diff options
author | Balint Reczey <balint@balintreczey.hu> | 2016-11-30 02:36:06 +0100 |
---|---|---|
committer | Balint Reczey <balint@balintreczey.hu> | 2016-11-30 02:36:06 +0100 |
commit | 365658d0f3a51814626afbb70aa2dd7b5e82ac36 (patch) | |
tree | 7218fb9147359258fda0f9a43da5a29b2d20e85b /man/man5 | |
parent | bfaa59229d61adb7fa0c570f0d94fd324c6e05aa (diff) | |
download | shadow-365658d0f3a51814626afbb70aa2dd7b5e82ac36.tar.gz |
Imported Upstream version 4.4upstream/4.4
Diffstat (limited to 'man/man5')
-rw-r--r-- | man/man5/faillog.5 | 64 | ||||
-rw-r--r-- | man/man5/gshadow.5 | 101 | ||||
-rw-r--r-- | man/man5/limits.5 | 274 | ||||
-rw-r--r-- | man/man5/login.access.5 | 67 | ||||
-rw-r--r-- | man/man5/login.defs.5 | 825 | ||||
-rw-r--r-- | man/man5/passwd.5 | 179 | ||||
-rw-r--r-- | man/man5/porttime.5 | 96 | ||||
-rw-r--r-- | man/man5/shadow.5 | 148 | ||||
-rw-r--r-- | man/man5/suauth.5 | 146 | ||||
-rw-r--r-- | man/man5/subgid.5 | 97 | ||||
-rw-r--r-- | man/man5/subuid.5 | 97 |
11 files changed, 0 insertions, 2094 deletions
diff --git a/man/man5/faillog.5 b/man/man5/faillog.5 deleted file mode 100644 index 9a7c8861..00000000 --- a/man/man5/faillog.5 +++ /dev/null @@ -1,64 +0,0 @@ -'\" t -.\" Title: faillog -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "FAILLOG" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -faillog \- login failure logging file -.SH "DESCRIPTION" -.PP -/var/log/faillog -maintains a count of login failures and the limits for each account\&. -.PP -The file contains fixed length records, indexed by numerical UID\&. Each record contains the count of login failures since the last successful login; the maximum number of failures before the account is disabled; the line on which the last login failure occurred; the date of the last login failure; and the duration (in seconds) during which the account will be locked after a failure\&. -.PP -The structure of the file is: -.sp -.if n \{\ -.RS 4 -.\} -.nf -struct faillog { - short fail_cnt; - short fail_max; - char fail_line[12]; - time_t fail_time; - long fail_locktime; -}; -.fi -.if n \{\ -.RE -.\} -.SH "FILES" -.PP -/var/log/faillog -.RS 4 -Failure logging file\&. -.RE -.SH "SEE ALSO" -.PP -\fBfaillog\fR(8) diff --git a/man/man5/gshadow.5 b/man/man5/gshadow.5 deleted file mode 100644 index 1681d344..00000000 --- a/man/man5/gshadow.5 +++ /dev/null @@ -1,101 +0,0 @@ -'\" t -.\" Title: gshadow -.\" Author: Nicolas François <nicolas.francois@centraliens.net> -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "GSHADOW" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -gshadow \- shadowed group file -.SH "DESCRIPTION" -.PP -/etc/gshadow -contains the shadowed information for group accounts\&. -.PP -This file must not be readable by regular users if password security is to be maintained\&. -.PP -Each line of this file contains the following colon\-separated fields: -.PP -\fBgroup name\fR -.RS 4 -It must be a valid group name, which exist on the system\&. -.RE -.PP -\fBencrypted password\fR -.RS 4 -Refer to -\fBcrypt\fR(3) -for details on how this string is interpreted\&. -.sp -If the password field contains some string that is not a valid result of -\fBcrypt\fR(3), for instance ! or *, users will not be able to use a unix password to access the group (but group members do not need the password)\&. -.sp -The password is used when an user who is not a member of the group wants to gain the permissions of this group (see -\fBnewgrp\fR(1))\&. -.sp -This field may be empty, in which case only the group members can gain the group permissions\&. -.sp -A password field which starts with a exclamation mark means that the password is locked\&. The remaining characters on the line represent the password field before the password was locked\&. -.sp -This password supersedes any password specified in -/etc/group\&. -.RE -.PP -\fBadministrators\fR -.RS 4 -It must be a comma\-separated list of user names\&. -.sp -Administrators can change the password or the members of the group\&. -.sp -Administrators also have the same permissions as the members (see below)\&. -.RE -.PP -\fBmembers\fR -.RS 4 -It must be a comma\-separated list of user names\&. -.sp -Members can access the group without being prompted for a password\&. -.sp -You should use the same list of users as in -/etc/group\&. -.RE -.SH "FILES" -.PP -/etc/group -.RS 4 -Group account information\&. -.RE -.PP -/etc/gshadow -.RS 4 -Secure group account information\&. -.RE -.SH "SEE ALSO" -.PP -\fBgpasswd\fR(5), -\fBgroup\fR(5), -\fBgrpck\fR(8), -\fBgrpconv\fR(8), -\fBnewgrp\fR(1)\&. diff --git a/man/man5/limits.5 b/man/man5/limits.5 deleted file mode 100644 index 6b19ee4d..00000000 --- a/man/man5/limits.5 +++ /dev/null @@ -1,274 +0,0 @@ -'\" t -.\" Title: limits -.\" Author: Luca Berra -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "LIMITS" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -limits \- resource limits definition -.SH "DESCRIPTION" -.PP -The -\fIlimits\fR -file (/etc/limits -by default or LIMITS_FILE defined -config\&.h) describes the resource limits you wish to impose\&. It should be owned by root and readable by root account only\&. -.PP -By default no quota is imposed on \*(Aqroot\*(Aq\&. In fact, there is no way to impose limits via this procedure to root\-equiv accounts (accounts with UID 0)\&. -.PP -Each line describes a limit for a user in the form: -.PP -\fIuser LIMITS_STRING\fR -.PP -or in the form: -.PP -\fI@group LIMITS_STRING\fR -.PP -The -\fILIMITS_STRING\fR -is a string of a concatenated list of resource limits\&. Each limit consists of a letter identifier followed by a numerical limit\&. -.PP -The valid identifiers are: -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -A: max address space (KB) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -C: max core file size (KB) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -D: max data size (KB) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -F: maximum filesize (KB) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -K: file creation mask, set by -\fBumask\fR(2)\&. -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -I: max nice value (0\&.