summaryrefslogtreecommitdiff
path: root/man/man8
diff options
context:
space:
mode:
authorChristian Perrier <bubulle@debian.org>2014-05-09 19:05:47 +0200
committerChristian Perrier <bubulle@debian.org>2014-05-09 19:05:47 +0200
commitbfaa59229d61adb7fa0c570f0d94fd324c6e05aa (patch)
treecf8ca39c7862f50d4f5f48f70f43ed30abd2c2b1 /man/man8
parenta497c3663fc035961da0a1b90f6abdd2de35ddb4 (diff)
downloadshadow-bfaa59229d61adb7fa0c570f0d94fd324c6e05aa.tar.gz
Imported Upstream version 4.2.1upstream/4.2.1
Diffstat (limited to 'man/man8')
-rw-r--r--man/man8/chgpasswd.8208
-rw-r--r--man/man8/chpasswd.8211
-rw-r--r--man/man8/faillog.8165
-rw-r--r--man/man8/groupadd.8248
-rw-r--r--man/man8/groupdel.8136
-rw-r--r--man/man8/groupmems.8180
-rw-r--r--man/man8/groupmod.8209
-rw-r--r--man/man8/grpck.8241
-rw-r--r--man/man8/grpconv.81
-rw-r--r--man/man8/grpunconv.81
-rw-r--r--man/man8/lastlog.8109
-rw-r--r--man/man8/logoutd.857
-rw-r--r--man/man8/newusers.8429
-rw-r--r--man/man8/nologin.851
-rw-r--r--man/man8/pwck.8323
-rw-r--r--man/man8/pwconv.8193
-rw-r--r--man/man8/pwunconv.81
-rw-r--r--man/man8/sulogin.8116
-rw-r--r--man/man8/useradd.8746
-rw-r--r--man/man8/userdel.8298
-rw-r--r--man/man8/usermod.8445
-rw-r--r--man/man8/vigr.81
-rw-r--r--man/man8/vipw.8137
23 files changed, 4506 insertions, 0 deletions
diff --git a/man/man8/chgpasswd.8 b/man/man8/chgpasswd.8
new file mode 100644
index 00000000..ec76bd62
--- /dev/null
+++ b/man/man8/chgpasswd.8
@@ -0,0 +1,208 @@
+'\" t
+.\" Title: chgpasswd
+.\" Author: Thomas Kłoczko <kloczek@pld.org.pl>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "CHGPASSWD" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+chgpasswd \- update group passwords in batch mode
+.SH "SYNOPSIS"
+.HP \w'\fBchgpasswd\fR\ 'u
+\fBchgpasswd\fR [\fIoptions\fR]
+.SH "DESCRIPTION"
+.PP
+The
+\fBchgpasswd\fR
+command reads a list of group name and password pairs from standard input and uses this information to update a set of existing groups\&. Each line is of the format:
+.PP
+\fIgroup_name\fR:\fIpassword\fR
+.PP
+By default the supplied password must be in clear\-text, and is encrypted by
+\fBchgpasswd\fR\&.
+.PP
+The default encryption algorithm can be defined for the system with the
+\fBENCRYPT_METHOD\fR
+variable of
+/etc/login\&.defs, and can be overwiten with the
+\fB\-e\fR,
+\fB\-m\fR, or
+\fB\-c\fR
+options\&.
+.PP
+This command is intended to be used in a large system environment where many accounts are created at a single time\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBchgpasswd\fR
+command are:
+.PP
+\fB\-c\fR, \fB\-\-crypt\-method\fR
+.RS 4
+Use the specified method to encrypt the passwords\&.
+.sp
+The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods\&.
+.RE
+.PP
+\fB\-e\fR, \fB\-\-encrypted\fR
+.RS 4
+Supplied passwords are in encrypted form\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-m\fR, \fB\-\-md5\fR
+.RS 4
+Use MD5 encryption instead of DES when the supplied passwords are not encrypted\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-sha\-rounds\fR
+.RS 4
+Use the specified number of rounds to encrypt the passwords\&.
+.sp
+The value 0 means that the system will choose the default number of rounds for the crypt method (5000)\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced\&.
+.sp
+You can only use this option with the SHA256 or SHA512 crypt method\&.
+.sp
+By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+/etc/login\&.defs\&.
+.RE
+.SH "CAVEATS"
+.PP
+Remember to set permissions or umask to prevent readability of unencrypted files by other users\&.
+.PP
+You should make sure the passwords and the encryption method respect the system\*(Aqs password policy\&.
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBENCRYPT_METHOD\fR (string)
+.RS 4
+This defines the system default encryption algorithm for encrypting passwords (if no algorithm are specified on the command line)\&.
+.sp
+It can take one of these values:
+\fIDES\fR
+(default),
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR\&.
+.sp
+Note: this parameter overrides the
+\fBMD5_CRYPT_ENAB\fR
+variable\&.
+.RE
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.PP
+\fBMD5_CRYPT_ENAB\fR (boolean)
+.RS 4
+Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to
+\fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to
+\fIno\fR
+if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is
+\fIno\fR\&.
+.sp
+This variable is superseded by the
+\fBENCRYPT_METHOD\fR
+variable or by any command line option used to configure the encryption algorithm\&.
+.sp
+This variable is deprecated\&. You should use
+\fBENCRYPT_METHOD\fR\&.
+.RE
+.PP
+\fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number)
+.RS 4
+When
+\fBENCRYPT_METHOD\fR
+is set to
+\fISHA256\fR
+or
+\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
+.sp
+With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+.sp
+If not specified, the libc will choose the default number of rounds (5000)\&.
+.sp
+The values must be inside the 1000\-999,999,999 range\&.
+.sp
+If only one of the
+\fBSHA_CRYPT_MIN_ROUNDS\fR
+or
+\fBSHA_CRYPT_MAX_ROUNDS\fR
+values is set, then this value will be used\&.
+.sp
+If
+\fBSHA_CRYPT_MIN_ROUNDS\fR
+>
+\fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&.
+.RE
+.SH "FILES"
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/gshadow
+.RS 4
+Secure group account information\&.
+.RE
+.PP
+/etc/login\&.defs
+.RS 4
+Shadow password suite configuration\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBgpasswd\fR(1),
+\fBgroupadd\fR(8),
+\fBlogin.defs\fR(5)\&.
diff --git a/man/man8/chpasswd.8 b/man/man8/chpasswd.8
new file mode 100644
index 00000000..0d983588
--- /dev/null
+++ b/man/man8/chpasswd.8
@@ -0,0 +1,211 @@
+'\" t
+.\" Title: chpasswd
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "CHPASSWD" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+chpasswd \- update passwords in batch mode
+.SH "SYNOPSIS"
+.HP \w'\fBchpasswd\fR\ 'u
+\fBchpasswd\fR [\fIoptions\fR]
+.SH "DESCRIPTION"
+.PP
+The
+\fBchpasswd\fR
+command reads a list of user name and password pairs from standard input and uses this information to update a group of existing users\&. Each line is of the format:
+.PP
+\fIuser_name\fR:\fIpassword\fR
+.PP
+By default the passwords must be supplied in clear\-text, and are encrypted by
+\fBchpasswd\fR\&. Also the password age will be updated, if present\&.
+.PP
+The default encryption algorithm can be defined for the system with the
+\fBENCRYPT_METHOD\fR
+or
+\fBMD5_CRYPT_ENAB\fR
+variables of
+/etc/login\&.defs, and can be overwitten with the
+\fB\-e\fR,
+\fB\-m\fR, or
+\fB\-c\fR
+options\&.
+.PP
+\fBchpasswd\fR
+first updates all the passwords in memory, and then commits all the changes to disk if no errors occured for any user\&.
+.PP
+This command is intended to be used in a large system environment where many accounts are created at a single time\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBchpasswd\fR
+command are:
+.PP
+\fB\-c\fR, \fB\-\-crypt\-method\fR\ \&\fIMETHOD\fR
+.RS 4
+Use the specified method to encrypt the passwords\&.
+.sp
+The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods\&.
+.sp
+By default (if none of the
+\fB\-c\fR,
+\fB\-m\fR, or
+\fB\-e\fR
+options are specified), the encryption method is defined by the
+\fBENCRYPT_METHOD\fR
+or
+\fBMD5_CRYPT_ENAB\fR
+variables of
+/etc/login\&.defs\&.
