[l10n-russian CVS] shadow/man chage.1.xml, 1.2, 1.3 chfn.1.xml, 1.2, 1.3 chpasswd.8.xml, 1.2, 1.3 chsh.1.xml, 1.2, 1.3 expiry.1.xml, 1.2, 1.3 faillog.5.xml, 1.2, 1.3 faillog.8.xml, 1.2, 1.3 getspnam.3.xml, 1.2, 1.3 gpasswd.1.xml, 1.2, 1.3 groupadd.8.xml, 1.2, 1.3 groupdel.8.xml, 1.2, 1.3 groupmems.8.xml, 1.2, 1.3 groupmod.8.xml, 1.2, 1.3 groups.1.xml, 1.2, 1.3 grpck.8.xml, 1.2, 1.3 grpconv.8.xml, 1.2, 1.3 grpunconv.8.xml, 1.2, 1.3 gshadow.5.xml, 1.2, 1.3 id.1.xml, 1.2, 1.3 lastlog.8.xml, 1.2, 1.3 limits.5.xml, 1.2, 1.3 login.1.xml, 1.2, 1.3 login.access.5.xml, 1.2, 1.3 login.defs.5.xml, 1.2, 1.3 logoutd.8.xml, 1.2, 1.3 newgrp.1.xml, 1.2, 1.3 newusers.8.xml, 1.2, 1.3 nologin.8.xml, 1.2, 1.3 passwd.1.xml, 1.2, 1.3 passwd.5.xml, 1.2, 1.3 porttime.5.xml, 1.2, 1.3 pw_auth.3.xml, 1.2, 1.3 pwck.8.xml, 1.2, 1.3 pwconv.8.xml, 1.2, 1.3 pwunconv.8.xml, 1.2, 1.3 sg.1.xml, 1.2, 1.3 shadow.3.xml, 1.2, 1.3 shadow.5.xml, 1.2, 1.3 su.1.xml, 1.2, 1.3 suauth.5.xml, 1.2, 1.3 sulogin.8.xml, 1.2, 1.3 useradd.8.xml, 1.2, 1.3 userdel.8.xml, 1.2, 1.3 usermod.8.xml, 1.2, 1.3 vigr.8.xml, 1.2, 1.3 vipw.8.xml, 1.2, 1.3

Yuri Kozlov yuray-guest at alioth.debian.org
Tue Feb 7 18:25:37 UTC 2006


Update of /cvsroot/l10n-russian/shadow/man
In directory haydn:/tmp/cvs-serv4728

Added Files:
	chage.1.xml chfn.1.xml chpasswd.8.xml chsh.1.xml expiry.1.xml 
	faillog.5.xml faillog.8.xml getspnam.3.xml gpasswd.1.xml 
	groupadd.8.xml groupdel.8.xml groupmems.8.xml groupmod.8.xml 
	groups.1.xml grpck.8.xml grpconv.8.xml grpunconv.8.xml 
	gshadow.5.xml id.1.xml lastlog.8.xml limits.5.xml login.1.xml 
	login.access.5.xml login.defs.5.xml logoutd.8.xml newgrp.1.xml 
	newusers.8.xml nologin.8.xml passwd.1.xml passwd.5.xml 
	porttime.5.xml pw_auth.3.xml pwck.8.xml pwconv.8.xml 
	pwunconv.8.xml sg.1.xml shadow.3.xml shadow.5.xml su.1.xml 
	suauth.5.xml sulogin.8.xml useradd.8.xml userdel.8.xml 
	usermod.8.xml vigr.8.xml vipw.8.xml 
Log Message:
Put the Right files

--- NEW FILE: pwck.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='pwck.8'>
  <!-- $Id: pwck.8.xml,v 1.16 2005/12/02 22:20:23 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>pwck</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>pwck</refname>
    <refpurpose>verify integrity of password files</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>pwck</command>
      <arg choice='opt'>-q </arg>
      <arg choice='opt'>-s </arg>
      <arg choice='opt'>
	<arg choice='plain'>
	  <replaceable>passwd</replaceable>
	</arg>
	<arg choice='plain'>
	  <replaceable>shadow</replaceable>
	</arg>
      </arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>pwck</command>
      <arg choice='opt'>-q </arg>
      <arg choice='opt'>-r </arg>
      <arg choice='opt'>
	<arg choice='plain'>
	  <replaceable>passwd</replaceable>
	</arg>
	<arg choice='plain'>
	  <replaceable>shadow</replaceable>
	</arg>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>pwck</command> verifies the integrity of the system
      authentication information. All entries in the
      <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
      are checked to see that the entry has the proper format and valid data
      in each field. The user is prompted to delete entries that are
      improperly formatted or which have other uncorrectable errors.
    </para>

    <para>Checks are made to verify that each entry has:</para>
    <itemizedlist mark='bullet'>
      <listitem>
	<para>the correct number of fields</para>
      </listitem>
      <listitem>
	<para>a unique user name</para>
      </listitem>
      <listitem>
	<para>a valid user and group identifier</para>
      </listitem>
      <listitem>
	<para>a valid primary group</para>
      </listitem>
      <listitem>
	<para> a valid home directory</para>
      </listitem>
      <listitem>
	<para>a valid login shell</para>
      </listitem>
    </itemizedlist>

    <para>
      The checks for correct number of fields and unique user name are
      fatal. If the entry has the wrong number of fields, the user will be
      prompted to delete the entire line. If the user does not answer
      affirmatively, all further checks are bypassed. An entry with a
      duplicated user name is prompted for deletion, but the remaining
      checks will still be made. All other errors are warning and the user
      is encouraged to run the <command>usermod</command> command to correct
      the error.
    </para>

    <para>
      The commands which operate on the <filename>/etc/passwd</filename>
      file are not able to alter corrupted or duplicated entries.
      <command>pwck</command> should be used in those circumstances to
      remove the offending entry.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>pwck</command> command are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-q</option>
	</term>
	<listitem>
	  <para>
            Report errors only. The warnings which do not require any
            action from the user won't be displayed.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-r</option>
	</term>
	<listitem>
	  <para>
	    Execute the <command>pwck</command> command in read-only mode.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-s</option>
	</term>
	<listitem>
	  <para>
	    Sort entries in <filename>/etc/passwd</filename> and
	    <filename>/etc/shadow</filename> by UID.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>

    <para>
      By default, <command>pwck</command> operates on the files
      <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>.
      The user may select alternate files with the <emphasis
      remap='I'>passwd</emphasis> and <emphasis remap='I'>shadow</emphasis>
      parameters.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para><citerefentry>
	<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>

  <refsect1 id='exit_values'>
    <title>EXIT VALUES</title>
    <para>
      The <command>pwck</command> command exits with the following values:
      <variablelist>
	<varlistentry>
	  <term><replaceable>0</replaceable></term>
	  <listitem>
	    <para>success</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>1</replaceable></term>
	  <listitem>
	    <para>invalid command syntax</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>2</replaceable></term>
	  <listitem>
	    <para>one or more bad password entries</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>3</replaceable></term>
	  <listitem>
	    <para>can't open password files</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>4</replaceable></term>
	  <listitem>
	    <para>can't lock password files</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>5</replaceable></term>
	  <listitem>
	    <para>can't update password files</para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </para>
  </refsect1>
</refentry>

--- NEW FILE: shadow.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='shadow.5'>
  <!-- $Id: shadow.5.xml,v 1.16 2005/11/05 17:17:30 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>shadow</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>shadow</refname>
    <refpurpose>encrypted password file</refpurpose>
  </refnamediv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <emphasis remap='I'>shadow</emphasis> contains the encrypted password
      information for user's accounts and optional the password aging
      information. Included is:
    </para>
    <itemizedlist mark='bullet'>
      <listitem>
	<para>login name</para>
      </listitem>
      <listitem>
	<para>encrypted password</para>
      </listitem>
      <listitem>
	<para>days since Jan 1, 1970 that password was last changed</para>
      </listitem>
      <listitem>
	<para>days before password may be changed</para>
      </listitem>
      <listitem>
	<para>days after which password must be changed</para>
      </listitem>
      <listitem>
	<para>days before password is to expire that user is warned</para>
      </listitem>
      <listitem>
	<para>days after password expires that account is disabled</para>
      </listitem>
      <listitem>
	<para>days since Jan 1, 1970 that account is disabled</para>
      </listitem>
      <listitem>
	<para>a reserved field</para>
      </listitem>
    </itemizedlist>

    <para>
      The password field must be filled. The encrypted password consists of
      13 to 24 characters from the 64 characters alphabet a thru z, A thru
      Z, 0 thru 9, \. and /. Optionally it can start with a "$" character.
      This means the encrypted password was generated using another (not
      DES) algorithm. For example if it starts with "$1$" it means the
      MD5-based algorithm was used.
    </para>

    <para>
      Refer to
      <citerefentry>
	<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>
      for details on how this string is interpreted.
    </para>

     <para>
       If the password field contains some string that is not valid result
       of <citerefentry><refentrytitle>crypt</refentrytitle>
       <manvolnum>3</manvolnum> </citerefentry>, for instance ! or *, the
       user will not be able to use a unix password to log in, subject to
       <citerefentry><refentrytitle>pam</refentrytitle>
       <manvolnum>7</manvolnum></citerefentry>.
     </para>

    <para>
      The date of the last password change is given as the number of days
      since Jan 1, 1970. The password may not be changed again until the
      proper number of days have passed, and must be changed after the
      maximum number of days. If the minimum number of days required is
      greater than the maximum number of day allowed, this password may not
      be changed by the user.
    </para>

    <para>
      An account is considered to be inactive and is disabled if the
      password is not changed within the specified number of days after the
      password expires. An account will also be disabled on the specified
      day regardless of other password expiration information.
    </para>

    <para>
      This information supersedes any password or password age information
      present in <filename>/etc/passwd</filename>.
    </para>

    <para>
      This file must not be readable by regular users if password security
      is to be maintained.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para><citerefentry>
	<refentrytitle>chage</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pwconv</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pwunconv</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>sulogin</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: groupdel.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='groupdel.8'>
  <!-- $Id: groupdel.8.xml,v 1.14 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>groupdel</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>groupdel</refname>
    <refpurpose>Delete a group</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>groupdel</command>
      <arg choice='plain'>
	<replaceable>group</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para> The <command>groupdel</command> command modifies the system
      account files, deleting all entries that refer to <emphasis
      remap='I'>group</emphasis>. The named group must exist.
    </para>

    <para>You must manually check all file systems to insure that no files
      remain with the named group as the file group ID.
    </para>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>You may not remove the primary group of any existing user. You
      must remove the user before you remove the group.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/gshadow</filename></term>
	<listitem>
	  <para>secure group account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='exit_values'>
    <title>EXIT VALUES</title>
    <para>
      The <command>groupdel</command> command exits with the following values:
      <variablelist>
	<varlistentry>
	  <term><replaceable>0</replaceable></term>
	  <listitem>
	    <para>success</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>2</replaceable></term>
	  <listitem>
	    <para>invalid command syntax</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>8</replaceable></term>
	  <listitem>
	    <para>can't remove user's primary group</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>10</replaceable></term>
	  <listitem>
	    <para>can't update group file</para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para><citerefentry>
	<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>
    </para>
  </refsect1>
</refentry>

--- NEW FILE: limits.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='limits.5'>
  <!-- $Id: limits.5.xml,v 1.17 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>limits</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>limits</refname>
    <refpurpose>Resource limits definition</refpurpose>
  </refnamediv>
  <!-- body begins here -->

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      The <emphasis remap='I'>limits</emphasis> file (/etc/limits by default
      or LIMITS_FILE defined config.h) describes the resource limits you
      wish to impose. It should be owned by root and readable by root
      account only.
    </para>

    <para>
      By default no quota is imposed on 'root'. In fact, there is no way to
      impose limits via this procedure to root-equiv accounts (accounts with
      UID 0).
    </para>

    <para>Each line describes a limit for a user in the form:</para>

    <para>
      <emphasis remap='I'>user LIMITS_STRING</emphasis>
    </para>

    <para>
      The <emphasis>LIMITS_STRING</emphasis> is a string of a
      concatenated list of resource limits.
      Each limit consists of a letter identifier followed by a numerical
      limit.
    </para>

    <para>The valid identifiers are:</para>

    <itemizedlist>
      <listitem><para>A: max address space (KB)</para></listitem>
      <listitem><para>C: max core file size (KB)</para></listitem>
      <listitem><para>D: max data size (KB)</para></listitem>
      <listitem><para>F: maximum filesize (KB)</para></listitem>
      <listitem><para>M: max locked-in-memory address space (KB)</para></listitem>
      <listitem><para>N: max number of open files</para></listitem>
      <listitem><para>R: max resident set size (KB)</para></listitem>
      <listitem><para>S: max stack size (KB)</para></listitem>
      <listitem><para>T: max CPU time (MIN)</para></listitem>
      <listitem><para>U: max number of processes</para></listitem>
      <listitem><para>K: file creation mask, set by
	<citerefentry>
	  <refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum>
	</citerefentry>.</para>
      </listitem>
      <listitem><para>L: max number of logins for this user</para></listitem>
      <listitem><para>P: process priority, set by
	<citerefentry>
	  <refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum>
	</citerefentry>.</para>
      </listitem>
    </itemizedlist>

    <para>
      For example, <emphasis remap='I'>L2D2048N5</emphasis> is a valid
      <emphasis>LIMITS_STRING </emphasis>. For reading convenience, the
      following entries are equivalent:
    </para>

    <para>username L2D2048N5
      <!-- .br -->
      username L2 D2048 N5
    </para>

    <para>
      Be aware that after <emphasis remap='I'>username</emphasis> the rest
      of the line is considered a limit string, thus comments are not
      allowed. A invalid limits string will be rejected (not considered) by
      the login program.
    </para>

    <para>
      The default entry is denoted by username "<emphasis>*</emphasis>". If
      you have multiple <emphasis remap='I'>default</emphasis> entries in
      your <emphasis>LIMITS_FILE</emphasis>, then the last one will be used
      as the default entry.
    </para>

    <para>
      To completely disable limits for a user, a single dash
      "<emphasis>-</emphasis> "will do.  </para>
    <para>
      Also, please note that all limit settings are set PER LOGIN. They are
      not global, nor are they permanent. Perhaps global limits will come,
      but for now this will have to do ;)
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/limits</filename></term>
	<listitem><para></para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: chfn.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	           "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='chfn.1'>
  <!-- $Id: chfn.1.xml,v 1.18 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>chfn</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>chfn</refname>
    <refpurpose>change real user name and information</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>chfn</command>
      <arg choice='opt'>-f <replaceable>full_name</replaceable></arg>
      <arg choice='opt'>-r <replaceable>room_no</replaceable></arg>
      <arg choice='opt'>-w <replaceable>work_ph</replaceable></arg>
      <arg choice='opt'>-h <replaceable>home_ph</replaceable></arg>
      <arg choice='opt'>-o <replaceable>other</replaceable></arg>
      <arg choice='opt'><replaceable>user</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para><command>chfn</command> changes user fullname, office number,
      office extension, and home phone number information for a user's
      account. This information is typically printed by <citerefentry>
      <refentrytitle>finger</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry> and similar programs. A normal user may only change
      the fields for her own account, subject to the restrictions in
      <filename>/etc/login.defs</filename>. (The default configuration is to
      prevent users from changing their fullname.) The super user may change
      any field for any account. Additionally, only the super user may use
      the <option>-o</option> option to change the undefined portions of the
      GECOS field.
    </para>

