[l10n-russian CVS]
shadow/man chage.1.xml, 1.2, 1.3 chfn.1.xml, 1.2,
1.3 chpasswd.8.xml, 1.2, 1.3 chsh.1.xml, 1.2, 1.3 expiry.1.xml,
1.2, 1.3 faillog.5.xml, 1.2, 1.3 faillog.8.xml, 1.2,
1.3 getspnam.3.xml, 1.2, 1.3 gpasswd.1.xml, 1.2,
1.3 groupadd.8.xml, 1.2, 1.3 groupdel.8.xml, 1.2,
1.3 groupmems.8.xml, 1.2, 1.3 groupmod.8.xml, 1.2,
1.3 groups.1.xml, 1.2, 1.3 grpck.8.xml, 1.2, 1.3 grpconv.8.xml,
1.2, 1.3 grpunconv.8.xml, 1.2, 1.3 gshadow.5.xml, 1.2,
1.3 id.1.xml, 1.2, 1.3 lastlog.8.xml, 1.2, 1.3 limits.5.xml,
1.2, 1.3 login.1.xml, 1.2, 1.3 login.access.5.xml, 1.2,
1.3 login.defs.5.xml, 1.2, 1.3 logoutd.8.xml, 1.2,
1.3 newgrp.1.xml, 1.2, 1.3 newusers.8.xml, 1.2,
1.3 nologin.8.xml, 1.2, 1.3 passwd.1.xml, 1.2,
1.3 passwd.5.xml, 1.2, 1.3 porttime.5.xml, 1.2,
1.3 pw_auth.3.xml, 1.2, 1.3 pwck.8.xml, 1.2, 1.3 pwconv.8.xml,
1.2, 1.3 pwunconv.8.xml, 1.2, 1.3 sg.1.xml, 1.2,
1.3 shadow.3.xml, 1.2, 1.3 shadow.5.xml, 1.2, 1.3 su.1.xml,
1.2, 1.3 suauth.5.xml, 1.2, 1.3 sulogin.8.xml, 1.2,
1.3 useradd.8.xml, 1.2, 1.3 userdel.8.xml, 1.2,
1.3 usermod.8.xml, 1.2, 1.3 vigr.8.xml, 1.2, 1.3 vipw.8.xml,
1.2, 1.3
Yuri Kozlov
yuray-guest at alioth.debian.org
Tue Feb 7 18:25:37 UTC 2006
- Previous message: [l10n-russian CVS]
shadow/man chage.1.xml, 1.1, NONE chfn.1.xml, 1.1,
NONE chpasswd.8.xml, 1.1, NONE chsh.1.xml, 1.1,
NONE expiry.1.xml, 1.1, NONE faillog.5.xml, 1.1,
NONE faillog.8.xml, 1.1, NONE getspnam.3.xml, 1.1,
NONE gpasswd.1.xml, 1.1, NONE groupadd.8.xml, 1.1,
NONE groupdel.8.xml, 1.1, NONE groupmems.8.xml, 1.1,
NONE groupmod.8.xml, 1.1, NONE groups.1.xml, 1.1,
NONE grpck.8.xml, 1.1, NONE grpconv.8.xml, 1.1,
NONE grpunconv.8.xml, 1.1, NONE gshadow.5.xml, 1.1,
NONE id.1.xml, 1.1, NONE lastlog.8.xml, 1.1, NONE limits.5.xml,
1.1, NONE login.1.xml, 1.1, NONE login.access.5.xml, 1.1,
NONE login.defs.5.xml, 1.1, NONE logoutd.8.xml, 1.1,
NONE newgrp.1.xml, 1.1, NONE newusers.8.xml, 1.1,
NONE nologin.8.xml, 1.1, NONE passwd.1.xml, 1.1,
NONE passwd.5.xml, 1.1, NONE porttime.5.xml, 1.1,
NONE pw_auth.3.xml, 1.1, NONE pwck.8.xml, 1.1,
NONE pwconv.8.xml, 1.1, NONE pwunconv.8.xml, 1.1,
NONE sg.1.xml, 1.1, NONE shadow.3.xml, 1.1, NONE shadow.5.xml,
1.1, NONE su.1.xml, 1.1, NONE suauth.5.xml, 1.1,
NONE sulogin.8.xml, 1.1, NONE useradd.8.xml, 1.1,
NONE userdel.8.xml, 1.1, NONE usermod.8.xml, 1.1,
NONE vigr.8.xml, 1.1, NONE vipw.8.xml, 1.1, NONE
- Next message: [l10n-russian CVS] shadow po_ru.po,1.11,1.12
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvsroot/l10n-russian/shadow/man
In directory haydn:/tmp/cvs-serv4728
Added Files:
chage.1.xml chfn.1.xml chpasswd.8.xml chsh.1.xml expiry.1.xml
faillog.5.xml faillog.8.xml getspnam.3.xml gpasswd.1.xml
groupadd.8.xml groupdel.8.xml groupmems.8.xml groupmod.8.xml
groups.1.xml grpck.8.xml grpconv.8.xml grpunconv.8.xml
gshadow.5.xml id.1.xml lastlog.8.xml limits.5.xml login.1.xml
login.access.5.xml login.defs.5.xml logoutd.8.xml newgrp.1.xml
newusers.8.xml nologin.8.xml passwd.1.xml passwd.5.xml
porttime.5.xml pw_auth.3.xml pwck.8.xml pwconv.8.xml
pwunconv.8.xml sg.1.xml shadow.3.xml shadow.5.xml su.1.xml
suauth.5.xml sulogin.8.xml useradd.8.xml userdel.8.xml
usermod.8.xml vigr.8.xml vipw.8.xml
Log Message:
Put the Right files
--- NEW FILE: pwck.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='pwck.8'>
<!-- $Id: pwck.8.xml,v 1.16 2005/12/02 22:20:23 kloczek Exp $ -->
<refmeta>
<refentrytitle>pwck</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>pwck</refname>
<refpurpose>verify integrity of password files</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>pwck</command>
<arg choice='opt'>-q </arg>
<arg choice='opt'>-s </arg>
<arg choice='opt'>
<arg choice='plain'>
<replaceable>passwd</replaceable>
</arg>
<arg choice='plain'>
<replaceable>shadow</replaceable>
</arg>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>pwck</command>
<arg choice='opt'>-q </arg>
<arg choice='opt'>-r </arg>
<arg choice='opt'>
<arg choice='plain'>
<replaceable>passwd</replaceable>
</arg>
<arg choice='plain'>
<replaceable>shadow</replaceable>
</arg>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>pwck</command> verifies the integrity of the system
authentication information. All entries in the
<filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
are checked to see that the entry has the proper format and valid data
in each field. The user is prompted to delete entries that are
improperly formatted or which have other uncorrectable errors.
</para>
<para>Checks are made to verify that each entry has:</para>
<itemizedlist mark='bullet'>
<listitem>
<para>the correct number of fields</para>
</listitem>
<listitem>
<para>a unique user name</para>
</listitem>
<listitem>
<para>a valid user and group identifier</para>
</listitem>
<listitem>
<para>a valid primary group</para>
</listitem>
<listitem>
<para> a valid home directory</para>
</listitem>
<listitem>
<para>a valid login shell</para>
</listitem>
</itemizedlist>
<para>
The checks for correct number of fields and unique user name are
fatal. If the entry has the wrong number of fields, the user will be
prompted to delete the entire line. If the user does not answer
affirmatively, all further checks are bypassed. An entry with a
duplicated user name is prompted for deletion, but the remaining
checks will still be made. All other errors are warning and the user
is encouraged to run the <command>usermod</command> command to correct
the error.
</para>
<para>
The commands which operate on the <filename>/etc/passwd</filename>
file are not able to alter corrupted or duplicated entries.
<command>pwck</command> should be used in those circumstances to
remove the offending entry.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>pwck</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-q</option>
</term>
<listitem>
<para>
Report errors only. The warnings which do not require any
action from the user won't be displayed.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-r</option>
</term>
<listitem>
<para>
Execute the <command>pwck</command> command in read-only mode.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>
</term>
<listitem>
<para>
Sort entries in <filename>/etc/passwd</filename> and
<filename>/etc/shadow</filename> by UID.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
By default, <command>pwck</command> operates on the files
<filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>.
The user may select alternate files with the <emphasis
remap='I'>passwd</emphasis> and <emphasis remap='I'>shadow</emphasis>
parameters.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>pwck</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>1</replaceable></term>
<listitem>
<para>invalid command syntax</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>one or more bad password entries</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>3</replaceable></term>
<listitem>
<para>can't open password files</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>4</replaceable></term>
<listitem>
<para>can't lock password files</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>5</replaceable></term>
<listitem>
<para>can't update password files</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
</refentry>
--- NEW FILE: shadow.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='shadow.5'>
<!-- $Id: shadow.5.xml,v 1.16 2005/11/05 17:17:30 kloczek Exp $ -->
<refmeta>
<refentrytitle>shadow</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>shadow</refname>
<refpurpose>encrypted password file</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<emphasis remap='I'>shadow</emphasis> contains the encrypted password
information for user's accounts and optional the password aging
information. Included is:
</para>
<itemizedlist mark='bullet'>
<listitem>
<para>login name</para>
</listitem>
<listitem>
<para>encrypted password</para>
</listitem>
<listitem>
<para>days since Jan 1, 1970 that password was last changed</para>
</listitem>
<listitem>
<para>days before password may be changed</para>
</listitem>
<listitem>
<para>days after which password must be changed</para>
</listitem>
<listitem>
<para>days before password is to expire that user is warned</para>
</listitem>
<listitem>
<para>days after password expires that account is disabled</para>
</listitem>
<listitem>
<para>days since Jan 1, 1970 that account is disabled</para>
</listitem>
<listitem>
<para>a reserved field</para>
</listitem>
</itemizedlist>
<para>
The password field must be filled. The encrypted password consists of
13 to 24 characters from the 64 characters alphabet a thru z, A thru
Z, 0 thru 9, \. and /. Optionally it can start with a "$" character.
This means the encrypted password was generated using another (not
DES) algorithm. For example if it starts with "$1$" it means the
MD5-based algorithm was used.
</para>
<para>
Refer to
<citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
for details on how this string is interpreted.
</para>
<para>
If the password field contains some string that is not valid result
of <citerefentry><refentrytitle>crypt</refentrytitle>
<manvolnum>3</manvolnum> </citerefentry>, for instance ! or *, the
user will not be able to use a unix password to log in, subject to
<citerefentry><refentrytitle>pam</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>.
</para>
<para>
The date of the last password change is given as the number of days
since Jan 1, 1970. The password may not be changed again until the
proper number of days have passed, and must be changed after the
maximum number of days. If the minimum number of days required is
greater than the maximum number of day allowed, this password may not
be changed by the user.
</para>
<para>
An account is considered to be inactive and is disabled if the
password is not changed within the specified number of days after the
password expires. An account will also be disabled on the specified
day regardless of other password expiration information.
</para>
<para>
This information supersedes any password or password age information
present in <filename>/etc/passwd</filename>.
</para>
<para>
This file must not be readable by regular users if password security
is to be maintained.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>chage</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pwconv</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pwunconv</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>sulogin</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: groupdel.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='groupdel.8'>
<!-- $Id: groupdel.8.xml,v 1.14 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>groupdel</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>groupdel</refname>
<refpurpose>Delete a group</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>groupdel</command>
<arg choice='plain'>
<replaceable>group</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para> The <command>groupdel</command> command modifies the system
account files, deleting all entries that refer to <emphasis
remap='I'>group</emphasis>. The named group must exist.
</para>
<para>You must manually check all file systems to insure that no files
remain with the named group as the file group ID.
</para>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>You may not remove the primary group of any existing user. You
must remove the user before you remove the group.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>secure group account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>groupdel</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>invalid command syntax</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>8</replaceable></term>
<listitem>
<para>can't remove user's primary group</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>10</replaceable></term>
<listitem>
<para>can't update group file</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>
--- NEW FILE: limits.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='limits.5'>
<!-- $Id: limits.5.xml,v 1.17 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>limits</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>limits</refname>
<refpurpose>Resource limits definition</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <emphasis remap='I'>limits</emphasis> file (/etc/limits by default
or LIMITS_FILE defined config.h) describes the resource limits you
wish to impose. It should be owned by root and readable by root
account only.
</para>
<para>
By default no quota is imposed on 'root'. In fact, there is no way to
impose limits via this procedure to root-equiv accounts (accounts with
UID 0).
</para>
<para>Each line describes a limit for a user in the form:</para>
<para>
<emphasis remap='I'>user LIMITS_STRING</emphasis>
</para>
<para>
The <emphasis>LIMITS_STRING</emphasis> is a string of a
concatenated list of resource limits.
Each limit consists of a letter identifier followed by a numerical
limit.
</para>
<para>The valid identifiers are:</para>
<itemizedlist>
<listitem><para>A: max address space (KB)</para></listitem>
<listitem><para>C: max core file size (KB)</para></listitem>
<listitem><para>D: max data size (KB)</para></listitem>
<listitem><para>F: maximum filesize (KB)</para></listitem>
<listitem><para>M: max locked-in-memory address space (KB)</para></listitem>
<listitem><para>N: max number of open files</para></listitem>
<listitem><para>R: max resident set size (KB)</para></listitem>
<listitem><para>S: max stack size (KB)</para></listitem>
<listitem><para>T: max CPU time (MIN)</para></listitem>
<listitem><para>U: max number of processes</para></listitem>
<listitem><para>K: file creation mask, set by
<citerefentry>
<refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>.</para>
</listitem>
<listitem><para>L: max number of logins for this user</para></listitem>
<listitem><para>P: process priority, set by
<citerefentry>
<refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>.</para>
</listitem>
</itemizedlist>
<para>
For example, <emphasis remap='I'>L2D2048N5</emphasis> is a valid
<emphasis>LIMITS_STRING </emphasis>. For reading convenience, the
following entries are equivalent:
</para>
<para>username L2D2048N5
<!-- .br -->
username L2 D2048 N5
</para>
<para>
Be aware that after <emphasis remap='I'>username</emphasis> the rest
of the line is considered a limit string, thus comments are not
allowed. A invalid limits string will be rejected (not considered) by
the login program.