+.RE
+.PP
+\fB\-e\fR, \fB\-\-encrypted\fR
+.RS 4
+Supplied passwords are in encrypted form\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-m\fR, \fB\-\-md5\fR
+.RS 4
+Use MD5 encryption instead of DES when the supplied passwords are not encrypted\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-sha\-rounds\fR\ \&\fIROUNDS\fR
+.RS 4
+Use the specified number of rounds to encrypt the passwords\&.
+.sp
+The value 0 means that the system will choose the default number of rounds for the crypt method (5000)\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced\&.
+.sp
+You can only use this option with the SHA256 or SHA512 crypt method\&.
+.sp
+By default, the number of rounds is defined by the
+\fBSHA_CRYPT_MIN_ROUNDS\fR
+and
+\fBSHA_CRYPT_MAX_ROUNDS\fR
+variables in
+/etc/login\&.defs\&.
+.RE
+.SH "CAVEATS"
+.PP
+Remember to set permissions or umask to prevent readability of unencrypted files by other users\&.
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBENCRYPT_METHOD\fR (string)
+.RS 4
+This defines the system default encryption algorithm for encrypting passwords (if no algorithm are specified on the command line)\&.
+.sp
+It can take one of these values:
+\fIDES\fR
+(default),
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR\&.
+.sp
+Note: this parameter overrides the
+\fBMD5_CRYPT_ENAB\fR
+variable\&.
+.RE
+.PP
+\fBMD5_CRYPT_ENAB\fR (boolean)
+.RS 4
+Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to
+\fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to
+\fIno\fR
+if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is
+\fIno\fR\&.
+.sp
+This variable is superseded by the
+\fBENCRYPT_METHOD\fR
+variable or by any command line option used to configure the encryption algorithm\&.
+.sp
+This variable is deprecated\&. You should use
+\fBENCRYPT_METHOD\fR\&.
+.RE
+.PP
+\fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number)
+.RS 4
+When
+\fBENCRYPT_METHOD\fR
+is set to
+\fISHA256\fR
+or
+\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
+.sp
+With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+.sp
+If not specified, the libc will choose the default number of rounds (5000)\&.
+.sp
+The values must be inside the 1000\-999,999,999 range\&.
+.sp
+If only one of the
+\fBSHA_CRYPT_MIN_ROUNDS\fR
+or
+\fBSHA_CRYPT_MAX_ROUNDS\fR
+values is set, then this value will be used\&.
+.sp
+If
+\fBSHA_CRYPT_MIN_ROUNDS\fR
+>
+\fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&.
+.RE
+.SH "FILES"
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.PP
+/etc/shadow
+.RS 4
+Secure user account information\&.
+.RE
+.PP
+/etc/login\&.defs
+.RS 4
+Shadow password suite configuration\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBpasswd\fR(1),
+\fBnewusers\fR(8),
+\fBlogin.defs\fR(5),\fBuseradd\fR(8)\&.
diff --git a/man/man8/faillog.8 b/man/man8/faillog.8
new file mode 100644
index 00000000..beeb27ae
--- /dev/null
+++ b/man/man8/faillog.8
@@ -0,0 +1,165 @@
+'\" t
+.\" Title: faillog
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "FAILLOG" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+faillog \- display faillog records or set login failure limits
+.SH "SYNOPSIS"
+.HP \w'\fBfaillog\fR\ 'u
+\fBfaillog\fR [\fIoptions\fR]
+.SH "DESCRIPTION"
+.PP
+\fBfaillog\fR
+displays the contents of the failure log database (/var/log/faillog)\&. It can also set the failure counters and limits\&. When
+\fBfaillog\fR
+is run without arguments, it only displays the faillog records of the users who had a login failure\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBfaillog\fR
+command are:
+.PP
+\fB\-a\fR, \fB\-\-all\fR
+.RS 4
+Display (or act on) faillog records for all users having an entry in the
+faillog
+database\&.
+.sp
+The range of users can be restricted with the
+\fB\-u\fR
+option\&.
+.sp
+In display mode, this is still restricted to existing users but forces the display of the faillog entries even if they are empty\&.
+.sp
+With the
+\fB\-l\fR,
+\fB\-m\fR,
+\fB\-r\fR,
+\fB\-t\fR
+options, the users\*(Aq records are changed, even if the user does not exist on the system\&. This is useful to reset records of users that have been deleted or to set a policy in advance for a range of users\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-l\fR, \fB\-\-lock\-secs\fR\ \&\fISEC\fR
+.RS 4
+Lock account for
+\fISEC\fR
+seconds after failed login\&.
+.sp
+Write access to
+/var/log/faillog
+is required for this option\&.
+.RE
+.PP
+\fB\-m\fR, \fB\-\-maximum\fR\ \&\fIMAX\fR
+.RS 4
+Set the maximum number of login failures after the account is disabled to
+\fIMAX\fR\&.
+.sp
+Selecting a
+\fIMAX\fR
+value of 0 has the effect of not placing a limit on the number of failed logins\&.
+.sp
+The maximum failure count should always be 0 for
+\fIroot\fR
+to prevent a denial of services attack against the system\&.
+.sp
+Write access to
+/var/log/faillog
+is required for this option\&.
+.RE
+.PP
+\fB\-r\fR, \fB\-\-reset\fR
+.RS 4
+Reset the counters of login failures\&.
+.sp
+Write access to
+/var/log/faillog
+is required for this option\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-t\fR, \fB\-\-time\fR\ \&\fIDAYS\fR
+.RS 4
+Display faillog records more recent than
+\fIDAYS\fR\&.
+.RE
+.PP
+\fB\-u\fR, \fB\-\-user\fR\ \&\fILOGIN\fR|\fIRANGE\fR
+.RS 4
+Display faillog record or maintains failure counters and limits (if used with
+\fB\-l\fR,
+\fB\-m\fR
+or
+\fB\-r\fR
+options) only for the specified user(s)\&.
+.sp
+The users can be specified by a login name, a numerical user ID, or a
+\fIRANGE\fR
+of users\&. This
+\fIRANGE\fR
+of users can be specified with a min and max values (\fIUID_MIN\-UID_MAX\fR), a max value (\fI\-UID_MAX\fR), or a min value (\fIUID_MIN\-\fR)\&.
+.RE
+.PP
+When none of the
+\fB\-l\fR,
+\fB\-m\fR, or
+\fB\-r\fR
+options are used,
+\fBfaillog\fR
+displays the faillog record of the specified user(s)\&.
+.SH "CAVEATS"
+.PP
+\fBfaillog\fR
+only prints out users with no successful login since the last failure\&. To print out a user who has had a successful login since their last failure, you must explicitly request the user with the
+\fB\-u\fR
+flag, or print out all users with the
+\fB\-a\fR
+flag\&.
+.SH "FILES"
+.PP
+/var/log/faillog
+.RS 4
+Failure logging file\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBlogin\fR(1),
+\fBfaillog\fR(5)\&.
diff --git a/man/man8/groupadd.8 b/man/man8/groupadd.8
new file mode 100644
index 00000000..3dac11b3
--- /dev/null
+++ b/man/man8/groupadd.8
@@ -0,0 +1,248 @@
+'\" t
+.\" Title: groupadd
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "GROUPADD" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+groupadd \- create a new group
+.SH "SYNOPSIS"
+.HP \w'\fBgroupadd\fR\ 'u
+\fBgroupadd\fR [\fIoptions\fR] \fIgroup\fR
+.SH "DESCRIPTION"
+.PP
+The
+\fBgroupadd\fR
+command creates a new group account using the values specified on the command line plus the default values from the system\&. The new group will be entered into the system files as needed\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBgroupadd\fR
+command are:
+.PP
+\fB\-f\fR, \fB\-\-force\fR
+.RS 4
+This option causes the command to simply exit with success status if the specified group already exists\&. When used with
+\fB\-g\fR, and the specified GID already exists, another (unique) GID is chosen (i\&.e\&.
+\fB\-g\fR
+is turned off)\&.
+.RE
+.PP
+\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGID\fR
+.RS 4
+The numerical value of the group\*(Aqs ID\&. This value must be unique, unless the
+\fB\-o\fR
+option is used\&. The value must be non\-negative\&. The default is to use the smallest ID value greater than or equal to
+\fBGID_MIN\fR
+and greater than every other group\&.
+.sp
+See also the
+\fB\-r\fR
+option and the
+\fBGID_MAX\fR
+description\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-K\fR, \fB\-\-key\fR\ \&\fIKEY\fR=\fIVALUE\fR
+.RS 4
+Overrides
+/etc/login\&.defs
+defaults (GID_MIN, GID_MAX and others)\&. Multiple
+\fB\-K\fR
+options can be specified\&.