    <para>The only restriction placed on the contents of the fields is that
      no control characters may be present, nor any of comma, colon, or
      equal sign. The <emphasis remap='I'>other</emphasis> field does not
      have this restriction, and is used to store accounting information
      used by other applications.
    </para>

    <para> If none of the options are selected, <command>chfn</command>
      operates in an interactive fashion, prompting the user with the
      current values for all of the fields. Enter the new value to change
      the field, or leave the line blank to use the current value. The
      current value is displayed between a pair of <emphasis remap='B'>[
	]</emphasis> marks. Without options, chfn prompts for the current
      user account.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/login.defs</filename></term>
	<listitem>
	  <para>shadow password suite configuration</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: login.defs.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='login.defs.5'>
  <!--  $Id: login.defs.5.xml,v 1.15 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>login.defs</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>login.defs</refname>
    <refpurpose>shadow password suite configuration</refpurpose>
  </refnamediv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      The <filename>/etc/login.defs</filename> file defines the
      site-specific configuration for the shadow password suite. This file
      is required. Absence of this file will not prevent system operation,
      but will probably result in undesirable operation.
    </para>

    <para>
      This file is a readable text file, each line of the file describing
      one configuration parameter. The lines consist of a configuration name
      and value, separated by whitespace. Blank lines and comment lines are
      ignored. Comments are introduced with a `#' pound sign and the pound
      sign must be the first non-white character of the line.
    </para>

    <para>
      Parameter values may be of four types: strings, booleans, numbers, and
      long numbers. A string is comprised of any printable characters. A
      boolean should be either the value &ldquo;yes&rdquo; or
      &ldquo;no&rdquo;. An undefined boolean parameter or one with a value
      other than these will be given a &ldquo;no&rdquo; value. Numbers (both
      regular and long) may be either decimal values, octal values (precede
      the value with &ldquo;0&rdquo;) or hexadecimal values (precede the
      value with &ldquo;0x&rdquo;). The maximum value of the regular and
      long numeric parameters is machine-dependent.
    </para>

    <para>The following configuration items are provided:</para>

    <variablelist remap='IP'>
      <varlistentry>
	<term>CHFN_AUTH (boolean)</term>
	<listitem>
	  <para>
	    If <emphasis remap='I'>yes</emphasis>, the
	    <command>chfn</command> and <command>chsh</command> programs
	    will require authentication before making any changes, unless
	    run by the superuser.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>CHFN_RESTRICT (string)</term>
	<listitem>
	  <para>
	    This parameter specifies which values in the <emphasis
	    remap='I'>gecos</emphasis> field of the
	    <filename>/etc/passwd</filename> file may be changed by regular
	    users using the <command>chfn</command> program. It can be any
	    combination of letters <emphasis remap='I'>f</emphasis>
	    ,<emphasis remap='I'>r</emphasis>, <emphasis remap='I'>w</emphasis>,
	    <emphasis remap='I'>h</emphasis>, for Full name, Room number,
	    Work phone, and Home phone, respectively. For backward
	    compatibility, "yes" is equivalent to "rwh" and "no" is
	    equivalent to "frwh". If not specified, only the superuser can
	    make any changes. The most restrictive setting is better
	    achieved by not installing chfn SUID.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>CREATE_HOME (boolean)</term>
	<listitem>
	  <para>
	    This defines whether useradd should create home directories for
	    users by default. This option is OR'ed with the
	    <option>-m</option> flag on useradd command line.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>GID_MAX (number)</term>
	<term>GID_MIN (number)</term>
	<listitem>
	  <para>
	    Range of group IDs to choose from for the
	    <command>useradd</command> and <command>groupadd</command>
	    programs.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>MAIL_DIR (string)</term>
	<listitem>
	  <para>
	    The mail spool directory. This is needed to manipulate the
	    mailbox when its corresponding user account is modified or
	    deleted. If not specified, a compile-time default is used.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>PASS_MAX_DAYS (number)</term>
	<listitem>
	  <para>
	    The maximum number of days a password may be used. If the
	    password is older than this, a password change will be forced. 
	    If not specified, -1 will be assumed (which disables the
	    restriction).
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>PASS_MIN_DAYS (number)</term>
	<listitem>
	  <para>
	    The minimum number of days allowed between password changes. 
	    Any password changes attempted sooner than this will be
	    rejected. If not specified, -1 will be assumed (which disables
	    the restriction).
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>PASS_WARN_AGE (number)</term>
	<listitem>
	  <para>
	    The number of days warning given before a password expires. A
	    zero means warning is given only upon the day of expiration, a
	    negative value means no warning is given. If not specified, no
	    warning will be provided.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>

    <para> 
      PASS_MAX_DAYS, PASS_MIN_DAYS and PASS_WARN_AGE are only used at the
      time of account creation. Any changes to these settings won't affect
      existing accounts.
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>UID_MAX (number)</term>
	<term>UID_MIN (number)</term>
	<listitem>
	  <para>
	    Range of user IDs to choose from for the
	    <command>useradd</command> program.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>UMASK (number)</term>
	<listitem>
	  <para>
	    The permission mask is initialized to this value. If not
	    specified, the permission mask will be initialized to 077.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>USERDEL_CMD (string)</term>
	<listitem>
	  <para>
	    If defined, this command is run when removing a user. It should
	    remove any at/cron/print jobs etc. owned by the user to be
	    removed (passed as the first argument).
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='cross_reference'>
    <title>CROSS REFERENCE</title>
    <para>
      The following cross reference shows which programs in the shadow
      password suite use which parameters.
    </para>
    <!-- .na -->
    <variablelist remap='IP'>
      <varlistentry>
	<term>chfn</term>
	<listitem>
	  <para>CHFN_AUTH CHFN_RESTRICT</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>chsh</term>
	<listitem>
	  <para>CHFN_AUTH</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>groupadd</term>
	<listitem>
	  <para>GID_MAX GID_MIN</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>newusers</term>
	<listitem>
	  <para>PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
	    UMASK
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>pwconv</term>
	<listitem>
	  <para>PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>useradd</term>
	<listitem>
	  <para>CREATE_HOME
	    GID_MAX GID_MIN
	    PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
	    UID_MAX UID_MIN
	    UMASK
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>userdel</term>
	<listitem>
	  <para>MAIL_DIR
	    USERDEL_CMD
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>usermod</term>
	<listitem>
	  <para>MAIL_DIR</para>
	  <!-- .ad -->
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='bugs'>
    <title>BUGS</title>
    <para>
      Much of the functionality that used to be provided by the shadow
      password suite is now handled by PAM. Thus,
      <filename>/etc/login.defs</filename> is no longer used by programs
      such as: <citerefentry>
      <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>, <citerefentry>
      <refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>, <citerefentry>
      <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>. Please refer to the corresponding PAM configuration
      files instead.
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: suauth.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='suauth.5'>
  <!-- $Id: suauth.5.xml,v 1.15 2005/11/05 17:17:30 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>suauth</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>suauth</refname>
    <refpurpose>Detailed su control file</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>/etc/suauth</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      The file <filename>/etc/suauth</filename> is referenced whenever the
      su command is called. It can change the behaviour of the su command,
      based upon:
    </para>

    <!-- .RS -->
    <literallayout remap='.nf'>
      1) the user su is targetting
    </literallayout>
    <!-- .fi -->
    <para>
      2) the user executing the su command (or any groups he might be
      a member of)
    </para>

    <para>
      The file is formatted like this, with lines starting with a # being
      treated as comment lines and ignored;
    </para>

    <literallayout remap='RS'>
      to-id:from-id:ACTION
    </literallayout>

    <para>
      Where to-id is either the word <emphasis>ALL</emphasis>, a list of
      usernames delimited by "," or the words <emphasis>ALL
      EXCEPT</emphasis> followed by a list of usernames delimited by ","
    </para>

    <para>
      from-id is formatted the same as to-id except the extra word
      <emphasis>GROUP</emphasis> is recognised. <emphasis>ALL EXCEPT
      GROUP</emphasis> is perfectly valid too. Following
      <emphasis>GROUP</emphasis> appears one or more group names, delimited
      by ",". It is not sufficient to have primary group id of the relevant
      group, an entry in
      <citerefentry><refentrytitle>/etc/group</refentrytitle>
      <manvolnum>5</manvolnum></citerefentry> is neccessary.
    </para>

    <para> 
      Action can be one only of the following currently supported options.
    </para>
    <variablelist remap='TP'>
      <varlistentry>
	<term>
	  <emphasis>DENY</emphasis>
	</term>
	<listitem>
	  <para>The attempt to su is stopped before a password is
	    even asked for.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis>NOPASS</emphasis>
	</term>
	<listitem>
	  <para>
	    The attempt to su is automatically successful; no password is
	    asked for.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis>OWNPASS</emphasis>
	</term>
	<listitem>
	  <para>
	    For the su command to be successful, the user must enter his or
	    her own password. They are told this.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>

    <para>
      Note there are three separate fields delimited by a colon. No
      whitespace must surround this colon. Also note that the file is
      examined sequentially line by line, and the first applicable rule is
      used without examining the file further. This makes it possible for a
      system administrator to exercise as fine control as he or she wishes.
    </para>
  </refsect1>

  <refsect1 id='example'>
    <title>EXAMPLE</title>
    <literallayout remap='.nf'>
      # sample /etc/suauth file
      #
      # A couple of privileged usernames may
      # su to root with their own password.
      #
      root:chris,birddog:OWNPASS
      #
      # Anyone else may not su to root unless in
      # group wheel. This is how BSD does things.
      #
      root:ALL EXCEPT GROUP wheel:DENY
      #
      # Perhaps terry and birddog are accounts
      # owned by the same person.
      # Access can be arranged between them
      # with no password.
      #
      terry:birddog:NOPASS
      birddog:terry:NOPASS
      #
    </literallayout>
    <!-- .fi -->
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/suauth</filename></term>
	<listitem><para></para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='bugs'>
    <title>BUGS</title>
    <para>
      There could be plenty lurking. The file parser is particularly
      unforgiving about syntax errors, expecting no spurious whitespace
      (apart from beginning and end of lines), and a specific token
      delimiting different things.
    </para>
  </refsect1>

  <refsect1 id='diagnostics'>
    <title>DIAGNOSTICS</title>
    <para>
      An error parsing the file is reported using
      <citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      as level ERR on facility AUTH.
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: expiry.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='expiry.1'>
  <!-- $Id: expiry.1.xml,v 1.13 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>expiry</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>expiry</refname>
    <refpurpose>check and enforce password expiration policy</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>expiry</command>
      <arg choice='opt'>-c </arg>
      <arg choice='opt'>-f </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>expiry</command> checks (<option>-c</option>) the current
      password expiration and forces (<option>-f</option>) changes when
      required. It is callable as a normal user command.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: gshadow.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='gshadow.5'>
  <!-- $Id: gshadow.5.xml,v 1.17 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>gshadow</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>gshadow</refname>
    <refpurpose>shadowed group file</refpurpose>
  </refnamediv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <filename>/etc/gshadow</filename> contains the shadowed information
      for group accounts. It contains lines with the following
      colon-separated fields:
    </para>
    <itemizedlist mark='bullet'>
      <listitem>
	<para>group name</para>
      </listitem>
      <listitem>
	<para>encrypted password</para>
      </listitem>
      <listitem>
	<para>comma-separated list of group administrators</para>
      </listitem>
      <listitem>
	<para>comma-separated list of group members</para>
      </listitem>
    </itemizedlist>

    <para>
      The group name and password fields must be filled. The encrypted
      password consists of characters from the 64-character alphabet a thru
      z, A thru Z, 0 thru 9, \. and /. Refer to <citerefentry>
      <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry> for details on how this string is interpreted. If the
      password field contains some string that is not valid result of
      <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>, for instance ! or *, the user will not be able to use
      a unix password to log in, subject to <citerefentry>
      <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
    </para>

    <para>
      This information supersedes any password present in
      <filename>/etc/group</filename>.
    </para>

    <para>
      This file must not be readable by regular users if password security
      is to be maintained.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/gshadow</filename></term>
	<listitem>
	  <para>secure group account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gpasswd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>newgrp</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: faillog.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='faillog.5'>
  <!-- $Id: faillog.5.xml,v 1.13 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>faillog</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>
  <refnamediv id='name'>
    <refname>faillog</refname>
    <refpurpose>Login failure logging file</refpurpose>
  </refnamediv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para><filename>/var/log/faillog</filename> maintains a count of login
      failures and the limits for each account. The file is fixed length
      record, indexed by numerical UID. Each record contains the count of
      login failures since the last successful login; the maximum number of
      failures before the account is disabled; the line the last login
      failure occurred on; and the date the last login failure occurred.
    </para>

    <para>The structure of the file is:</para>
      <programlisting>
struct	faillog {
	short   fail_cnt;
	short   fail_max;
	char    fail_line[12];
	time_t  fail_time;
};</programlisting>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/var/log/faillog</filename></term>
	<listitem>
	  <para>login failure log</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>faillog</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>
    </para>
  </refsect1>
</refentry>


--- NEW FILE: pwconv.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='pwconv.8'>
  <!-- $Id: pwconv.8.xml,v 1.14 2005/10/12 21:10:31 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>pwconv</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>pwconv</refname>
    <refname>pwunconv</refname>
    <refname>grpconv</refname>
    <refname>grpunconv</refname>
    <refpurpose>convert to and from shadow passwords and groups.</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>pwconv</command>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>pwunconv</command>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>grpconv</command>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>grpunconv</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>pwconv</command> creates <emphasis
      remap='I'>shadow</emphasis> from <emphasis remap='I'>passwd</emphasis>
      and an optionally existing <emphasis remap='I'>shadow</emphasis>.
    </para>

    <para>
      <command>pwunconv</command> creates <emphasis
      remap='I'>passwd</emphasis> from <emphasis remap='I'>passwd</emphasis>
      and <emphasis remap='I'>shadow</emphasis> and then removes <emphasis
      remap='I'>shadow</emphasis>.
    </para>

    <para>
      <command>grpconv</command> creates <emphasis
      remap='I'>gshadow</emphasis> from <emphasis remap='I'>group</emphasis>
      and an optionally existing <emphasis remap='I'>gshadow</emphasis>.
    </para>

    <para>
      <command>grpunconv</command> creates <emphasis
      remap='I'>group</emphasis> from <emphasis remap='I'>group</emphasis>
      and <emphasis remap='I'>gshadow</emphasis> and then removes <emphasis
      remap='I'>gshadow</emphasis>.
    </para>

    <para>
      These four programs all operate on the normal and shadow password and
      group files: <filename>/etc/passwd</filename>,
      <filename>/etc/group</filename>, <filename>/etc/shadow</filename>, and
      <filename>/etc/gshadow</filename>.
    </para>

    <para>
      Each program acquires the necessary locks before conversion. 
      <command>pwconv</command> and <command>grpconv</command> are similar. 
      First, entries in the shadowed file which don't exist in the main file
      are removed. Then, shadowed entries which don't have `x' as the
      password in the main file are updated. Any missing shadowed entries
      are added. Finally, passwords in the main file are replaced with `x'. 
      These programs can be used for initial conversion as well to update
      the shadowed file if the main file is edited by hand.
    </para>

    <para>
      <command>pwconv</command> will use the values of <emphasis
      remap='I'>PASS_MIN_DAYS</emphasis>, <emphasis
      remap='I'>PASS_MAX_DAYS</emphasis>, and <emphasis
      remap='I'>PASS_WARN_AGE</emphasis> from
      <filename>/etc/login.defs</filename> when adding new entries to
      <filename>/etc/shadow</filename>.
    </para>