</para>
<para>
The default entry is denoted by username "<emphasis>*</emphasis>". If
you have multiple <emphasis remap='I'>default</emphasis> entries in
your <emphasis>LIMITS_FILE</emphasis>, then the last one will be used
as the default entry.
</para>
<para>
To completely disable limits for a user, a single dash
"<emphasis>-</emphasis> "will do. </para>
<para>
Also, please note that all limit settings are set PER LOGIN. They are
not global, nor are they permanent. Perhaps global limits will come,
but for now this will have to do ;)
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/limits</filename></term>
<listitem><para></para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: chfn.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='chfn.1'>
<!-- $Id: chfn.1.xml,v 1.18 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>chfn</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>chfn</refname>
<refpurpose>change real user name and information</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>chfn</command>
<arg choice='opt'>-f <replaceable>full_name</replaceable></arg>
<arg choice='opt'>-r <replaceable>room_no</replaceable></arg>
<arg choice='opt'>-w <replaceable>work_ph</replaceable></arg>
<arg choice='opt'>-h <replaceable>home_ph</replaceable></arg>
<arg choice='opt'>-o <replaceable>other</replaceable></arg>
<arg choice='opt'><replaceable>user</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para><command>chfn</command> changes user fullname, office number,
office extension, and home phone number information for a user's
account. This information is typically printed by <citerefentry>
<refentrytitle>finger</refentrytitle><manvolnum>1</manvolnum>
</citerefentry> and similar programs. A normal user may only change
the fields for her own account, subject to the restrictions in
<filename>/etc/login.defs</filename>. (The default configuration is to
prevent users from changing their fullname.) The super user may change
any field for any account. Additionally, only the super user may use
the <option>-o</option> option to change the undefined portions of the
GECOS field.
</para>
<para>The only restriction placed on the contents of the fields is that
no control characters may be present, nor any of comma, colon, or
equal sign. The <emphasis remap='I'>other</emphasis> field does not
have this restriction, and is used to store accounting information
used by other applications.
</para>
<para> If none of the options are selected, <command>chfn</command>
operates in an interactive fashion, prompting the user with the
current values for all of the fields. Enter the new value to change
the field, or leave the line blank to use the current value. The
current value is displayed between a pair of <emphasis remap='B'>[
]</emphasis> marks. Without options, chfn prompts for the current
user account.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>shadow password suite configuration</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: login.defs.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='login.defs.5'>
<!-- $Id: login.defs.5.xml,v 1.15 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>login.defs</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>login.defs</refname>
<refpurpose>shadow password suite configuration</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <filename>/etc/login.defs</filename> file defines the
site-specific configuration for the shadow password suite. This file
is required. Absence of this file will not prevent system operation,
but will probably result in undesirable operation.
</para>
<para>
This file is a readable text file, each line of the file describing
one configuration parameter. The lines consist of a configuration name
and value, separated by whitespace. Blank lines and comment lines are
ignored. Comments are introduced with a `#' pound sign and the pound
sign must be the first non-white character of the line.
</para>
<para>
Parameter values may be of four types: strings, booleans, numbers, and
long numbers. A string is comprised of any printable characters. A
boolean should be either the value “yes” or
“no”. An undefined boolean parameter or one with a value
other than these will be given a “no” value. Numbers (both
regular and long) may be either decimal values, octal values (precede
the value with “0”) or hexadecimal values (precede the
value with “0x”). The maximum value of the regular and
long numeric parameters is machine-dependent.
</para>
<para>The following configuration items are provided:</para>
<variablelist remap='IP'>
<varlistentry>
<term>CHFN_AUTH (boolean)</term>
<listitem>
<para>
If <emphasis remap='I'>yes</emphasis>, the
<command>chfn</command> and <command>chsh</command> programs
will require authentication before making any changes, unless
run by the superuser.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>CHFN_RESTRICT (string)</term>
<listitem>
<para>
This parameter specifies which values in the <emphasis
remap='I'>gecos</emphasis> field of the
<filename>/etc/passwd</filename> file may be changed by regular
users using the <command>chfn</command> program. It can be any
combination of letters <emphasis remap='I'>f</emphasis>
,<emphasis remap='I'>r</emphasis>, <emphasis remap='I'>w</emphasis>,
<emphasis remap='I'>h</emphasis>, for Full name, Room number,
Work phone, and Home phone, respectively. For backward
compatibility, "yes" is equivalent to "rwh" and "no" is
equivalent to "frwh". If not specified, only the superuser can
make any changes. The most restrictive setting is better
achieved by not installing chfn SUID.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>CREATE_HOME (boolean)</term>
<listitem>
<para>
This defines whether useradd should create home directories for
users by default. This option is OR'ed with the
<option>-m</option> flag on useradd command line.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>GID_MAX (number)</term>
<term>GID_MIN (number)</term>
<listitem>
<para>
Range of group IDs to choose from for the
<command>useradd</command> and <command>groupadd</command>
programs.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>MAIL_DIR (string)</term>
<listitem>
<para>
The mail spool directory. This is needed to manipulate the
mailbox when its corresponding user account is modified or
deleted. If not specified, a compile-time default is used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PASS_MAX_DAYS (number)</term>
<listitem>
<para>
The maximum number of days a password may be used. If the
password is older than this, a password change will be forced.
If not specified, -1 will be assumed (which disables the
restriction).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PASS_MIN_DAYS (number)</term>
<listitem>
<para>
The minimum number of days allowed between password changes.
Any password changes attempted sooner than this will be
rejected. If not specified, -1 will be assumed (which disables
the restriction).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PASS_WARN_AGE (number)</term>
<listitem>
<para>
The number of days warning given before a password expires. A
zero means warning is given only upon the day of expiration, a
negative value means no warning is given. If not specified, no
warning will be provided.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
PASS_MAX_DAYS, PASS_MIN_DAYS and PASS_WARN_AGE are only used at the
time of account creation. Any changes to these settings won't affect
existing accounts.
</para>
<variablelist remap='IP'>
<varlistentry>
<term>UID_MAX (number)</term>
<term>UID_MIN (number)</term>
<listitem>
<para>
Range of user IDs to choose from for the
<command>useradd</command> program.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>UMASK (number)</term>
<listitem>
<para>
The permission mask is initialized to this value. If not
specified, the permission mask will be initialized to 077.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>USERDEL_CMD (string)</term>
<listitem>
<para>
If defined, this command is run when removing a user. It should
remove any at/cron/print jobs etc. owned by the user to be
removed (passed as the first argument).
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='cross_reference'>
<title>CROSS REFERENCE</title>
<para>
The following cross reference shows which programs in the shadow
password suite use which parameters.
</para>
<!-- .na -->
<variablelist remap='IP'>
<varlistentry>
<term>chfn</term>
<listitem>
<para>CHFN_AUTH CHFN_RESTRICT</para>
</listitem>
</varlistentry>
<varlistentry>
<term>chsh</term>
<listitem>
<para>CHFN_AUTH</para>
</listitem>
</varlistentry>
<varlistentry>
<term>groupadd</term>
<listitem>
<para>GID_MAX GID_MIN</para>
</listitem>
</varlistentry>
<varlistentry>
<term>newusers</term>
<listitem>
<para>PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
UMASK
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>pwconv</term>
<listitem>
<para>PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE</para>
</listitem>
</varlistentry>
<varlistentry>
<term>useradd</term>
<listitem>
<para>CREATE_HOME
GID_MAX GID_MIN
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
UID_MAX UID_MIN
UMASK
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>userdel</term>
<listitem>
<para>MAIL_DIR
USERDEL_CMD
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>usermod</term>
<listitem>
<para>MAIL_DIR</para>
<!-- .ad -->
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='bugs'>
<title>BUGS</title>
<para>
Much of the functionality that used to be provided by the shadow
password suite is now handled by PAM. Thus,
<filename>/etc/login.defs</filename> is no longer used by programs
such as: <citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>. Please refer to the corresponding PAM configuration
files instead.
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: suauth.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='suauth.5'>
<!-- $Id: suauth.5.xml,v 1.15 2005/11/05 17:17:30 kloczek Exp $ -->
<refmeta>
<refentrytitle>suauth</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>suauth</refname>
<refpurpose>Detailed su control file</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>/etc/suauth</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The file <filename>/etc/suauth</filename> is referenced whenever the
su command is called. It can change the behaviour of the su command,
based upon:
</para>
<!-- .RS -->
<literallayout remap='.nf'>
1) the user su is targetting
</literallayout>
<!-- .fi -->
<para>
2) the user executing the su command (or any groups he might be
a member of)
</para>
<para>
The file is formatted like this, with lines starting with a # being
treated as comment lines and ignored;
</para>
<literallayout remap='RS'>
to-id:from-id:ACTION
</literallayout>
<para>
Where to-id is either the word <emphasis>ALL</emphasis>, a list of
usernames delimited by "," or the words <emphasis>ALL
EXCEPT</emphasis> followed by a list of usernames delimited by ","
</para>
<para>
from-id is formatted the same as to-id except the extra word
<emphasis>GROUP</emphasis> is recognised. <emphasis>ALL EXCEPT
GROUP</emphasis> is perfectly valid too. Following
<emphasis>GROUP</emphasis> appears one or more group names, delimited
by ",". It is not sufficient to have primary group id of the relevant
group, an entry in
<citerefentry><refentrytitle>/etc/group</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> is neccessary.
</para>
<para>
Action can be one only of the following currently supported options.
</para>
<variablelist remap='TP'>
<varlistentry>
<term>
<emphasis>DENY</emphasis>
</term>
<listitem>
<para>The attempt to su is stopped before a password is
even asked for.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis>NOPASS</emphasis>
</term>
<listitem>
<para>
The attempt to su is automatically successful; no password is
asked for.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis>OWNPASS</emphasis>
</term>
<listitem>
<para>
For the su command to be successful, the user must enter his or
her own password. They are told this.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
Note there are three separate fields delimited by a colon. No
whitespace must surround this colon. Also note that the file is
examined sequentially line by line, and the first applicable rule is
used without examining the file further. This makes it possible for a
system administrator to exercise as fine control as he or she wishes.
</para>
</refsect1>
<refsect1 id='example'>
<title>EXAMPLE</title>
<literallayout remap='.nf'>
# sample /etc/suauth file
#
# A couple of privileged usernames may
# su to root with their own password.
#
root:chris,birddog:OWNPASS
#
# Anyone else may not su to root unless in
# group wheel. This is how BSD does things.
#
root:ALL EXCEPT GROUP wheel:DENY
#
# Perhaps terry and birddog are accounts
# owned by the same person.
# Access can be arranged between them
# with no password.
#
terry:birddog:NOPASS
birddog:terry:NOPASS
#
</literallayout>
<!-- .fi -->
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/suauth</filename></term>
<listitem><para></para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='bugs'>
<title>BUGS</title>
<para>
There could be plenty lurking. The file parser is particularly
unforgiving about syntax errors, expecting no spurious whitespace
(apart from beginning and end of lines), and a specific token
delimiting different things.
</para>
</refsect1>
<refsect1 id='diagnostics'>
<title>DIAGNOSTICS</title>
<para>
An error parsing the file is reported using
<citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
as level ERR on facility AUTH.
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: expiry.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='expiry.1'>
<!-- $Id: expiry.1.xml,v 1.13 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>expiry</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>expiry</refname>
<refpurpose>check and enforce password expiration policy</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>expiry</command>
<arg choice='opt'>-c </arg>
<arg choice='opt'>-f </arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>expiry</command> checks (<option>-c</option>) the current
password expiration and forces (<option>-f</option>) changes when
required. It is callable as a normal user command.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: gshadow.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='gshadow.5'>
<!-- $Id: gshadow.5.xml,v 1.17 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>gshadow</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>gshadow</refname>
<refpurpose>shadowed group file</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<filename>/etc/gshadow</filename> contains the shadowed information
for group accounts. It contains lines with the following
colon-separated fields:
</para>
<itemizedlist mark='bullet'>
<listitem>
<para>group name</para>
</listitem>
<listitem>
<para>encrypted password</para>
</listitem>
<listitem>
<para>comma-separated list of group administrators</para>
</listitem>
<listitem>
<para>comma-separated list of group members</para>
</listitem>
</itemizedlist>
<para>
The group name and password fields must be filled. The encrypted
password consists of characters from the 64-character alphabet a thru
z, A thru Z, 0 thru 9, \. and /. Refer to <citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> for details on how this string is interpreted. If the
password field contains some string that is not valid result of
<citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, for instance ! or *, the user will not be able to use
a unix password to log in, subject to <citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
<para>
This information supersedes any password present in
<filename>/etc/group</filename>.
</para>
<para>
This file must not be readable by regular users if password security
is to be maintained.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>secure group account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gpasswd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>newgrp</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: faillog.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='faillog.5'>
<!-- $Id: faillog.5.xml,v 1.13 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>faillog</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv id='name'>
<refname>faillog</refname>
<refpurpose>Login failure logging file</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para><filename>/var/log/faillog</filename> maintains a count of login
failures and the limits for each account. The file is fixed length
record, indexed by numerical UID. Each record contains the count of
login failures since the last successful login; the maximum number of
failures before the account is disabled; the line the last login
failure occurred on; and the date the last login failure occurred.
</para>
<para>The structure of the file is:</para>
<programlisting>
struct faillog {
short fail_cnt;
short fail_max;
char fail_line[12];
time_t fail_time;
};</programlisting>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/var/log/faillog</filename></term>
<listitem>
<para>login failure log</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>faillog</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>
--- NEW FILE: pwconv.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='pwconv.8'>
<!-- $Id: pwconv.8.xml,v 1.14 2005/10/12 21:10:31 kloczek Exp $ -->
<refmeta>
<refentrytitle>pwconv</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>pwconv</refname>
<refname>pwunconv</refname>
<refname>grpconv</refname>
<refname>grpunconv</refname>
<refpurpose>convert to and from shadow passwords and groups.</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>pwconv</command>
</cmdsynopsis>
<cmdsynopsis>
<command>pwunconv</command>
</cmdsynopsis>
<cmdsynopsis>
<command>grpconv</command>
</cmdsynopsis>
<cmdsynopsis>
<command>grpunconv</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>pwconv</command> creates <emphasis
remap='I'>shadow</emphasis> from <emphasis remap='I'>passwd</emphasis>
and an optionally existing <emphasis remap='I'>shadow</emphasis>.