\&.39 which translates to 20\&.\&.\-19) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -L: max number of logins for this user -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -M: max locked\-in\-memory address space (KB) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -N: max number of open files -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -O: max real time priority -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -P: process priority, set by -\fBsetpriority\fR(2)\&. -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -R: max resident set size (KB) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -S: max stack size (KB) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -T: max CPU time (MIN) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -U: max number of processes -.RE -.PP -For example, -\fIL2D2048N5\fR -is a valid -\fILIMITS_STRING\fR\&. For reading convenience, the following entries are equivalent: -.sp -.if n \{\ -.RS 4 -.\} -.nf - username L2D2048N5 - username L2 D2048 N5 - -.fi -.if n \{\ -.RE -.\} -.PP -Be aware that after -\fIusername\fR -the rest of the line is considered a limit string, thus comments are not allowed\&. A invalid limits string will be rejected (not considered) by the -\fBlogin\fR -program\&. -.PP -The default entry is denoted by username "\fI*\fR"\&. If you have multiple -\fIdefault\fR -entries in your -\fILIMITS_FILE\fR, then the last one will be used as the default entry\&. -.PP -The limits specified in the form "\fI@group\fR" apply to the members of the specified -\fIgroup\fR\&. -.PP -If more than one line with limits for an user exist, only the first line for this user will be considered\&. -.PP -If no lines are specified for an user, the last -\fI@group\fR -line matching a group whose the user is a member of will be considered, or the last line with default limits if no groups contain the user\&. -.PP -To completely disable limits for a user, a single dash "\fI\-\fR" will do\&. -.PP -To disable a limit for a user, a single dash "\fI\-\fR" can be used instead of the numerical value for this limit\&. -.PP -Also, please note that all limit settings are set PER LOGIN\&. They are not global, nor are they permanent\&. Perhaps global limits will come, but for now this will have to do ;) -.SH "FILES" -.PP -/etc/limits -.RS 4 -.RE -.SH "SEE ALSO" -.PP -\fBlogin\fR(1), -\fBsetpriority\fR(2), -\fBsetrlimit\fR(2)\&. diff --git a/man/man5/login.access.5 b/man/man5/login.access.5 deleted file mode 100644 index 0dd73ed7..00000000 --- a/man/man5/login.access.5 +++ /dev/null @@ -1,67 +0,0 @@ -'\" t -.\" Title: login.access -.\" Author: Marek Michałkiewicz -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "LOGIN\&.ACCESS" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -login.access \- login access control table -.SH "DESCRIPTION" -.PP -The -\fIlogin\&.access\fR -file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused\&. -.PP -When someone logs in, the -\fIlogin\&.access\fR -is scanned for the first entry that matches the (user, host) combination, or, in case of non\-networked logins, the first entry that matches the (user, tty) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&. -.PP -Each line of the login access control table has three fields separated by a ":" character: -.PP -\fIpermission\fR:\fIusers\fR:\fIorigins\fR -.PP -The first field should be a "\fI+\fR" (access granted) or "\fI\-\fR" (access denied) character\&. The second field should be a list of one or more login names, group names, or -\fIALL\fR -(always matches)\&. The third field should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."), -\fIALL\fR -(always matches) or -\fILOCAL\fR -(matches any string that does not contain a "\&." character)\&. If you run NIS you can use @netgroupname in host or user patterns\&. -.PP -The -\fIEXCEPT\fR -operator makes it possible to write very compact rules\&. -.PP -The group file is searched only when a name does not match that of the logged\-in user\&. Only groups are matched in which users are explicitly listed: the program does not look at a user\*(Aqs primary group id value\&. -.SH "FILES" -.PP -/etc/login\&.defs -.RS 4 -Shadow password suite configuration\&. -.RE -.SH "SEE ALSO" -.PP -\fBlogin\fR(1)\&. diff --git a/man/man5/login.defs.5 b/man/man5/login.defs.5 deleted file mode 100644 index 5e8f3480..00000000 --- a/man/man5/login.defs.5 +++ /dev/null @@ -1,825 +0,0 @@ -'\" t -.\" Title: login.defs -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "LOGIN\&.DEFS" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -login.defs \- shadow password suite configuration -.SH "DESCRIPTION" -.PP -The -/etc/login\&.defs -file defines the site\-specific configuration for the shadow password suite\&. This file is required\&. Absence of this file will not prevent system operation, but will probably result in undesirable operation\&. -.PP -This file is a readable text file, each line of the file describing one configuration parameter\&. The lines consist of a configuration name and value, separated by whitespace\&. Blank lines and comment lines are ignored\&. Comments are introduced with a "#" pound sign and the pound sign must be the first non\-white character of the line\&. -.PP -Parameter values may be of four types: strings, booleans, numbers, and long numbers\&. A string is comprised of any printable characters\&. A boolean should be either