    <para>
      Likewise <command>pwunconv</command> and <command>grpunconv</command>
      are similar. Passwords in the main file are updated from the shadowed
      file. Entries which exist in the main file but not in the shadowed
      file are left alone. Finally, the shadowed file is removed. Some
      password aging information is lost by <command>pwunconv</command>. It
      will convert what it can.
    </para>
  </refsect1>

  <refsect1 id='bugs'>
    <title>BUGS</title>
    <para>
      Errors in the password or group files (such as invalid or duplicate
      entries) may cause these programs to loop forever or fail in other
      strange ways. Please run <command>pwck</command> and
      <command>grpck</command> to correct any such errors before converting
      to or from shadow passwords or groups.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/login.defs</filename></term>
	<listitem>
	  <para>shadow password suite configuration</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pwck</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: groupmems.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='groupmems.8'>
  <!-- $Id: groupmems.8.xml,v 1.15 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>groupmems</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>groupmems</refname>
    <refpurpose>Administer members of a user's primary group</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>groupmems</command>
      <group choice='plain'>
	<arg choice='plain'>-a <replaceable>user_name</replaceable></arg>
	<arg choice='plain'>-d <replaceable>user_name</replaceable></arg>
	<arg choice='plain'>-l </arg><arg choice='plain'>-D </arg>
	<arg choice='opt'>-g <replaceable>group_name</replaceable></arg>
      </group>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      The <command>groupmems</command> utility allows a user to administer
      his/her own group membership list without the requirement of super
      user privileges. The <command>groupmems</command> utility is for
      systems that configure its users to be in their own name sake primary
      group (i.e., guest / guest).
    </para>

    <para>Only the super user, as administrator, can use
      <command>groupmems</command> to alter the memberships of other groups.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>groupmems</command> command
      are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term><option>-a</option> <replaceable>user_name</replaceable></term>
	<listitem>
	  <para>Add a new user to the group membership list.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-d</option> <replaceable>user_name</replaceable></term>
	<listitem>
	  <para>Delete a user from the group membership list.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-D</option></term>
	<listitem>
	  <para>Delete all users from the group membership list.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-g</option> <replaceable>group_name</replaceable></term>
	<listitem>
	  <para>The super user can specify which group membership
	    list to modify.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-l</option></term>
	<listitem>
	  <para>List the group membership list.</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='setup'>
    <title>SETUP</title>
    <para>
      The <command>groupmems</command> executable should be in mode
      <literal>2770</literal> as user <emphasis>root</emphasis> and in group
      <emphasis>groups</emphasis>. The system administrator can add users to
      group groups to allow or disallow them using the
      <command>groupmems</command> utility to manage their own group
      membership list.
    </para>

    <programlisting>
	$ groupadd -r groups
	$ chmod 2770 groupmems
	$ chown root.groups groupmems
	$ groupmems -g groups -a gk4
    </programlisting>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/gshadow</filename></term>
	<listitem>
	  <para>secure group account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: useradd.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='useradd.8'>
  <!--  $Id: useradd.8.xml,v 1.31 2006/01/22 10:14:51 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>useradd</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>useradd</refname>
    <refpurpose>create a new user or update default new user information</refpurpose>
  </refnamediv>
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>useradd</command>
      <arg choice='opt'>
	<replaceable>options</replaceable>
      </arg>
      <arg choice='plain'><replaceable>LOGIN</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>useradd</command>
      <arg choice='plain'>-D </arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>useradd</command>
      <arg choice='plain'>-D </arg>
      <arg choice='opt'>
	<replaceable>options</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
      <para>
	When invoked without the <option>-D</option> option, the
	<command>useradd</command> command creates a new user account using
	the values specified on the command line and the default values from
	the system. Depending on command line options, the useradd command
	will update system files and may also create the new user's home
	directory and copy initial files.
      </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>The options which apply to the <command>useradd</command> command are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-c</option>, <option>--comment</option>
	  <replaceable>COMMENT</replaceable>
	</term>
	<listitem>
	  <para>
	    Any text string. It is generally a short description of the
	    login, and is currently used as the field for the user's full
	    name.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-b</option>, <option>--base-dir</option>
	  <replaceable>BASE_DIR</replaceable>
	</term>
	<listitem>
	  <para>
	    The default base directory for the system if <option>-d</option>
	    dir is not specified. <replaceable>BASE_DIR</replaceable> is
	    concatenated with the account name to define the home directory. 
	    If the <option>-m</option> option is not used,
            <replaceable>BASE_DIR</replaceable> must exist.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-d</option>, <option>--home</option>
	  <replaceable>HOME_DIR</replaceable>
	</term>
	<listitem>
	  <para>
	    The new user will be created using
	    <replaceable>HOME_DIR</replaceable> as the value for the user's
	    login directory. The default is to append the
	    <replaceable>LOGIN</replaceable> name to
	    <replaceable>BASE_DIR</replaceable> and use that as the login
	    directory name. The directory <replaceable>HOME_DIR</replaceable>
            does not have to exist but will not be created if it is missing.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-e</option>, <option>--expiredate</option>
	  <replaceable>EXPIRE_DATE</replaceable>
	</term>
	<listitem>
	  <para>
	    The date on which the user account will be disabled. The date is
	    specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-f</option>, <option>--inactive</option>
	  <replaceable>INACTIVE</replaceable>
	</term>
	<listitem>
	  <para>
	    The number of days after a password expires until the account is
	    permanently disabled. A value of 0 disables the account as soon
	    as the password has expired, and a value of -1 disables the
	    feature. The default value is -1.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-g</option>, <option>--gid</option>
	  <replaceable>GROUP</replaceable>
	</term>
	<listitem>
	  <para>
	    The group name or number of the user's initial login group. The
	    group name must exist. A group number must refer to an already
	    existing group. The default group number is 1 or whatever is
	    specified in <filename>/etc/default/useradd</filename>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-G</option>, <option>--groups</option>
	  <replaceable>GROUP1</replaceable>[<emphasis remap='I'>,GROUP2,...</emphasis>[<emphasis remap='I'>,GROUPN</emphasis>]]]
	</term>
	<listitem>
	  <para>
	    A list of supplementary groups which the user is also a member
	    of. Each group is separated from the next by a comma, with no
	    intervening whitespace. The groups are subject to the same
	    restrictions as the group given with the <option>-g</option>
	    option. The default is for the user to belong only to the
	    initial group.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-h</option>, <option>--help</option></term>
	<listitem>
	  <para>Display help message and exit.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-m</option>, <option>--create-home</option>
	</term>
	<listitem>
	  <para>
	    The user's home directory will be created if it does not exist. 
	    The files contained in <replaceable>SKEL_DIR</replaceable> will
	    be copied to the home directory if the <option>-k</option>
	    option is used, otherwise the files contained in
	    <filename>/etc/skel</filename> will be used instead. Any
	    directories contained in <replaceable>SKEL_DIR</replaceable> or
	    <filename>/etc/skel</filename> will be created in the user's
	    home directory as well. The <option>-k</option> option is only
	    valid in conjunction with the <option>-m</option> option. The
	    default is to not create the directory and to not copy any
	    files.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-K</option>, <option>--key</option>
	  <replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable>
	</term>
	<listitem>
	  <para>
	    Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK,
	    PASS_MAX_DAYS and others).
	  <para>
	  </para>
	    Example: <option>-K </option><replaceable>PASS_MAX_DAYS</replaceable>=<replaceable>-1</replaceable>
	    can be used when creating system account to turn off password
	    ageing, even though system account has no password at all.
	    Multiple <option>-K</option> options can be specified, e.g.:
	    <option>-K </option>
	    <replaceable>UID_MIN</replaceable>=<replaceable>100</replaceable>
	    <option> -K </option>
	    <replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
	  </para>
	  <para>
	    Note: <option>-K </option>
	    <replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
	    doesn't work yet.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-o</option>, <option>--non-unique</option>
	</term>
	<listitem>
	  <para>Allow the creation of a user account with a duplicate (non-unique) UID.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-p</option>, <option>--password</option>
	  <replaceable>PASSWORD</replaceable>
	</term>
	<listitem>
	  <para>
	    The encrypted password, as returned by <citerefentry>
	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
	    </citerefentry>. The default is to disable the account.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-s</option>, <option>--shell</option>
	  <replaceable>SHELL</replaceable>
	</term>
	<listitem>
	  <para>
	    The name of the user's login shell. The default is to leave this
	    field blank, which causes the system to select the default login
	    shell.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-u</option>, <option>--uid</option>
	  <replaceable>UID</replaceable>
	</term>
	<listitem>
	  <para>
	    The numerical value of the user's ID. This value must be unique,
	    unless the <option>-o</option> option is used. The value must be
	    non-negative. The default is to use the smallest ID value
	    greater than 999 and greater than every other user. Values
	    between 0 and 999 are typically reserved for system accounts.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>

    <refsect2 id='changing_the_default_values'>
      <title>Changing the default values</title>
      <para>
	When invoked with the <option>-D</option> option,
	<command>useradd</command> will either display the current default
	values, or update the default values from the command line. The
	valid options are
      </para>
      <variablelist remap='IP'>
	<varlistentry>
	  <term>
	    <option>-b</option> <replaceable>HOME_DIR</replaceable>
	  </term>
	  <listitem>
	    <para>
	      The initial path prefix for a new user's home directory. The
	      user's name will be affixed to the end of
	      <replaceable>HOME_DIR</replaceable> to create the new
	      directory name if the <option>-d</option> option is not used
	      when creating a new account.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term>
	    <option>-e</option> <replaceable>EXPIRE_DATE</replaceable>
	  </term>
	  <listitem>
	    <para>The date on which the user account is disabled.</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term>
	    <option>-f</option> <replaceable>INACTIVE</replaceable>
	  </term>
	  <listitem>
	    <para>
	      The number of days after a password has expired before the
	      account will be disabled.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term>
	    <option>-g</option>, <option>--gid</option>
	    <replaceable>GROUP</replaceable>
	  </term>
	  <listitem>
	    <para>
	      The group name or ID for a new user's initial group. The named
	      group must exist, and a numerical group ID must have an
	      existing entry.
	    </para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term>
	    <option>-s</option>, <option>--shell</option>
	    <replaceable>SHELL</replaceable>
	  </term>
	  <listitem>
	    <para>
	      The name of the new user's login shell. The named program will
	      be used for all future new user accounts.
	    </para>
	  </listitem>
	</varlistentry>
      </variablelist>

      <para>
	If no options are specified, <command>useradd</command> displays the
	current default values.
      </para>
    </refsect2>
  </refsect1>

  <refsect1 id='notes'>
    <title>NOTES</title>
    <para>The system administrator is responsible for placing the default
      user files in the <filename>/etc/skel/</filename> directory.
    </para>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      You may not add a user to a NIS group. This must be performed on the
      NIS server.
    </para>

    <para>
      Similarly, if the username already exists in an external user
      database such as NIS, <command>useradd</command> will deny
      the user account creation request.
    </para>

    <para>
      Usernames must begin with a lower case letter or an underscore, and
      only lower case letters, underscores, dashes, and dollar signs may
      follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/default/useradd</filename></term>
	<listitem>
	  <para>default information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/skel/</filename></term>
	<listitem>
	  <para>directory containing default files</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/login.defs</filename></term>
	<listitem>
	  <para>shadow password suite configuration</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='exit_values'>
    <title>EXIT VALUES</title>
    <para>
      The <command>useradd</command> command exits with the following values:
      <variablelist>
	<varlistentry>
	  <term><replaceable>0</replaceable></term>
	  <listitem>
	    <para>success</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>1</replaceable></term>
	  <listitem>
	    <para>can't update password file</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>2</replaceable></term>
	  <listitem>
	    <para>invalid command syntax</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>3</replaceable></term>
	  <listitem>
	    <para>invalid argument to option</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>4</replaceable></term>
	  <listitem>
	    <para>UID already in use (and no <option>-o</option>)</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>6</replaceable></term>
	  <listitem>
	    <para>specified group doesn't exist</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>9</replaceable></term>
	  <listitem>
	    <para>username already in use</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>10</replaceable></term>
	  <listitem>
	    <para>can't update group file</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>12</replaceable></term>
	  <listitem>
	    <para>can't create home directory</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>13</replaceable></term>
	  <listitem>
	    <para>can't create mail spool</para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: groupmod.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='groupmod.8'>
  <!-- $Id: groupmod.8.xml,v 1.14 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>groupmod</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>groupmod</refname>
    <refpurpose>modify a group</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>groupmod</command>
      <arg choice='opt'>
	<arg choice='plain'>-g <replaceable>gid</replaceable></arg>
	<arg choice='opt'>-o </arg>
      </arg>
      <arg choice='opt'>-n <replaceable>new_group_name</replaceable></arg>
      <arg choice='plain'><replaceable>group</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      The <command>groupmod</command> command modifies the system account
      files to reflect the changes that are specified on the command line.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>groupmod</command> command
      are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-g</option> <replaceable>gid</replaceable>
	</term>
	<listitem>
	  <para>
	    The numerical value of the group's ID. This value must be
	    unique, unless the <option>-o</option> option is used. The value
	    must be non-negative. Values between 0 and 999 are typically
	    reserved for system groups. Any files which the old group ID is
	    the file group ID must have the file group ID changed manually.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-n</option> <replaceable>new_group_name</replaceable></term>
	<listitem>
	  <para> 
	    The name of the group will be changed from <emphasis
	    remap='I'>group</emphasis> to <emphasis
	    remap='I'>new_group_name</emphasis>.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/gshadow</filename></term>
	<listitem>
	  <para>secure group account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='exit_values'>
    <title>EXIT VALUES</title>
    <para>
      The <command>groupmod</command> command exits with the following values:
      <variablelist>
	<varlistentry>
	  <term><replaceable>0</replaceable></term>
	  <listitem>
	    <para>success</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>2</replaceable></term>
	  <listitem>
	    <para>invalid command syntax</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>3</replaceable></term>
	  <listitem>
	    <para>invalid argument to option</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>4</replaceable></term>
	  <listitem>
	    <para>specified group doesn't exist</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>6</replaceable></term>
	  <listitem>
	    <para>specified group doesn't exist</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>9</replaceable></term>
	  <listitem>
	    <para>group name already in use</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>10</replaceable></term>
	  <listitem>
	    <para>can't update group file</para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: grpck.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='grpck.8'>
  <!-- $Id: grpck.8.xml,v 1.16 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>grpck</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>grpck</refname>
    <refpurpose>verify integrity of group files</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>grpck</command>    <arg choice='opt'>-r </arg>
      <arg choice='opt'>
	<arg choice='plain'><replaceable>group</replaceable></arg>
	<arg choice='plain'><replaceable>shadow</replaceable></arg>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>grpck</command> verifies the integrity of the system
      authentication information. All entries in the
      <filename>/etc/group</filename> and <filename>/etc/gshadow</filename>
      are checked to see that the entry has the proper format and valid data
      in each field. The user is prompted to delete entries that are
      improperly formatted or which have other uncorrectable errors.
    </para>

    <para>Checks are made to verify that each entry has:</para>

    <itemizedlist mark='bullet'>
      <listitem>
	<para>the correct number of fields</para>
      </listitem>
      <listitem>
	<para>a unique group name</para>
      </listitem>
      <listitem>
	<para>a valid list of members and administrators</para>
      </listitem>
    </itemizedlist>