</para>
<para>
<command>pwunconv</command> creates <emphasis
remap='I'>passwd</emphasis> from <emphasis remap='I'>passwd</emphasis>
and <emphasis remap='I'>shadow</emphasis> and then removes <emphasis
remap='I'>shadow</emphasis>.
</para>
<para>
<command>grpconv</command> creates <emphasis
remap='I'>gshadow</emphasis> from <emphasis remap='I'>group</emphasis>
and an optionally existing <emphasis remap='I'>gshadow</emphasis>.
</para>
<para>
<command>grpunconv</command> creates <emphasis
remap='I'>group</emphasis> from <emphasis remap='I'>group</emphasis>
and <emphasis remap='I'>gshadow</emphasis> and then removes <emphasis
remap='I'>gshadow</emphasis>.
</para>
<para>
These four programs all operate on the normal and shadow password and
group files: <filename>/etc/passwd</filename>,
<filename>/etc/group</filename>, <filename>/etc/shadow</filename>, and
<filename>/etc/gshadow</filename>.
</para>
<para>
Each program acquires the necessary locks before conversion.
<command>pwconv</command> and <command>grpconv</command> are similar.
First, entries in the shadowed file which don't exist in the main file
are removed. Then, shadowed entries which don't have `x' as the
password in the main file are updated. Any missing shadowed entries
are added. Finally, passwords in the main file are replaced with `x'.
These programs can be used for initial conversion as well to update
the shadowed file if the main file is edited by hand.
</para>
<para>
<command>pwconv</command> will use the values of <emphasis
remap='I'>PASS_MIN_DAYS</emphasis>, <emphasis
remap='I'>PASS_MAX_DAYS</emphasis>, and <emphasis
remap='I'>PASS_WARN_AGE</emphasis> from
<filename>/etc/login.defs</filename> when adding new entries to
<filename>/etc/shadow</filename>.
</para>
<para>
Likewise <command>pwunconv</command> and <command>grpunconv</command>
are similar. Passwords in the main file are updated from the shadowed
file. Entries which exist in the main file but not in the shadowed
file are left alone. Finally, the shadowed file is removed. Some
password aging information is lost by <command>pwunconv</command>. It
will convert what it can.
</para>
</refsect1>
<refsect1 id='bugs'>
<title>BUGS</title>
<para>
Errors in the password or group files (such as invalid or duplicate
entries) may cause these programs to loop forever or fail in other
strange ways. Please run <command>pwck</command> and
<command>grpck</command> to correct any such errors before converting
to or from shadow passwords or groups.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>shadow password suite configuration</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pwck</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: groupmems.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='groupmems.8'>
<!-- $Id: groupmems.8.xml,v 1.15 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>groupmems</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>groupmems</refname>
<refpurpose>Administer members of a user's primary group</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>groupmems</command>
<group choice='plain'>
<arg choice='plain'>-a <replaceable>user_name</replaceable></arg>
<arg choice='plain'>-d <replaceable>user_name</replaceable></arg>
<arg choice='plain'>-l </arg><arg choice='plain'>-D </arg>
<arg choice='opt'>-g <replaceable>group_name</replaceable></arg>
</group>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <command>groupmems</command> utility allows a user to administer
his/her own group membership list without the requirement of super
user privileges. The <command>groupmems</command> utility is for
systems that configure its users to be in their own name sake primary
group (i.e., guest / guest).
</para>
<para>Only the super user, as administrator, can use
<command>groupmems</command> to alter the memberships of other groups.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>groupmems</command> command
are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term><option>-a</option> <replaceable>user_name</replaceable></term>
<listitem>
<para>Add a new user to the group membership list.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-d</option> <replaceable>user_name</replaceable></term>
<listitem>
<para>Delete a user from the group membership list.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-D</option></term>
<listitem>
<para>Delete all users from the group membership list.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-g</option> <replaceable>group_name</replaceable></term>
<listitem>
<para>The super user can specify which group membership
list to modify.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-l</option></term>
<listitem>
<para>List the group membership list.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='setup'>
<title>SETUP</title>
<para>
The <command>groupmems</command> executable should be in mode
<literal>2770</literal> as user <emphasis>root</emphasis> and in group
<emphasis>groups</emphasis>. The system administrator can add users to
group groups to allow or disallow them using the
<command>groupmems</command> utility to manage their own group
membership list.
</para>
<programlisting>
$ groupadd -r groups
$ chmod 2770 groupmems
$ chown root.groups groupmems
$ groupmems -g groups -a gk4
</programlisting>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>secure group account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: useradd.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='useradd.8'>
<!-- $Id: useradd.8.xml,v 1.31 2006/01/22 10:14:51 kloczek Exp $ -->
<refmeta>
<refentrytitle>useradd</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>useradd</refname>
<refpurpose>create a new user or update default new user information</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>useradd</command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
<arg choice='plain'><replaceable>LOGIN</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>useradd</command>
<arg choice='plain'>-D </arg>
</cmdsynopsis>
<cmdsynopsis>
<command>useradd</command>
<arg choice='plain'>-D </arg>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
When invoked without the <option>-D</option> option, the
<command>useradd</command> command creates a new user account using
the values specified on the command line and the default values from
the system. Depending on command line options, the useradd command
will update system files and may also create the new user's home
directory and copy initial files.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>The options which apply to the <command>useradd</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-c</option>, <option>--comment</option>
<replaceable>COMMENT</replaceable>
</term>
<listitem>
<para>
Any text string. It is generally a short description of the
login, and is currently used as the field for the user's full
name.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-b</option>, <option>--base-dir</option>
<replaceable>BASE_DIR</replaceable>
</term>
<listitem>
<para>
The default base directory for the system if <option>-d</option>
dir is not specified. <replaceable>BASE_DIR</replaceable> is
concatenated with the account name to define the home directory.
If the <option>-m</option> option is not used,
<replaceable>BASE_DIR</replaceable> must exist.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-d</option>, <option>--home</option>
<replaceable>HOME_DIR</replaceable>
</term>
<listitem>
<para>
The new user will be created using
<replaceable>HOME_DIR</replaceable> as the value for the user's
login directory. The default is to append the
<replaceable>LOGIN</replaceable> name to
<replaceable>BASE_DIR</replaceable> and use that as the login
directory name. The directory <replaceable>HOME_DIR</replaceable>
does not have to exist but will not be created if it is missing.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-e</option>, <option>--expiredate</option>
<replaceable>EXPIRE_DATE</replaceable>
</term>
<listitem>
<para>
The date on which the user account will be disabled. The date is
specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-f</option>, <option>--inactive</option>
<replaceable>INACTIVE</replaceable>
</term>
<listitem>
<para>
The number of days after a password expires until the account is
permanently disabled. A value of 0 disables the account as soon
as the password has expired, and a value of -1 disables the
feature. The default value is -1.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-g</option>, <option>--gid</option>
<replaceable>GROUP</replaceable>
</term>
<listitem>
<para>
The group name or number of the user's initial login group. The
group name must exist. A group number must refer to an already
existing group. The default group number is 1 or whatever is
specified in <filename>/etc/default/useradd</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-G</option>, <option>--groups</option>
<replaceable>GROUP1</replaceable>[<emphasis remap='I'>,GROUP2,...</emphasis>[<emphasis remap='I'>,GROUPN</emphasis>]]]
</term>
<listitem>
<para>
A list of supplementary groups which the user is also a member
of. Each group is separated from the next by a comma, with no
intervening whitespace. The groups are subject to the same
restrictions as the group given with the <option>-g</option>
option. The default is for the user to belong only to the
initial group.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option>, <option>--help</option></term>
<listitem>
<para>Display help message and exit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-m</option>, <option>--create-home</option>
</term>
<listitem>
<para>
The user's home directory will be created if it does not exist.
The files contained in <replaceable>SKEL_DIR</replaceable> will
be copied to the home directory if the <option>-k</option>
option is used, otherwise the files contained in
<filename>/etc/skel</filename> will be used instead. Any
directories contained in <replaceable>SKEL_DIR</replaceable> or
<filename>/etc/skel</filename> will be created in the user's
home directory as well. The <option>-k</option> option is only
valid in conjunction with the <option>-m</option> option. The
default is to not create the directory and to not copy any
files.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-K</option>, <option>--key</option>
<replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable>
</term>
<listitem>
<para>
Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK,
PASS_MAX_DAYS and others).
<para>
</para>
Example: <option>-K </option><replaceable>PASS_MAX_DAYS</replaceable>=<replaceable>-1</replaceable>
can be used when creating system account to turn off password
ageing, even though system account has no password at all.
Multiple <option>-K</option> options can be specified, e.g.:
<option>-K </option>
<replaceable>UID_MIN</replaceable>=<replaceable>100</replaceable>
<option> -K </option>
<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
</para>
<para>
Note: <option>-K </option>
<replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
doesn't work yet.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-o</option>, <option>--non-unique</option>
</term>
<listitem>
<para>Allow the creation of a user account with a duplicate (non-unique) UID.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-p</option>, <option>--password</option>
<replaceable>PASSWORD</replaceable>
</term>
<listitem>
<para>
The encrypted password, as returned by <citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>. The default is to disable the account.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>, <option>--shell</option>
<replaceable>SHELL</replaceable>
</term>
<listitem>
<para>
The name of the user's login shell. The default is to leave this
field blank, which causes the system to select the default login
shell.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-u</option>, <option>--uid</option>
<replaceable>UID</replaceable>
</term>
<listitem>
<para>
The numerical value of the user's ID. This value must be unique,
unless the <option>-o</option> option is used. The value must be
non-negative. The default is to use the smallest ID value
greater than 999 and greater than every other user. Values
between 0 and 999 are typically reserved for system accounts.
</para>
</listitem>
</varlistentry>
</variablelist>
<refsect2 id='changing_the_default_values'>
<title>Changing the default values</title>
<para>
When invoked with the <option>-D</option> option,
<command>useradd</command> will either display the current default
values, or update the default values from the command line. The
valid options are
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-b</option> <replaceable>HOME_DIR</replaceable>
</term>
<listitem>
<para>
The initial path prefix for a new user's home directory. The
user's name will be affixed to the end of
<replaceable>HOME_DIR</replaceable> to create the new
directory name if the <option>-d</option> option is not used
when creating a new account.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-e</option> <replaceable>EXPIRE_DATE</replaceable>
</term>
<listitem>
<para>The date on which the user account is disabled.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-f</option> <replaceable>INACTIVE</replaceable>
</term>
<listitem>
<para>
The number of days after a password has expired before the
account will be disabled.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-g</option>, <option>--gid</option>
<replaceable>GROUP</replaceable>
</term>
<listitem>
<para>
The group name or ID for a new user's initial group. The named
group must exist, and a numerical group ID must have an
existing entry.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>, <option>--shell</option>
<replaceable>SHELL</replaceable>
</term>
<listitem>
<para>
The name of the new user's login shell. The named program will
be used for all future new user accounts.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
If no options are specified, <command>useradd</command> displays the
current default values.
</para>
</refsect2>
</refsect1>
<refsect1 id='notes'>
<title>NOTES</title>
<para>The system administrator is responsible for placing the default
user files in the <filename>/etc/skel/</filename> directory.
</para>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
You may not add a user to a NIS group. This must be performed on the
NIS server.
</para>
<para>
Similarly, if the username already exists in an external user
database such as NIS, <command>useradd</command> will deny
the user account creation request.
</para>
<para>
Usernames must begin with a lower case letter or an underscore, and
only lower case letters, underscores, dashes, and dollar signs may
follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/default/useradd</filename></term>
<listitem>
<para>default information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/skel/</filename></term>
<listitem>
<para>directory containing default files</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>shadow password suite configuration</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>useradd</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>1</replaceable></term>
<listitem>
<para>can't update password file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>invalid command syntax</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>3</replaceable></term>
<listitem>
<para>invalid argument to option</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>4</replaceable></term>
<listitem>
<para>UID already in use (and no <option>-o</option>)</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>6</replaceable></term>
<listitem>
<para>specified group doesn't exist</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>9</replaceable></term>
<listitem>
<para>username already in use</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>10</replaceable></term>
<listitem>
<para>can't update group file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>12</replaceable></term>
<listitem>
<para>can't create home directory</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>13</replaceable></term>
<listitem>
<para>can't create mail spool</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: groupmod.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='groupmod.8'>
<!-- $Id: groupmod.8.xml,v 1.14 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>groupmod</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>groupmod</refname>
<refpurpose>modify a group</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>groupmod</command>
<arg choice='opt'>
<arg choice='plain'>-g <replaceable>gid</replaceable></arg>
<arg choice='opt'>-o </arg>
</arg>
<arg choice='opt'>-n <replaceable>new_group_name</replaceable></arg>
<arg choice='plain'><replaceable>group</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <command>groupmod</command> command modifies the system account
files to reflect the changes that are specified on the command line.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>groupmod</command> command
are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-g</option> <replaceable>gid</replaceable>
</term>
<listitem>
<para>
The numerical value of the group's ID. This value must be
unique, unless the <option>-o</option> option is used. The value
must be non-negative. Values between 0 and 999 are typically
reserved for system groups. Any files which the old group ID is
the file group ID must have the file group ID changed manually.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-n</option> <replaceable>new_group_name</replaceable></term>
<listitem>
<para>
The name of the group will be changed from <emphasis
remap='I'>group</emphasis> to <emphasis
remap='I'>new_group_name</emphasis>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>secure group account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>groupmod</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>invalid command syntax</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>3</replaceable></term>
<listitem>
<para>invalid argument to option</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>4</replaceable></term>
<listitem>
<para>specified group doesn't exist</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>6</replaceable></term>
<listitem>
<para>specified group doesn't exist</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>9</replaceable></term>
<listitem>
<para>group name already in use</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>10</replaceable></term>
<listitem>
<para>can't update group file</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: grpck.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='grpck.8'>
<!-- $Id: grpck.8.xml,v 1.16 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>grpck</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>grpck</refname>
<refpurpose>verify integrity of group files</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>grpck</command> <arg choice='opt'>-r </arg>
<arg choice='opt'>
<arg choice='plain'><replaceable>group</replaceable></arg>
<arg choice='plain'><replaceable>shadow</replaceable></arg>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>grpck</command> verifies the integrity of the system
authentication information. All entries in the
<filename>/etc/group</filename> and <filename>/etc/gshadow</filename>
are checked to see that the entry has the proper format and valid data
in each field. The user is prompted to delete entries that are
improperly formatted or which have other uncorrectable errors.