+.sp
+Example:
+\fB\-K\fR\ \&\fIGID_MIN\fR=\fI100\fR\ \&
+\fB\-K\fR\ \&\fIGID_MAX\fR=\fI499\fR
+.sp
+Note:
+\fB\-K\fR\ \&\fIGID_MIN\fR=\fI10\fR,\fIGID_MAX\fR=\fI499\fR
+doesn\*(Aqt work yet\&.
+.RE
+.PP
+\fB\-o\fR, \fB\-\-non\-unique\fR
+.RS 4
+This option permits to add a group with a non\-unique GID\&.
+.RE
+.PP
+\fB\-p\fR, \fB\-\-password\fR\ \&\fIPASSWORD\fR
+.RS 4
+The encrypted password, as returned by
+\fBcrypt\fR(3)\&. The default is to disable the password\&.
+.sp
+\fBNote:\fR
+This option is not recommended because the password (or encrypted password) will be visible by users listing the processes\&.
+.sp
+You should make sure the password respects the system\*(Aqs password policy\&.
+.RE
+.PP
+\fB\-r\fR, \fB\-\-system\fR
+.RS 4
+Create a system group\&.
+.sp
+The numeric identifiers of new system groups are chosen in the
+\fBSYS_GID_MIN\fR\-\fBSYS_GID_MAX\fR
+range, defined in
+login\&.defs, instead of
+\fBGID_MIN\fR\-\fBGID_MAX\fR\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBGID_MAX\fR (number), \fBGID_MIN\fR (number)
+.RS 4
+Range of group IDs used for the creation of regular groups by
+\fBuseradd\fR,
+\fBgroupadd\fR, or
+\fBnewusers\fR\&.
+.sp
+The default value for
+\fBGID_MIN\fR
+(resp\&.
+\fBGID_MAX\fR) is 1000 (resp\&. 60000)\&.
+.RE
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.PP
+\fBSYS_GID_MAX\fR (number), \fBSYS_GID_MIN\fR (number)
+.RS 4
+Range of group IDs used for the creation of system groups by
+\fBuseradd\fR,
+\fBgroupadd\fR, or
+\fBnewusers\fR\&.
+.sp
+The default value for
+\fBSYS_GID_MIN\fR
+(resp\&.
+\fBSYS_GID_MAX\fR) is 101 (resp\&.
+\fBGID_MIN\fR\-1)\&.
+.RE
+.SH "FILES"
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/gshadow
+.RS 4
+Secure group account information\&.
+.RE
+.PP
+/etc/login\&.defs
+.RS 4
+Shadow password suite configuration\&.
+.RE
+.SH "CAVEATS"
+.PP
+Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
+.PP
+Groupnames may only be up to 16 characters long\&.
+.PP
+You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&.
+.PP
+If the groupname already exists in an external group database such as NIS or LDAP,
+\fBgroupadd\fR
+will deny the group creation request\&.
+.SH "EXIT VALUES"
+.PP
+The
+\fBgroupadd\fR
+command exits with the following values:
+.PP
+\fI0\fR
+.RS 4
+success
+.RE
+.PP
+\fI2\fR
+.RS 4
+invalid command syntax
+.RE
+.PP
+\fI3\fR
+.RS 4
+invalid argument to option
+.RE
+.PP
+\fI4\fR
+.RS 4
+GID not unique (when
+\fB\-o\fR
+not used)
+.RE
+.PP
+\fI9\fR
+.RS 4
+group name not unique
+.RE
+.PP
+\fI10\fR
+.RS 4
+can\*(Aqt update group file
+.RE
+.SH "SEE ALSO"
+.PP
+\fBchfn\fR(1),
+\fBchsh\fR(1),
+\fBpasswd\fR(1),
+\fBgpasswd\fR(8),
+\fBgroupdel\fR(8),
+\fBgroupmod\fR(8),
+\fBlogin.defs\fR(5),
+\fBuseradd\fR(8),
+\fBuserdel\fR(8),
+\fBusermod\fR(8)\&.
diff --git a/man/man8/groupdel.8 b/man/man8/groupdel.8
new file mode 100644
index 00000000..72cee82d
--- /dev/null
+++ b/man/man8/groupdel.8
@@ -0,0 +1,136 @@
+'\" t
+.\" Title: groupdel
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "GROUPDEL" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+groupdel \- delete a group
+.SH "SYNOPSIS"
+.HP \w'\fBgroupdel\fR\ 'u
+\fBgroupdel\fR [\fIoptions\fR] \fIGROUP\fR
+.SH "DESCRIPTION"
+.PP
+The
+\fBgroupdel\fR
+command modifies the system account files, deleting all entries that refer to
+\fIGROUP\fR\&. The named group must exist\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBgroupdel\fR
+command are:
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.SH "CAVEATS"
+.PP
+You may not remove the primary group of any existing user\&. You must remove the user before you remove the group\&.
+.PP
+You should manually check all file systems to ensure that no files remain owned by this group\&.
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.SH "FILES"
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/gshadow
+.RS 4
+Secure group account information\&.
+.RE
+.SH "EXIT VALUES"
+.PP
+The
+\fBgroupdel\fR
+command exits with the following values:
+.PP
+\fI0\fR
+.RS 4
+success
+.RE
+.PP
+\fI2\fR
+.RS 4
+invalid command syntax
+.RE
+.PP
+\fI6\fR
+.RS 4
+specified group doesn\*(Aqt exist
+.RE
+.PP
+\fI8\fR
+.RS 4
+can\*(Aqt remove user\*(Aqs primary group
+.RE
+.PP
+\fI10\fR
+.RS 4
+can\*(Aqt update group file
+.RE
+.SH "SEE ALSO"
+.PP
+\fBchfn\fR(1),
+\fBchsh\fR(1),
+\fBpasswd\fR(1),
+\fBgpasswd\fR(8),
+\fBgroupadd\fR(8),
+\fBgroupmod\fR(8),
+\fBuseradd\fR(8),
+\fBuserdel\fR(8),
+\fBusermod\fR(8)\&.
diff --git a/man/man8/groupmems.8 b/man/man8/groupmems.8
new file mode 100644
index 00000000..47f76e25
--- /dev/null
+++ b/man/man8/groupmems.8
@@ -0,0 +1,180 @@
+'\" t
+.\" Title: groupmems
+.\" Author: George Kraft, IV
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "GROUPMEMS" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+groupmems \- administer members of a user\*(Aqs primary group
+.SH "SYNOPSIS"
+.HP \w'\fBgroupmems\fR\ 'u
+\fBgroupmems\fR \-a\ \fIuser_name\fR | \-d\ \fIuser_name\fR | [\-g\ \fIgroup_name\fR] | \-l | \-p
+.SH "DESCRIPTION"
+.PP
+The
+\fBgroupmems\fR
+command allows a user to administer his/her own group membership list without the requirement of superuser privileges\&. The
+\fBgroupmems\fR
+utility is for systems that configure its users to be in their own name sake primary group (i\&.e\&., guest / guest)\&.
+.PP
+Only the superuser, as administrator, can use
+\fBgroupmems\fR
+to alter the memberships of other groups\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBgroupmems\fR
+command are:
+.PP
+\fB\-a\fR, \fB\-\-add\fR\ \&\fIuser_name\fR
+.RS 4
+Add an user to the group membership list\&.
+.sp
+If the
+/etc/gshadow
+file exist, and the group has no entry in the
+/etc/gshadow
+file, a new entry will be created\&.
+.RE
+.PP
+\fB\-d\fR, \fB\-\-delete\fR\ \&\fIuser_name\fR
+.RS 4
+Delete a user from the group membership list\&.
+.sp
+If the
+/etc/gshadow
+file exist, the user will be removed from the list of members and administrators of the group\&.
+.sp
+If the
+/etc/gshadow
+file exist, and the group has no entry in the
+/etc/gshadow
+file, a new entry will be created\&.
+.RE
+.PP
+\fB\-g\fR, \fB\-\-group\fR\ \&\fIgroup_name\fR
+.RS 4
+The superuser can specify which group membership list to modify\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-l\fR, \fB\-\-list\fR
+.RS 4
+List the group membership list\&.
+.RE
+.PP
+\fB\-p\fR, \fB\-\-purge\fR
+.RS 4
+Purge all users from the group membership list\&.