    <para>
      The checks for correct number of fields and unique group name are
      fatal. If the entry has the wrong number of fields, the user will be
      prompted to delete the entire line. If the user does not answer
      affirmatively, all further checks are bypassed. An entry with a
      duplicated group name is prompted for deletion, but the remaining
      checks will still be made. All other errors are warnings and the user
      is encouraged to run the <command>groupmod</command> command to
      correct the error.
    </para>

    <para>
      The commands which operate on the <filename>/etc/group</filename> file
      are not able to alter corrupted or duplicated entries. 
      <command>grpck</command> should be used in those circumstances to
      remove the offending entry.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      By default, <command>grpck</command> operates on the files
      <filename>/etc/group</filename> and <filename>/etc/gshadow</filename>. 
      The user may select alternate files with the <emphasis
      remap='I'>group</emphasis> and <emphasis remap='I'>shadow</emphasis>
      parameters. Additionally, the user may execute the command in
      read-only mode by specifying the <option>-r</option> flag. This causes
      all questions regarding changes to be answered <emphasis>no</emphasis>
      without user intervention. <command>grpck</command> can also sort
      entries in <filename>/etc/group</filename> and
      <filename>/etc/gshadow</filename> by GID. To run it in sort mode pass
      it <option>-s</option> flag. No checks are performed then, it just
      sorts.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/gshadow</filename></term>
	<listitem>
	  <para>secure group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>

  <refsect1 id='exit_values'>
    <title>EXIT VALUES</title>
    <para>
      The <command>grpck</command> command exits with the following values:
      <variablelist>
	<varlistentry>
	  <term><replaceable>0</replaceable></term>
	  <listitem>
	    <para>success</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>1</replaceable></term>
	  <listitem>
	    <para>invalid command syntax</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>2</replaceable></term>
	  <listitem>
	    <para>one or more bad group entries</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>3</replaceable></term>
	  <listitem>
	    <para>can't open group files</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>4</replaceable></term>
	  <listitem>
	    <para>can't lock group files</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>5</replaceable></term>
	  <listitem>
	    <para>can't update group files</para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </para>
  </refsect1>
</refentry>

--- NEW FILE: sg.1.xml ---
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
                   "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='sg.1'>
  <!-- $Id: sg.1.xml,v 1.8 2005/11/05 17:17:30 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>sg</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>sg</refname>
    <refpurpose>execute command as different group ID</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>sg</command>
      <arg choice='opt'>- </arg>
      <arg choice='opt'>group
        <arg choice='opt'>-c </arg>
	command
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
  <title>DESCRIPTION</title>
    <para>
      The <command>sg</command> command works similar to
      <command>newgrp</command> but accepts a command. The command will be
      executed with the <filename>/bin/sh</filename> shell. With most shells
      you may run <command>sg</command> from, you need to enclose multi-word
      commands in quotes. Another difference between
      <command>newgrp</command> and <command>sg</command> is that some
      shells treat <command>newgrp</command> specially, replacing themselves
      with a new instance of a shell that <command>newgrp</command> creates.
      This doesn't happen with <command>sg</command>, so upon exit from a
      <command>sg</command> command you are returned to your previous group
      ID.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	 </listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/gshadow</filename></term>
	<listitem>
	  <para>shadow group file</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>id</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gpasswd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>
    </para>
  </refsect1>
</refentry>

--- NEW FILE: newgrp.1.xml ---
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='newgrp.1'>
  <!-- $Id: newgrp.1.xml,v 1.12 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>newgrp</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>newgrp</refname>
    <refpurpose>log in to a new group</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>newgrp</command>    <arg choice='opt'>- </arg>
      <arg choice='opt'><replaceable>group</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
  <title>DESCRIPTION</title>
    <para>
      <command>newgrp</command> is used to change the current group ID
      during a login session. If the optional <option>-</option> flag is
      given, the user's environment will be reinitialized as though the user
      had logged in, otherwise the current environment, including current
      working directory, remains unchanged.
    </para>

    <para>
      <command>newgrp</command> changes the current real group ID to the
      named group, or to the default group listed in
      <filename>/etc/passwd</filename> if no group name is given.
      <command>newgrp</command> also tries to add the group to the user
      groupset. If not root, the user will be prompted for a password if she
      does not have a password (in <filename>/etc/shadow</filename> if this
      user has an entry in the shadowed password file, or in
      /etc/passwd otherwise) and the group does, or if the user is not
      listed as a member and the group has a password. The user will
      be denied access if the group password is empty and the user is
      not listed as a member. 
    </para>

    <para>
      If there is an entry for this group in
      <filename>/etc/gshadow</filename>, then the list of members and the
      password of this group will be taken from this file, otherwise, the
      entry in <filename>/etc/group</filename> is considered.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	 </listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/gshadow</filename></term>
	<listitem>
	  <para>shadow group file</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>id</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gpasswd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: grpunconv.8.xml ---

--- NEW FILE: chage.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='chage.1'>
  <!--  $Id: chage.1.xml,v 1.30 2006/01/22 10:14:51 kloczek Exp $  -->
  <refmeta>
    <refentrytitle>chage</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>chage</refname>
    <refpurpose>change user password expiry information</refpurpose>
  </refnamediv>
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>chage</command>
      <arg choice='opt'>
	<replaceable>options</replaceable>
      </arg>
      <arg choice='plain'><replaceable>user</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      The <command>chage</command> command changes the number of days between
      password changes and the date of the last password change. This
      information is used by the system to determine when a user must change
      his/her password.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>chage</command> command are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-d</option>, <option>--lastday</option> <replaceable>LAST_DAY</replaceable>
	</term>
	<listitem>
	  <para>
	    Set the number of days since January 1st, 1970 when the password
	    was last changed. The date may also be expressed in the format
	    YYYY-MM-DD (or the format more commonly used in your area).
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-E</option>, <option>--expiredate</option> <replaceable>EXPIRE_DATE</replaceable>
	</term>
	<listitem>
	  <para>
	    Set the date or number of days since January 1, 1970 on which the
	    user's account will no longer be accessible. The date may also
	    be expressed in the format YYYY-MM-DD (or the format more
	    commonly used in your area). A user whose account is locked must
	    contact the system administrator before being able to use the
	    system again.
	  </para>
	  <para>
	    Passing the number <emphasis remap='I'>-1</emphasis> as the
	    <replaceable>EXPIRE_DATE</replaceable> will remove an account
	    expiration date.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-h</option>, <option>--help</option></term>
	<listitem>
	  <para>Display help message and exit.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-I</option>, <option>--inactive</option> <replaceable>INACTIVE</replaceable>
	</term>
	<listitem>
	  <para>
	    Set the number of days of inactivity after a password has
	    expired before the account is locked. The
	    <replaceable>INACTIVE</replaceable> option is the number of days
	    of inactivity. A user whose account is locked must contact the
	    system administrator before being able to use the system again.
	  </para>
	  <para>
	    Passing the number <emphasis remap='I'>-1</emphasis> as the
	    <replaceable>INACTIVE</replaceable> will remove an account's
	    inactivity.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-l</option>, <option>--list</option>
	</term>
	<listitem>
	  <para>
	  Show account aging information.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-m</option>, <option>--mindays</option> <replaceable>MIN_DAYS</replaceable>
	</term>
	<listitem>
	  <para>
	    Set the minimum number of days between password changes. A value
	    of zero for this field indicates that the user may change his/her
	    password at any time.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-M</option>, <option>--maxdays</option> <replaceable>MAX_DAYS</replaceable>
	</term>
	<listitem>
	  <para>
	    Set the maximum number of days during which a password is valid. 
	    When <replaceable>MAX_DAYS</replaceable> plus
	    <replaceable>LAST_DAY</replaceable> is less than the current
	    day, the user will be required to change his/her password before
	    being able to use his/her account. This occurrence can be planned for
	    in advance by use of the <option>-W</option> option, which
	    provides the user with advance warning.
	  </para>
	  <para>
	    Passing the number <emphasis remap='I'>-1</emphasis> as
	    <replaceable>MAX_DAYS</replaceable> will remove checking a
	    password's validity.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-W</option>, <option>--warndays</option> <replaceable>WARN_DAYS</replaceable>
	</term>
	<listitem>
	  <para>
	    Set the number of days of warning before a password change is
	    required. The <replaceable>WARN_DAYS</replaceable> option is the
	    number of days prior to the password expiring that a user will
	    be warned his/her password is about to expire.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
    <para>
      If none of the options are selected, <command>chage</command> operates
      in an interactive fashion, prompting the user with the current values
      for all of the fields. Enter the new value to change the field, or
      leave the line blank to use the current value. The current value is
      displayed between a pair of <emphasis>[ ]</emphasis> marks.
    </para>
  </refsect1>
  <refsect1 id='note'>
    <title>NOTE</title>
    <para>
      The <command>chage</command> program requires a shadow password file to
      be available. Its functionality is not available when passwords are
      stored in the passwd file.
    </para>
    <para>The <command>chage</command> command is restricted to the root
      user, except for the <option>-l</option> option, which may be used by
      an unprivileged user to determine when his/her password or account is due
      to expire.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term>
	  <filename>/etc/passwd</filename>
	</term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <filename>/etc/shadow</filename>
	</term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='exit_values'>
    <title>EXIT VALUES</title>
    <para>
      The <command>chage</command> command exits with the following values:
      <variablelist>
	<varlistentry>
	  <term><replaceable>0</replaceable></term>
	  <listitem>
	    <para>success</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>1</replaceable></term>
	  <listitem>
	    <para>permission denied</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>2</replaceable></term>
	  <listitem>
	    <para>invalid command syntax</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>15</replaceable></term>
	  <listitem>
	    <para>can't find the shadow password file</para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: usermod.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='usermod.8'>
  <!--  $Id: usermod.8.xml,v 1.21 2005/11/12 18:00:44 kloczek Exp $  -->
  <refmeta>
    <refentrytitle>usermod</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>usermod</refname>
    <refpurpose>Modify a user account</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>usermod</command>
      <arg choice='opt'>
	<replaceable>options</replaceable>
      </arg>
      <arg choice='plain'><replaceable>LOGIN</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      The <command>usermod</command> command modifies the system account
      files to reflect the changes that are specified on the command line.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>usermod</command> command
      are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-c</option>, <option>--comment</option>
	  <replaceable>COMMENT</replaceable>
	</term>
	<listitem>
	  <para>
	    The new value of the user's password file comment field. It is
	    normally modified using the <citerefentry>
	    <refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
	    </citerefentry> utility.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-d</option>, <option>--home</option>
	  <replaceable>HOME_DIR</replaceable>
	</term>
	<listitem>
	  <para>
	    The user's new login directory. If the <option>-m</option>
	    option is given the contents of the current home directory will
	    be moved to the new home directory, which is created if it does
	    not already exist.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-e</option>, <option>--expiredate</option>
	  <replaceable>EXPIRE_DATE</replaceable>
	</term>
	<listitem>
	  <para>
	    The date on which the user account will be disabled. The date is
	    specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-f</option>, <option>--inactive</option>
	  <replaceable>INACTIVE</replaceable>
	</term>
	<listitem>
	  <para>
	    The number of days after a password expires until the account is
	    permanently disabled. A value of 0 disables the account as soon
	    as the password has expired, and a value of -1 disables the
	    feature. The default value is -1.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-g</option>, <option>--gid</option>
	  <replaceable>GROUP</replaceable>
	</term>
	<listitem>
	  <para>
	    The group name or number of the user's new initial login group.
	    The group name must exist. A group number must refer to an
	    already existing group. The default group number is 1.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-G</option>, <option>--groups</option>
	  <replaceable>GROUP1</replaceable>[<emphasis remap='I'>,GROUP2,...</emphasis>[<emphasis remap='I'>,GROUPN</emphasis>]]]
	</term>
	<listitem>
	  <para>
	    A list of supplementary groups which the user is also a member
	    of. Each group is separated from the next by a comma, with no
	    intervening whitespace. The groups are subject to the same
	    restrictions as the group given with the <option>-g</option>
	    option. If the user is currently a member of a group which is
	    not listed, the user will be removed from the group. This
	    behaviour can be changed via <option>-a</option> option, which
	    appends user to the current supplementary group list.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-l</option>, <option>--login</option>
	  <replaceable>NEW_LOGIN</replaceable>
	</term>
	<listitem>
	  <para>
	    The name of the user will be changed from <emphasis
	    remap='I'>LOGIN</emphasis> to <emphasis
	    remap='I'>NEW_LOGIN</emphasis>. Nothing else is changed. In
	    particular, the user's home directory name should probably be
	    changed to reflect the new login name.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-L</option>, <option>--lock</option>
	</term>
	<listitem>
	  <para>
	    Lock a user's password. This puts a '!' in front of the
	    encrypted password, effectively disabling the password. You
	    can't use this option with <option>-p</option> or
	    <option>-U</option>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-o</option>, <option>--non-unique</option>
	</term>
	<listitem>
	  <para>
	    When used with the <option>-u</option> option, this option
	    allows to change the user ID to a non-unique value.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-p</option>, <option>--password</option>
	  <replaceable>PASSWORD</replaceable>
	</term>
	<listitem>
	  <para>
	    The encrypted password, as returned by <citerefentry>
	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
	    </citerefentry>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-s</option>, <option>--shell</option>
	  <replaceable>SHELL</replaceable>
	</term>
	<listitem>
	  <para>
	    The name of the user's new login shell. Setting this field to
	    blank causes the system to select the default login shell.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-u</option>, <option>--uid</option>
	  <replaceable>UID</replaceable>
	</term>
	<listitem>
	  <para>
	    The numerical value of the user's ID. This value must be unique,
	    unless the <option>-o</option> option is used. The value must be
	    non-negative. Values between 0 and 999 are typically reserved
	    for system accounts. Any files which the user owns and which are
	    located in the directory tree rooted at the user's home
	    directory will have the file user ID changed automatically. 
	    Files outside of the user's home directory must be altered
	    manually.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-U</option>, <option>--unlock</option>
	</term>
	<listitem>
	  <para>
	    Unlock a user's password. This removes the '!' in front of the
	    encrypted password. You can't use this option with
	    <option>-p</option> or <option>-L</option>.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      <command>usermod</command> will not allow you to change the name of a
      user who is logged in. You must make certain that the named user is
      not executing any processes when this command is being executed if the
      user's numerical user ID is being changed. You must change the owner
      of any crontab files manually. You must change the owner of any at
      jobs manually. You must make any changes involving NIS on the NIS
      server.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/login.defs</filename></term>
	<listitem>
	  <para>shadow password suite configuration</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: groups.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='groups.1'>
  <!-- $Id: groups.1.xml,v 1.14 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>groups</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>groups</refname>
    <refpurpose>display current group names</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>groups</command>
      <arg choice='opt'>
	<replaceable>user</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>groups</command> displays the current group names or ID
      values. If the value does not have a corresponding entry in
      <filename>/etc/group</filename>, the value will be displayed as the
      numerical group value. The optional <emphasis
      remap='I'>user</emphasis> parameter will display the groups for the
      named <emphasis remap='I'>user</emphasis>.
    </para>
  </refsect1>

  <refsect1 id='note'>
    <title>NOTE</title>
    <para>
      Systems which do not support concurrent group sets will have the
      information from <filename>/etc/group</filename> reported. The user
      must use <command>newgrp</command> or <command>sg</command> to change
      their current real and effective group ID.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>getgid</refentrytitle><manvolnum>2</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>getgroups</refentrytitle><manvolnum>2</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>getuid</refentrytitle><manvolnum>2</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: getspnam.3.xml ---