</para>
<para>Checks are made to verify that each entry has:</para>
<itemizedlist mark='bullet'>
<listitem>
<para>the correct number of fields</para>
</listitem>
<listitem>
<para>a unique group name</para>
</listitem>
<listitem>
<para>a valid list of members and administrators</para>
</listitem>
</itemizedlist>
<para>
The checks for correct number of fields and unique group name are
fatal. If the entry has the wrong number of fields, the user will be
prompted to delete the entire line. If the user does not answer
affirmatively, all further checks are bypassed. An entry with a
duplicated group name is prompted for deletion, but the remaining
checks will still be made. All other errors are warnings and the user
is encouraged to run the <command>groupmod</command> command to
correct the error.
</para>
<para>
The commands which operate on the <filename>/etc/group</filename> file
are not able to alter corrupted or duplicated entries.
<command>grpck</command> should be used in those circumstances to
remove the offending entry.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
By default, <command>grpck</command> operates on the files
<filename>/etc/group</filename> and <filename>/etc/gshadow</filename>.
The user may select alternate files with the <emphasis
remap='I'>group</emphasis> and <emphasis remap='I'>shadow</emphasis>
parameters. Additionally, the user may execute the command in
read-only mode by specifying the <option>-r</option> flag. This causes
all questions regarding changes to be answered <emphasis>no</emphasis>
without user intervention. <command>grpck</command> can also sort
entries in <filename>/etc/group</filename> and
<filename>/etc/gshadow</filename> by GID. To run it in sort mode pass
it <option>-s</option> flag. No checks are performed then, it just
sorts.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>secure group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>grpck</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>1</replaceable></term>
<listitem>
<para>invalid command syntax</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>one or more bad group entries</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>3</replaceable></term>
<listitem>
<para>can't open group files</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>4</replaceable></term>
<listitem>
<para>can't lock group files</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>5</replaceable></term>
<listitem>
<para>can't update group files</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
</refentry>
--- NEW FILE: sg.1.xml ---
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='sg.1'>
<!-- $Id: sg.1.xml,v 1.8 2005/11/05 17:17:30 kloczek Exp $ -->
<refmeta>
<refentrytitle>sg</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>sg</refname>
<refpurpose>execute command as different group ID</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>sg</command>
<arg choice='opt'>- </arg>
<arg choice='opt'>group
<arg choice='opt'>-c </arg>
command
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <command>sg</command> command works similar to
<command>newgrp</command> but accepts a command. The command will be
executed with the <filename>/bin/sh</filename> shell. With most shells
you may run <command>sg</command> from, you need to enclose multi-word
commands in quotes. Another difference between
<command>newgrp</command> and <command>sg</command> is that some
shells treat <command>newgrp</command> specially, replacing themselves
with a new instance of a shell that <command>newgrp</command> creates.
This doesn't happen with <command>sg</command>, so upon exit from a
<command>sg</command> command you are returned to your previous group
ID.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>shadow group file</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>id</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gpasswd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>
--- NEW FILE: newgrp.1.xml ---
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='newgrp.1'>
<!-- $Id: newgrp.1.xml,v 1.12 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>newgrp</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>newgrp</refname>
<refpurpose>log in to a new group</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>newgrp</command> <arg choice='opt'>- </arg>
<arg choice='opt'><replaceable>group</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>newgrp</command> is used to change the current group ID
during a login session. If the optional <option>-</option> flag is
given, the user's environment will be reinitialized as though the user
had logged in, otherwise the current environment, including current
working directory, remains unchanged.
</para>
<para>
<command>newgrp</command> changes the current real group ID to the
named group, or to the default group listed in
<filename>/etc/passwd</filename> if no group name is given.
<command>newgrp</command> also tries to add the group to the user
groupset. If not root, the user will be prompted for a password if she
does not have a password (in <filename>/etc/shadow</filename> if this
user has an entry in the shadowed password file, or in
/etc/passwd otherwise) and the group does, or if the user is not
listed as a member and the group has a password. The user will
be denied access if the group password is empty and the user is
not listed as a member.
</para>
<para>
If there is an entry for this group in
<filename>/etc/gshadow</filename>, then the list of members and the
password of this group will be taken from this file, otherwise, the
entry in <filename>/etc/group</filename> is considered.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>shadow group file</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>id</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gpasswd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: grpunconv.8.xml ---
--- NEW FILE: chage.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='chage.1'>
<!-- $Id: chage.1.xml,v 1.30 2006/01/22 10:14:51 kloczek Exp $ -->
<refmeta>
<refentrytitle>chage</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>chage</refname>
<refpurpose>change user password expiry information</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>chage</command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
<arg choice='plain'><replaceable>user</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <command>chage</command> command changes the number of days between
password changes and the date of the last password change. This
information is used by the system to determine when a user must change
his/her password.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>chage</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-d</option>, <option>--lastday</option> <replaceable>LAST_DAY</replaceable>
</term>
<listitem>
<para>
Set the number of days since January 1st, 1970 when the password
was last changed. The date may also be expressed in the format
YYYY-MM-DD (or the format more commonly used in your area).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-E</option>, <option>--expiredate</option> <replaceable>EXPIRE_DATE</replaceable>
</term>
<listitem>
<para>
Set the date or number of days since January 1, 1970 on which the
user's account will no longer be accessible. The date may also
be expressed in the format YYYY-MM-DD (or the format more
commonly used in your area). A user whose account is locked must
contact the system administrator before being able to use the
system again.
</para>
<para>
Passing the number <emphasis remap='I'>-1</emphasis> as the
<replaceable>EXPIRE_DATE</replaceable> will remove an account
expiration date.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option>, <option>--help</option></term>
<listitem>
<para>Display help message and exit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-I</option>, <option>--inactive</option> <replaceable>INACTIVE</replaceable>
</term>
<listitem>
<para>
Set the number of days of inactivity after a password has
expired before the account is locked. The
<replaceable>INACTIVE</replaceable> option is the number of days
of inactivity. A user whose account is locked must contact the
system administrator before being able to use the system again.
</para>
<para>
Passing the number <emphasis remap='I'>-1</emphasis> as the
<replaceable>INACTIVE</replaceable> will remove an account's
inactivity.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-l</option>, <option>--list</option>
</term>
<listitem>
<para>
Show account aging information.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-m</option>, <option>--mindays</option> <replaceable>MIN_DAYS</replaceable>
</term>
<listitem>
<para>
Set the minimum number of days between password changes. A value
of zero for this field indicates that the user may change his/her
password at any time.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-M</option>, <option>--maxdays</option> <replaceable>MAX_DAYS</replaceable>
</term>
<listitem>
<para>
Set the maximum number of days during which a password is valid.
When <replaceable>MAX_DAYS</replaceable> plus
<replaceable>LAST_DAY</replaceable> is less than the current
day, the user will be required to change his/her password before
being able to use his/her account. This occurrence can be planned for
in advance by use of the <option>-W</option> option, which
provides the user with advance warning.
</para>
<para>
Passing the number <emphasis remap='I'>-1</emphasis> as
<replaceable>MAX_DAYS</replaceable> will remove checking a
password's validity.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-W</option>, <option>--warndays</option> <replaceable>WARN_DAYS</replaceable>
</term>
<listitem>
<para>
Set the number of days of warning before a password change is
required. The <replaceable>WARN_DAYS</replaceable> option is the
number of days prior to the password expiring that a user will
be warned his/her password is about to expire.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
If none of the options are selected, <command>chage</command> operates
in an interactive fashion, prompting the user with the current values
for all of the fields. Enter the new value to change the field, or
leave the line blank to use the current value. The current value is
displayed between a pair of <emphasis>[ ]</emphasis> marks.
</para>
</refsect1>
<refsect1 id='note'>
<title>NOTE</title>
<para>
The <command>chage</command> program requires a shadow password file to
be available. Its functionality is not available when passwords are
stored in the passwd file.
</para>
<para>The <command>chage</command> command is restricted to the root
user, except for the <option>-l</option> option, which may be used by
an unprivileged user to determine when his/her password or account is due
to expire.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term>
<filename>/etc/passwd</filename>
</term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<filename>/etc/shadow</filename>
</term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>chage</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>1</replaceable></term>
<listitem>
<para>permission denied</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>invalid command syntax</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>15</replaceable></term>
<listitem>
<para>can't find the shadow password file</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: usermod.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='usermod.8'>
<!-- $Id: usermod.8.xml,v 1.21 2005/11/12 18:00:44 kloczek Exp $ -->
<refmeta>
<refentrytitle>usermod</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>usermod</refname>
<refpurpose>Modify a user account</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>usermod</command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
<arg choice='plain'><replaceable>LOGIN</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <command>usermod</command> command modifies the system account
files to reflect the changes that are specified on the command line.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>usermod</command> command
are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-c</option>, <option>--comment</option>
<replaceable>COMMENT</replaceable>
</term>
<listitem>
<para>
The new value of the user's password file comment field. It is
normally modified using the <citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry> utility.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-d</option>, <option>--home</option>
<replaceable>HOME_DIR</replaceable>
</term>
<listitem>
<para>
The user's new login directory. If the <option>-m</option>
option is given the contents of the current home directory will
be moved to the new home directory, which is created if it does
not already exist.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-e</option>, <option>--expiredate</option>
<replaceable>EXPIRE_DATE</replaceable>
</term>
<listitem>
<para>
The date on which the user account will be disabled. The date is
specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-f</option>, <option>--inactive</option>
<replaceable>INACTIVE</replaceable>
</term>
<listitem>
<para>
The number of days after a password expires until the account is
permanently disabled. A value of 0 disables the account as soon
as the password has expired, and a value of -1 disables the
feature. The default value is -1.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-g</option>, <option>--gid</option>
<replaceable>GROUP</replaceable>
</term>
<listitem>
<para>
The group name or number of the user's new initial login group.
The group name must exist. A group number must refer to an
already existing group. The default group number is 1.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-G</option>, <option>--groups</option>
<replaceable>GROUP1</replaceable>[<emphasis remap='I'>,GROUP2,...</emphasis>[<emphasis remap='I'>,GROUPN</emphasis>]]]
</term>
<listitem>
<para>
A list of supplementary groups which the user is also a member
of. Each group is separated from the next by a comma, with no
intervening whitespace. The groups are subject to the same
restrictions as the group given with the <option>-g</option>
option. If the user is currently a member of a group which is
not listed, the user will be removed from the group. This
behaviour can be changed via <option>-a</option> option, which
appends user to the current supplementary group list.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-l</option>, <option>--login</option>
<replaceable>NEW_LOGIN</replaceable>
</term>
<listitem>
<para>
The name of the user will be changed from <emphasis
remap='I'>LOGIN</emphasis> to <emphasis
remap='I'>NEW_LOGIN</emphasis>. Nothing else is changed. In
particular, the user's home directory name should probably be
changed to reflect the new login name.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-L</option>, <option>--lock</option>
</term>
<listitem>
<para>
Lock a user's password. This puts a '!' in front of the
encrypted password, effectively disabling the password. You
can't use this option with <option>-p</option> or
<option>-U</option>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-o</option>, <option>--non-unique</option>
</term>
<listitem>
<para>
When used with the <option>-u</option> option, this option
allows to change the user ID to a non-unique value.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-p</option>, <option>--password</option>
<replaceable>PASSWORD</replaceable>
</term>
<listitem>
<para>
The encrypted password, as returned by <citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>, <option>--shell</option>
<replaceable>SHELL</replaceable>
</term>
<listitem>
<para>
The name of the user's new login shell. Setting this field to
blank causes the system to select the default login shell.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-u</option>, <option>--uid</option>
<replaceable>UID</replaceable>
</term>
<listitem>
<para>
The numerical value of the user's ID. This value must be unique,
unless the <option>-o</option> option is used. The value must be
non-negative. Values between 0 and 999 are typically reserved
for system accounts. Any files which the user owns and which are
located in the directory tree rooted at the user's home
directory will have the file user ID changed automatically.
Files outside of the user's home directory must be altered
manually.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-U</option>, <option>--unlock</option>
</term>
<listitem>
<para>
Unlock a user's password. This removes the '!' in front of the
encrypted password. You can't use this option with
<option>-p</option> or <option>-L</option>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
<command>usermod</command> will not allow you to change the name of a
user who is logged in. You must make certain that the named user is
not executing any processes when this command is being executed if the
user's numerical user ID is being changed. You must change the owner
of any crontab files manually. You must change the owner of any at
jobs manually. You must make any changes involving NIS on the NIS
server.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>shadow password suite configuration</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: groups.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='groups.1'>
<!-- $Id: groups.1.xml,v 1.14 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>groups</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>groups</refname>
<refpurpose>display current group names</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>groups</command>
<arg choice='opt'>
<replaceable>user</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>groups</command> displays the current group names or ID
values. If the value does not have a corresponding entry in
<filename>/etc/group</filename>, the value will be displayed as the
numerical group value. The optional <emphasis
remap='I'>user</emphasis> parameter will display the groups for the
named <emphasis remap='I'>user</emphasis>.
</para>
</refsect1>
<refsect1 id='note'>
<title>NOTE</title>
<para>
Systems which do not support concurrent group sets will have the
information from <filename>/etc/group</filename> reported. The user
must use <command>newgrp</command> or <command>sg</command> to change
their current real and effective group ID.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>getgid</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>getgroups</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>getuid</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: getspnam.3.xml ---
--- NEW FILE: nologin.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='newusers.8'>
<!-- $Id: nologin.8.xml,v 1.1 2006/01/07 19:02:31 kloczek Exp $ -->
<refmeta>
<refentrytitle>nologin</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>nologin</refname>
<refpurpose>politely refuse a login</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>nologin</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>nologin</command> displays a message that an account is not
available and exits non-zero. It is intended as a replacement shell field
for accounts that have been disabled.