+.sp
+If the
+/etc/gshadow
+file exist, and the group has no entry in the
+/etc/gshadow
+file, a new entry will be created\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.SH "SETUP"
+.PP
+The
+\fBgroupmems\fR
+executable should be in mode
+2770
+as user
+\fIroot\fR
+and in group
+\fIgroups\fR\&. The system administrator can add users to group
+\fIgroups\fR
+to allow or disallow them using the
+\fBgroupmems\fR
+utility to manage their own group membership list\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ $ groupadd \-r groups
+ $ chmod 2770 groupmems
+ $ chown root\&.groups groupmems
+ $ groupmems \-g groups \-a gk4
+
+.fi
+.if n \{\
+.RE
+.\}
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.SH "FILES"
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/gshadow
+.RS 4
+secure group account information
+.RE
+.SH "SEE ALSO"
+.PP
+\fBchfn\fR(1),
+\fBchsh\fR(1),
+\fBpasswd\fR(1),
+\fBgroupadd\fR(8),
+\fBgroupdel\fR(8),
+\fBuseradd\fR(8),
+\fBuserdel\fR(8),
+\fBusermod\fR(8)\&.
diff --git a/man/man8/groupmod.8 b/man/man8/groupmod.8
new file mode 100644
index 00000000..de0699c8
--- /dev/null
+++ b/man/man8/groupmod.8
@@ -0,0 +1,209 @@
+'\" t
+.\" Title: groupmod
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "GROUPMOD" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+groupmod \- modify a group definition on the system
+.SH "SYNOPSIS"
+.HP \w'\fBgroupmod\fR\ 'u
+\fBgroupmod\fR [\fIoptions\fR] \fIGROUP\fR
+.SH "DESCRIPTION"
+.PP
+The
+\fBgroupmod\fR
+command modifies the definition of the specified
+\fIGROUP\fR
+by modifying the appropriate entry in the group database\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBgroupmod\fR
+command are:
+.PP
+\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGID\fR
+.RS 4
+The group ID of the given
+\fIGROUP\fR
+will be changed to
+\fIGID\fR\&.
+.sp
+The value of
+\fIGID\fR
+must be a non\-negative decimal integer\&. This value must be unique, unless the
+\fB\-o\fR
+option is used\&.
+.sp
+Users who use the group as primary group will be updated to keep the group as their primary group\&.
+.sp
+Any files that have the old group ID and must continue to belong to
+\fIGROUP\fR, must have their group ID changed manually\&.
+.sp
+No checks will be performed with regard to the
+\fBGID_MIN\fR,
+\fBGID_MAX\fR,
+\fBSYS_GID_MIN\fR, or
+\fBSYS_GID_MAX\fR
+from
+/etc/login\&.defs\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-n\fR, \fB\-\-new\-name\fR\ \&\fINEW_GROUP\fR
+.RS 4
+The name of the group will be changed from
+\fIGROUP\fR
+to
+\fINEW_GROUP\fR
+name\&.
+.RE
+.PP
+\fB\-o\fR, \fB\-\-non\-unique\fR
+.RS 4
+When used with the
+\fB\-g\fR
+option, allow to change the group
+\fIGID\fR
+to a non\-unique value\&.
+.RE
+.PP
+\fB\-p\fR, \fB\-\-password\fR\ \&\fIPASSWORD\fR
+.RS 4
+The encrypted password, as returned by
+\fBcrypt\fR(3)\&.
+.sp
+\fBNote:\fR
+This option is not recommended because the password (or encrypted password) will be visible by users listing the processes\&.
+.sp
+You should make sure the password respects the system\*(Aqs password policy\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.SH "FILES"
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/gshadow
+.RS 4
+Secure group account information\&.
+.RE
+.PP
+/etc/login\&.defs
+.RS 4
+Shadow password suite configuration\&.
+.RE
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.SH "EXIT VALUES"
+.PP
+The
+\fBgroupmod\fR
+command exits with the following values:
+.PP
+\fI0\fR
+.RS 4
+success
+.RE
+.PP
+\fI2\fR
+.RS 4
+invalid command syntax
+.RE
+.PP
+\fI3\fR
+.RS 4
+invalid argument to option
+.RE
+.PP
+\fI4\fR
+.RS 4
+specified group doesn\*(Aqt exist
+.RE
+.PP
+\fI6\fR
+.RS 4
+specified group doesn\*(Aqt exist
+.RE
+.PP
+\fI9\fR
+.RS 4
+group name already in use
+.RE
+.PP
+\fI10\fR
+.RS 4
+can\*(Aqt update group file
+.RE
+.SH "SEE ALSO"
+.PP
+\fBchfn\fR(1),
+\fBchsh\fR(1),
+\fBpasswd\fR(1),
+\fBgpasswd\fR(8),
+\fBgroupadd\fR(8),
+\fBgroupdel\fR(8),
+\fBlogin.defs\fR(5),
+\fBuseradd\fR(8),
+\fBuserdel\fR(8),
+\fBusermod\fR(8)\&.
diff --git a/man/man8/grpck.8 b/man/man8/grpck.8
new file mode 100644
index 00000000..acd4a46c
--- /dev/null
+++ b/man/man8/grpck.8
@@ -0,0 +1,241 @@
+'\" t
+.\" Title: grpck
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "GRPCK" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+grpck \- verify integrity of group files
+.SH "SYNOPSIS"
+.HP \w'\fBgrpck\fR\ 'u
+\fBgrpck\fR [options] [\fIgroup\fR\ [\ \fIshadow\fR\ ]]
+.SH "DESCRIPTION"
+.PP
+The
+\fBgrpck\fR
+command verifies the integrity of the groups information\&. It checks that all entries in
+/etc/groupand /etc/gshadow
+have the proper format and contain valid data\&. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors\&.
+.PP
+Checks are made to verify that each entry has:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+the correct number of fields
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+a unique and valid group name
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+a valid group identifier
+(/etc/group only)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+a valid list of members
+and administrators
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+a corresponding entry in the
+/etc/gshadow
+file (respectively
+/etc/group
+for the
+gshadow
+checks)
+.RE
+.PP
+The checks for correct number of fields and unique group name are fatal\&. If an entry has the wrong number of fields, the user will be prompted to delete the entire line\&. If the user does not answer affirmatively, all further checks are bypassed\&. An entry with a duplicated group name is prompted for deletion, but the remaining checks will still be made\&. All other errors are warnings and the user is encouraged to run the
+\fBgroupmod\fR
+command to correct the error\&.
+.PP
+The commands which operate on the
+/etc/groupand /etc/gshadow files
+are not able to alter corrupted or duplicated entries\&.
+\fBgrpck\fR
+should be used in those circumstances to remove the offending entries\&.
+.SH "OPTIONS"
+.PP
+The
+\fB\-r\fR
+and
+\fB\-s\fR
+options cannot be combined\&.
+.PP
+The options which apply to the
+\fBgrpck\fR
+command are:
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-r\fR, \fB\-\-read\-only\fR
+.RS 4
+Execute the
+\fBgrpck\fR
+command in read\-only mode\&. This causes all questions regarding changes to be answered
+\fIno\fR
+without user intervention\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-sort\fR
+.RS 4
+Sort entries in
+/etc/groupand /etc/gshadow
+by GID\&.
+.RE
+.PP
+By default,
+\fBgrpck\fR
+operates on
+/etc/groupand /etc/gshadow\&. The user may select alternate files with the
+\fIgroup\fRand \fIshadow\fR parameters\&.
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.SH "FILES"
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/gshadow
+.RS 4
+Secure group account information\&.