the value -\fIyes\fR -or -\fIno\fR\&. An undefined boolean parameter or one with a value other than these will be given a -\fIno\fR -value\&. Numbers (both regular and long) may be either decimal values, octal values (precede the value with -\fI0\fR) or hexadecimal values (precede the value with -\fI0x\fR)\&. The maximum value of the regular and long numeric parameters is machine\-dependent\&. -.PP -The following configuration items are provided: -.PP -\fBCHFN_AUTH\fR (boolean) -.RS 4 -If -\fIyes\fR, the -\fBchfn\fR -program will require authentication before making any changes, unless run by the superuser\&. -.RE -.PP -\fBCHFN_RESTRICT\fR (string) -.RS 4 -This parameter specifies which values in the -\fIgecos\fR -field of the -/etc/passwd -file may be changed by regular users using the -\fBchfn\fR -program\&. It can be any combination of letters -\fIf\fR, -\fIr\fR, -\fIw\fR, -\fIh\fR, for Full name, Room number, Work phone, and Home phone, respectively\&. For backward compatibility, -\fIyes\fR -is equivalent to -\fIrwh\fR -and -\fIno\fR -is equivalent to -\fIfrwh\fR\&. If not specified, only the superuser can make any changes\&. The most restrictive setting is better achieved by not installing -\fBchfn\fR -SUID\&. -.RE -.PP -\fBCHSH_AUTH\fR (boolean) -.RS 4 -If -\fIyes\fR, the -\fBchsh\fR -program will require authentication before making any changes, unless run by the superuser\&. -.RE -.PP -\fBCONSOLE\fR (string) -.RS 4 -If defined, either full pathname of a file containing device names (one per line) or a ":" delimited list of device names\&. Root logins will be allowed only upon these devices\&. -.sp -If not defined, root will be allowed on any device\&. -.sp -The device should be specified without the /dev/ prefix\&. -.RE -.PP -\fBCONSOLE_GROUPS\fR (string) -.RS 4 -List of groups to add to the user\*(Aqs supplementary groups set when logging in on the console (as determined by the CONSOLE setting)\&. Default is none\&. - -Use with caution \- it is possible for users to gain permanent access to these groups, even when not logged in on the console\&. -.RE -.PP -\fBCREATE_HOME\fR (boolean) -.RS 4 -Indicate if a home directory should be created by default for new users\&. -.sp -This setting does not apply to system users, and can be overridden on the command line\&. -.RE -.PP -\fBDEFAULT_HOME\fR (boolean) -.RS 4 -Indicate if login is allowed if we can\*(Aqt cd to the home directory\&. Default is no\&. -.sp -If set to -\fIyes\fR, the user will login in the root (/) directory if it is not possible to cd to her home directory\&. -.RE -.PP -\fBENCRYPT_METHOD\fR (string) -.RS 4 -This defines the system default encryption algorithm for encrypting passwords (if no algorithm are specified on the command line)\&. -.sp -It can take one of these values: -\fIDES\fR -(default), -\fIMD5\fR, \fISHA256\fR, \fISHA512\fR\&. -.sp -Note: this parameter overrides the -\fBMD5_CRYPT_ENAB\fR -variable\&. -.RE -.PP -\fBENV_HZ\fR (string) -.RS 4 -If set, it will be used to define the HZ environment variable when a user login\&. The value must be preceded by -\fIHZ=\fR\&. A common value on Linux is -\fIHZ=100\fR\&. -.RE -.PP -\fBENV_PATH\fR (string) -.RS 4 -If set, it will be used to define the PATH environment variable when a regular user login\&. The value is a colon separated list of paths (for example -\fI/bin:/usr/bin\fR) and can be preceded by -\fIPATH=\fR\&. The default value is -\fIPATH=/bin:/usr/bin\fR\&. -.RE -.PP -\fBENV_SUPATH\fR (string) -.RS 4 -If set, it will be used to define the PATH environment variable when the superuser login\&. The value is a colon separated list of paths (for example -\fI/sbin:/bin:/usr/sbin:/usr/bin\fR) and can be preceded by -\fIPATH=\fR\&. The default value is -\fIPATH=/sbin:/bin:/usr/sbin:/usr/bin\fR\&. -.RE -.PP -\fBENV_TZ\fR (string) -.RS 4 -If set, it will be used to define the TZ environment variable when a user login\&. The value can be the name of a timezone preceded by -\fITZ=\fR -(for example -\fITZ=CST6CDT\fR), or the full path to the file containing the timezone specification (for example -/etc/tzname)\&. -.sp -If a full path is specified but the file does not exist or cannot be read, the default is to use -\fITZ=CST6CDT\fR\&. -.RE -.PP -\fBENVIRON_FILE\fR (string) -.RS 4 -If this file exists and is readable, login environment will be read from it\&. Every line should be in the form name=value\&. -.sp -Lines starting with a # are treated as comment lines and ignored\&. -.RE -.PP -\fBERASECHAR\fR (number) -.RS 4 -Terminal ERASE character (\fI010\fR -= backspace, -\fI0177\fR -= DEL)\&. -.sp -The value can be prefixed "0" for an octal value, or "0x" for an hexadecimal value\&. -.RE -.PP -\fBFAIL_DELAY\fR (number) -.RS 4 -Delay in seconds before being allowed another attempt after a login failure\&. -.RE -.PP -\fBFAILLOG_ENAB\fR (boolean) -.RS 4 -Enable logging and display of -/var/log/faillog -login failure info\&. -.RE -.PP -\fBFAKE_SHELL\fR (string) -.RS 4 -If set, -\fBlogin\fR -will execute this shell instead of the users\*(Aq shell specified in -/etc/passwd\&. -.RE -.PP -\fBFTMP_FILE\fR (string) -.RS 4 -If defined, login failures will be logged in this file in a utmp format\&. -.RE -.PP -\fBGID_MAX\fR (number), \fBGID_MIN\fR (number) -.RS 4 -Range of group IDs used for the creation of regular groups by -\fBuseradd\fR, -\fBgroupadd\fR, or -\fBnewusers\fR\&. -.sp -The default value for -\fBGID_MIN\fR -(resp\&. -\fBGID_MAX\fR) is 1000 (resp\&. 