</para>
<para>
To disable all logins, investigate
<citerefentry><refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
<refsect1 id='history'>
<title>HYSTORY</title>
<para>
The <command>nologin</command> command appeared in BSD 4.4.
</para>
</refsect1>
</refentry>
--- NEW FILE: passwd.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='passwd.1'>
<!-- $Id: passwd.1.xml,v 1.25 2006/01/16 19:17:21 kloczek Exp $ -->
<refmeta>
<refentrytitle>passwd</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>passwd</refname>
<refpurpose>change user password</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>passwd</command>
<arg choice='opt'>-x <replaceable>max</replaceable></arg>
<arg choice='opt'>-n <replaceable>min</replaceable></arg>
<arg choice='opt'>-w <replaceable>warn</replaceable></arg>
<arg choice='opt'>-i <replaceable>inact</replaceable></arg>
<arg choice='plain'><replaceable>login</replaceable>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>passwd</command>
<group choice='opt'>
<arg choice='plain'>-l </arg>
<arg choice='plain'>-u </arg>
<arg choice='plain'>-d </arg>
<arg choice='plain'>-S </arg>
<arg choice='plain'>-e </arg>
</group>
<arg choice='plain'><replaceable>login</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>passwd</command> changes passwords for user accounts. A
normal user may only change the password for his/her own account, while
the super user may change the password for any account.
<command>passwd</command> also changes account information, such as
the full name of the user, the user's login shell, or his/her password
expiry date and interval.
</para>
<refsect2 id='password_changes'>
<title>Password Changes</title>
<para>
The user is first prompted for his/her old password, if one is
present. This password is then encrypted and compared against the
stored password. The user has only one chance to enter the correct
password. The super user is permitted to bypass this step so that
forgotten passwords may be changed.
</para>
<para>
After the password has been entered, password aging information is
checked to see if the user is permitted to change the password at
this time. If not, <command>passwd</command> refuses to change the
password and exits.
</para>
<para>
The user is then prompted for a replacement password. This password
is tested for complexity. As a general guideline, passwords should
consist of 6 to 8 characters including one or more from each of
following sets:
</para>
<itemizedlist mark='bullet'>
<listitem>
<para>lower case alphabetics</para>
</listitem>
<listitem>
<para>digits 0 thru 9</para>
</listitem>
<listitem>
<para>punctuation marks</para>
</listitem>
</itemizedlist>
<para>
Care must be taken not to include the system default erase or kill
characters. <command>passwd</command> will reject any password which
is not suitably complex.
</para>
<para>If the password is accepted, <command>passwd</command> will
prompt again and compare the second entry against the first. Both
entries are required to match in order for the password to be
changed.
</para>
</refsect2>
<refsect2 id='hints_for_user_passwords'>
<title>Hints for user passwords</title>
<para>
The security of a password depends upon the strength of the
encryption algorithm and the size of the key space. The
<emphasis>UNIX</emphasis> System encryption method is based on the
NBS DES algorithm and is very secure. The size of the key space
depends upon the randomness of the password which is selected.
</para>
<para>
Compromises in password security normally result from careless
password selection or handling. For this reason, you should not
select a password which appears in a dictionary or which must be
written down. The password should also not be a proper name, your
license number, birth date, or street address. Any of these may be
used as guesses to violate system security.
</para>
<para>
Your password must be easily remembered so that you will not be forced
to write it on a piece of paper. This can be accomplished by
appending two small words together and separating each with a
special character or digit. For example, Pass%word.
</para>
<para>
Other methods of construction involve selecting an easily remembered
phrase from literature and selecting the first or last letter from
each word. An example of this is:
</para>
<itemizedlist mark='bullet'>
<listitem>
<para>Ask not for whom the bell tolls</para>
</listitem>
<listitem>
<para>which produces</para>
</listitem>
<listitem>
<para>An4wtbt</para>
</listitem>
</itemizedlist>
<para>
You may be reasonably sure few crackers will have included this in
their dictionaries. You should, however, select your own methods for
constructing passwords and not rely exclusively on the methods given
here.
</para>
</refsect2>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>passwd</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-a</option>, <option>--all</option>
</term>
<listitem>
<para>
This option can be used only with <option>-S</option> and causes show
status for all users.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-d</option>, <option>--delete</option>
</term>
<listitem>
<para>
Delete a user's password (make it empty). This is a quick way
to disable a password for an account. It will set the named
account passwordless.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-e</option>, <option>--expire</option>
</term>
<listitem>
<para>
Immediately expire an account's password. This in effect can
force a user to change his/her password at the user's next login.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option>, <option>--help</option></term>
<listitem>
<para>Display help message and exit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-i</option>, <option>--inactive</option> <replaceable>INACTIVE</replaceable>
</term>
<listitem>
<para>
This option is used to disable an account after the password has
been expired for a number of days. After a user account has had
an expired password for <replaceable>INACTIVE</replaceable>
days, the user may no longer sign on to the account.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-k</option>, <option>--keep-tokens</option>
</term>
<listitem>
<para>
Indicate change password should be performed only for expired
authentication tokens (passwords). The user wishes to keep their
non-expired tokens as before.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-l</option>, <option>--lock</option>
</term>
<listitem>
<para>
Lock the named account. This option disables an account by changing
the password to a value which matches no possible encrypted value.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-n</option>, <option>--mindays</option> <replaceable>MIN_DAYS</replaceable>
</term>
<listitem>
<para>
Set the minimum number of days between password changes. A value
of zero for this field indicates that the user may change his/her
password at any time.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-q</option>, <option>--quiet</option>
</term>
<listitem>
<para>
Quiet mode.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-r</option>, <option>--repository</option> <replaceable>REPOSITORY</replaceable>
</term>
<listitem>
<para>
change password in <replaceable>REPOSITORY</replaceable> repository
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-S</option>, <option>--status</option>
</term>
<listitem>
<para>
Display account status information. The status information
consists of 7 fields. The first field is the user's login name.
The second field indicates if the user account is locked (L),
has no password (NP), or has a usable password (P). The third
field gives the date of the last password change. The next four
fields are the minimum age, maximum age, warning period, and
inactivity period for the password. These ages are expressed in
days.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-u</option>, <option>--unlock</option>
</term>
<listitem>
<para>
Unlock the named account. This option re-enables an account by
changing the password back to its previous value (to value before
using <option>-l</option> option).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-w</option>, <option>--warndays</option> <replaceable>WARN_DAYS</replaceable>
</term>
<listitem>
<para>
Set the number of days of warning before a password change is
required. The <replaceable>WARN_DAYS</replaceable> option is
the number of days prior to the password expiring that a user
will be warned that his/her password is about to expire.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-x</option>, <option>--maxdays</option> <replaceable>MAX_DAYS</replaceable>
</term>
<listitem>
<para>
Set the maximum number of days a password remains valid. After
<replaceable>MAX_DAYS</replaceable>, the password is required
to be changed.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
Not all options may be supported. Password complexity checking may
vary from site to site. The user is urged to select a password as
complex as he or she feels comfortable with. Users may not be able to
change their password on a system if NIS is enabled and they are not
logged into the NIS server.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>passwd</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>1</replaceable></term>
<listitem>
<para>permission denied</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>invalid combination of options</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>3</replaceable></term>
<listitem>
<para>unexpected failure, nothing done</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>4</replaceable></term>
<listitem>
<para>unexpected failure, passwd file missing</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>5</replaceable></term>
<listitem>
<para>passwd file busy, try again</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>6</replaceable></term>
<listitem>
<para>invalid argument to option</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: login.access.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='login.access.5'>
<!-- $Id: login.access.5.xml,v 1.17 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>login.access</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>login.access</refname>
<refpurpose>Login access control table</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <emphasis remap='I'>login.access</emphasis> file specifies (user,
host) combinations and/or (user, tty) combinations for which a login
will be either accepted or refused.
</para>
<para>
When someone logs in, the <emphasis remap='I'>login.access</emphasis>
is scanned for the first entry that matches the (user, host)
combination, or, in case of non-networked logins, the first entry that
matches the (user, tty) combination. The permissions field of that
table entry determines whether the login will be accepted or refused.
</para>
<para>
Each line of the login access control table has three fields separated
by a ":" character:
</para>
<para>
<emphasis remap='I'>permission</emphasis>:<emphasis remap='I'>users</emphasis>:<emphasis remap='I'>origins</emphasis>
</para>
<para>
The first field should be a "<emphasis>+</emphasis>" (access granted)
or "<emphasis>-</emphasis>" (access denied) character. The second
field should be a list of one or more login names, group names, or
<emphasis>ALL</emphasis> (always matches). The third field should be a
list of one or more tty names (for non-networked logins), host names,
domain names (begin with "<literal>.</literal>"), host addresses,
internet network numbers (end with "<literal>.</literal>"),
<emphasis>ALL</emphasis> (always matches) or
<emphasis>LOCAL</emphasis> (matches any string that does not contain a
"<literal>.</literal>" character). If you run NIS you can use
@netgroupname in host or user patterns.
</para>
<para>
The <emphasis>EXCEPT</emphasis> operator makes it possible to write
very compact rules.
</para>
<para>
The group file is searched only when a name does not match that of the
logged-in user. Only groups are matched in which users are explicitly
listed: the program does not look at a user's primary group id value.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>shadow password suite configuration</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: faillog.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='faillog.8'>
<!-- $Id: faillog.8.xml,v 1.18 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>faillog</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>faillog</refname>
<refpurpose>display faillog records or set login failure limits</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>faillog</command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>faillog</command> formats the contents of the failure log
from <filename>/var/log/faillog</filename> database. It also can be
used for maintains failure counters and limits. Run
<command>faillog</command> without arguments display only list of user
faillog records who have ever had a login failure.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>faillog</command> command
are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term><option>-a</option>, <option>--all</option></term>
<listitem>
<para>Display faillog records for all users.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option>, <option>--help</option></term>
<listitem>
<para>Display help message and exit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-l</option>, <option>--lock-time</option>
<replaceable>SEC</replaceable>
</term>
<listitem>
<para>
Lock account to <replaceable>SEC</replaceable>
seconds after failed login.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-m</option>, <option>--maximum</option>
<replaceable>MAX</replaceable>
</term>
<listitem>
<para>
Set maximum number of login failures after the account is
disabled to <replaceable>MAX</replaceable>. Selecting
<replaceable>MAX</replaceable> value of 0 has the effect of not
placing a limit on the number of failed logins. The maximum
failure count should always be 0 for <emphasis>root</emphasis>
to prevent a denial of services attack against the system.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-r</option>, <option>--reset</option></term>
<listitem>
<para>
Reset the counters of login failures or one record if used with
the -u <replaceable>LOGIN</replaceable> option. Write access to
<filename>/var/log/faillog</filename> is required for this
option.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-t</option>, <option>--time</option>
<replaceable>DAYS</replaceable>
</term>
<listitem>
<para>
Display faillog records more recent than
<replaceable>DAYS</replaceable>. The <option>-t</option>
flag overrides the use of <option>-u</option>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-u</option>, <option>--user</option> <replaceable>LOGIN</replaceable>
</term>
<listitem>
<para>
Display faillog record or maintains failure counters and limits
(if used with <option>-l</option>, <option>-m</option> or
<option>-r</option> options) only for user with
<replaceable>LOGIN</replaceable>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
<command>faillog</command> only prints out users with no successful
login since the last failure. To print out a user who has had a
successful login since their last failure, you must explicitly request
the user with the <option>-u</option> flag, or print out all users
with the <option>-a</option> flag.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/var/log/faillog</filename></term>
<listitem>
<para>failure logging file</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>faillog</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: su.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='su.1'>
<!-- $Id: su.1.xml,v 1.22 2006/01/22 10:14:51 kloczek Exp $ -->
<refmeta>
<refentrytitle>su</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>su</refname>
<refpurpose>change user ID or become super-user</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>su</command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
<arg choice='opt'>- </arg>
<arg choice='opt'>
<arg choice='plain'>
<replaceable>username</replaceable>
</arg>
<arg choice='opt'>
<replaceable>args</replaceable>
</arg>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>su</command> is used to become another user during a login
session. Invoked without a username, <command>su</command> defaults to
becoming the super user. The optional argument <option>-</option> may
be used to provide an environment similar to what the user would
expect had the user logged in directly.
</para>
<para>
Additional arguments may be provided after the username, in which case
they are supplied to the user's login shell. In particular, an
argument of <option>-c</option> will cause the next argument to be
treated as a command by most command interpreters. The command will be
executed by the shell specified in <filename>/etc/passwd</filename>
for the target user.
</para>
<para>
You can use the <option>--</option> argument to separate
<command>su</command> options from the arguments supplied to the shell.
</para>
<para>The user will be prompted for a password, if appropriate. Invalid
passwords will produce an error message. All attempts, both valid and
invalid, are logged to detect abuse of the system.
</para>
<para>
The current environment is passed to the new shell. The value of
<envar>$PATH</envar> is reset to <filename>/bin:/usr/bin</filename>
for normal users, or <filename>/sbin:/bin:/usr/sbin:/usr/bin</filename>
for the super user. This may be changed with the
<emphasis>ENV_PATH</emphasis> and <emphasis>ENV_SUPATH</emphasis>
definitions in <filename>/etc/login.defs</filename>.
</para>
<para>
A subsystem login is indicated by the presence of a "*" as the first
character of the login shell. The given home directory will be used as
the root of a new file system which the user is actually logged into.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>The options which apply to the <command>su</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-c</option>, <option>--command</option>
<replaceable>SHELL</replaceable>
</term>
<listitem>
<para>
Specify a command that will be invoked by the shell using its
<option>-c</option>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-</option>, <option>-l</option>, <option>--login</option>
</term>
<listitem>
<para>
Provide an environment similar to what the user would expect had
the user logged in directly.
</para>
<para>
When <option>-</option> is used, it must be specified as the last
<command>su</command> option.