--- NEW FILE: nologin.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='newusers.8'>
  <!-- $Id: nologin.8.xml,v 1.1 2006/01/07 19:02:31 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>nologin</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>nologin</refname>
    <refpurpose>politely refuse a login</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>nologin</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>nologin</command> displays a message that an account is not
      available and exits non-zero. It is intended as a replacement shell field
      for accounts that have been disabled.
    </para>
    <para>
      To disable all logins, investigate
      <citerefentry><refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>

  <refsect1 id='history'>
    <title>HYSTORY</title>
    <para>
      The <command>nologin</command> command appeared in BSD 4.4.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: passwd.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='passwd.1'>
  <!--  $Id: passwd.1.xml,v 1.25 2006/01/16 19:17:21 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>passwd</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>passwd</refname>
    <refpurpose>change user password</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>passwd</command>
      <arg choice='opt'>-x <replaceable>max</replaceable></arg>
      <arg choice='opt'>-n <replaceable>min</replaceable></arg>
      <arg choice='opt'>-w <replaceable>warn</replaceable></arg>
      <arg choice='opt'>-i <replaceable>inact</replaceable></arg>
      <arg choice='plain'><replaceable>login</replaceable>
      </arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>passwd</command>
      <group choice='opt'>
	<arg choice='plain'>-l </arg>
	<arg choice='plain'>-u </arg>
	<arg choice='plain'>-d </arg>
	<arg choice='plain'>-S </arg>
	<arg choice='plain'>-e </arg>
      </group>
      <arg choice='plain'><replaceable>login</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>passwd</command> changes passwords for user accounts.  A
      normal user may only change the password for his/her own account, while 
      the super user may change the password for any account.
      <command>passwd</command> also changes account information, such as
      the full name of the user, the user's login shell, or his/her password
      expiry date and interval.
    </para>

    <refsect2 id='password_changes'>
      <title>Password Changes</title>
      <para>
        The user is first prompted for his/her old password, if one is
	present. This password is then encrypted and compared against the
	stored password. The user has only one chance to enter the correct
	password. The super user is permitted to bypass this step so that
	forgotten passwords may be changed.
      </para>

      <para>
        After the password has been entered, password aging information is
	checked to see if the user is permitted to change the password at
	this time. If not, <command>passwd</command> refuses to change the
	password and exits.
      </para>

      <para>
        The user is then prompted for a replacement password. This password
	is tested for complexity. As a general guideline, passwords should
	consist of 6 to 8 characters including one or more from each of
	following sets:
      </para>

      <itemizedlist mark='bullet'>
	<listitem>
	  <para>lower case alphabetics</para>
	</listitem>
	<listitem>
	  <para>digits 0 thru 9</para>
	</listitem>
	<listitem>
	  <para>punctuation marks</para>
	</listitem>
      </itemizedlist>

      <para>
        Care must be taken not to include the system default erase or kill
	characters. <command>passwd</command> will reject any password which
	is not suitably complex.
      </para>

      <para>If the password is accepted, <command>passwd</command> will
	prompt again and compare the second entry against the first. Both
	entries are required to match in order for the password to be
	changed.
      </para>
    </refsect2>

    <refsect2 id='hints_for_user_passwords'>
      <title>Hints for user passwords</title>
      <para>
        The security of a password depends upon the strength of the
	encryption algorithm and the size of the key space. The
	<emphasis>UNIX</emphasis> System encryption method is based on the
	NBS DES algorithm and is very secure. The size of the key space
	depends upon the randomness of the password which is selected.
      </para>

      <para>
        Compromises in password security normally result from careless
	password selection or handling. For this reason, you should not
	select a password which appears in a dictionary or which must be
	written down. The password should also not be a proper name, your
	license number, birth date, or street address. Any of these may be
	used as guesses to violate system security.
      </para>

      <para>
        Your password must be easily remembered so that you will not be forced
	to write it on a piece of paper. This can be accomplished by
	appending two small words together and separating each with a
	special character or digit. For example, Pass%word.
      </para>

      <para>
        Other methods of construction involve selecting an easily remembered
	phrase from literature and selecting the first or last letter from
	each word. An example of this is:
      </para>

      <itemizedlist mark='bullet'>
	<listitem>
	  <para>Ask not for whom the bell tolls</para>
	</listitem>
	<listitem>
	  <para>which produces</para>
	</listitem>
	<listitem>
	  <para>An4wtbt</para>
	</listitem>
      </itemizedlist>

      <para>
        You may be reasonably sure few crackers will have included this in
	their dictionaries. You should, however, select your own methods for
	constructing passwords and not rely exclusively on the methods given
	here.
      </para>
    </refsect2>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>passwd</command> command are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-a</option>, <option>--all</option>
	</term>
	<listitem>
	  <para>
	    This option can be used only with <option>-S</option> and causes show
	    status for all users.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-d</option>, <option>--delete</option>
	</term>
	<listitem>
	  <para>
	    Delete a user's password (make it empty). This is a quick way
	    to disable a password for an account. It will set the named
	    account passwordless.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-e</option>, <option>--expire</option>
	</term>
	<listitem>
	  <para>
	    Immediately expire an account's password. This in effect can
	    force a user to change his/her password at the user's next login.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-h</option>, <option>--help</option></term>
	<listitem>
	  <para>Display help message and exit.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-i</option>, <option>--inactive</option> <replaceable>INACTIVE</replaceable>
	</term>
	<listitem>
	  <para>
	    This option is used to disable an account after the password has
	    been expired for a number of days. After a user account has had
	    an expired password for <replaceable>INACTIVE</replaceable>
	    days, the user may no longer sign on to the account.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-k</option>, <option>--keep-tokens</option>
	</term>
	<listitem>
	  <para>
	    Indicate change password should be performed only for expired
	    authentication tokens (passwords). The user wishes to keep their
	    non-expired tokens as before.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-l</option>, <option>--lock</option>
	</term>
	<listitem>
	  <para>
	    Lock the named account. This option disables an account by changing
	    the password to a value which matches no possible encrypted value.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-n</option>, <option>--mindays</option> <replaceable>MIN_DAYS</replaceable>
	</term>
	<listitem>
	  <para>
	    Set the minimum number of days between password changes. A value
	    of zero for this field indicates that the user may change his/her
	    password at any time.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-q</option>, <option>--quiet</option>
	</term>
	<listitem>
	  <para>
	    Quiet mode.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-r</option>, <option>--repository</option> <replaceable>REPOSITORY</replaceable>
	</term>
	<listitem>
	  <para>
	    change password in <replaceable>REPOSITORY</replaceable> repository
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-S</option>, <option>--status</option>
	</term>
	<listitem>
	  <para>
	    Display account status information. The status information
	    consists of 7 fields. The first field is the user's login name. 
	    The second field indicates if the user account is locked (L),
	    has no password (NP), or has a usable password (P). The third
	    field gives the date of the last password change. The next four
	    fields are the minimum age, maximum age, warning period, and
	    inactivity period for the password. These ages are expressed in
	    days.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-u</option>, <option>--unlock</option>
	</term>
	<listitem>
	  <para>
	    Unlock the named account. This option re-enables an account by
	    changing the password back to its previous value (to value before
	    using <option>-l</option> option).
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-w</option>, <option>--warndays</option> <replaceable>WARN_DAYS</replaceable>
	</term>
	<listitem>
	  <para>
	    Set the number of days of warning before a password change is
	    required. The <replaceable>WARN_DAYS</replaceable> option is
	    the number of days prior to the password expiring that a user
	    will be warned that his/her password is about to expire.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-x</option>, <option>--maxdays</option> <replaceable>MAX_DAYS</replaceable>
	</term>
	<listitem>
	  <para>
	    Set the maximum number of days a password remains valid. After
	    <replaceable>MAX_DAYS</replaceable>, the password is required
	    to be changed.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      Not all options may be supported. Password complexity checking may
      vary from site to site. The user is urged to select a password as
      complex as he or she feels comfortable with. Users may not be able to 
      change their password on a system if NIS is enabled and they are not 
      logged into the NIS server.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='exit_values'>
    <title>EXIT VALUES</title>
    <para>
      The <command>passwd</command> command exits with the following values:
      <variablelist>
	<varlistentry>
	  <term><replaceable>0</replaceable></term>
	  <listitem>
	    <para>success</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>1</replaceable></term>
	  <listitem>
	    <para>permission denied</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>2</replaceable></term>
	  <listitem>
	    <para>invalid combination of options</para>
	    </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>3</replaceable></term>
	  <listitem>
	    <para>unexpected failure, nothing done</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>4</replaceable></term>
	  <listitem>
	    <para>unexpected failure, passwd file missing</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>5</replaceable></term>
	  <listitem>
	    <para>passwd file busy, try again</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>6</replaceable></term>
	  <listitem>
	    <para>invalid argument to option</para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: login.access.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='login.access.5'>
  <!-- $Id: login.access.5.xml,v 1.17 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>login.access</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>login.access</refname>
    <refpurpose>Login access control table</refpurpose>
  </refnamediv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      The <emphasis remap='I'>login.access</emphasis> file specifies (user,
      host) combinations and/or (user, tty) combinations for which a login
      will be either accepted or refused.
    </para>

    <para>
      When someone logs in, the <emphasis remap='I'>login.access</emphasis>
      is scanned for the first entry that matches the (user, host)
      combination, or, in case of non-networked logins, the first entry that
      matches the (user, tty) combination. The permissions field of that
      table entry determines whether the login will be accepted or refused.
    </para>

    <para>
      Each line of the login access control table has three fields separated
      by a ":" character:
    </para>

    <para>
      <emphasis remap='I'>permission</emphasis>:<emphasis remap='I'>users</emphasis>:<emphasis remap='I'>origins</emphasis>
    </para>

    <para>
      The first field should be a "<emphasis>+</emphasis>" (access granted)
      or "<emphasis>-</emphasis>" (access denied) character. The second
      field should be a list of one or more login names, group names, or
      <emphasis>ALL</emphasis> (always matches). The third field should be a
      list of one or more tty names (for non-networked logins), host names,
      domain names (begin with "<literal>.</literal>"), host addresses,
      internet network numbers (end with "<literal>.</literal>"),
      <emphasis>ALL</emphasis> (always matches) or
      <emphasis>LOCAL</emphasis> (matches any string that does not contain a
      "<literal>.</literal>" character). If you run NIS you can use
      @netgroupname in host or user patterns.
    </para>

    <para>
      The <emphasis>EXCEPT</emphasis> operator makes it possible to write
      very compact rules.
    </para>

    <para>
      The group file is searched only when a name does not match that of the
      logged-in user. Only groups are matched in which users are explicitly
      listed: the program does not look at a user's primary group id value.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/login.defs</filename></term>
	<listitem>
	  <para>shadow password suite configuration</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: faillog.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='faillog.8'>
  <!--  $Id: faillog.8.xml,v 1.18 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>faillog</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>faillog</refname>
    <refpurpose>display faillog records or set login failure limits</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>faillog</command>
      <arg choice='opt'>
	<replaceable>options</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>faillog</command> formats the contents of the failure log
      from <filename>/var/log/faillog</filename> database. It also can be
      used for maintains failure counters and limits. Run
      <command>faillog</command> without arguments display only list of user
      faillog records who have ever had a login failure.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>faillog</command> command
      are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term><option>-a</option>, <option>--all</option></term>
	<listitem>
	  <para>Display faillog records for all users.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-h</option>, <option>--help</option></term>
	<listitem>
	  <para>Display help message and exit.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-l</option>, <option>--lock-time</option>
	  <replaceable>SEC</replaceable>
	</term>
	<listitem>
	  <para>
	    Lock account to <replaceable>SEC</replaceable>
	    seconds after failed login.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-m</option>, <option>--maximum</option>
	  <replaceable>MAX</replaceable>
	</term>
	<listitem>
	  <para>
	    Set maximum number of login failures after the account is
	    disabled to <replaceable>MAX</replaceable>. Selecting
	    <replaceable>MAX</replaceable> value of 0 has the effect of not
	    placing a limit on the number of failed logins. The maximum
	    failure count should always be 0 for <emphasis>root</emphasis>
	    to prevent a denial of services attack against the system.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-r</option>, <option>--reset</option></term>
	<listitem>
	  <para>
	    Reset the counters of login failures or one record if used with
	    the -u <replaceable>LOGIN</replaceable> option. Write access to
	    <filename>/var/log/faillog</filename> is required for this
	    option.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-t</option>, <option>--time</option>
	<replaceable>DAYS</replaceable>
	</term>
	<listitem>
	  <para>
	    Display faillog records more recent than
	    <replaceable>DAYS</replaceable>. The <option>-t</option>
	    flag overrides the use of <option>-u</option>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-u</option>, <option>--user</option> <replaceable>LOGIN</replaceable>
	</term>
	<listitem>
	  <para>
	    Display faillog record or maintains failure counters and limits
	    (if used with <option>-l</option>, <option>-m</option> or
	    <option>-r</option> options) only for user with
	    <replaceable>LOGIN</replaceable>.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      <command>faillog</command> only prints out users with no successful
      login since the last failure. To print out a user who has had a
      successful login since their last failure, you must explicitly request
      the user with the <option>-u</option> flag, or print out all users
      with the <option>-a</option> flag.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/var/log/faillog</filename></term>
	<listitem>
	  <para>failure logging file</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>faillog</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: su.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='su.1'>
  <!--  $Id: su.1.xml,v 1.22 2006/01/22 10:14:51 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>su</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>su</refname>
    <refpurpose>change user ID or become super-user</refpurpose>
  </refnamediv>
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>su</command>
      <arg choice='opt'>
	<replaceable>options</replaceable>
      </arg>
      <arg choice='opt'>- </arg>
      <arg choice='opt'>
	<arg choice='plain'>
	  <replaceable>username</replaceable>
	</arg>
	<arg choice='opt'>
	  <replaceable>args</replaceable>
	</arg>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>su</command> is used to become another user during a login
      session. Invoked without a username, <command>su</command> defaults to
      becoming the super user. The optional argument <option>-</option> may
      be used to provide an environment similar to what the user would
      expect had the user logged in directly.
    </para>

    <para>
      Additional arguments may be provided after the username, in which case
      they are supplied to the user's login shell. In particular, an
      argument of <option>-c</option> will cause the next argument to be
      treated as a command by most command interpreters. The command will be
      executed by the shell specified in <filename>/etc/passwd</filename>
      for the target user.
    </para>

    <para>
      You can use the <option>--</option> argument to separate
      <command>su</command> options from the arguments supplied to the shell.
    </para>

    <para>The user will be prompted for a password, if appropriate. Invalid
      passwords will produce an error message. All attempts, both valid and
      invalid, are logged to detect abuse of the system.
    </para>

    <para>
      The current environment is passed to the new shell. The value of
      <envar>$PATH</envar> is reset to <filename>/bin:/usr/bin</filename>
      for normal users, or <filename>/sbin:/bin:/usr/sbin:/usr/bin</filename>
      for the super user. This may be changed with the
      <emphasis>ENV_PATH</emphasis> and <emphasis>ENV_SUPATH</emphasis>
      definitions in <filename>/etc/login.defs</filename>.
    </para>