60000)\&. -.RE -.PP -\fBHUSHLOGIN_FILE\fR (string) -.RS 4 -If defined, this file can inhibit all the usual chatter during the login sequence\&. If a full pathname is specified, then hushed mode will be enabled if the user\*(Aqs name or shell are found in the file\&. If not a full pathname, then hushed mode will be enabled if the file exists in the user\*(Aqs home directory\&. -.RE -.PP -\fBISSUE_FILE\fR (string) -.RS 4 -If defined, this file will be displayed before each login prompt\&. -.RE -.PP -\fBKILLCHAR\fR (number) -.RS 4 -Terminal KILL character (\fI025\fR -= CTRL/U)\&. -.sp -The value can be prefixed "0" for an octal value, or "0x" for an hexadecimal value\&. -.RE -.PP -\fBLASTLOG_ENAB\fR (boolean) -.RS 4 -Enable logging and display of /var/log/lastlog login time info\&. -.RE -.PP -\fBLOG_OK_LOGINS\fR (boolean) -.RS 4 -Enable logging of successful logins\&. -.RE -.PP -\fBLOG_UNKFAIL_ENAB\fR (boolean) -.RS 4 -Enable display of unknown usernames when login failures are recorded\&. -.sp -Note: logging unknown usernames may be a security issue if an user enter her password instead of her login name\&. -.RE -.PP -\fBLOGIN_RETRIES\fR (number) -.RS 4 -Maximum number of login retries in case of bad password\&. -.RE -.PP -\fBLOGIN_STRING\fR (string) -.RS 4 -The string used for prompting a password\&. The default is to use "Password: ", or a translation of that string\&. If you set this variable, the prompt will not be translated\&. -.sp -If the string contains -\fI%s\fR, this will be replaced by the user\*(Aqs name\&. -.RE -.PP -\fBLOGIN_TIMEOUT\fR (number) -.RS 4 -Max time in seconds for login\&. -.RE -.PP -\fBMAIL_CHECK_ENAB\fR (boolean) -.RS 4 -Enable checking and display of mailbox status upon login\&. -.sp -You should disable it if the shell startup files already check for mail ("mailx \-e" or equivalent)\&. -.RE -.PP -\fBMAIL_DIR\fR (string) -.RS 4 -The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&. -.RE -.PP -\fBMAIL_FILE\fR (string) -.RS 4 -Defines the location of the users mail spool files relatively to their home directory\&. -.RE -.PP -The -\fBMAIL_DIR\fR -and -\fBMAIL_FILE\fR -variables are used by -\fBuseradd\fR, -\fBusermod\fR, and -\fBuserdel\fR -to create, move, or delete the user\*(Aqs mail spool\&. -.PP -If -\fBMAIL_CHECK_ENAB\fR -is set to -\fIyes\fR, they are also used to define the -\fBMAIL\fR -environment variable\&. -.PP -\fBMAX_MEMBERS_PER_GROUP\fR (number) -.RS 4 -Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in -/etc/group -(with the same name, same password, and same GID)\&. -.sp -The default value is 0, meaning that there are no limits in the number of members in a group\&. -.sp -This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&. -.sp -If you need to enforce such limit, you can use 25\&. -.sp -Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&. -.RE -.PP -\fBMD5_CRYPT_ENAB\fR (boolean) -.RS 4 -Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to -\fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to -\fIno\fR -if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is -\fIno\fR\&. -.sp -This variable is superseded by the -\fBENCRYPT_METHOD\fR -variable or by any command line option used to configure the encryption algorithm\&. -.sp -This variable is deprecated\&. You should use -\fBENCRYPT_METHOD\fR\&. -.RE -.PP -\fBMOTD_FILE\fR (string) -.RS 4 -If defined, ":" delimited list of "message of the day" files to be displayed upon login\&. -.RE -.PP -\fBNOLOGINS_FILE\fR (string) -.RS 4 -If defined, name of file whose presence will inhibit non\-root logins\&. The contents of this file should be a message indicating why logins are inhibited\&. -.RE -.PP -\fBOBSCURE_CHECKS_ENAB\fR (boolean) -.RS 4 -Enable additional checks upon password changes\&. -.RE -.PP -\fBPASS_ALWAYS_WARN\fR (boolean) -.RS 4 -Warn about weak passwords (but still allow them) if you are root\&. -.RE -.PP -\fBPASS_CHANGE_TRIES\fR (number) -.RS 4 -Maximum number of attempts to change password if rejected (too easy)\&. -.RE -.PP -\fBPASS_MAX_DAYS\fR (number) -.RS 4 -The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&. -.RE -.PP -\fBPASS_MIN_DAYS\fR (number) -.RS 4 -The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, \-1 will be assumed (which disables the restriction)\&. -.RE -.PP -\fBPASS_WARN_AGE\fR (number) -.RS 4 -The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&. -.RE -.PP -\fBPASS_MAX_DAYS\fR, -\fBPASS_MIN_DAYS\fR -and -\fBPASS_WARN_AGE\fR -are only used at the time of account creation\&. Any changes to these settings won\*(Aqt affect existing accounts\&. -.PP -\fBPASS_MAX_LEN\fR (number), \fBPASS_MIN_LEN\fR (number) -.RS 4 -Number of significant characters in the password for crypt()\&. -\fBPASS_MAX_LEN\fR -is 8 by default\&. Don\*(Aqt change unless your crypt() is better\&. This is ignored if -\fBMD5_CRYPT_ENAB\fR -set to -\fIyes\fR\&. -.RE -.PP -\fBPORTTIME_CHECKS_ENAB\fR (boolean) -.RS 4 -Enable checking of time restrictions specified in -/etc/porttime\&. -.RE -.PP -\fBQUOTAS_ENAB\fR (boolean) -.RS 4 -Enable setting of resource limits from -/etc/limits -and ulimit, umask, and niceness from the user\*(Aqs passwd gecos field\&. -.RE -.PP -\fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number) -.RS 4 -When -\fBENCRYPT_METHOD\fR -is set to -\fISHA256\fR -or -\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&. -.sp -With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&. -.sp -If not specified, the libc will choose the default number of rounds (5000)\&. -.sp -The values must be inside the 1000\-999,999,999 range\&. -.sp -If only one of the -\fBSHA_CRYPT_MIN_ROUNDS\fR -or -\fBSHA_CRYPT_MAX_ROUNDS\fR -values is set, then this value will be used\&. -.sp -If -\fBSHA_CRYPT_MIN_ROUNDS\fR -> -\fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&. -.RE -.PP -\fBSULOG_FILE\fR (string) -.RS 4 -If defined, all su activity is logged to this file\&. -.RE -.PP -\fBSU_NAME\fR (string) -.RS 4 -If defined, the command name to display when running "su \-"\&. For example, if this is defined as "su" then a "ps" will display the command is "\-su"\&. If not