The other forms (<option>-l</option> and <option>--login</option>)
do not have this restriction.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s</option>, <option>--shell</option>
<replaceable>SHELL</replaceable>
</term>
<listitem>
<para>The shell that will be invoked.</para>
<para>
The invoked shell is choosen among (higest priority first):
<itemizedlist>
<listitem>
<para>The shell specified with --shell</para>
</listitem>
<listitem>
<para>
If <option>--preserve-environment</option> is used, the
shell specified by the <envar>$SHELL</envar> environment
variable.
</para>
</listitem>
<listitem>
<para>
The shell indicated in the /etc/passwd entry for the target
user.
</para>
</listitem>
<listitem>
<para>
/bin/sh if a shell could not be found by any above method.
</para>
</listitem>
</itemizedlist>
</para>
<para>
If the target user has a restricted shell (i.e. the shell field of
this user's entry in <filename>/etc/passwd</filename> is not
specified in <filename>/etc/shell</filename>), then the
<option>--shell</option> option or the <envar>$SHELL</envar>
environment variable won't be taken into account unless
<command>su</command> is called by the root.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-m</option>, <option>-p</option>,
<option>--preserve-environment</option>
</term>
<listitem>
<para>Preserve the current environment.</para>
<para>
If the target user has a restricted shell, this option has no
effect (unless <command>su</command> is called by root).
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
This version of <command>su</command> has many compilation options,
only some of which may be in use at any particular site.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>
--- NEW FILE: pw_auth.3.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='pw_auth.3'>
<!-- $Id: pw_auth.3.xml,v 1.17 2005/11/05 17:17:30 kloczek Exp $ -->
<refmeta>
<refentrytitle>pw_auth</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class="sectdesc">Library Calls</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>pw_auth</refname>
<refpurpose>administrator defined password authentication routines</refpurpose>
</refnamediv>
<refsect1 id='syntax'>
<title>SYNTAX</title>
<para>
<emphasis>#include <pwauth.h></emphasis>
</para>
<para>
<emphasis>int pw_auth (char</emphasis>
<emphasis remap='I'>*command,</emphasis>
<emphasis>char</emphasis>
<emphasis remap='I'>*user,</emphasis>
<emphasis>int</emphasis>
<emphasis remap='I'>reason,</emphasis>
<emphasis>char</emphasis>
<emphasis remap='I'>*input)</emphasis><emphasis>;</emphasis>
</para>
</refsect1>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<emphasis>pw_auth</emphasis> invokes the administrator defined
functions for a given user.
</para>
<para>
<emphasis remap='I'>command</emphasis> is the name of the
authentication program. It is retrieved from the user's password file
information. The string contains one or more executable file names,
delimited by semi-colons. Each program will be executed in the order
given. The command line arguments are given for each of the reasons
listed below.
</para>
<para>
<emphasis remap='I'>user</emphasis> is the name of the user to be
authenticated, as given in the <filename>/etc/passwd</filename> file.
User entries are indexed by username. This allows non-unique user IDs
to be present and for each different username associated with that
user ID to have a different authentication program and information.
</para>
<para>
Each of the permissible authentication reasons is handled in a
potentially differenent manner. Unless otherwise mentioned, the
standard file descriptors 0, 1, and 2 are available for communicating
with the user. The real user ID may be used to determine the identity
of the user making the authentication request. <emphasis
remap='I'>reason</emphasis> is one of:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<emphasis>PW_SU</emphasis>
</term>
<listitem>
<para>
Perform authentication for the current real user ID attempting
to switch real user ID to the named user. The authentication
program will be invoked with a <option>-s</option> option,
followed by the username.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis>PW_LOGIN</emphasis>
</term>
<listitem>
<para>
Perform authentication for the named user creating a new login
session. The authentication program will be invoked with a
<option>-l</option> option, followed by the username.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis>PW_ADD</emphasis>
</term>
<listitem>
<para>
Create a new entry for the named user. This allows an
authentication program to initialize storage for a new user. The
authentication program will be invoked with a
<option>-a</option> option, followed by the username.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis>PW_CHANGE</emphasis>
</term>
<listitem>
<para>
Alter an existing entry for the named user. This allows an
authentication program to alter the authentication information
for an existing user. The authentication program will be invoked
with a <option>-c</option> option, followed by the username.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis>PW_DELETE</emphasis>
</term>
<listitem>
<para>
Delete authentication information for the named user. This
allows an authentication program to reclaim storage for a user
which is no longer authenticated using the authentication
program. The authentication program will be invoked with a
<option>-d</option> option, followed by the username.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis>PW_TELNET</emphasis>
</term>
<listitem>
<para>
Authenticate a user who is connecting to the system using the
<command>telnet</command> command. The authentication program
will be invoked with a <option>-t</option> option, followed by
the username.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis>PW_RLOGIN</emphasis>
</term>
<listitem>
<para>
Authenticate a user who is connecting to the system using the
<emphasis>rlogin</emphasis> command. The
authentication program will be invoked with a
<option>-r</option> option, followed by the username.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis>PW_FTP</emphasis>
</term>
<listitem>
<para>
Authenticate a user who is connecting to the system using the
<emphasis>ftp</emphasis> command. The authentication program
will be invoked with a <option>-f</option> option, followed by
the username. The standard file descriptors are not available
for communicating with the user. The standard input file
descriptor will be connected to the parent process, while the
other two output file descriptors will be connected to
<filename>/dev/null</filename>. The <emphasis>pw_auth</emphasis>
function will pipe a single line of data to the authentication
program using file descriptor 0.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis>PW_REXEC</emphasis>
</term>
<listitem>
<para>
Authenticate a user who is connecting to the system using the
<emphasis remap='I'>rexec</emphasis> command. The authentication
program will be invoked with a <option>-x</option> option,
followed by the username. The standard file descriptors are not
available for communicating with the remote user. The standard
input file descriptor will be connected to the parent process,
while the other two output file descriptors will be connected to
<filename>/dev/null</filename>. The <emphasis>pw_auth</emphasis>
function will pipe a single line of data to the authentication
program using file descriptor 0.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
The last argument is the authentication data which is used by the
<emphasis>PW_FTP</emphasis> and <emphasis>PW_REXEC</emphasis> reasons.
It is treated as a single line of text which is piped to the
authentication program. When the reason is
<emphasis>PW_CHANGE,</emphasis> the value of <emphasis
remap='I'>input</emphasis> is the value of previous user name if the
user name is being changed.
</para>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
This function does not create the actual session. It only indicates if
the user should be allowed to create the session.
</para>
<para>The network options are untested at this time.</para>
</refsect1>
<refsect1 id='diagnostics'>
<title>DIAGNOSTICS</title>
<para>
The <emphasis>pw_auth</emphasis> function returns 0 if the
authentication program exited with a 0 exit code, and a non-zero value
otherwise.
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: login.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='login.1'>
<!-- $Id: login.1.xml,v 1.24 2006/01/07 19:30:45 kloczek Exp $ -->
<refmeta>
<refentrytitle>login</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>login</refname>
<refpurpose>begin session on the system</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>login</command>
<arg choice='opt'>-p </arg>
<arg choice='opt'>
<replaceable>username</replaceable></arg>
<arg choice='opt' rep='repeat'> <replaceable>ENV=VAR</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>login</command>
<arg choice='opt'>-p </arg>
<arg choice='opt'>-h <replaceable>host</replaceable></arg>
<arg choice='opt'>-f <replaceable>username</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>login</command>
<arg choice='opt'>-p </arg>
<arg choice='plain'>-r <replaceable>host</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>login</command> is used to establish a new session with the
system. It is normally invoked automatically by responding to the
<emphasis remap='I'>login:</emphasis> prompt on the user's
terminal. <command>login</command> may be special to the shell and may
not be invoked as a sub-process. Typically, <command>login</command>
is treated by the shell as <emphasis remap='B'>exec login</emphasis>
which causes the user to exit from the current shell. Attempting to
execute <command>login</command> from any shell but the login shell
will produce an error message.
</para>
<para>
The user is then prompted for a password, where appropriate. Echoing
is disabled to prevent revealing the password. Only a small number of
password failures are permitted before <command>login</command> exits
and the communications link is severed.
</para>
<para>
If password aging has been enabled for your account, you may be
prompted for a new password before proceeding. You will be forced to
provide your old password and the new password before continuing.
Please refer to <citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry> for more information.
</para>
<para>
After a successful login, you will be informed of any system messages
and the presence of mail. You may turn off the printing of the system
message file, <filename>/etc/motd</filename>, by creating a
zero-length file <filename>.hushlogin</filename> in your login directory.
The mail message will be one of "<emphasis>You have new
mail.</emphasis>", "<emphasis>You have mail.</emphasis>", or
"<emphasis>No Mail.</emphasis> "according to the condition of your
mailbox.
</para>
<para>
Your user and group ID will be set according to their values in the
<filename>/etc/passwd</filename> file. The value for
<envar>$HOME</envar>, <envar>$SHELL</envar>, <envar>$PATH</envar>,
<envar>$LOGNAME</envar>, and <envar>$MAIL</envar> are set according
to the appropriate fields in the password entry. Ulimit, umask and nice
values may also be set according to entries in the GECOS field.
</para>
<para>
On some installations, the environmental variable
<envar>$TERM</envar> will be initialized to the terminal type on
your tty line, as specified in <filename>/etc/ttytype</filename>.
</para>
<para>
An initialization script for your command interpreter may also be
executed. Please see the appropriate manual section for more
information on this function.
</para>
<para>
A subsystem login is indicated by the presence of a "*" as the first
character of the login shell. The given home directory will be used as
the root of a new file system which the user is actually logged into.
</para>
<para>
The <command>login</command> program is NOT responsible for removing
users from the utmp file. It is the responsibility of
<citerefentry><refentrytitle>getty</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> and
<citerefentry><refentrytitle>init</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> to clean up apparent ownership
of a terminal session. If you use <command>login</command> from the
shell prompt without <command>exec</command>, the user you use will
continue to appear to be logged in even after you log out of the
"subsession".
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-f</option>
</term>
<listitem>
<para>Do not perform authentication, user is preauthenticated.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-h</option>
</term>
<listitem>
<para>Name of the remote host for this login.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-p</option>
</term>
<listitem>
<para>Preserve environment.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-r</option>
</term>
<listitem>
<para>Perform autologin protocol for rlogin.</para>
</listitem>
</varlistentry>
</variablelist>
<para>
The <option>-r</option>, <option>-h</option> and <option>-f</option>
options are only used when <command>login</command> is invoked by
root.
</para>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
This version of <command>login</command> has many compilation options,
only some of which may be in use at any particular site.
</para>
<para>The location of files is subject to differences in system
configuration.
</para>
<para>
The <command>login</command> program is NOT responsible for removing
users from the utmp file. It is the responsibility of <citerefentry>
<refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum>
</citerefentry> and <citerefentry>
<refentrytitle>init</refentrytitle><manvolnum>8</manvolnum>
</citerefentry> to clean up apparent ownership of a terminal session.
If you use <command>login</command> from the shell prompt without
<command>exec</command>, the user you use will continue to appear to
be logged in even after you log out of the "subsession".
</para>
<para>
As any program, <command>login</command> appearance could be faked.
If non-trusted users have a physical access to the machine, an
attacker could use this to obtain the password of the next person
sitting in front of the machine. Under Linux, the SAK mecanism can be
used by users to initiate of a trusted path and prevent this kind of
attack.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/var/run/utmp</filename></term>
<listitem>
<para>list of current login sessions</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/var/log/wtmp</filename></term>
<listitem>
<para>list of previous login sessions</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/motd</filename></term>
<listitem>
<para>system message of the day file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/nologin</filename></term>
<listitem>
<para>prevent non-root users from logging in</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/ttytype</filename></term>
<listitem>
<para>list of terminal types</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>$HOME/.hushlogin</filename></term>
<listitem>
<para>suppress printing of system messages</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>mail</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>securetty</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: vigr.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY vigr-8 SYSTEM "vipw.8.xml">
]>
&vigr-8;
--- NEW FILE: newusers.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='newusers.8'>
<!-- $Id: newusers.8.xml,v 1.14 2005/11/05 17:17:30 kloczek Exp $ -->
<refmeta>
<refentrytitle>newusers</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>newusers</refname>
<refpurpose>update and create new users in batch</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>newusers</command>
<arg choice='opt'>
<replaceable>new_users</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>newusers</command> reads a file of user name and clear-text
password pairs and uses this information to update a group of existing
users or to create new users. Each line is in the same format as the
standard password file (see
<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>) with the following exceptions:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<emphasis remap='I'>pw_passwd</emphasis>
</term>
<listitem>
<para>
This field will be encrypted and used as the new value of the
encrypted password.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis remap='I'>pw_age</emphasis>
</term>
<listitem>
<para>
This field will be ignored for shadow passwords if the user
already exists.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis remap='I'>pw_gid</emphasis>
</term>
<listitem>
<para>
This field may be the name of an existing group, in which case
the named user will be added as a member. If a non-existent
numerical group is given, a new group will be created having
this number.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis remap='I'>pw_dir</emphasis>
</term>
<listitem>
<para>
This field will be checked for existence as a directory and a
new directory with the same name will be created if it does not
already exist. The ownership of the directory will be set to be
that of the user being created or updated.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
This command is intended to be used in a large system environment
where many accounts are updated at a single time.
</para>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
The input file must be protected since it contains unencrypted
passwords.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>shadow password suite configuration</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: grpconv.8.xml ---
--- NEW FILE: chsh.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='chsh.1'>
<!-- $Id: chsh.1.xml,v 1.19 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>chsh</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>chsh</refname>
<refpurpose>change login shell</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>chsh</command>
<arg choice='opt'>-s <replaceable>login_shell</replaceable></arg>
<arg choice='opt'><replaceable>user</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>chsh</command> changes the user login shell. This determines
the name of the user's initial login command. A normal user may only
change the login shell for her own account, the super user may change
the login shell for any account.
</para>
<para>
The only restriction placed on the login shell is that the command
name must be listed in <filename>/etc/shells</filename>, unless the
invoker is the super-user, and then any value may be added. An
account with a restricted login shell may not change her login shell.