+.RE
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.SH "EXIT VALUES"
+.PP
+The
+\fBgrpck\fR
+command exits with the following values:
+.PP
+\fI0\fR
+.RS 4
+success
+.RE
+.PP
+\fI1\fR
+.RS 4
+invalid command syntax
+.RE
+.PP
+\fI2\fR
+.RS 4
+one or more bad group entries
+.RE
+.PP
+\fI3\fR
+.RS 4
+can\*(Aqt open group files
+.RE
+.PP
+\fI4\fR
+.RS 4
+can\*(Aqt lock group files
+.RE
+.PP
+\fI5\fR
+.RS 4
+can\*(Aqt update group files
+.RE
+.SH "SEE ALSO"
+.PP
+\fBgroup\fR(5),
+\fBgroupmod\fR(8),
+\fBgshadow\fR(5),\fBpasswd\fR(5),
+\fBpwck\fR(8),
+\fBshadow\fR(5)\&.
diff --git a/man/man8/grpconv.8 b/man/man8/grpconv.8
new file mode 100644
index 00000000..6eed9e8b
--- /dev/null
+++ b/man/man8/grpconv.8
@@ -0,0 +1 @@
+.so man8/pwconv.8
diff --git a/man/man8/grpunconv.8 b/man/man8/grpunconv.8
new file mode 100644
index 00000000..6eed9e8b
--- /dev/null
+++ b/man/man8/grpunconv.8
@@ -0,0 +1 @@
+.so man8/pwconv.8
diff --git a/man/man8/lastlog.8 b/man/man8/lastlog.8
new file mode 100644
index 00000000..e510cbaa
--- /dev/null
+++ b/man/man8/lastlog.8
@@ -0,0 +1,109 @@
+'\" t
+.\" Title: lastlog
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "LASTLOG" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+lastlog \- reports the most recent login of all users or of a given user
+.SH "SYNOPSIS"
+.HP \w'\fBlastlog\fR\ 'u
+\fBlastlog\fR [\fIoptions\fR]
+.SH "DESCRIPTION"
+.PP
+\fBlastlog\fR
+formats and prints the contents of the last login log
+/var/log/lastlog
+file\&. The
+\fIlogin\-name\fR,
+\fIport\fR, and
+\fIlast login time\fR
+will be printed\&. The default (no flags) causes lastlog entries to be printed, sorted by their order in
+/etc/passwd\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBlastlog\fR
+command are:
+.PP
+\fB\-b\fR, \fB\-\-before\fR\ \&\fIDAYS\fR
+.RS 4
+Print only lastlog records older than
+\fIDAYS\fR\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-t\fR, \fB\-\-time\fR\ \&\fIDAYS\fR
+.RS 4
+Print the lastlog records more recent than
+\fIDAYS\fR\&.
+.RE
+.PP
+\fB\-u\fR, \fB\-\-user\fR\ \&\fILOGIN\fR|\fIRANGE\fR
+.RS 4
+Print the lastlog record of the specified user(s)\&.
+.sp
+The users can be specified by a login name, a numerical user ID, or a
+\fIRANGE\fR
+of users\&. This
+\fIRANGE\fR
+of users can be specified with a min and max values (\fIUID_MIN\-UID_MAX\fR), a max value (\fI\-UID_MAX\fR), or a min value (\fIUID_MIN\-\fR)\&.
+.RE
+.PP
+If the user has never logged in the message
+\fI** Never logged in**\fR
+will be displayed instead of the port and time\&.
+.PP
+Only the entries for the current users of the system will be displayed\&. Other entries may exist for users that were deleted previously\&.
+.SH "NOTE"
+.PP
+The
+lastlog
+file is a database which contains info on the last login of each user\&. You should not rotate it\&. It is a sparse file, so its size on the disk is usually much smaller than the one shown by "\fBls \-l\fR" (which can indicate a really big file if you have in
+passwd
+users with a high UID)\&. You can display its real size with "\fBls \-s\fR"\&.
+.SH "FILES"
+.PP
+/var/log/lastlog
+.RS 4
+Database times of previous user logins\&.
+.RE
+.SH "CAVEATS"
+.PP
+Large gaps in UID numbers will cause the lastlog program to run longer with no output to the screen (i\&.e\&. if in lastlog database there is no entries for users with UID between 170 and 800 lastlog will appear to hang as it processes entries with UIDs 171\-799)\&.
diff --git a/man/man8/logoutd.8 b/man/man8/logoutd.8
new file mode 100644
index 00000000..8bbba5ca
--- /dev/null
+++ b/man/man8/logoutd.8
@@ -0,0 +1,57 @@
+'\" t
+.\" Title: logoutd
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "LOGOUTD" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+logoutd \- enforce login time restrictions
+.SH "SYNOPSIS"
+.HP \w'\fBlogoutd\fR\ 'u
+\fBlogoutd\fR
+.SH "DESCRIPTION"
+.PP
+\fBlogoutd\fR
+enforces the login time and port restrictions specified in
+/etc/porttime\&.
+\fBlogoutd\fR
+should be started from
+/etc/rc\&. The
+/var/run/utmp
+file is scanned periodically and each user name is checked to see if the named user is permitted on the named port at the current time\&. Any login session which is violating the restrictions in
+/etc/porttime
+is terminated\&.
+.SH "FILES"
+.PP
+/etc/porttime
+.RS 4
+File containing port access\&.
+.RE
+.PP
+/var/run/utmp
+.RS 4
+List of current login sessions\&.
+.RE
diff --git a/man/man8/newusers.8 b/man/man8/newusers.8
new file mode 100644
index 00000000..458f9ef8
--- /dev/null
+++ b/man/man8/newusers.8
@@ -0,0 +1,429 @@
+'\" t
+.\" Title: newusers
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "NEWUSERS" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+newusers \- update and create new users in batch
+.SH "SYNOPSIS"
+.HP \w'\fBnewusers\fR\ 'u
+\fBnewusers\fR [\fIoptions\fR] [\fIfile\fR]
+.SH "DESCRIPTION"
+.PP
+The
+\fBnewusers\fR
+command reads a
+\fIfile\fR
+(or the standard input by default) and uses this information to update a set of existing users or to create new users\&. Each line is in the same format as the standard password file (see
+\fBpasswd\fR(5)) with the exceptions explained below:
+.PP
+pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell
+.PP
+\fIpw_name\fR
+.RS 4
+This is the name of the user\&.
+.sp
+It can be the name of a new user or the name of an existing user (or an user created before by
+\fBnewusers\fR)\&. In case of an existing user, the user\*(Aqs information will be changed, otherwise a new user will be created\&.
+.RE
+.PP
+\fIpw_passwd\fR
+.RS 4
+This field will be encrypted and used as the new value of the encrypted password\&.
+.RE
+.PP
+\fIpw_uid\fR
+.RS 4
+This field is used to define the UID of the user\&.
+.sp
+If the field is empty, an new (unused) UID will be defined automatically by
+\fBnewusers\fR\&.
+.sp
+If this field contains a number, this number will be used as the UID\&.
+.sp
+If this field contains the name of an existing user (or the name of an user created before by
+\fBnewusers\fR), the UID of the specified user will be used\&.
+.sp
+If the UID of an existing user is changed, the files ownership of the user\*(Aqs file should be fixed manually\&.
+.RE
+.PP
+\fIpw_gid\fR
+.RS 4
+This field is used to define the primary group ID for the user\&.
+.sp
+If this field contains the name of an existing group (or a group created before by
+\fBnewusers\fR), the GID of this group will be used as the primary group ID for the user\&.
+.sp
+If this field is a number, this number will be used as the primary group ID of the user\&. If no groups exist with this GID, a new group will be created with this GID, and the name of the user\&.
+.sp
+If this field is empty, a new group will be created with the name of the user and a GID will be automatically defined by
+\fBnewusers\fR
+to be used as the primary group ID for the user and as the GID for the new group\&.
+.sp
+If this field contains the name of a group which does not exist (and was not created before by
+\fBnewusers\fR), a new group will be created with the specified name and a GID will be automatically defined by
+\fBnewusers\fR
+to be used as the primary group ID for the user and GID for the new group\&.
+.RE
+.PP
+\fIpw_gecos\fR
+.RS 4
+This field is copied in the GECOS field of the user\&.
+.RE
+.PP
+\fIpw_dir\fR
+.RS 4
+This field is used to define the home directory of the user\&.
+.sp
+If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&.
+.sp
+If the home directory of an existing user is changed,
+\fBnewusers\fR
+does not move or copy the content of the old directory to the new location\&. This should be done manually\&.
+.RE
+.PP
+\fIpw_shell\fR
+.RS 4
+This field defines the shell of the user\&. No checks are performed on this field\&.
+.RE
+.PP
+\fBnewusers\fR
+first tries to create or change all the specified users, and then write these changes to the user or group databases\&. If an error occurs (except in the final writes to the databases), no changes are committed to the databases\&.
+.PP
+This command is intended to be used in a large system environment where many accounts are updated at a single time\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBnewusers\fR
+command are:
+.PP
+\fB\-c\fR, \fB\-\-crypt\-method\fR
+.RS 4
+Use the specified method to encrypt the passwords\&.
+.sp
+The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-r\fR, \fB\-\-system\fR
+.RS 4
+Create a system account\&.
+.sp
+System users will be created with no aging information in
+/etc/shadow, and their numeric identifiers are chosen in the
+\fBSYS_UID_MIN\fR\-\fBSYS_UID_MAX\fR
+range, defined in
+login\&.defs, instead of
+\fBUID_MIN\fR\-\fBUID_MAX\fR
+(and their
+\fBGID\fR
+counterparts for the creation of groups)\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-sha\-rounds\fR
+.RS 4
+Use the specified number of rounds to encrypt the passwords\&.