defined, then "ps" would display the name of the shell actually being run, e\&.g\&. something like "\-sh"\&. -.RE -.PP -\fBSU_WHEEL_ONLY\fR (boolean) -.RS 4 -If -\fIyes\fR, the user must be listed as a member of the first gid 0 group in -/etc/group -(called -\fIroot\fR -on most Linux systems) to be able to -\fBsu\fR -to uid 0 accounts\&. If the group doesn\*(Aqt exist or is empty, no one will be able to -\fBsu\fR -to uid 0\&. -.RE -.PP -\fBSUB_GID_MIN\fR (number), \fBSUB_GID_MAX\fR (number), \fBSUB_GID_COUNT\fR (number) -.RS 4 -If -/etc/subuid -exists, the commands -\fBuseradd\fR -and -\fBnewusers\fR -(unless the user already have subordinate group IDs) allocate -\fBSUB_GID_COUNT\fR -unused group IDs from the range -\fBSUB_GID_MIN\fR -to -\fBSUB_GID_MAX\fR -for each new user\&. -.sp -The default values for -\fBSUB_GID_MIN\fR, -\fBSUB_GID_MAX\fR, -\fBSUB_GID_COUNT\fR -are respectively 100000, 600100000 and 10000\&. -.RE -.PP -\fBSUB_UID_MIN\fR (number), \fBSUB_UID_MAX\fR (number), \fBSUB_UID_COUNT\fR (number) -.RS 4 -If -/etc/subuid -exists, the commands -\fBuseradd\fR -and -\fBnewusers\fR -(unless the user already have subordinate user IDs) allocate -\fBSUB_UID_COUNT\fR -unused user IDs from the range -\fBSUB_UID_MIN\fR -to -\fBSUB_UID_MAX\fR -for each new user\&. -.sp -The default values for -\fBSUB_UID_MIN\fR, -\fBSUB_UID_MAX\fR, -\fBSUB_UID_COUNT\fR -are respectively 100000, 600100000 and 10000\&. -.RE -.PP -\fBSYS_GID_MAX\fR (number), \fBSYS_GID_MIN\fR (number) -.RS 4 -Range of group IDs used for the creation of system groups by -\fBuseradd\fR, -\fBgroupadd\fR, or -\fBnewusers\fR\&. -.sp -The default value for -\fBSYS_GID_MIN\fR -(resp\&. -\fBSYS_GID_MAX\fR) is 101 (resp\&. -\fBGID_MIN\fR\-1)\&. -.RE -.PP -\fBSYS_UID_MAX\fR (number), \fBSYS_UID_MIN\fR (number) -.RS 4 -Range of user IDs used for the creation of system users by -\fBuseradd\fR -or -\fBnewusers\fR\&. -.sp -The default value for -\fBSYS_UID_MIN\fR -(resp\&. -\fBSYS_UID_MAX\fR) is 101 (resp\&. -\fBUID_MIN\fR\-1)\&. -.RE -.PP -\fBSYSLOG_SG_ENAB\fR (boolean) -.RS 4 -Enable "syslog" logging of -\fBsg\fR -activity\&. -.RE -.PP -\fBSYSLOG_SU_ENAB\fR (boolean) -.RS 4 -Enable "syslog" logging of -\fBsu\fR -activity \- in addition to sulog file logging\&. -.RE -.PP -\fBTTYGROUP\fR (string), \fBTTYPERM\fR (string) -.RS 4 -The terminal permissions: the login tty will be owned by the -\fBTTYGROUP\fR -group, and the permissions will be set to -\fBTTYPERM\fR\&. -.sp -By default, the ownership of the terminal is set to the user\*(Aqs primary group and the permissions are set to -\fI0600\fR\&. -.sp -\fBTTYGROUP\fR -can be either the name of a group or a numeric group identifier\&. -.sp -If you have a -\fBwrite\fR -program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620\&. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600\&. -.RE -.PP -\fBTTYTYPE_FILE\fR (string) -.RS 4 -If defined, file which maps tty line to TERM environment parameter\&. Each line of the file is in a format something like "vt100 tty01"\&. -.RE -.PP -\fBUID_MAX\fR (number), \fBUID_MIN\fR (number) -.RS 4 -Range of user IDs used for the creation of regular users by -\fBuseradd\fR -or -\fBnewusers\fR\&. -.sp -The default value for -\fBUID_MIN\fR -(resp\&. -\fBUID_MAX\fR) is 1000 (resp\&. 60000)\&. -.RE -.PP -\fBULIMIT\fR (number) -.RS 4 -Default -\fBulimit\fR -value\&. -.RE -.PP -\fBUMASK\fR (number) -.RS 4 -The file mode creation mask is initialized to this value\&. If not specified, the mask will be initialized to 022\&. -.sp -\fBuseradd\fR -and -\fBnewusers\fR -use this mask to set the mode of the home directory they create -.sp -It is also used by -\fBlogin\fR -to define users\*(Aq initial umask\&. Note that this mask can be overridden by the user\*(Aqs GECOS line (if -\fBQUOTAS_ENAB\fR -is set) or by the specification of a limit with the -\fIK\fR -identifier in -\fBlimits\fR(5)\&. -.RE -.PP -\fBUSERDEL_CMD\fR (string) -.RS 4 -If defined, this command is run when removing a user\&. It should remove any at/cron/print jobs etc\&. owned by the user to be removed (passed as the first argument)\&. -.sp -The return code of the script is not taken into account\&. -.sp -Here is an example script, which removes the user\*(Aqs cron, at and print jobs: -.sp -.if n \{\ -.RS 4 -.\} -.nf -#! /bin/sh - -# Check for the required argument\&. -if [ $# != 1 ]; then - echo "Usage: $0 username" - exit 1 -fi - -# Remove cron jobs\&. -crontab \-r \-u $1 - -# Remove at jobs\&. -# Note that it will remove any jobs owned by the same UID, -# even if it was shared by a different username\&. -AT_SPOOL_DIR=/var/spool/cron/atjobs -find $AT_SPOOL_DIR \-name "[^\&.]*" \-type f \-user $1 \-delete \e; - -# Remove print jobs\&. -lprm $1 - -# All done\&. -exit 0 - -.fi -.if n \{\ -.RE -.\} -.sp -.RE -.PP -\fBUSERGROUPS_ENAB\fR (boolean) -.RS 4 -Enable setting of the umask group bits to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007) for non\-root users, if the uid is the same as gid, and username is the same as the primary group name\&. -.sp -If set to -\fIyes\fR, -\fBuserdel\fR -will remove the user\*(Aqs group if it contains no more members, and -\fBuseradd\fR -will create by default a group with the name of the user\&. -.RE -.SH "CROSS REFERENCES" -.PP -The following cross references show which programs in the shadow password suite use which parameters\&. -.PP -chfn -.RS 4 -CHFN_AUTH -CHFN_RESTRICT -LOGIN_STRING -.RE -.PP -chgpasswd -.RS 4 -ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB -SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS -.RE -.PP -chpasswd -.RS 4 -ENCRYPT_METHOD MD5_CRYPT_ENABSHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS -.RE -.PP -chsh -.RS 4 -CHSH_AUTH LOGIN_STRING -.RE -.PP -gpasswd -.RS 4 -ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB -SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS -.RE -.PP -groupadd -.RS 4 -GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN -.RE -.PP -groupdel -.RS 4 -MAX_MEMBERS_PER_GROUP -.RE -.PP -groupmems -.RS 4 -MAX_MEMBERS_PER_GROUP -.RE -.PP -groupmod -.RS 4 -MAX_MEMBERS_PER_GROUP -.RE -.PP -grpck -.RS 4 -MAX_MEMBERS_PER_GROUP -.RE -.PP -grpconv -.RS 4 -MAX_MEMBERS_PER_GROUP -.RE -.PP -grpunconv -.RS 4 -MAX_MEMBERS_PER_GROUP -.RE -.PP -login -.RS 4 -CONSOLE -CONSOLE_GROUPS DEFAULT_HOME -ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE -ERASECHAR FAIL_DELAY -FAILLOG_ENAB -FAKE_SHELL -FTMP_FILE -HUSHLOGIN_FILE -ISSUE_FILE -KILLCHAR -LASTLOG_ENAB -LOGIN_RETRIES -LOGIN_STRING -LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB -MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB -TTYGROUP TTYPERM TTYTYPE_FILE -ULIMIT UMASK -USERGROUPS_ENAB -.RE -.PP -newgrp / sg -.RS 4 -SYSLOG_SG_ENAB -.RE -.PP -newusers -.RS 4 -ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE -SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS -SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK -.RE -.PP -passwd -.RS 4 -ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN -SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS -.RE -.PP -pwck -.RS 4 -PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE -.RE -.PP -pwconv -.RS 4 -PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE -.RE -.PP -su -.RS 4 -CONSOLE -CONSOLE_GROUPS DEFAULT_HOME -ENV_HZ ENVIRON_FILE -ENV_PATH ENV_SUPATH -ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB -SULOG_FILE SU_NAME -SU_WHEEL_ONLY -SYSLOG_SU_ENAB -USERGROUPS_ENAB -.RE -.PP -sulogin -.RS 4 -ENV_HZ -ENV_TZ -.RE -.PP -useradd -.RS 4 -CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK -.RE -.PP -userdel -.RS 4 -MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB -.RE -.PP -usermod -.RS 4 -MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP -.RE -.SH "SEE ALSO" -.PP -\fBlogin\fR(1), -\fBpasswd\fR(1), -\fBsu\fR(1), -\fBpasswd\fR(5), -\fBshadow\fR(5), -\fBpam\fR(8)\&. diff --git a/man/man5/passwd.5 b/man/man5/passwd.5 deleted file mode 100644 index dd03f248..00000000 --- a/man/man5/passwd.5 +++ /dev/null @@ -1,179 +0,0 @@ -'\" t -.\" Title: passwd -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "PASSWD" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -passwd \- the password file -.SH "DESCRIPTION" -.PP -/etc/passwd -contains one line for each user account, with seven fields delimited by colons (\(lq:\(rq)\&. These fields are: -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -login name -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -optional encrypted password -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -numerical user ID -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -numerical group ID -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -user name or comment field -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -user home directory -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -optional user command interpreter -.RE -.PP -The encrypted password field may be blank, in which case no password is required to authenticate as the specified login name\&. However, some applications which read the -/etc/passwd -file may decide not to permit -\fIany\fR -access at all if the -\fIpassword\fR -field is blank\&. If the -\fIpassword\fR -field is a lower\-case -\(lqx\(rq, then the encrypted password is actually stored in the -\fBshadow\fR(5) -file instead; there -\fImust\fR -be a corresponding line in the -/etc/shadow -file, or else the user account is invalid\&. If the -\fIpassword\fR -field is any other string, then it will be treated as an encrypted password, as specified by -\fBcrypt\fR(3)\&. -.PP -The comment field is used by various system utilities, such as -\fBfinger\fR(1)\&. -.PP -The home directory field provides the name of the initial working directory\&. The -\fBlogin\fR -program uses this information to set the value of the -\fB$HOME\fR -environmental variable\&. -.PP -The command interpreter field provides the name of the user\*(Aqs command language interpreter, or the name of the initial program to execute\&. The -\fBlogin\fR -program uses this information to set the value of the -\fB$SHELL\fR -environmental variable\&. If this field is empty, it defaults to the value -/bin/sh\&. -.SH "FILES" -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.PP -/etc/shadow -.RS 4 -optional encrypted password file -.RE -.PP -/etc/passwd\- -.RS 4 -Backup file for /etc/passwd\&. -.sp -Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools\&. -.RE -.SH "SEE ALSO" -.PP -\fBcrypt\fR(3), -\fBgetent\fR(1), -\fBgetpwnam\fR(3), -\fBlogin\fR(1), -\fBpasswd\fR(1), -\fBpwck\fR(8), -\fBpwconv\fR(8), -\fBpwunconv\fR(8), -\fBshadow\fR(5), -\fBsu\fR(1), -\fBsulogin\fR(8)\&. diff --git a/man/man5/porttime.5 b/man/man5/porttime.5 deleted file mode 100644 index 388029b7..00000000 --- a/man/man5/porttime.5 +++ /dev/null @@ -1,96 +0,0 @@ -'\" t -.