    <para>
      A subsystem login is indicated by the presence of a "*" as the first
      character of the login shell. The given home directory will be used as
      the root of a new file system which the user is actually logged into.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>The options which apply to the <command>su</command> command are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-c</option>, <option>--command</option>
	  <replaceable>SHELL</replaceable>
	</term>
	<listitem>
	  <para>
	    Specify a command that will be invoked by the shell using its
	    <option>-c</option>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-</option>, <option>-l</option>, <option>--login</option>
	</term>
	<listitem>
	  <para>
	    Provide an environment similar to what the user would expect had
	    the user logged in directly.
	  </para>
	  <para>
	    When <option>-</option> is used, it must be specified as the last
	    <command>su</command> option.
	    The other forms (<option>-l</option> and <option>--login</option>)
	    do not have this restriction.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-s</option>, <option>--shell</option>
	  <replaceable>SHELL</replaceable>
	</term>
	<listitem>
	  <para>The shell that will be invoked.</para>
	  <para>
	    The invoked shell is choosen among (higest priority first):
	    <itemizedlist>
	      <listitem>
		<para>The shell specified with --shell</para>
	      </listitem>
	      <listitem>
		<para>
		  If <option>--preserve-environment</option> is used, the
		  shell specified by the <envar>$SHELL</envar> environment
		  variable.
		</para>
	      </listitem>
	      <listitem>
		<para>
		  The shell indicated in the /etc/passwd entry for the target
		  user.
		</para>
	      </listitem>
	      <listitem>
		<para>
		  /bin/sh if a shell could not be found by any above method.
		</para>
	      </listitem>
	    </itemizedlist>
	  </para>
	  <para>
	    If the target user has a restricted shell (i.e. the shell field of
	    this user's entry in <filename>/etc/passwd</filename> is not
	    specified in <filename>/etc/shell</filename>), then the
	    <option>--shell</option> option or the <envar>$SHELL</envar>
	    environment variable won't be taken into account unless
	    <command>su</command> is called by the root.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-m</option>, <option>-p</option>,
	  <option>--preserve-environment</option>
	</term>
	<listitem>
	  <para>Preserve the current environment.</para>
	  <para>
	    If the target user has a restricted shell, this option has no
	    effect (unless <command>su</command> is called by root).
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      This version of <command>su</command> has many compilation options,
      only some of which may be in use at any particular site.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para><citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>
    </para>
  </refsect1>
</refentry>

--- NEW FILE: pw_auth.3.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='pw_auth.3'>
  <!-- $Id: pw_auth.3.xml,v 1.17 2005/11/05 17:17:30 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>pw_auth</refentrytitle>
    <manvolnum>3</manvolnum>
    <refmiscinfo class="sectdesc">Library Calls</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>pw_auth</refname>
    <refpurpose>administrator defined password authentication routines</refpurpose>
  </refnamediv>

  <refsect1 id='syntax'>
    <title>SYNTAX</title>
    <para>
      <emphasis>#include &lt;pwauth.h&gt;</emphasis>
    </para>

    <para>
      <emphasis>int pw_auth (char</emphasis>
      <emphasis remap='I'>*command,</emphasis>
      <emphasis>char</emphasis>
      <emphasis remap='I'>*user,</emphasis>
      <emphasis>int</emphasis>
      <emphasis remap='I'>reason,</emphasis>
      <emphasis>char</emphasis>
      <emphasis remap='I'>*input)</emphasis><emphasis>;</emphasis>
    </para>
  </refsect1>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <emphasis>pw_auth</emphasis> invokes the administrator defined
      functions for a given user.
    </para>

    <para>
      <emphasis remap='I'>command</emphasis> is the name of the
      authentication program. It is retrieved from the user's password file
      information. The string contains one or more executable file names,
      delimited by semi-colons. Each program will be executed in the order
      given. The command line arguments are given for each of the reasons
      listed below.
    </para>

    <para>
      <emphasis remap='I'>user</emphasis> is the name of the user to be
      authenticated, as given in the <filename>/etc/passwd</filename> file. 
      User entries are indexed by username. This allows non-unique user IDs
      to be present and for each different username associated with that
      user ID to have a different authentication program and information.
    </para>

    <para>
      Each of the permissible authentication reasons is handled in a
      potentially differenent manner. Unless otherwise mentioned, the
      standard file descriptors 0, 1, and 2 are available for communicating
      with the user. The real user ID may be used to determine the identity
      of the user making the authentication request. <emphasis
      remap='I'>reason</emphasis> is one of:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <emphasis>PW_SU</emphasis>
	</term>
	<listitem>
	  <para>
	    Perform authentication for the current real user ID attempting
	    to switch real user ID to the named user. The authentication
	    program will be invoked with a <option>-s</option> option,
	    followed by the username.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis>PW_LOGIN</emphasis>
	</term>
	<listitem>
	  <para>
	    Perform authentication for the named user creating a new login
	    session. The authentication program will be invoked with a
	    <option>-l</option> option, followed by the username.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis>PW_ADD</emphasis>
	</term>
	<listitem>
	  <para>
	    Create a new entry for the named user. This allows an
	    authentication program to initialize storage for a new user. The
	    authentication program will be invoked with a
	    <option>-a</option> option, followed by the username.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis>PW_CHANGE</emphasis>
	</term>
	<listitem>
	  <para>
	    Alter an existing entry for the named user. This allows an
	    authentication program to alter the authentication information
	    for an existing user. The authentication program will be invoked
	    with a <option>-c</option> option, followed by the username.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis>PW_DELETE</emphasis>
	</term>
	<listitem>
	  <para>
	    Delete authentication information for the named user. This
	    allows an authentication program to reclaim storage for a user
	    which is no longer authenticated using the authentication
	    program. The authentication program will be invoked with a
	    <option>-d</option> option, followed by the username.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis>PW_TELNET</emphasis>
	</term>
	<listitem>
	  <para>
	    Authenticate a user who is connecting to the system using the
	    <command>telnet</command> command. The authentication program
	    will be invoked with a <option>-t</option> option, followed by
	    the username.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis>PW_RLOGIN</emphasis>
	</term>
	<listitem>
	  <para>
	    Authenticate a user who is connecting to the system using the
	    <emphasis>rlogin</emphasis> command. The
	    authentication program will be invoked with a
	    <option>-r</option> option, followed by the username.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis>PW_FTP</emphasis>
	</term>
	<listitem>
	  <para>
	    Authenticate a user who is connecting to the system using the
	    <emphasis>ftp</emphasis> command. The authentication program
	    will be invoked with a <option>-f</option> option, followed by
	    the username. The standard file descriptors are not available
	    for communicating with the user. The standard input file
	    descriptor will be connected to the parent process, while the
	    other two output file descriptors will be connected to
	    <filename>/dev/null</filename>. The <emphasis>pw_auth</emphasis>
	    function will pipe a single line of data to the authentication
	    program using file descriptor 0.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis>PW_REXEC</emphasis>
	</term>
	<listitem>
	  <para>
	    Authenticate a user who is connecting to the system using the
	    <emphasis remap='I'>rexec</emphasis> command. The authentication
	    program will be invoked with a <option>-x</option> option,
	    followed by the username. The standard file descriptors are not
	    available for communicating with the remote user. The standard
	    input file descriptor will be connected to the parent process,
	    while the other two output file descriptors will be connected to
	    <filename>/dev/null</filename>. The <emphasis>pw_auth</emphasis>
	    function will pipe a single line of data to the authentication
	    program using file descriptor 0.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>

    <para>
      The last argument is the authentication data which is used by the
      <emphasis>PW_FTP</emphasis> and <emphasis>PW_REXEC</emphasis> reasons.
      It is treated as a single line of text which is piped to the
      authentication program. When the reason is
      <emphasis>PW_CHANGE,</emphasis> the value of <emphasis
      remap='I'>input</emphasis> is the value of previous user name if the
      user name is being changed.
    </para>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      This function does not create the actual session. It only indicates if
      the user should be allowed to create the session.
    </para>

    <para>The network options are untested at this time.</para>
  </refsect1>

  <refsect1 id='diagnostics'>
    <title>DIAGNOSTICS</title>
    <para>
      The <emphasis>pw_auth</emphasis> function returns 0 if the
      authentication program exited with a 0 exit code, and a non-zero value
      otherwise.
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: login.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='login.1'>
  <!--  $Id: login.1.xml,v 1.24 2006/01/07 19:30:45 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>login</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>login</refname>
    <refpurpose>begin session on the system</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>login</command>
      <arg choice='opt'>-p </arg>
      <arg choice='opt'>
      <replaceable>username</replaceable></arg>
      <arg choice='opt' rep='repeat'> <replaceable>ENV=VAR</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>login</command>
      <arg choice='opt'>-p </arg>
      <arg choice='opt'>-h <replaceable>host</replaceable></arg>
      <arg choice='opt'>-f <replaceable>username</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>login</command>
      <arg choice='opt'>-p </arg>
      <arg choice='plain'>-r <replaceable>host</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>login</command> is used to establish a new session with the
      system. It is normally invoked automatically by responding to the
      <emphasis remap='I'>login:</emphasis> prompt on the user's
      terminal. <command>login</command> may be special to the shell and may
      not be invoked as a sub-process. Typically, <command>login</command>
      is treated by the shell as <emphasis remap='B'>exec login</emphasis>
      which causes the user to exit from the current shell. Attempting to
      execute <command>login</command> from any shell but the login shell
      will produce an error message.
    </para>

    <para>
      The user is then prompted for a password, where appropriate. Echoing
      is disabled to prevent revealing the password. Only a small number of
      password failures are permitted before <command>login</command> exits
      and the communications link is severed.
    </para>

    <para>
      If password aging has been enabled for your account, you may be
      prompted for a new password before proceeding. You will be forced to
      provide your old password and the new password before continuing. 
      Please refer to <citerefentry>
      <refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry> for more information.
    </para>

    <para>
      After a successful login, you will be informed of any system messages
      and the presence of mail. You may turn off the printing of the system
      message file, <filename>/etc/motd</filename>, by creating a
      zero-length file <filename>.hushlogin</filename> in your login directory. 
      The mail message will be one of "<emphasis>You have new
      mail.</emphasis>", "<emphasis>You have mail.</emphasis>", or
      "<emphasis>No Mail.</emphasis> "according to the condition of your
      mailbox.
    </para>

    <para>
      Your user and group ID will be set according to their values in the
      <filename>/etc/passwd</filename> file. The value for
      <envar>$HOME</envar>, <envar>$SHELL</envar>, <envar>$PATH</envar>,
      <envar>$LOGNAME</envar>, and <envar>$MAIL</envar> are set according
      to the appropriate fields in the password entry. Ulimit, umask and nice
      values may also be set according to entries in the GECOS field.
    </para>

    <para>
      On some installations, the environmental variable
      <envar>$TERM</envar> will be initialized to the terminal type on
      your tty line, as specified in <filename>/etc/ttytype</filename>.
    </para>

    <para>
      An initialization script for your command interpreter may also be
      executed. Please see the appropriate manual section for more
      information on this function.
    </para>

    <para>
      A subsystem login is indicated by the presence of a "*" as the first
      character of the login shell. The given home directory will be used as
      the root of a new file system which the user is actually logged into.
    </para>

    <para>
      The <command>login</command> program is NOT responsible for removing
      users from the utmp file. It is the responsibility of
      <citerefentry><refentrytitle>getty</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry> and
      <citerefentry><refentrytitle>init</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry> to clean up apparent ownership
      of a terminal session. If you use <command>login</command> from the
      shell prompt without <command>exec</command>, the user you use will
      continue to appear to be logged in even after you log out of the
      "subsession".
    </para>

  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-f</option>
	</term>
	<listitem>
	  <para>Do not perform authentication, user is preauthenticated.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-h</option>
	</term>
	<listitem>
	  <para>Name of the remote host for this login.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-p</option>
	</term>
	<listitem>
	  <para>Preserve environment.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-r</option>
	</term>
	<listitem>
	  <para>Perform autologin protocol for rlogin.</para>
	</listitem>
      </varlistentry>
    </variablelist>

    <para>
      The <option>-r</option>, <option>-h</option> and <option>-f</option>
      options are only used when <command>login</command> is invoked by
      root.
    </para>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      This version of <command>login</command> has many compilation options,
      only some of which may be in use at any particular site.
    </para>

    <para>The location of files is subject to differences in system
      configuration.
    </para>

    <para>
      The <command>login</command> program is NOT responsible for removing
      users from the utmp file. It is the responsibility of <citerefentry>
      <refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry> and <citerefentry>
      <refentrytitle>init</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry> to clean up apparent ownership of a terminal session. 
      If you use <command>login</command> from the shell prompt without
      <command>exec</command>, the user you use will continue to appear to
      be logged in even after you log out of the "subsession".
    </para>

    <para>
      As any program, <command>login</command> appearance could be faked. 
      If non-trusted users have a physical access to the machine, an
      attacker could use this to obtain the password of the next person
      sitting in front of the machine. Under Linux, the SAK mecanism can be
      used by users to initiate of a trusted path and prevent this kind of
      attack.
    </para>

  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/var/run/utmp</filename></term>
	<listitem>
	  <para>list of current login sessions</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/var/log/wtmp</filename></term>
	<listitem>
	  <para>list of previous login sessions</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/motd</filename></term>
	<listitem>
	  <para>system message of the day file</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/nologin</filename></term>
	<listitem>
	  <para>prevent non-root users from logging in</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/ttytype</filename></term>
	<listitem>
	  <para>list of terminal types</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>$HOME/.hushlogin</filename></term>
	<listitem>
	  <para>suppress printing of system messages</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>mail</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>securetty</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: vigr.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY vigr-8 SYSTEM "vipw.8.xml">
]>
&vigr-8;

--- NEW FILE: newusers.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='newusers.8'>
  <!-- $Id: newusers.8.xml,v 1.14 2005/11/05 17:17:30 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>newusers</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>newusers</refname>
    <refpurpose>update and create new users in batch</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>newusers</command>
      <arg choice='opt'>
	<replaceable>new_users</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>newusers</command> reads a file of user name and clear-text
      password pairs and uses this information to update a group of existing
      users or to create new users. Each line is in the same format as the
      standard password file (see
      <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>) with the following exceptions:
    </para>

    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <emphasis remap='I'>pw_passwd</emphasis>
	</term>
	<listitem>
	  <para>
	    This field will be encrypted and used as the new value of the
	    encrypted password.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis remap='I'>pw_age</emphasis>
	</term>
	<listitem>
	  <para>
	    This field will be ignored for shadow passwords if the user
	    already exists.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis remap='I'>pw_gid</emphasis>
	</term>
	<listitem>
	  <para>
	    This field may be the name of an existing group, in which case
	    the named user will be added as a member. If a non-existent
	    numerical group is given, a new group will be created having
	    this number.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <emphasis remap='I'>pw_dir</emphasis>
	</term>
	<listitem>
	  <para>
	    This field will be checked for existence as a directory and a
	    new directory with the same name will be created if it does not
	    already exist. The ownership of the directory will be set to be
	    that of the user being created or updated.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>

    <para> 
      This command is intended to be used in a large system environment
      where many accounts are updated at a single time.
    </para>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      The input file must be protected since it contains unencrypted
      passwords.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/login.defs</filename></term>
	<listitem>
	  <para>shadow password suite configuration</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: grpconv.8.xml ---