+.sp
+The value 0 means that the system will choose the default number of rounds for the crypt method (5000)\&.
+.sp
+A minimal value of 1000 and a maximal value of 999,999,999 will be enforced\&.
+.sp
+You can only use this option with the SHA256 or SHA512 crypt method\&.
+.sp
+By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
+/etc/login\&.defs\&.
+.RE
+.SH "CAVEATS"
+.PP
+The input file must be protected since it contains unencrypted passwords\&.
+.PP
+You should make sure the passwords and the encryption method respect the system\*(Aqs password policy\&.
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBENCRYPT_METHOD\fR (string)
+.RS 4
+This defines the system default encryption algorithm for encrypting passwords (if no algorithm are specified on the command line)\&.
+.sp
+It can take one of these values:
+\fIDES\fR
+(default),
+\fIMD5\fR, \fISHA256\fR, \fISHA512\fR\&.
+.sp
+Note: this parameter overrides the
+\fBMD5_CRYPT_ENAB\fR
+variable\&.
+.RE
+.PP
+\fBGID_MAX\fR (number), \fBGID_MIN\fR (number)
+.RS 4
+Range of group IDs used for the creation of regular groups by
+\fBuseradd\fR,
+\fBgroupadd\fR, or
+\fBnewusers\fR\&.
+.sp
+The default value for
+\fBGID_MIN\fR
+(resp\&.
+\fBGID_MAX\fR) is 1000 (resp\&. 60000)\&.
+.RE
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.PP
+\fBMD5_CRYPT_ENAB\fR (boolean)
+.RS 4
+Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to
+\fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to
+\fIno\fR
+if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is
+\fIno\fR\&.
+.sp
+This variable is superseded by the
+\fBENCRYPT_METHOD\fR
+variable or by any command line option used to configure the encryption algorithm\&.
+.sp
+This variable is deprecated\&. You should use
+\fBENCRYPT_METHOD\fR\&.
+.RE
+.PP
+\fBPASS_MAX_DAYS\fR (number)
+.RS 4
+The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&.
+.RE
+.PP
+\fBPASS_MIN_DAYS\fR (number)
+.RS 4
+The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, \-1 will be assumed (which disables the restriction)\&.
+.RE
+.PP
+\fBPASS_WARN_AGE\fR (number)
+.RS 4
+The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&.
+.RE
+.PP
+\fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number)
+.RS 4
+When
+\fBENCRYPT_METHOD\fR
+is set to
+\fISHA256\fR
+or
+\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
+.sp
+With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+.sp
+If not specified, the libc will choose the default number of rounds (5000)\&.
+.sp
+The values must be inside the 1000\-999,999,999 range\&.
+.sp
+If only one of the
+\fBSHA_CRYPT_MIN_ROUNDS\fR
+or
+\fBSHA_CRYPT_MAX_ROUNDS\fR
+values is set, then this value will be used\&.
+.sp
+If
+\fBSHA_CRYPT_MIN_ROUNDS\fR
+>
+\fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&.
+.RE
+.PP
+\fBSUB_GID_MIN\fR (number), \fBSUB_GID_MAX\fR (number), \fBSUB_GID_COUNT\fR (number)
+.RS 4
+If
+/etc/subuid
+exists, the commands
+\fBuseradd\fR
+and
+\fBnewusers\fR
+(unless the user already have subordinate group IDs) allocate
+\fBSUB_GID_COUNT\fR
+unused group IDs from the range
+\fBSUB_GID_MIN\fR
+to
+\fBSUB_GID_MAX\fR
+for each new user\&.
+.sp
+The default values for
+\fBSUB_GID_MIN\fR,
+\fBSUB_GID_MAX\fR,
+\fBSUB_GID_COUNT\fR
+are respectively 100000, 600100000 and 10000\&.
+.RE
+.PP
+\fBSUB_UID_MIN\fR (number), \fBSUB_UID_MAX\fR (number), \fBSUB_UID_COUNT\fR (number)
+.RS 4
+If
+/etc/subuid
+exists, the commands
+\fBuseradd\fR
+and
+\fBnewusers\fR
+(unless the user already have subordinate user IDs) allocate
+\fBSUB_UID_COUNT\fR
+unused user IDs from the range
+\fBSUB_UID_MIN\fR
+to
+\fBSUB_UID_MAX\fR
+for each new user\&.
+.sp
+The default values for
+\fBSUB_UID_MIN\fR,
+\fBSUB_UID_MAX\fR,
+\fBSUB_UID_COUNT\fR
+are respectively 100000, 600100000 and 10000\&.
+.RE
+.PP
+\fBSYS_GID_MAX\fR (number), \fBSYS_GID_MIN\fR (number)
+.RS 4
+Range of group IDs used for the creation of system groups by
+\fBuseradd\fR,
+\fBgroupadd\fR, or
+\fBnewusers\fR\&.
+.sp
+The default value for
+\fBSYS_GID_MIN\fR
+(resp\&.
+\fBSYS_GID_MAX\fR) is 101 (resp\&.
+\fBGID_MIN\fR\-1)\&.
+.RE
+.PP
+\fBSYS_UID_MAX\fR (number), \fBSYS_UID_MIN\fR (number)
+.RS 4
+Range of user IDs used for the creation of system users by
+\fBuseradd\fR
+or
+\fBnewusers\fR\&.
+.sp
+The default value for
+\fBSYS_UID_MIN\fR
+(resp\&.
+\fBSYS_UID_MAX\fR) is 101 (resp\&.
+\fBUID_MIN\fR\-1)\&.
+.RE
+.PP
+\fBUID_MAX\fR (number), \fBUID_MIN\fR (number)
+.RS 4
+Range of user IDs used for the creation of regular users by
+\fBuseradd\fR
+or
+\fBnewusers\fR\&.
+.sp
+The default value for
+\fBUID_MIN\fR
+(resp\&.
+\fBUID_MAX\fR) is 1000 (resp\&. 60000)\&.
+.RE
+.PP
+\fBUMASK\fR (number)
+.RS 4
+The file mode creation mask is initialized to this value\&. If not specified, the mask will be initialized to 022\&.
+.sp
+\fBuseradd\fR
+and
+\fBnewusers\fR
+use this mask to set the mode of the home directory they create
+.sp
+It is also used by
+\fBlogin\fR
+to define users\*(Aq initial umask\&. Note that this mask can be overridden by the user\*(Aqs GECOS line (if
+\fBQUOTAS_ENAB\fR
+is set) or by the specification of a limit with the
+\fIK\fR
+identifier in
+\fBlimits\fR(5)\&.
+.RE
+.SH "FILES"
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.PP
+/etc/shadow
+.RS 4
+Secure user account information\&.
+.RE
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/gshadow
+.RS 4
+Secure group account information\&.
+.RE
+.PP
+/etc/login\&.defs
+.RS 4
+Shadow password suite configuration\&.
+.RE
+.PP
+/etc/subgid
+.RS 4
+Per user subordinate group IDs\&.
+.RE
+.PP
+/etc/subuid
+.RS 4
+Per user subordinate user IDs\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBlogin.defs\fR(5),
+\fBpasswd\fR(1),
+\fBsubgid\fR(5), \fBsubuid\fR(5),\fBuseradd\fR(8)\&.
diff --git a/man/man8/nologin.8 b/man/man8/nologin.8
new file mode 100644
index 00000000..103421af
--- /dev/null
+++ b/man/man8/nologin.8
@@ -0,0 +1,51 @@
+'\" t
+.\" Title: nologin
+.\" Author: Nicolas François <nicolas.francois@centraliens.net>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "NOLOGIN" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+nologin \- politely refuse a login
+.SH "SYNOPSIS"
+.HP \w'\fBnologin\fR\ 'u
+\fBnologin\fR
+.SH "DESCRIPTION"
+.PP
+The
+\fBnologin\fR
+command displays a message that an account is not available and exits non\-zero\&. It is intended as a replacement shell field for accounts that have been disabled\&.
+.PP
+To disable all logins, investigate
+\fBnologin\fR(5)\&.
+.SH "SEE ALSO"
+.PP
+\fBlogin\fR(1),
+\fBnologin\fR(5)\&.