\" Title: porttime -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "PORTTIME" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -porttime \- port access time file -.SH "DESCRIPTION" -.PP -\fIporttime\fR -contains a list of tty devices, user names, and permitted login times\&. -.PP -Each entry consists of three colon separated fields\&. The first field is a comma separated list of tty devices, or an asterisk to indicate that all tty devices are matched by this entry\&. The second field is a comma separated list of user names, or an asterisk to indicated that all user names are matched by this entry\&. The third field is a comma separated list of permitted access times\&. -.PP -Each access time entry consists of zero or more days of the week, abbreviated -\fISu\fR, -\fIMo\fR, -\fITu\fR, -\fIWe\fR, -\fITh\fR, -\fIFr\fR, and -\fISa\fR, followed by a pair of times separated by a hyphen\&. The abbreviation -\fIWk\fR -may be used to represent Monday thru Friday, and -\fIAl\fR -may be used to indicate every day\&. If no days are given, -\fIAl\fR -is assumed\&. -.SH "EXAMPLES" -.PP -The following entry allows access to user -\fBjfh\fR -on every port during weekdays from 9am to 5pm\&. -.PP -*:jfh:Wk0900\-1700 -.PP -The following entries allow access only to the users -\fIroot\fR -and -\fIoper\fR -on -/dev/console -at any time\&. This illustrates how the -/etc/porttime -file is an ordered list of access times\&. Any other user would match the second entry which does not permit access at any time\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf - console:root,oper:Al0000\-2400 - console:*: - -.fi -.if n \{\ -.RE -.\} -.PP -The following entry allows access for the user -\fIgames\fR -on any port during non\-working hours\&. -.PP -*:games:Wk1700\-0900,SaSu0000\-2400 -.SH "FILES" -.PP -/etc/porttime -.RS 4 -File containing port access\&. -.RE -.SH "SEE ALSO" -.PP -\fBlogin\fR(1)\&. diff --git a/man/man5/shadow.5 b/man/man5/shadow.5 deleted file mode 100644 index cc22533e..00000000 --- a/man/man5/shadow.5 +++ /dev/null @@ -1,148 +0,0 @@ -'\" t -.\" Title: shadow -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "SHADOW" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -shadow \- shadowed password file -.SH "DESCRIPTION" -.PP -shadow -is a file which contains the password information for the system\*(Aqs accounts and optional aging information\&. -.PP -This file must not be readable by regular users if password security is to be maintained\&. -.PP -Each line of this file contains 9 fields, separated by colons (\(lq:\(rq), in the following order: -.PP -\fBlogin name\fR -.RS 4 -It must be a valid account name, which exist on the system\&. -.RE -.PP -\fBencrypted password\fR -.RS 4 -Refer to -\fBcrypt\fR(3) -for details on how this string is interpreted\&. -.sp -If the password field contains some string that is not a valid result of -\fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&. -.sp -This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the -/etc/shadow -file may decide not to permit any access at all if the password field is empty\&. -.sp -A password field which starts with a exclamation mark means that the password is locked\&. The remaining characters on the line represent the password field before the password was locked\&. -.RE -.PP -\fBdate of last password change\fR -.RS 4 -The date of the last password change, expressed as the number of days since Jan 1, 1970\&. -.sp -The value 0 has a special meaning, which is that the user should change her pasword the next time she will log in the system\&. -.sp -An empty field means that password aging features are disabled\&. -.RE -.PP -\fBminimum password age\fR -.RS 4 -The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again\&. -.sp -An empty field and value 0 mean that there are no minimum password age\&. -.RE -.PP -\fBmaximum password age\fR -.RS 4 -The maximum password age is the number of days after which the user will have to change her password\&. -.sp -After this number of days is elapsed, the password may still be valid\&. The user should be asked to change her password the next time she will log in\&. -.sp -An empty field means that there are no maximum password age, no password warning period, and no password inactivity period (see below)\&. -.sp -If the maximum password age is lower than the minimum password age, the user cannot change her password\&. -.RE -.PP -\fBpassword warning period\fR -.RS 4 -The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned\&. -.sp -An empty field and value 0 mean that there are no password warning period\&. -.RE -.PP -\fBpassword inactivity period\fR -.RS 4 -The number of days after a password has expired (see the maximum password age above) during which the password should still be accepted (and the user should update her password during the next login)\&. -.sp -After expiration of the password and this expiration period is elapsed, no login is possible using the current user\*(Aqs password\&. The user should contact her administrator\&. -.sp -An empty field means that there are no enforcement of an inactivity period\&. -.RE -.PP -\fBaccount expiration date\fR -.RS 4 -The date of expiration of the account, expressed as the number of days since Jan 1, 1970\&. -.sp -Note that an account expiration differs from a password expiration\&. In case of an acount expiration, the user shall not be allowed to login\&. In case of a password expiration, the user is not allowed to login using her password\&. -.sp -An empty field means that the account will never expire\&. -.sp -The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan 1, 1970\&. -.RE -.PP -\fBreserved field\fR -.RS 4 -This field is reserved for future use\&. -.RE -.SH "FILES" -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.PP -/etc/shadow -.RS 4 -Secure user account information\&. -.RE -.PP -/etc/shadow\- -.RS 4 -Backup file for /etc/shadow\&. -.sp -Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools\&. -.RE -.SH "SEE ALSO" -.PP -\fBchage\fR(1), -\fBlogin\fR(1), -\fBpasswd\fR(1), -\fBpasswd\fR(5), -\fBpwck\fR(8), -\fBpwconv\fR(8), -\fBpwunconv\fR(8), -\fBsu\fR(1), -\fBsulogin\fR(8)\&. diff --git a/man/man5/suauth.5 b/man/man5/suauth.5 deleted file mode 100644 index b3c9e97a..00000000 --- a/man/man5/suauth.5 +++ /dev/null @@ -1,146 +0,0 @@ -'\" t -.\" Title: suauth -.