For this reason, placing <filename>/bin/rsh</filename> in
<filename>/etc/shells</filename> is discouraged since accidentally
changing to a restricted shell would prevent the user from ever
changing her login shell back to its original value.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
If the <option>-s</option> option is not selected,
<command>chsh</command> operates in an interactive fashion, prompting
the user with the current login shell. Enter the new value to change
the shell, or leave the line blank to use the current one. The current
shell is displayed between a pair of <emphasis>[ ]</emphasis> marks.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shells</filename></term>
<listitem>
<para>list of valid login shells</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>shadow password suite configuration</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: userdel.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='userdel.8'>
<!-- $Id: userdel.8.xml,v 1.20 2005/11/05 17:17:30 kloczek Exp $ -->
<refmeta>
<refentrytitle>userdel</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>userdel</refname>
<refpurpose>Delete a user account and related files</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>userdel</command>
<arg choice='opt'>-f </arg>
<arg choice='opt'>-r </arg>
<arg choice='plain'>
<replaceable>login_name</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <command>userdel</command> command modifies the system account
files, deleting all entries that refer to <emphasis
remap='I'>login_name</emphasis>. The named user must exist.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>userdel</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-f</option>
</term>
<listitem>
<para>
This option forces the removal of the user, even if she is still
logged in. It also forces <command>userdel</command> to remove
the user's home directory or her mail spool, even if another
user uses the same home directory or if the mail spool is not
owned by the specified user. If
<emphasis>USERGROUPS_ENAB</emphasis> is defined to <emphasis
remap='I'>yes</emphasis> in <filename>/etc/login.defs</filename>
and if a group exists with the same name as the deleted user,
then this group will be removed, even if it is still the primary
group of another user.
</para>
<para>
<emphasis>Note:</emphasis> This option is dangerous and may let
your system in an inconsistent state.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-r</option>
</term>
<listitem>
<para>
Files in the user's home directory will be removed along with
the home directory itself and the user's mail spool. Files
located in other file systems will have to be searched for and
deleted manually.
</para>
<para>
The mail spool is defined by the <emphasis>MAIL_DIR</emphasis>
variable in the <filename>login.defs</filename> file.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>shadow password suite configuration</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>userdel</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>1</replaceable></term>
<listitem>
<para>can't update password file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>invalid command syntax</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>6</replaceable></term>
<listitem>
<para>specified user doesn't exist</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>8</replaceable></term>
<listitem>
<para>user currently logged in</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>10</replaceable></term>
<listitem>
<para>can't update group file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>12</replaceable></term>
<listitem>
<para>can't remove home directory</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
<command>userdel</command> will not allow you to remove an account if
the user is currently logged in. You must kill any running processes
which belong to an account that you are deleting.
</para>
<para>You may not remove any NIS attributes on a NIS client. This must
be performed on the NIS server.
</para>
<para>If <emphasis>USERGROUPS_ENAB</emphasis> is defined to <emphasis
remap='I'>yes</emphasis> in <filename>/etc/login.defs</filename>,
<command>userdel</command> will delete the group with the same name
as the user. To avoid inconsistencies in the passwd and group
databases, <command>userdel</command> will check that this group is
not used as a primary group for another user, and will just warn
without deleting the user otherwise. The <option>-f</option> option
can force the deletion of this group.
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: shadow.3.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='shadow.3'>
<!-- $Id: shadow.3.xml,v 1.19 2005/11/05 17:17:30 kloczek Exp $ -->
<refmeta>
<refentrytitle>shadow</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class="sectdesc">Library Calls</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>shadow</refname>
<refname>getspnam</refname>
<refpurpose>encrypted password file routines</refpurpose>
</refnamediv>
<refsect1 id='syntax'>
<title>SYNTAX</title>
<para>
<emphasis>#include <shadow.h></emphasis>
</para>
<para>
<emphasis>struct spwd *getspent();</emphasis>
</para>
<para>
<emphasis>struct spwd *getspnam(char</emphasis> <emphasis
remap='I'>*name</emphasis><emphasis>);</emphasis>
</para>
<para>
<emphasis>void setspent();</emphasis>
</para>
<para>
<emphasis>void endspent();</emphasis>
</para>
<para>
<emphasis>struct spwd *fgetspent(FILE</emphasis> <emphasis
remap='I'>*fp</emphasis><emphasis>);</emphasis>
</para>
<para>
<emphasis>struct spwd *sgetspent(char</emphasis> <emphasis
remap='I'>*cp</emphasis><emphasis>);</emphasis>
</para>
<para>
<emphasis>int putspent(struct spwd</emphasis> <emphasis
remap='I'>*p,</emphasis> <emphasis>FILE</emphasis> <emphasis
remap='I'>*fp</emphasis><emphasis>);</emphasis>
</para>
<para>
<emphasis>int lckpwdf();</emphasis>
</para>
<para>
<emphasis>int ulckpwdf();</emphasis>
</para>
</refsect1>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<emphasis remap='I'>shadow</emphasis> manipulates the contents of the
shadow password file, <filename>/etc/shadow</filename>. The structure
in the <emphasis remap='I'>#include</emphasis> file is:
</para>
<programlisting>struct spwd {
char *sp_namp; /* user login name */
char *sp_pwdp; /* encrypted password */
long int sp_lstchg; /* last password change */
long int sp_min; /* days until change allowed. */
long int sp_max; /* days before change required */
long int sp_warn; /* days warning for expiration */
long int sp_inact; /* days before account inactive */
long int sp_expire; /* date when account expires */
unsigned long int sp_flag; /* reserved for future use */
}
</programlisting>
<para>The meanings of each field are:</para>
<itemizedlist mark='bullet'>
<listitem>
<para>sp_namp - pointer to null-terminated user name</para>
</listitem>
<listitem>
<para>sp_pwdp - pointer to null-terminated password</para>
</listitem>
<listitem>
<para>sp_lstchg - days since Jan 1, 1970 password was last changed</para>
</listitem>
<listitem>
<para>sp_min - days before which password may not be changed</para>
</listitem>
<listitem>
<para>sp_max - days after which password must be changed</para>
</listitem>
<listitem>
<para>sp_warn - days before password is to expire that user is warned of
pending password expiration
</para>
</listitem>
<listitem>
<para>sp_inact - days after password expires that account is considered
inactive and disabled
</para>
</listitem>
<listitem>
<para>sp_expire - days since Jan 1, 1970 when account will be disabled</para>
</listitem>
<listitem>
<para>sp_flag - reserved for future use</para>
</listitem>
</itemizedlist>
</refsect1>
<refsect1 id='description2'>
<title>DESCRIPTION</title>
<para>
<emphasis>getspent</emphasis>, <emphasis>getspname</emphasis>,
<emphasis>fgetspent</emphasis>, and <emphasis>sgetspent</emphasis>
each return a pointer to a <emphasis>struct spwd</emphasis>.
<emphasis>getspent</emphasis> returns the next entry from the file,
and <emphasis>fgetspent</emphasis> returns the next entry from the
given stream, which is assumed to be a file of the proper format.
<emphasis>sgetspent</emphasis> returns a pointer to a <emphasis>struct
spwd</emphasis> using the provided string as input.
<emphasis>getspnam</emphasis> searches from the current position in
the file for an entry matching <emphasis>name</emphasis>.
</para>
<para>
<emphasis>setspent</emphasis> and <emphasis>endspent</emphasis> may be
used to begin and end, respectively, access to the shadow password
file.
</para>
<para>
The <emphasis>lckpwdf</emphasis> and <emphasis>ulckpwdf</emphasis>
routines should be used to insure exclusive access to the
<filename>/etc/shadow</filename> file. <emphasis>lckpwdf</emphasis>
attempts to acquire a lock using <emphasis>pw_lock</emphasis> for up
to 15 seconds. It continues by attempting to acquire a second lock
using <emphasis>spw_lock</emphasis> for the remainder of the initial
15 seconds. Should either attempt fail after a total of 15 seconds,
<emphasis>lckpwdf</emphasis> returns -1. When both locks are acquired
0 is returned.
</para>
</refsect1>
<refsect1 id='diagnostics'>
<title>DIAGNOSTICS</title>
<para>
Routines return NULL if no more entries are available or if an error
occurs during processing. Routines which have <emphasis>int</emphasis>
as the return value return 0 for success and
-1 for failure.
</para>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
These routines may only be used by the super user as access to the
shadow password file is restricted.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>getpwent</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: logoutd.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='logoutd.8'>
<!-- $Id: logoutd.8.xml,v 1.15 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>logoutd</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>logoutd</refname>
<refpurpose>Enforce login time restrictions</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>logoutd</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>logoutd</command> enforces the login time and port
restrictions specified in <filename>/etc/porttime</filename>.
<command>logoutd</command> should be started from
<filename>/etc/rc</filename>. The <filename>/var/run/utmp</filename>
file is scanned periodically and each user name is checked to see if
the named user is permitted on the named port at the current time.
Any login session which is violating the restrictions in
<filename>/etc/porttime</filename> is terminated.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/porttime</filename></term>
<listitem>
<para>login and port permissions</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/var/run/utmp</filename></term>
<listitem>
<para>list of current login sessions</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
</refentry>
--- NEW FILE: gpasswd.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='gpasswd.1'>
<!-- $Id: gpasswd.1.xml,v 1.16 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>gpasswd</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>gpasswd</refname>
<refpurpose>administer the /etc/group file</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>gpasswd</command>
<arg choice='plain'>
<replaceable>group</replaceable>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>gpasswd</command>
<arg choice='plain'>-a <replaceable>user</replaceable></arg>
<arg choice='plain'><replaceable>group</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>gpasswd</command>
<arg choice='plain'>-d <replaceable>user</replaceable></arg>
<arg choice='plain'><replaceable>group</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>gpasswd</command>
<arg choice='plain'>-R <replaceable>group</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>gpasswd</command>
<arg choice='plain'>-r <replaceable>group</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>gpasswd</command>
<arg choice='opt' rep='repeat'>-A <replaceable>user,</replaceable></arg>
<arg choice='opt' rep='repeat'>-M <replaceable>user,</replaceable></arg>
<arg choice='plain'><replaceable>group</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>gpasswd</command> is used to administer the
<filename>/etc/group</filename> file (and
<filename>/etc/gshadow</filename> file if compiled with SHADOWGRP
defined). Every group can have administrators, members and a password.
System administrator can use <option>-A</option> option to define
group administrator(s) and <option>-M</option> option to define
members and has all rights of group administrators and members.
</para>
<refsect2 id='notes_about_group_passwords'>
<title>Notes about group passwords</title>
<para>
Group passwords are an inherent security problem since more than one
person is permitted to know the password. However, groups are a
useful tool for permitting co-operation between different users.
</para>
</refsect2>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
Group administrator can add and delete users using <option>-a</option>
and <option>-d</option> options respectively. Administrators can use
<option>-r</option> option to remove group password. When no password
is set only group members can use <command>newgrp</command> to join
the group. Option <option>-R</option> disables access via a password
to the group through <command>newgrp</command> command (however
members will still be able to switch to this group).
</para>
<para>
<command>gpasswd</command> called by a group administrator with group
name only prompts for the group password. If password is set the
members can still <citerefentry>
<refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
</citerefentry> without a password, non-members must supply the
password.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>secure group account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: porttime.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='porttime.5'>
<!-- $Id: porttime.5.xml,v 1.15 2005/11/05 17:17:30 kloczek Exp $ -->
<refmeta>
<refentrytitle>porttime</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>porttime</refname>
<refpurpose>port access time file</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<emphasis remap='I'>porttime</emphasis> contains a list of tty
devices, user names, and permitted login times.
</para>
<para>
Each entry consists of three colon separated fields. The first field
is a comma separated list of tty devices, or an asterisk to indicate
that all tty devices are matched by this entry. The second field is a
comma separated list of user names, or an asterisk to indicated that
all user names are matched by this entry. The third field is a comma
separated list of permitted access times.
</para>
<para>
Each access time entry consists of zero or more days of the week,
abbreviated <emphasis>Su</emphasis>, <emphasis>Mo</emphasis>,
<emphasis>Tu</emphasis>, <emphasis>We</emphasis>,
<emphasis>Th</emphasis>, <emphasis>Fr</emphasis>, and
<emphasis>Sa</emphasis>, followed by a pair of times separated by a
hyphen. The abbreviation <emphasis>Wk</emphasis> may be used to
represent Monday thru Friday, and <emphasis>Al</emphasis> may be used
to indicate every day. If no days are given, <emphasis>Al</emphasis>
is assumed.
</para>
</refsect1>
<refsect1 id='examples'>
<title>EXAMPLES</title>
<para>
The following entry allows access to user <emphasis
remap='B'>jfh</emphasis> on every port during weekdays from 9am to
5pm.
</para>
<para> *:jfh:Wk0900-1700</para>
<para>
The following entries allow access only to the users
<emphasis>root</emphasis> and <emphasis>oper</emphasis> on
<filename>/dev/console</filename> at any time. This illustrates how
the <filename>/etc/porttime</filename> file is an ordered list of
access times. Any other user would match the second entry which does
not permit access at any time.
</para>
<programlisting>
console:root,oper:Al0000-2400
console:*:
</programlisting>
<para>
The following entry allows access for the user
<emphasis>games</emphasis> on any port during non-working hours.
</para>
<para> *:games:Wk1700-0900,SaSu0000-2400</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/porttime</filename></term>
<listitem>
<para>file containing port access</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: vipw.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='vipw.8'>
<!-- $Id: vipw.8.xml,v 1.14 2005/12/03 16:19:40 kloczek Exp $ -->
<refmeta>
<refentrytitle>vipw</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>vipw</refname>
<refname>vigr</refname>
<refpurpose>
edit the password, group, shadow-password or shadow-group file.