+.SH "HISTORY"
+.PP
+The
+\fBnologin\fR
+command appearred in BSD 4\&.4\&.
diff --git a/man/man8/pwck.8 b/man/man8/pwck.8
new file mode 100644
index 00000000..756fb143
--- /dev/null
+++ b/man/man8/pwck.8
@@ -0,0 +1,323 @@
+'\" t
+.\" Title: pwck
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "PWCK" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pwck \- verify integrity of password files
+.SH "SYNOPSIS"
+.HP \w'\fBpwck\fR\ 'u
+\fBpwck\fR [options] [\fIpasswd\fR\ [\ \fIshadow\fR\ ]]
+.SH "DESCRIPTION"
+.PP
+The
+\fBpwck\fR
+command verifies the integrity of the users and authentication information\&. It checks that all entries in
+/etc/passwd
+and
+/etc/shadow
+have the proper format and contain valid data\&. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors\&.
+.PP
+Checks are made to verify that each entry has:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+the correct number of fields
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+a unique and valid user name
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+a valid user and group identifier
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+a valid primary group
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+a valid home directory
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+a valid login shell
+.RE
+.PP
+shadow
+checks are enabled when a second file parameter is specified or when
+/etc/shadow
+exists on the system\&.
+.PP
+These checks are the following:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+every passwd entry has a matching shadow entry, and every shadow entry has a matching passwd entry
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+passwords are specified in the shadowed file
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+shadow entries have the correct number of fields
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+shadow entries are unique in shadow
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+the last password changes are not in the future
+.RE
+.PP
+The checks for correct number of fields and unique user name are fatal\&. If the entry has the wrong number of fields, the user will be prompted to delete the entire line\&. If the user does not answer affirmatively, all further checks are bypassed\&. An entry with a duplicated user name is prompted for deletion, but the remaining checks will still be made\&. All other errors are warning and the user is encouraged to run the
+\fBusermod\fR
+command to correct the error\&.
+.PP
+The commands which operate on the
+/etc/passwd
+file are not able to alter corrupted or duplicated entries\&.
+\fBpwck\fR
+should be used in those circumstances to remove the offending entry\&.
+.SH "OPTIONS"
+.PP
+The
+\fB\-r\fR
+and
+\fB\-s\fR
+options cannot be combined\&.
+.PP
+The options which apply to the
+\fBpwck\fR
+command are:
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-q\fR, \fB\-\-quiet\fR
+.RS 4
+Report errors only\&. The warnings which do not require any action from the user won\*(Aqt be displayed\&.
+.RE
+.PP
+\fB\-r\fR, \fB\-\-read\-only\fR
+.RS 4
+Execute the
+\fBpwck\fR
+command in read\-only mode\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-sort\fR
+.RS 4
+Sort entries in
+/etc/passwd
+and
+/etc/shadow
+by UID\&.
+.RE
+.PP
+By default,
+\fBpwck\fR
+operates on the files
+/etc/passwd
+and
+/etc/shadow\&. The user may select alternate files with the
+\fIpasswd\fR
+and
+\fIshadow\fR
+parameters\&.
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBPASS_MAX_DAYS\fR (number)
+.RS 4
+The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&.
+.RE
+.PP
+\fBPASS_MIN_DAYS\fR (number)
+.RS 4
+The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, \-1 will be assumed (which disables the restriction)\&.
+.RE
+.PP
+\fBPASS_WARN_AGE\fR (number)
+.RS 4
+The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&.
+.RE
+.SH "FILES"
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.PP
+/etc/shadow
+.RS 4
+Secure user account information\&.
+.RE
+.SH "EXIT VALUES"
+.PP
+The
+\fBpwck\fR
+command exits with the following values:
+.PP
+\fI0\fR
+.RS 4
+success
+.RE
+.PP
+\fI1\fR
+.RS 4
+invalid command syntax
+.RE
+.PP
+\fI2\fR
+.RS 4
+one or more bad password entries
+.RE
+.PP
+\fI3\fR
+.RS 4
+can\*(Aqt open password files
+.RE
+.PP
+\fI4\fR
+.RS 4
+can\*(Aqt lock password files
+.RE
+.PP
+\fI5\fR
+.RS 4
+can\*(Aqt update password files
+.RE
+.PP
+\fI6\fR
+.RS 4
+can\*(Aqt sort password files
+.RE
+.SH "SEE ALSO"
+.PP
+\fBgroup\fR(5),
+\fBgrpck\fR(8),
+\fBpasswd\fR(5),
+\fBshadow\fR(5),
+\fBusermod\fR(8)\&.
diff --git a/man/man8/pwconv.8 b/man/man8/pwconv.8
new file mode 100644
index 00000000..0f771544
--- /dev/null
+++ b/man/man8/pwconv.8
@@ -0,0 +1,193 @@
+'\" t
+.\" Title: pwconv
+.\" Author: Marek Michałkiewicz
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "PWCONV" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pwconv, pwunconv, grpconv, grpunconv \- convert to and from shadow passwords and groups
+.SH "SYNOPSIS"
+.HP \w'\fBpwconv\fR\ 'u
+\fBpwconv\fR [\fIoptions\fR]
+.HP \w'\fBpwunconv\fR\ 'u
+\fBpwunconv\fR [\fIoptions\fR]
+.HP \w'\fBgrpconv\fR\ 'u
+\fBgrpconv\fR [\fIoptions\fR]
+.HP \w'\fBgrpunconv\fR\ 'u
+\fBgrpunconv\fR [\fIoptions\fR]
+.SH "DESCRIPTION"
+.PP
+The
+\fBpwconv\fR
+command creates
+\fIshadow\fR
+from
+\fIpasswd\fR
+and an optionally existing
+\fIshadow\fR\&.
+.PP
+The
+\fBpwunconv\fR
+command creates
+\fIpasswd\fR
+from
+\fIpasswd\fR
+and
+\fIshadow\fR
+and then removes
+\fIshadow\fR\&.
+.PP
+The
+\fBgrpconv\fR
+command creates
+\fIgshadow\fR
+from
+\fIgroup\fR
+and an optionally existing
+\fIgshadow\fR\&.
+.PP
+The
+\fBgrpunconv\fR
+command creates
+\fIgroup\fR
+from
+\fIgroup\fR
+and
+\fIgshadow\fR
+and then removes
+\fIgshadow\fR\&.
+.PP
+These four programs all operate on the normal and shadow password and group files:
+/etc/passwd,
+/etc/group,
+/etc/shadow, and
+/etc/gshadow\&.
+.PP
+Each program acquires the necessary locks before conversion\&.
+\fBpwconv\fR
+and
+\fBgrpconv\fR
+are similar\&. First, entries in the shadowed file which don\*(Aqt exist in the main file are removed\&. Then, shadowed entries which don\*(Aqt have `x\*(Aq as the password in the main file are updated\&. Any missing shadowed entries are added\&. Finally, passwords in the main file are replaced with `x\*(Aq\&. These programs can be used for initial conversion as well to update the shadowed file if the main file is edited by hand\&.
+.PP
+\fBpwconv\fR
+will use the values of
+\fIPASS_MIN_DAYS\fR,
+\fIPASS_MAX_DAYS\fR, and
+\fIPASS_WARN_AGE\fR
+from
+/etc/login\&.defs
+when adding new entries to
+/etc/shadow\&.
+.PP
+Likewise
+\fBpwunconv\fR
+and
+\fBgrpunconv\fR
+are similar\&. Passwords in the main file are updated from the shadowed file\&. Entries which exist in the main file but not in the shadowed file are left alone\&. Finally, the shadowed file is removed\&. Some password aging information is lost by
+\fBpwunconv\fR\&. It will convert what it can\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBpwconv\fR,
+\fBpwunconv\fR,
+\fBgrpconv\fR, and
+\fBgrpunconv\fR
+commands are:
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.SH "BUGS"
+.PP
+Errors in the password or group files (such as invalid or duplicate entries) may cause these programs to loop forever or fail in other strange ways\&. Please run
+\fBpwck\fR
+and
+\fBgrpck\fR
+to correct any such errors before converting to or from shadow passwords or groups\&.
+.SH "CONFIGURATION"
+.PP
+The following configuration variable in
+/etc/login\&.defs
+changes the behavior of
+\fBgrpconv\fR
+and
+\fBgrpunconv\fR:
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of
+\fBpwconv\fR:
+.PP
+\fBPASS_MAX_DAYS\fR (number)
+.RS 4
+The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&.
+.RE
+.PP
+\fBPASS_MIN_DAYS\fR (number)
+.RS 4
+The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, \-1 will be assumed (which disables the restriction)\&.
+.RE
+.PP
+\fBPASS_WARN_AGE\fR (number)
+.RS 4
+The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&.