--- NEW FILE: chsh.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='chsh.1'>
  <!-- $Id: chsh.1.xml,v 1.19 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>chsh</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>chsh</refname>
    <refpurpose>change login shell</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>chsh</command>
      <arg choice='opt'>-s <replaceable>login_shell</replaceable></arg>
      <arg choice='opt'><replaceable>user</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>chsh</command> changes the user login shell. This determines
      the name of the user's initial login command. A normal user may only
      change the login shell for her own account, the super user may change
      the login shell for any account.
    </para>

    <para>
      The only restriction placed on the login shell is that the command
      name must be listed in <filename>/etc/shells</filename>, unless the
      invoker is the super-user, and then any value may be added. An
      account with a restricted login shell may not change her login shell.
      For this reason, placing <filename>/bin/rsh</filename> in
      <filename>/etc/shells</filename> is discouraged since accidentally
      changing to a restricted shell would prevent the user from ever
      changing her login shell back to its original value.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      If the <option>-s</option> option is not selected,
      <command>chsh</command> operates in an interactive fashion, prompting
      the user with the current login shell. Enter the new value to change
      the shell, or leave the line blank to use the current one. The current
      shell is displayed between a pair of <emphasis>[ ]</emphasis> marks.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shells</filename></term>
	<listitem>
	  <para>list of valid login shells</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/login.defs</filename></term>
	<listitem>
	  <para>shadow password suite configuration</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: userdel.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='userdel.8'>
  <!-- $Id: userdel.8.xml,v 1.20 2005/11/05 17:17:30 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>userdel</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>userdel</refname>
    <refpurpose>Delete a user account and related files</refpurpose>
  </refnamediv>
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>userdel</command>
      <arg choice='opt'>-f </arg>
      <arg choice='opt'>-r </arg>
      <arg choice='plain'>
	<replaceable>login_name</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      The <command>userdel</command> command modifies the system account
      files, deleting all entries that refer to <emphasis
      remap='I'>login_name</emphasis>. The named user must exist.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>userdel</command> command are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-f</option>
	</term>
	<listitem>
	  <para>
	    This option forces the removal of the user, even if she is still
	    logged in. It also forces <command>userdel</command> to remove
	    the user's home directory or her mail spool, even if another
	    user uses the same home directory or if the mail spool is not
	    owned by the specified user.  If
	    <emphasis>USERGROUPS_ENAB</emphasis> is defined to <emphasis
	    remap='I'>yes</emphasis> in <filename>/etc/login.defs</filename>
	    and if a group exists with the same name as the deleted user,
	    then this group will be removed, even if it is still the primary
	    group of another user.
	  </para>
	  <para>
	    <emphasis>Note:</emphasis> This option is dangerous and may let
	    your system in an inconsistent state.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-r</option>
	</term>
	<listitem>
	  <para>
	    Files in the user's home directory will be removed along with
	    the home directory itself and the user's mail spool. Files
	    located in other file systems will have to be searched for and
	    deleted manually.
	  </para>
	  <para>
	    The mail spool is defined by the <emphasis>MAIL_DIR</emphasis>
	    variable in the <filename>login.defs</filename> file.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/login.defs</filename></term>
	<listitem>
	  <para>shadow password suite configuration</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='exit_values'>
    <title>EXIT VALUES</title>
    <para>
      The <command>userdel</command> command exits with the following values:
      <variablelist>
	<varlistentry>
	  <term><replaceable>0</replaceable></term>
	  <listitem>
	    <para>success</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>1</replaceable></term>
	  <listitem>
	    <para>can't update password file</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>2</replaceable></term>
	  <listitem>
	    <para>invalid command syntax</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>6</replaceable></term>
	  <listitem>
	    <para>specified user doesn't exist</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>8</replaceable></term>
	  <listitem>
	    <para>user currently logged in</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>10</replaceable></term>
	  <listitem>
	    <para>can't update group file</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>12</replaceable></term>
	  <listitem>
	    <para>can't remove home directory</para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </para>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      <command>userdel</command> will not allow you to remove an account if
      the user is currently logged in. You must kill any running processes
      which belong to an account that you are deleting.
    </para>
    <para>You may not remove any NIS attributes on a NIS client. This must
      be performed on the NIS server.
    </para>
    <para>If <emphasis>USERGROUPS_ENAB</emphasis> is defined to <emphasis
      remap='I'>yes</emphasis> in <filename>/etc/login.defs</filename>,
      <command>userdel</command> will delete the group with the same name
      as the user. To avoid inconsistencies in the passwd and group
      databases, <command>userdel</command> will check that this group is
      not used as a primary group for another user, and will just warn
      without deleting the user otherwise. The <option>-f</option> option
      can force the deletion of this group.
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para><citerefentry>
	<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: shadow.3.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='shadow.3'>
  <!--  $Id: shadow.3.xml,v 1.19 2005/11/05 17:17:30 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>shadow</refentrytitle>
    <manvolnum>3</manvolnum>
    <refmiscinfo class="sectdesc">Library Calls</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>shadow</refname>
    <refname>getspnam</refname>
    <refpurpose>encrypted password file routines</refpurpose>
  </refnamediv>

  <refsect1 id='syntax'>
    <title>SYNTAX</title>
    <para>
      <emphasis>#include &lt;shadow.h&gt;</emphasis>
    </para>

    <para>
      <emphasis>struct spwd *getspent();</emphasis>
    </para>

    <para>
      <emphasis>struct spwd *getspnam(char</emphasis> <emphasis
      remap='I'>*name</emphasis><emphasis>);</emphasis>
    </para>

    <para>
      <emphasis>void setspent();</emphasis>
    </para>

    <para>
      <emphasis>void endspent();</emphasis>
    </para>

    <para>
      <emphasis>struct spwd *fgetspent(FILE</emphasis> <emphasis
      remap='I'>*fp</emphasis><emphasis>);</emphasis>
    </para>

    <para>
      <emphasis>struct spwd *sgetspent(char</emphasis> <emphasis
      remap='I'>*cp</emphasis><emphasis>);</emphasis>
    </para>

    <para>
      <emphasis>int putspent(struct spwd</emphasis> <emphasis
      remap='I'>*p,</emphasis> <emphasis>FILE</emphasis> <emphasis
      remap='I'>*fp</emphasis><emphasis>);</emphasis>
    </para>

    <para>
      <emphasis>int lckpwdf();</emphasis>
    </para>

    <para>
      <emphasis>int ulckpwdf();</emphasis>
    </para>
  </refsect1>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <emphasis remap='I'>shadow</emphasis> manipulates the contents of the
      shadow password file, <filename>/etc/shadow</filename>. The structure
      in the <emphasis remap='I'>#include</emphasis> file is:
    </para>
    <programlisting>struct spwd {
      char		*sp_namp; /* user login name */
      char		*sp_pwdp; /* encrypted password */
      long int		sp_lstchg; /* last password change */
      long int		sp_min; /* days until change allowed. */
      long int		sp_max; /* days before change required */
      long int		sp_warn; /* days warning for expiration */
      long int		sp_inact; /* days before account inactive */
      long int		sp_expire; /* date when account expires */
      unsigned long int	sp_flag; /* reserved for future use */
}
    </programlisting>
    <para>The meanings of each field are:</para>
    <itemizedlist mark='bullet'>
      <listitem>
	<para>sp_namp - pointer to null-terminated user name</para>
      </listitem>
      <listitem>
	<para>sp_pwdp - pointer to null-terminated password</para>
      </listitem>
      <listitem>
	<para>sp_lstchg - days since Jan 1, 1970 password was last changed</para>
      </listitem>
      <listitem>
	<para>sp_min - days before which password may not be changed</para>
      </listitem>
      <listitem>
	<para>sp_max - days after which password must be changed</para>
      </listitem>
      <listitem>
	 <para>sp_warn - days before password is to expire that user is warned of
	   pending password expiration
	 </para>
      </listitem>
      <listitem>
	<para>sp_inact - days after password expires that account is considered
	  inactive and disabled
	</para>
      </listitem>
      <listitem>
	<para>sp_expire - days since Jan 1, 1970 when account will be disabled</para>
      </listitem>
      <listitem>
	<para>sp_flag - reserved for future use</para>
      </listitem>
    </itemizedlist>

  </refsect1>

  <refsect1 id='description2'>
    <title>DESCRIPTION</title>
    <para>
      <emphasis>getspent</emphasis>, <emphasis>getspname</emphasis>,
      <emphasis>fgetspent</emphasis>, and <emphasis>sgetspent</emphasis>
      each return a pointer to a <emphasis>struct spwd</emphasis>.
      <emphasis>getspent</emphasis> returns the next entry from the file,
      and <emphasis>fgetspent</emphasis> returns the next entry from the
      given stream, which is assumed to be a file of the proper format.
      <emphasis>sgetspent</emphasis> returns a pointer to a <emphasis>struct
      spwd</emphasis> using the provided string as input.
      <emphasis>getspnam</emphasis> searches from the current position in
      the file for an entry matching <emphasis>name</emphasis>.
    </para>

    <para>
      <emphasis>setspent</emphasis> and <emphasis>endspent</emphasis> may be
      used to begin and end, respectively, access to the shadow password
      file.
    </para>
    
    <para>
      The <emphasis>lckpwdf</emphasis> and <emphasis>ulckpwdf</emphasis>
      routines should be used to insure exclusive access to the
      <filename>/etc/shadow</filename> file.  <emphasis>lckpwdf</emphasis>
      attempts to acquire a lock using <emphasis>pw_lock</emphasis> for up
      to 15 seconds. It continues by attempting to acquire a second lock
      using <emphasis>spw_lock</emphasis> for the remainder of the initial
      15 seconds. Should either attempt fail after a total of 15 seconds,
      <emphasis>lckpwdf</emphasis> returns -1. When both locks are acquired
      0 is returned.
    </para>
  </refsect1>

  <refsect1 id='diagnostics'>
    <title>DIAGNOSTICS</title>
    <para>
      Routines return NULL if no more entries are available or if an error
      occurs during processing. Routines which have <emphasis>int</emphasis>
      as the return value return 0 for success and
      -1 for failure.
    </para>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      These routines may only be used by the super user as access to the
      shadow password file is restricted.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>getpwent</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: logoutd.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='logoutd.8'>
  <!-- $Id: logoutd.8.xml,v 1.15 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>logoutd</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>logoutd</refname>
    <refpurpose>Enforce login time restrictions</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>logoutd</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>logoutd</command> enforces the login time and port
      restrictions specified in <filename>/etc/porttime</filename>. 
      <command>logoutd</command> should be started from
      <filename>/etc/rc</filename>. The <filename>/var/run/utmp</filename>
      file is scanned periodically and each user name is checked to see if
      the named user is permitted on the named port at the current time. 
      Any login session which is violating the restrictions in
      <filename>/etc/porttime</filename> is terminated.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/porttime</filename></term>
	<listitem>
	  <para>login and port permissions</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/var/run/utmp</filename></term>
	<listitem>
	  <para>list of current login sessions</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
</refentry>

--- NEW FILE: gpasswd.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='gpasswd.1'>
  <!-- $Id: gpasswd.1.xml,v 1.16 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>gpasswd</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>gpasswd</refname>
    <refpurpose>administer the /etc/group file</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>gpasswd</command>
      <arg choice='plain'>
	<replaceable>group</replaceable>
      </arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>gpasswd</command>
      <arg choice='plain'>-a <replaceable>user</replaceable></arg>
      <arg choice='plain'><replaceable>group</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>gpasswd</command>
      <arg choice='plain'>-d <replaceable>user</replaceable></arg>
      <arg choice='plain'><replaceable>group</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>gpasswd</command>
      <arg choice='plain'>-R <replaceable>group</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>gpasswd</command>
      <arg choice='plain'>-r <replaceable>group</replaceable></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>gpasswd</command>
      <arg choice='opt' rep='repeat'>-A <replaceable>user,</replaceable></arg>
      <arg choice='opt' rep='repeat'>-M <replaceable>user,</replaceable></arg>
      <arg choice='plain'><replaceable>group</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>gpasswd</command> is used to administer the
      <filename>/etc/group</filename> file (and
      <filename>/etc/gshadow</filename> file if compiled with SHADOWGRP
      defined). Every group can have administrators, members and a password. 
      System administrator can use <option>-A</option> option to define
      group administrator(s) and <option>-M</option> option to define
      members and has all rights of group administrators and members.
    </para>

    <refsect2 id='notes_about_group_passwords'>
      <title>Notes about group passwords</title>
      <para>
	Group passwords are an inherent security problem since more than one
	person is permitted to know the password. However, groups are a
	useful tool for permitting co-operation between different users.
      </para>
    </refsect2>
          
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      Group administrator can add and delete users using <option>-a</option>
      and <option>-d</option> options respectively. Administrators can use
      <option>-r</option> option to remove group password. When no password
      is set only group members can use <command>newgrp</command> to join
      the group. Option <option>-R</option> disables access via a password
      to the group through <command>newgrp</command> command (however
      members will still be able to switch to this group).
    </para>

    <para>
      <command>gpasswd</command> called by a group administrator with group
      name only prompts for the group password. If password is set the
      members can still <citerefentry>
      <refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry> without a password, non-members must supply the
      password.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/gshadow</filename></term>
	<listitem>
	  <para>secure group account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: porttime.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='porttime.5'>
  <!--  $Id: porttime.5.xml,v 1.15 2005/11/05 17:17:30 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>porttime</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>porttime</refname>
    <refpurpose>port access time file</refpurpose>
  </refnamediv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <emphasis remap='I'>porttime</emphasis> contains a list of tty
      devices, user names, and permitted login times.
    </para>

    <para>
      Each entry consists of three colon separated fields. The first field
      is a comma separated list of tty devices, or an asterisk to indicate
      that all tty devices are matched by this entry. The second field is a
      comma separated list of user names, or an asterisk to indicated that
      all user names are matched by this entry. The third field is a comma
      separated list of permitted access times.
    </para>

    <para>
      Each access time entry consists of zero or more days of the week,
      abbreviated <emphasis>Su</emphasis>, <emphasis>Mo</emphasis>,
      <emphasis>Tu</emphasis>, <emphasis>We</emphasis>,
      <emphasis>Th</emphasis>, <emphasis>Fr</emphasis>, and
      <emphasis>Sa</emphasis>, followed by a pair of times separated by a
      hyphen. The abbreviation <emphasis>Wk</emphasis> may be used to
      represent Monday thru Friday, and <emphasis>Al</emphasis> may be used
      to indicate every day. If no days are given, <emphasis>Al</emphasis>
      is assumed.
    </para>
  </refsect1>

  <refsect1 id='examples'>
    <title>EXAMPLES</title>
    <para>
      The following entry allows access to user <emphasis
      remap='B'>jfh</emphasis> on every port during weekdays from 9am to
      5pm.
    </para>

    <para>	*:jfh:Wk0900-1700</para>

    <para>
      The following entries allow access only to the users
      <emphasis>root</emphasis> and <emphasis>oper</emphasis> on
      <filename>/dev/console</filename> at any time. This illustrates how
      the <filename>/etc/porttime</filename> file is an ordered list of
      access times. Any other user would match the second entry which does
      not permit access at any time.
    </para>

    <programlisting>
      console:root,oper:Al0000-2400
      console:*:
    </programlisting>

    <para>
      The following entry allows access for the user
      <emphasis>games</emphasis> on any port during non-working hours. 
    </para>

