4.8/man/useradd.8.xml
--- shadow-4.8/man/useradd.8.xml.manfix 2020-01-13 10:12:48.432156100 +0100
+++ shadow-4.8/man/useradd.8.xml 2020-01-13 10:12:48.446155865 +0100
@@ -358,6 +358,11 @@
is not enabled, no home
directories are created.
+
+ The directory where the user's home directory is created must
+ exist and have proper SELinux context and permissions. Otherwise
+ the user's home directory cannot be created or accessed.
+
diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
--- shadow-4.8/man/usermod.8.xml.manfix 2019-10-05 03:23:58.000000000 +0200
+++ shadow-4.8/man/usermod.8.xml 2020-01-13 10:12:48.446155865 +0100
@@ -153,7 +153,8 @@
If the
option is given, the contents of the current home directory will
be moved to the new home directory, which is created if it does
- not already exist.
+ not already exist. If the current home directory does not exist
+ the new home directory will not be created.
@@ -215,6 +216,12 @@
The group ownership of files outside of the user's home directory
must be fixed manually.
+
+ The change of the group ownership of files inside of the user's
+ home directory is also not done if the home dir owner uid is
+ different from the current or new user id. This is safety measure
+ for special home directories such as /.
+
@@ -277,7 +284,8 @@
Move the content of the user's home directory to the new
- location.
+ location. If the current home directory does not exist
+ the new home directory will not be created.
This option is only valid in combination with the
@@ -391,6 +399,12 @@
must be fixed manually.
+ The change of the user ownership of files inside of the user's
+ home directory is also not done if the home dir owner uid is
+ different from the current or new user id. This is safety measure
+ for special home directories such as /.
+
+
No checks will be performed with regard to the
, ,
, or