\" Author: Marek Michałkiewicz -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "SUAUTH" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -suauth \- detailed su control file -.SH "SYNOPSIS" -.HP \w'\fB/etc/suauth\fR\ 'u -\fB/etc/suauth\fR -.SH "DESCRIPTION" -.PP -The file -/etc/suauth -is referenced whenever the su command is called\&. It can change the behaviour of the su command, based upon: -.sp -.if n \{\ -.RS 4 -.\} -.nf - 1) the user su is targetting - -.fi -.if n \{\ -.RE -.\} -.PP -2) the user executing the su command (or any groups he might be a member of) -.PP -The file is formatted like this, with lines starting with a # being treated as comment lines and ignored; -.sp -.if n \{\ -.RS 4 -.\} -.nf - to\-id:from\-id:ACTION - -.fi -.if n \{\ -.RE -.\} -.PP -Where to\-id is either the word -\fIALL\fR, a list of usernames delimited by "," or the words -\fIALL EXCEPT\fR -followed by a list of usernames delimited by ","\&. -.PP -from\-id is formatted the same as to\-id except the extra word -\fIGROUP\fR -is recognised\&. -\fIALL EXCEPT GROUP\fR -is perfectly valid too\&. Following -\fIGROUP\fR -appears one or more group names, delimited by ","\&. It is not sufficient to have primary group id of the relevant group, an entry in -\fB/etc/group\fR(5) -is neccessary\&. -.PP -Action can be one only of the following currently supported options\&. -.PP -\fIDENY\fR -.RS 4 -The attempt to su is stopped before a password is even asked for\&. -.RE -.PP -\fINOPASS\fR -.RS 4 -The attempt to su is automatically successful; no password is asked for\&. -.RE -.PP -\fIOWNPASS\fR -.RS 4 -For the su command to be successful, the user must enter his or her own password\&. They are told this\&. -.RE -.PP -Note there are three separate fields delimited by a colon\&. No whitespace must surround this colon\&. Also note that the file is examined sequentially line by line, and the first applicable rule is used without examining the file further\&. This makes it possible for a system administrator to exercise as fine control as he or she wishes\&. -.SH "EXAMPLE" -.sp -.if n \{\ -.RS 4 -.\} -.nf - # sample /etc/suauth file - # - # A couple of privileged usernames may - # su to root with their own password\&. - # - root:chris,birddog:OWNPASS - # - # Anyone else may not su to root unless in - # group wheel\&. This is how BSD does things\&. - # - root:ALL EXCEPT GROUP wheel:DENY - # - # Perhaps terry and birddog are accounts - # owned by the same person\&. - # Access can be arranged between them - # with no password\&. - # - terry:birddog:NOPASS - birddog:terry:NOPASS - # - -.fi -.if n \{\ -.RE -.\} -.SH "FILES" -.PP -/etc/suauth -.RS 4 -.RE -.SH "BUGS" -.PP -There could be plenty lurking\&. The file parser is particularly unforgiving about syntax errors, expecting no spurious whitespace (apart from beginning and end of lines), and a specific token delimiting different things\&. -.SH "DIAGNOSTICS" -.PP -An error parsing the file is reported using -\fBsyslogd\fR(8) -as level ERR on facility AUTH\&. -.SH "SEE ALSO" -.PP -\fBsu\fR(1)\&. diff --git a/man/man5/subgid.5 b/man/man5/subgid.5 deleted file mode 100644 index 1265d345..00000000 --- a/man/man5/subgid.5 +++ /dev/null @@ -1,97 +0,0 @@ -'\" t -.\" Title: subgid -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "SUBGID" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -subgid \- the subordinate gid file -.SH "DESCRIPTION" -.PP -Each line in -/etc/subgid -contains a user name and a range of subordinate group ids that user is allowed to use\&. This is specified with three fields delimited by colons (\(lq:\(rq)\&. These fields are: -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -login name -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -numerical subordinate group ID -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -numerical subordinate group ID count -.RE -.PP -This file specifies the group IDs that ordinary users can use, with the -\fBnewgidmap\fR -command, to configure gid mapping in a user namespace\&. -.PP -Multiple ranges may be specified per user\&. -.SH "FILES" -.PP -/etc/subgid -.RS 4 -Per user subordinate group IDs\&. -.RE -.PP -/etc/subgid\- -.RS 4 -Backup file for /etc/subgid\&. -.RE -.SH "SEE ALSO" -.PP -\fBlogin.defs\fR(5), -\fBnewgidmap\fR(1), -\fBnewuidmap\fR(1), -\fBnewusers\fR(8), -\fBsubuid\fR(5), -\fBuseradd\fR(8), -\fBuserdel\fR(8), -\fBusermod\fR(8), -\fBuser_namespaces\fR(7)\&. diff --git a/man/man5/subuid.5 b/man/man5/subuid.5 deleted file mode 100644 index 1ff13803..00000000 --- a/man/man5/subuid.5 +++ /dev/null @@ -1,97 +0,0 @@ -'\" t -.\" Title: subuid -.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 05/09/2014 -.\" Manual: File Formats and Conversions -.\" Source: shadow-utils 4.2.1 -.\" Language: English -.\" -.TH "SUBUID" "5" "05/09/2014" "shadow\-utils 4\&.2\&.1" "File Formats and Conversions" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -subuid \- the subordinate uid file -.SH "DESCRIPTION" -.PP -Each line in -/etc/subuid -contains a user name and a range of subordinate user ids that user is allowed to use\&. This is specified with three fields delimited by colons (\(lq:\(rq)\&. These fields are: -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -login name -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -numerical subordinate user ID -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -numerical subordinate user ID count -.RE -.PP -This file specifies the user IDs that ordinary users can use, with the -\fBnewuidmap\fR -command, to configure uid mapping in a user namespace\&. -.PP -Multiple ranges may be specified per user\&. -.SH "FILES" -.PP -/etc/subuid -.RS 4 -Per user subordinate user IDs\&. -.RE -.PP -/etc/subuid\- -.RS 4 -Backup file for /etc/subuid\&. -.RE -.SH "SEE ALSO" -.PP -\fBlogin.defs\fR(5), -\fBnewgidmap\fR(1), -\fBnewuidmap\fR(1), -\fBnewusers\fR(1), -\fBsubgid\fR(5), -\fBuseradd\fR(8), -\fBuserdel\fR(8), -\fBusermod\fR(8), -\fBuser_namespaces\fR(7)\&. |