    <para>	*:games:Wk1700-0900,SaSu0000-2400</para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/porttime</filename></term>
	<listitem>
	  <para>file containing port access</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: vipw.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='vipw.8'>
  <!--  $Id: vipw.8.xml,v 1.14 2005/12/03 16:19:40 kloczek Exp $  -->
  <refmeta>
    <refentrytitle>vipw</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>vipw</refname>
    <refname>vigr</refname>
    <refpurpose>
      edit the password, group, shadow-password or shadow-group file.
    </refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>vipw</command><arg choice='opt'>options</arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>vigr</command><arg choice='opt'>options</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>vipw</command> and <command>vigr</command> will edit the
      files <filename>/etc/passwd</filename> and
      <filename>/etc/group</filename>, respectively. With the
      <option>-s</option> flag, they will edit the shadow versions of those
      files, <filename>/etc/shadow</filename> and
      <filename>/etc/gshadow</filename>, respectively. The programs will set
      the appropriate locks to prevent file corruption. When looking for an
      editor, the programs will first try the environment variable
      <envar>$VISUAL</envar>, then the environment variable
      <envar>$EDITOR</envar>, and finally the default editor,
      <citerefentry><refentrytitle>vi</refentrytitle>
      <manvolnum>1</manvolnum></citerefentry>.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>vipw</command> and
      <command>vigr</command> commands are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term><option>-g</option>, <option>--group</option></term>
	<listitem>
	  <para>Edit group database.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-h</option>, <option>--help</option></term>
	<listitem>
	  <para>Display help message and exit.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-p</option>, <option>--passwd</option></term>
	<listitem>
	  <para>Edit passwd database.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-q</option>, <option>--quiet</option></term>
	<listitem>
	  <para>Quiet mode database.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-s</option>, <option>--shadow</option></term>
	<listitem>
	  <para>Edit shadow or gshadow database.</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/gshadow</filename></term>
	<listitem>
	  <para>shadow group file</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>vi</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: lastlog.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='lastlog.8'>
  <!-- $Id: lastlog.8.xml,v 1.21 2006/01/02 13:59:01 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>lastlog</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>lastlog</refname>
    <refpurpose>examine lastlog file</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>lastlog</command>
      <arg choice='opt'>
	<replaceable>options</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>lastlog</command> formats and prints the contents of the last
      login log <filename>/var/log/lastlog</filename> file. The
      <emphasis>login-name</emphasis>, <emphasis>port</emphasis>, and
      <emphasis>last login time</emphasis> will be printed.  The default (no
      flags) causes lastlog entries to be printed, sorted by their order in
      <filename>/etc/passwd</filename>.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>lastlog</command> command are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-b</option>, <option>--before</option> <replaceable>DAYS</replaceable>
	</term>
	<listitem>
	  <para>
	    Print only lastlog records older than <emphasis remap='I'>DAYS</emphasis>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-h</option>, <option>--help</option>
	</term>
	<listitem>
	  <para>Display help message and exit.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-t</option>, <option>--time</option>
	  <replaceable>DAYS</replaceable>
	</term>
	<listitem>
	  <para>
	    Print the lastlog records more recent than
	    <emphasis remap='I'>DAYS</emphasis>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-u</option>, <option>--user</option>
	  <replaceable>LOGIN</replaceable>
	</term>
	<listitem>
	  <para>Print the lastlog record for user with specified
	    <emphasis remap='I'>LOGIN</emphasis> only.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
    <variablelist remap='TP'>
      <varlistentry>
	<term>
	  The <option>-t</option> flag overrides the use of <option>-u</option>.
	</term>
	<listitem>
	  <para></para>
	</listitem>
      </varlistentry>
    </variablelist>

    <para>
      If the user has never logged in the message <emphasis>** Never logged
      in**</emphasis> will be displayed instead of the port and time.
    </para>
  </refsect1>

  <refsect1 id='note'>
    <title>NOTE</title>
    <para>
      The <filename>lastlog</filename> file is a database which contains info
      on the last login of each user. You should not rotate it. It is a sparse
      file, so its size on the disk is much smaller than the one shown by
      "<command>ls -l</command>" (which can indicate a really big file if
      you have a high UID). You can display its real size with
      "<command>ls -s</command>".
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/var/log/lastlog</filename></term>
	<listitem>
	  <para>lastlog logging file</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      Large gaps in UID numbers will cause the lastlog program to run
      longer with no output to the screen (i.e. if mmdf=800 and last
      UID=170, program will appear to hang as it processes UID 171-799).
    </para>
  </refsect1>
</refentry>

--- NEW FILE: sulogin.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='sulogin.8'>
  <!--  $Id: sulogin.8.xml,v 1.15 2005/11/05 17:17:30 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>sulogin</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>sulogin</refname>
    <refpurpose>Single-user login</refpurpose>
  </refnamediv>

  <refsect1 id='syntax'>
    <title>SYNTAX</title>
    <para><command>sulogin</command> [<emphasis remap='I'>tty-device</emphasis>]
    </para>
  </refsect1>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>sulogin</command> is invoked by <command>init</command> prior
      to allowing the user access to the system when in single user mode.
      This feature may only be available on certain systems where
      <command>init</command> has been modified accordingly, or where the
      <filename>/etc/inittab</filename> has an entry for a single user
      login.
    </para>

    <para>The user is prompted</para>

    <para>Type control-d to proceed with normal startup,
      <!-- .br -->
      (or give root password for system maintenance):
    </para>

    <para>
      Input and output will be performed with the standard file descriptors
      unless the optional device name argument is provided.
    </para>

    <para>
      If the user enters the correct root password, a login session is
      initiated. When <emphasis>EOF</emphasis> is pressed instead, the
      system enters multi-user mode.
    </para>

    <para>
      After the user exits the single-user shell, or presses
      <emphasis>EOF</emphasis>, the system begins the initialization process
      required to enter multi-user mode.
    </para>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      This command can only be used if <command>init</command> has been
      modified to call <command>sulogin</command> instead of
      <filename>/bin/sh</filename>, or if the user has set the <emphasis
      remap='I'>inittab</emphasis> to support a single user login. For
      example, the line:
    </para>

    <para>co:s:respawn:/etc/sulogin /dev/console</para>

    <para>should execute the sulogin command in single user mode.</para>

    <para>
      As complete an environment as possible is created. However, various
      devices may be unmounted or uninitialized and many of the user
      commands may be unavailable or nonfunctional as a result.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>secure user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>init</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: groupadd.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='groupadd.8'>
  <!-- $Id: groupadd.8.xml,v 1.24 2006/01/02 14:13:39 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>groupadd</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>groupadd</refname>
    <refpurpose>Create a new group</refpurpose>
  </refnamediv>
  <!-- body begins here -->
  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>groupadd</command>
      <arg choice='opt'>
	<arg choice='plain'>-g <replaceable>GID</replaceable></arg>
	<arg choice='opt'>-o</arg>
      </arg>
      <arg choice='opt'>-f </arg>
      <arg choice='opt'>-K <replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable></arg>
      <arg choice='plain'>
	<replaceable>group</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>The <command>groupadd</command> command creates a new group
      account using the values specified on the command line and the default
      values from the system. The new group will be entered into the system
      files as needed.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>groupadd</command> command
      are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term>
	  <option>-f</option>
	</term>
	<listitem>
	  <para>This option causes to just exit with success status if the
	    specified group already exists. With <option>-g</option>, if
	    specified GID already exists, other (unique) GID is chosen (i.e.
	    <option>-g</option> is turned off).
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-g</option> <replaceable>GID</replaceable>
	</term>
	<listitem>
	  <para>The numerical value of the group's ID. This value must be
	    unique, unless the <option>-o</option> option is used. The value
	    must be non-negative. The default is to use the smallest ID
	    value greater than 999 and greater than every other group.
	    Values between 0 and 999 are typically reserved for system
	    accounts.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-h</option>, <option>--help</option></term>
	<listitem>
	  <para>Display help message and exit.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-K <replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable></option>
	</term>
	<listitem>
	  <para>
	    Overrides /etc/login.defs defaults (GID_MIN, GID_MAX and others). Multiple
	    <option>-K</option> options can be specified.
	  </para>
	  <para>
	     Example: <option>-K </option><replaceable>GID_MIN</replaceable>=<replaceable>100</replaceable>
	    <option> -K </option><replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable>
	  </para>
	  <para>
	    Note: <option>-K </option>
	    <replaceable>GID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable>
	    doesn't work yet.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term>
	  <option>-o</option>
	</term>
	<listitem>
	  <para>
	    This option permits to add group with non-unique GID.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/gshadow</filename></term>
	<listitem>
	  <para>secure group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/login.defs</filename></term>
	<listitem>
	  <para>shadow password suite configuration</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

   <refsect1 id='caveats'>
     <title>CAVEATS</title>
     <para>Groupnames must begin with a lower case letter or an underscore, and 
       only lower case letters, underscores, dashes, and dollar signs may 
       follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
     </para>
     <para>Groupnames may only be up to 16 characters long.</para>

     <para>
       If the groupname already exists in an external group database
       such as NIS, <command>groupadd</command> will deny the group
       creation request.
     </para>

     <para>Groupnames may only be up to 16 characters long.</para>

   </refsect1>

  <refsect1 id='exit_values'>
    <title>EXIT VALUES</title>
    <para>
      The <command>groupadd</command> command exits with the following values:
      <variablelist>
	<varlistentry>
	  <term><replaceable>0</replaceable></term>
	  <listitem>
	    <para>success</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>2</replaceable></term>
	  <listitem>
	    <para>invalid command syntax</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>3</replaceable></term>
	  <listitem>
	    <para>invalid argument to option</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>4</replaceable></term>
	  <listitem>
	    <para>GID not unique (when <option>-o</option> not used)</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>9</replaceable></term>
	  <listitem>
	    <para>group name not unique</para>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term><replaceable>10</replaceable></term>
	  <listitem>
	    <para>can't update group file</para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para><citerefentry>
	<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: pwunconv.8.xml ---

--- NEW FILE: passwd.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='passwd.5'>
  <!-- $Id: passwd.5.xml,v 1.15 2006/01/22 10:14:51 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>passwd</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>passwd</refname>
    <refpurpose>the password file</refpurpose>
  </refnamediv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <filename>/etc/passwd</filename> contains one line for each
      user account, with seven fields delimited by colons
      (<quote>:</quote>).
      These fields are:
    </para>
    <itemizedlist mark='bullet'>
      <listitem>
	<para>login name</para>
      </listitem>
      <listitem>
	<para>optional encrypted password</para>
      </listitem>
      <listitem>
	<para>numerical user ID</para>
      </listitem>
      <listitem>
	<para>numerical group ID</para>
      </listitem>
      <listitem>
	<para>user name or comment field</para>
      </listitem>
      <listitem>
	<para>user home directory</para>
      </listitem>
      <listitem>
	<para>optional user command interpreter</para>
      </listitem>
    </itemizedlist>

    <para>
      The encrypted password field may be blank, in which case no password
      is required to authenticate as the specified login name. However,
      some applications which read the <filename>/etc/passwd</filename> file
      may decide not to permit <emphasis>any</emphasis> access at all if the
      <emphasis>password</emphasis> field is blank. If the
      <emphasis>password</emphasis> field is a lower-case <quote>x</quote>,
      then the encrypted password is actually stored in the
      <citerefentry><refentrytitle>shadow</refentrytitle>
      <manvolnum>5</manvolnum></citerefentry> file instead; there
      <emphasis>must</emphasis> be a corresponding line in the
      <filename>shadow</filename> file, or else the user account is invalid. 
      If the <emphasis>password</emphasis> field is any other string, then
      it will be treated as an encrypted password, as specified by
      <citerefentry><refentrytitle>crypt</refentrytitle>
      <manvolnum>3</manvolnum></citerefentry>.

    </para>

    <para>
      The comment field is used by various system utilities, such as
      <citerefentry><refentrytitle>finger</refentrytitle>
      <manvolnum>1</manvolnum></citerefentry>.
    </para>

    <para>
      The home directory field provides the name of the initial working
      directory. The <command>login</command> program uses this information
      to set the value of the <envar>$HOME</envar> environmental variable.
    </para>

    <para>
      The command interpreter field provides the name of the user's command
      language interpreter, or the name of the initial program to execute. 
      The <command>login</command> program uses this information to set the
      value of the <envar>$SHELL</envar> environmental variable. If this
      field is empty, it defaults to the value <filename>/bin/sh</filename>.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
        <term><filename>/etc/shadow</filename></term>
	<listitem>
	  <para>optional encrypted password file</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>getpwnam</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pwconv</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pwunconv</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>sulogin</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: chpasswd.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	           "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='chpasswd.8'>
  <!-- $Id: chpasswd.8.xml,v 1.16 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>chpasswd</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>chpasswd</refname>
    <refpurpose>update passwords in batch mode</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>chpasswd</command>
      <arg choice='opt'>
	<replaceable>options</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>chpasswd</command> reads a list of user name and password
      pairs from standard input and uses this information to update a group
      of existing users. Each line is of the format:
    </para>
    <para>
      <emphasis remap='I'>user_name</emphasis>:<emphasis
      remap='I'>password</emphasis>
    </para>
    <para>
      By default the supplied password must be in clear-text. Default
      encryption algorithm is DES. Also the password age will be updated, if
      present.
    </para>
    <para>
      This command is intended to be used in a large system environment
      where many accounts are created at a single time.
    </para>
  </refsect1>

  <refsect1 id='options'>
    <title>OPTIONS</title>
    <para>
      The options which apply to the <command>chpasswd</command> command
      are:
    </para>
    <variablelist remap='IP'>
      <varlistentry>
	<term><option>-e</option>, <option>--encrypted</option></term>
	<listitem>
	  <para>Supplied passwords are in encrypted form.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-h</option>, <option>--help</option></term>
	<listitem>
	  <para>Display help message and exit.</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><option>-m</option>, <option>--md5</option></term>
	<listitem>
	  <para>
	    Use MD5 encryption instead DES when the supplied passwords are
	    not encrypted.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='caveats'>
    <title>CAVEATS</title>
    <para>
      Remember keep protected for reading by others file passed to standard
      input <command>chpasswd</command> command if it contains unencrypted
      passwords.
    </para>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>newusers</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.
    </para>
  </refsect1>
</refentry>

--- NEW FILE: id.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='id.1'>
  <!-- $Id: id.1.xml,v 1.13 2005/11/05 17:17:29 kloczek Exp $ -->
  <refmeta>
    <refentrytitle>id</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
  </refmeta>
  <refnamediv id='name'>
    <refname>id</refname>
    <refpurpose>Display current user and group ID names</refpurpose>
  </refnamediv>

  <refsynopsisdiv id='synopsis'>
    <cmdsynopsis>
      <command>id</command>    <arg choice='opt'>-a </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id='description'>
    <title>DESCRIPTION</title>
    <para>
      <command>id</command> displays the current real and effective user and
      group ID names or values. If the value does not have a corresponding
      entry in <filename>/etc/passwd</filename> or
      <filename>/etc/group</filename>, the value will be displayed without
      the corresponding name. The optional <option>-a</option> flag will
      display the group set on systems which support multiple concurrent
      group membership.
    </para>
  </refsect1>

  <refsect1 id='files'>
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/etc/group</filename></term>
	<listitem>
	  <para>group account information</para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/etc/passwd</filename></term>
	<listitem>
	  <para>user account information</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>getgid</refentrytitle><manvolnum>2</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>getgroups</refentrytitle><manvolnum>2</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>getuid</refentrytitle><manvolnum>2</manvolnum>
      </citerefentry>
    </para>
  </refsect1>
</refentry>




More information about the l10n-russian-cvs-commits mailing list