</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>vipw</command><arg choice='opt'>options</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>vigr</command><arg choice='opt'>options</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>vipw</command> and <command>vigr</command> will edit the
files <filename>/etc/passwd</filename> and
<filename>/etc/group</filename>, respectively. With the
<option>-s</option> flag, they will edit the shadow versions of those
files, <filename>/etc/shadow</filename> and
<filename>/etc/gshadow</filename>, respectively. The programs will set
the appropriate locks to prevent file corruption. When looking for an
editor, the programs will first try the environment variable
<envar>$VISUAL</envar>, then the environment variable
<envar>$EDITOR</envar>, and finally the default editor,
<citerefentry><refentrytitle>vi</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>vipw</command> and
<command>vigr</command> commands are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term><option>-g</option>, <option>--group</option></term>
<listitem>
<para>Edit group database.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option>, <option>--help</option></term>
<listitem>
<para>Display help message and exit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-p</option>, <option>--passwd</option></term>
<listitem>
<para>Edit passwd database.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-q</option>, <option>--quiet</option></term>
<listitem>
<para>Quiet mode database.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-s</option>, <option>--shadow</option></term>
<listitem>
<para>Edit shadow or gshadow database.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>shadow group file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>vi</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: lastlog.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='lastlog.8'>
<!-- $Id: lastlog.8.xml,v 1.21 2006/01/02 13:59:01 kloczek Exp $ -->
<refmeta>
<refentrytitle>lastlog</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>lastlog</refname>
<refpurpose>examine lastlog file</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>lastlog</command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>lastlog</command> formats and prints the contents of the last
login log <filename>/var/log/lastlog</filename> file. The
<emphasis>login-name</emphasis>, <emphasis>port</emphasis>, and
<emphasis>last login time</emphasis> will be printed. The default (no
flags) causes lastlog entries to be printed, sorted by their order in
<filename>/etc/passwd</filename>.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>lastlog</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-b</option>, <option>--before</option> <replaceable>DAYS</replaceable>
</term>
<listitem>
<para>
Print only lastlog records older than <emphasis remap='I'>DAYS</emphasis>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-h</option>, <option>--help</option>
</term>
<listitem>
<para>Display help message and exit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-t</option>, <option>--time</option>
<replaceable>DAYS</replaceable>
</term>
<listitem>
<para>
Print the lastlog records more recent than
<emphasis remap='I'>DAYS</emphasis>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-u</option>, <option>--user</option>
<replaceable>LOGIN</replaceable>
</term>
<listitem>
<para>Print the lastlog record for user with specified
<emphasis remap='I'>LOGIN</emphasis> only.
</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist remap='TP'>
<varlistentry>
<term>
The <option>-t</option> flag overrides the use of <option>-u</option>.
</term>
<listitem>
<para></para>
</listitem>
</varlistentry>
</variablelist>
<para>
If the user has never logged in the message <emphasis>** Never logged
in**</emphasis> will be displayed instead of the port and time.
</para>
</refsect1>
<refsect1 id='note'>
<title>NOTE</title>
<para>
The <filename>lastlog</filename> file is a database which contains info
on the last login of each user. You should not rotate it. It is a sparse
file, so its size on the disk is much smaller than the one shown by
"<command>ls -l</command>" (which can indicate a really big file if
you have a high UID). You can display its real size with
"<command>ls -s</command>".
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/var/log/lastlog</filename></term>
<listitem>
<para>lastlog logging file</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
Large gaps in UID numbers will cause the lastlog program to run
longer with no output to the screen (i.e. if mmdf=800 and last
UID=170, program will appear to hang as it processes UID 171-799).
</para>
</refsect1>
</refentry>
--- NEW FILE: sulogin.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='sulogin.8'>
<!-- $Id: sulogin.8.xml,v 1.15 2005/11/05 17:17:30 kloczek Exp $ -->
<refmeta>
<refentrytitle>sulogin</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>sulogin</refname>
<refpurpose>Single-user login</refpurpose>
</refnamediv>
<refsect1 id='syntax'>
<title>SYNTAX</title>
<para><command>sulogin</command> [<emphasis remap='I'>tty-device</emphasis>]
</para>
</refsect1>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>sulogin</command> is invoked by <command>init</command> prior
to allowing the user access to the system when in single user mode.
This feature may only be available on certain systems where
<command>init</command> has been modified accordingly, or where the
<filename>/etc/inittab</filename> has an entry for a single user
login.
</para>
<para>The user is prompted</para>
<para>Type control-d to proceed with normal startup,
<!-- .br -->
(or give root password for system maintenance):
</para>
<para>
Input and output will be performed with the standard file descriptors
unless the optional device name argument is provided.
</para>
<para>
If the user enters the correct root password, a login session is
initiated. When <emphasis>EOF</emphasis> is pressed instead, the
system enters multi-user mode.
</para>
<para>
After the user exits the single-user shell, or presses
<emphasis>EOF</emphasis>, the system begins the initialization process
required to enter multi-user mode.
</para>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
This command can only be used if <command>init</command> has been
modified to call <command>sulogin</command> instead of
<filename>/bin/sh</filename>, or if the user has set the <emphasis
remap='I'>inittab</emphasis> to support a single user login. For
example, the line:
</para>
<para>co:s:respawn:/etc/sulogin /dev/console</para>
<para>should execute the sulogin command in single user mode.</para>
<para>
As complete an environment as possible is created. However, various
devices may be unmounted or uninitialized and many of the user
commands may be unavailable or nonfunctional as a result.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>secure user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>init</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: groupadd.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='groupadd.8'>
<!-- $Id: groupadd.8.xml,v 1.24 2006/01/02 14:13:39 kloczek Exp $ -->
<refmeta>
<refentrytitle>groupadd</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>groupadd</refname>
<refpurpose>Create a new group</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>groupadd</command>
<arg choice='opt'>
<arg choice='plain'>-g <replaceable>GID</replaceable></arg>
<arg choice='opt'>-o</arg>
</arg>
<arg choice='opt'>-f </arg>
<arg choice='opt'>-K <replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable></arg>
<arg choice='plain'>
<replaceable>group</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>The <command>groupadd</command> command creates a new group
account using the values specified on the command line and the default
values from the system. The new group will be entered into the system
files as needed.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>groupadd</command> command
are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-f</option>
</term>
<listitem>
<para>This option causes to just exit with success status if the
specified group already exists. With <option>-g</option>, if
specified GID already exists, other (unique) GID is chosen (i.e.
<option>-g</option> is turned off).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-g</option> <replaceable>GID</replaceable>
</term>
<listitem>
<para>The numerical value of the group's ID. This value must be
unique, unless the <option>-o</option> option is used. The value
must be non-negative. The default is to use the smallest ID
value greater than 999 and greater than every other group.
Values between 0 and 999 are typically reserved for system
accounts.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option>, <option>--help</option></term>
<listitem>
<para>Display help message and exit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-K <replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable></option>
</term>
<listitem>
<para>
Overrides /etc/login.defs defaults (GID_MIN, GID_MAX and others). Multiple
<option>-K</option> options can be specified.
</para>
<para>
Example: <option>-K </option><replaceable>GID_MIN</replaceable>=<replaceable>100</replaceable>
<option> -K </option><replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable>
</para>
<para>
Note: <option>-K </option>
<replaceable>GID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable>
doesn't work yet.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-o</option>
</term>
<listitem>
<para>
This option permits to add group with non-unique GID.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>secure group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>shadow password suite configuration</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>Groupnames must begin with a lower case letter or an underscore, and
only lower case letters, underscores, dashes, and dollar signs may
follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
</para>
<para>Groupnames may only be up to 16 characters long.</para>
<para>
If the groupname already exists in an external group database
such as NIS, <command>groupadd</command> will deny the group
creation request.
</para>
<para>Groupnames may only be up to 16 characters long.</para>
</refsect1>
<refsect1 id='exit_values'>
<title>EXIT VALUES</title>
<para>
The <command>groupadd</command> command exits with the following values:
<variablelist>
<varlistentry>
<term><replaceable>0</replaceable></term>
<listitem>
<para>success</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>2</replaceable></term>
<listitem>
<para>invalid command syntax</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>3</replaceable></term>
<listitem>
<para>invalid argument to option</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>4</replaceable></term>
<listitem>
<para>GID not unique (when <option>-o</option> not used)</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>9</replaceable></term>
<listitem>
<para>group name not unique</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>10</replaceable></term>
<listitem>
<para>can't update group file</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: pwunconv.8.xml ---
--- NEW FILE: passwd.5.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='passwd.5'>
<!-- $Id: passwd.5.xml,v 1.15 2006/01/22 10:14:51 kloczek Exp $ -->
<refmeta>
<refentrytitle>passwd</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>passwd</refname>
<refpurpose>the password file</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<filename>/etc/passwd</filename> contains one line for each
user account, with seven fields delimited by colons
(<quote>:</quote>).
These fields are:
</para>
<itemizedlist mark='bullet'>
<listitem>
<para>login name</para>
</listitem>
<listitem>
<para>optional encrypted password</para>
</listitem>
<listitem>
<para>numerical user ID</para>
</listitem>
<listitem>
<para>numerical group ID</para>
</listitem>
<listitem>
<para>user name or comment field</para>
</listitem>
<listitem>
<para>user home directory</para>
</listitem>
<listitem>
<para>optional user command interpreter</para>
</listitem>
</itemizedlist>
<para>
The encrypted password field may be blank, in which case no password
is required to authenticate as the specified login name. However,
some applications which read the <filename>/etc/passwd</filename> file
may decide not to permit <emphasis>any</emphasis> access at all if the
<emphasis>password</emphasis> field is blank. If the
<emphasis>password</emphasis> field is a lower-case <quote>x</quote>,
then the encrypted password is actually stored in the
<citerefentry><refentrytitle>shadow</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file instead; there
<emphasis>must</emphasis> be a corresponding line in the
<filename>shadow</filename> file, or else the user account is invalid.
If the <emphasis>password</emphasis> field is any other string, then
it will be treated as an encrypted password, as specified by
<citerefentry><refentrytitle>crypt</refentrytitle>
<manvolnum>3</manvolnum></citerefentry>.
</para>
<para>
The comment field is used by various system utilities, such as
<citerefentry><refentrytitle>finger</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>.
</para>
<para>
The home directory field provides the name of the initial working
directory. The <command>login</command> program uses this information
to set the value of the <envar>$HOME</envar> environmental variable.
</para>
<para>
The command interpreter field provides the name of the user's command
language interpreter, or the name of the initial program to execute.
The <command>login</command> program uses this information to set the
value of the <envar>$SHELL</envar> environmental variable. If this
field is empty, it defaults to the value <filename>/bin/sh</filename>.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>optional encrypted password file</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>getpwnam</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pwconv</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pwunconv</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>sulogin</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: chpasswd.8.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='chpasswd.8'>
<!-- $Id: chpasswd.8.xml,v 1.16 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>chpasswd</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>chpasswd</refname>
<refpurpose>update passwords in batch mode</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>chpasswd</command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>chpasswd</command> reads a list of user name and password
pairs from standard input and uses this information to update a group
of existing users. Each line is of the format:
</para>
<para>
<emphasis remap='I'>user_name</emphasis>:<emphasis
remap='I'>password</emphasis>
</para>
<para>
By default the supplied password must be in clear-text. Default
encryption algorithm is DES. Also the password age will be updated, if
present.
</para>
<para>
This command is intended to be used in a large system environment
where many accounts are created at a single time.
</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para>
The options which apply to the <command>chpasswd</command> command
are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term><option>-e</option>, <option>--encrypted</option></term>
<listitem>
<para>Supplied passwords are in encrypted form.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option>, <option>--help</option></term>
<listitem>
<para>Display help message and exit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-m</option>, <option>--md5</option></term>
<listitem>
<para>
Use MD5 encryption instead DES when the supplied passwords are
not encrypted.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
Remember keep protected for reading by others file passed to standard
input <command>chpasswd</command> command if it contains unencrypted
passwords.
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>newusers</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
--- NEW FILE: id.1.xml ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='id.1'>
<!-- $Id: id.1.xml,v 1.13 2005/11/05 17:17:29 kloczek Exp $ -->
<refmeta>
<refentrytitle>id</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>id</refname>
<refpurpose>Display current user and group ID names</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>id</command> <arg choice='opt'>-a </arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
<command>id</command> displays the current real and effective user and
group ID names or values. If the value does not have a corresponding
entry in <filename>/etc/passwd</filename> or
<filename>/etc/group</filename>, the value will be displayed without
the corresponding name. The optional <option>-a</option> flag will
display the group set on systems which support multiple concurrent
group membership.
</para>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>group account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>user account information</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>getgid</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>getgroups</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>getuid</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>
- Previous message: [l10n-russian CVS]
shadow/man chage.1.xml, 1.1, NONE chfn.1.xml, 1.1,
NONE chpasswd.8.xml, 1.1, NONE chsh.1.xml, 1.1,
NONE expiry.1.xml, 1.1, NONE faillog.5.xml, 1.1,
NONE faillog.8.xml, 1.1, NONE getspnam.3.xml, 1.1,
NONE gpasswd.1.xml, 1.1, NONE groupadd.8.xml, 1.1,
NONE groupdel.8.xml, 1.1, NONE groupmems.8.xml, 1.1,
NONE groupmod.8.xml, 1.1, NONE groups.1.xml, 1.1,
NONE grpck.8.xml, 1.1, NONE grpconv.8.xml, 1.1,
NONE grpunconv.8.xml, 1.1, NONE gshadow.5.xml, 1.1,
NONE id.1.xml, 1.1, NONE lastlog.8.xml, 1.1, NONE limits.5.xml,
1.1, NONE login.1.xml, 1.1, NONE login.access.5.xml, 1.1,
NONE login.defs.5.xml, 1.1, NONE logoutd.8.xml, 1.1,
NONE newgrp.1.xml, 1.1, NONE newusers.8.xml, 1.1,
NONE nologin.8.xml, 1.1, NONE passwd.1.xml, 1.1,
NONE passwd.5.xml, 1.1, NONE porttime.5.xml, 1.1,
NONE pw_auth.3.xml, 1.1, NONE pwck.8.xml, 1.1,
NONE pwconv.8.xml, 1.1, NONE pwunconv.8.xml, 1.1,
NONE sg.1.xml, 1.1, NONE shadow.3.xml, 1.1, NONE shadow.5.xml,
1.1, NONE su.1.xml, 1.1, NONE suauth.5.xml, 1.1,
NONE sulogin.8.xml, 1.1, NONE useradd.8.xml, 1.1,
NONE userdel.8.xml, 1.1, NONE usermod.8.xml, 1.1,
NONE vigr.8.xml, 1.1, NONE vipw.8.xml, 1.1, NONE
- Next message: [l10n-russian CVS] shadow po_ru.po,1.11,1.12
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the l10n-russian-cvs-commits
mailing list