+.RE
+.SH "FILES"
+.PP
+/etc/login\&.defs
+.RS 4
+Shadow password suite configuration\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBgrpck\fR(8),
+\fBlogin.defs\fR(5),
+\fBpwck\fR(8)\&.
diff --git a/man/man8/pwunconv.8 b/man/man8/pwunconv.8
new file mode 100644
index 00000000..6eed9e8b
--- /dev/null
+++ b/man/man8/pwunconv.8
@@ -0,0 +1 @@
+.so man8/pwconv.8
diff --git a/man/man8/sulogin.8 b/man/man8/sulogin.8
new file mode 100644
index 00000000..ce3d43a1
--- /dev/null
+++ b/man/man8/sulogin.8
@@ -0,0 +1,116 @@
+'\" t
+.\" Title: sulogin
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "SULOGIN" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+sulogin \- Single\-user login
+.SH "SYNTAX"
+.PP
+\fBsulogin\fR
+[\fItty\-device\fR]
+.SH "DESCRIPTION"
+.PP
+The
+\fBsulogin\fR
+command is invoked by
+\fBinit\fR
+prior to allowing the user access to the system when in single user mode\&. This feature may only be available on certain systems where
+\fBinit\fR
+has been modified accordingly, or where the
+/etc/inittab
+has an entry for a single user login\&.
+.PP
+The user is prompted
+.PP
+Type control\-d to proceed with normal startup,
+(or give root password for system maintenance):
+.PP
+Input and output will be performed with the standard file descriptors unless the optional device name argument is provided\&.
+.PP
+If the user enters the correct root password, a login session is initiated\&. When
+\fIEOF\fR
+is pressed instead, the system enters multi\-user mode\&.
+.PP
+After the user exits the single\-user shell, or presses
+\fIEOF\fR, the system begins the initialization process required to enter multi\-user mode\&.
+.SH "CAVEATS"
+.PP
+This command can only be used if
+\fBinit\fR
+has been modified to call
+\fBsulogin\fR
+instead of
+/bin/sh, or if the user has set the
+\fIinittab\fR
+to support a single user login\&. For example, the line:
+.PP
+co:s:respawn:/etc/sulogin /dev/console
+.PP
+should execute the sulogin command in single user mode\&.
+.PP
+As complete an environment as possible is created\&. However, various devices may be unmounted or uninitialized and many of the user commands may be unavailable or nonfunctional as a result\&.
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBENV_HZ\fR (string)
+.RS 4
+If set, it will be used to define the HZ environment variable when a user login\&. The value must be preceded by
+\fIHZ=\fR\&. A common value on Linux is
+\fIHZ=100\fR\&.
+.RE
+.PP
+\fBENV_TZ\fR (string)
+.RS 4
+If set, it will be used to define the TZ environment variable when a user login\&. The value can be the name of a timezone preceded by
+\fITZ=\fR
+(for example
+\fITZ=CST6CDT\fR), or the full path to the file containing the timezone specification (for example
+/etc/tzname)\&.
+.sp
+If a full path is specified but the file does not exist or cannot be read, the default is to use
+\fITZ=CST6CDT\fR\&.
+.RE
+.SH "FILES"
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.PP
+/etc/shadow
+.RS 4
+Secure user account information\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBlogin\fR(1),
+\fBsh\fR(1),
+\fBinit\fR(8)\&.
diff --git a/man/man8/useradd.8 b/man/man8/useradd.8
new file mode 100644
index 00000000..e6dab293
--- /dev/null
+++ b/man/man8/useradd.8
@@ -0,0 +1,746 @@
+'\" t
+.\" Title: useradd
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "USERADD" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+useradd \- create a new user or update default new user information
+.SH "SYNOPSIS"
+.HP \w'\fBuseradd\fR\ 'u
+\fBuseradd\fR [\fIoptions\fR] \fILOGIN\fR
+.HP \w'\fBuseradd\fR\ 'u
+\fBuseradd\fR \-D
+.HP \w'\fBuseradd\fR\ 'u
+\fBuseradd\fR \-D [\fIoptions\fR]
+.SH "DESCRIPTION"
+.PP
+When invoked without the
+\fB\-D\fR
+option, the
+\fBuseradd\fR
+command creates a new user account using the values specified on the command line plus the default values from the system\&. Depending on command line options, the
+\fBuseradd\fR
+command will update system files and may also create the new user\*(Aqs home directory and copy initial files\&.
+.PP
+By default, a group will also be created for the new user (see
+\fB\-g\fR,
+\fB\-N\fR,
+\fB\-U\fR, and
+\fBUSERGROUPS_ENAB\fR)\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBuseradd\fR
+command are:
+.PP
+\fB\-b\fR, \fB\-\-base\-dir\fR\ \&\fIBASE_DIR\fR
+.RS 4
+The default base directory for the system if
+\fB\-d\fR\ \&\fIHOME_DIR\fR
+is not specified\&.
+\fIBASE_DIR\fR
+is concatenated with the account name to define the home directory\&. If the
+\fB\-m\fR
+option is not used,
+\fIBASE_DIR\fR
+must exist\&.
+.sp
+If this option is not specified,
+\fBuseradd\fR
+will use the base directory specified by the
+\fBHOME\fR
+variable in
+/etc/default/useradd, or
+/home
+by default\&.
+.RE
+.PP
+\fB\-c\fR, \fB\-\-comment\fR\ \&\fICOMMENT\fR
+.RS 4
+Any text string\&. It is generally a short description of the login, and is currently used as the field for the user\*(Aqs full name\&.
+.RE
+.PP
+\fB\-d\fR, \fB\-\-home\-dir\fR\ \&\fIHOME_DIR\fR
+.RS 4
+The new user will be created using
+\fIHOME_DIR\fR
+as the value for the user\*(Aqs login directory\&. The default is to append the
+\fILOGIN\fR
+name to
+\fIBASE_DIR\fR
+and use that as the login directory name\&. The directory
+\fIHOME_DIR\fR
+does not have to exist but will not be created if it is missing\&.
+.RE
+.PP
+\fB\-D\fR, \fB\-\-defaults\fR
+.RS 4
+See below, the subsection "Changing the default values"\&.
+.RE
+.PP
+\fB\-e\fR, \fB\-\-expiredate\fR\ \&\fIEXPIRE_DATE\fR
+.RS 4
+The date on which the user account will be disabled\&. The date is specified in the format
+\fIYYYY\-MM\-DD\fR\&.
+.sp
+If not specified,
+\fBuseradd\fR
+will use the default expiry date specified by the
+\fBEXPIRE\fR
+variable in
+/etc/default/useradd, or an empty string (no expiry) by default\&.
+.RE
+.PP
+\fB\-f\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
+.RS 4
+The number of days after a password expires until the account is permanently disabled\&. A value of 0 disables the account as soon as the password has expired, and a value of \-1 disables the feature\&.
+.sp
+If not specified,
+\fBuseradd\fR
+will use the default inactivity period specified by the
+\fBINACTIVE\fR
+variable in
+/etc/default/useradd, or \-1 by default\&.
+.RE
+.PP
+\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGROUP\fR
+.RS 4
+The group name or number of the user\*(Aqs initial login group\&. The group name must exist\&. A group number must refer to an already existing group\&.
+.sp
+If not specified, the behavior of
+\fBuseradd\fR
+will depend on the
+\fBUSERGROUPS_ENAB\fR
+variable in
+/etc/login\&.defs\&. If this variable is set to
+\fIyes\fR
+(or
+\fB\-U/\-\-user\-group\fR
+is specified on the command line), a group will be created for the user, with the same name as her loginname\&. If the variable is set to
+\fIno\fR
+(or
+\fB\-N/\-\-no\-user\-group\fR
+is specified on the command line), useradd will set the primary group of the new user to the value specified by the
+\fBGROUP\fR
+variable in
+/etc/default/useradd, or 100 by default\&.
+.RE
+.PP
+\fB\-G\fR, \fB\-\-groups\fR\ \&\fIGROUP1\fR[\fI,GROUP2,\&.\&.\&.\fR[\fI,GROUPN\fR]]]
+.RS 4
+A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
+\fB\-g\fR
+option\&. The default is for the user to belong only to the initial group\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-k\fR, \fB\-\-skel\fR\ \&\fISKEL_DIR\fR
+.RS 4
+The skeleton directory, which contains files and directories to be copied in the user\*(Aqs home directory, when the home directory is created by
+\fBuseradd\fR\&.
+.sp
+This option is only valid if the
+\fB\-m\fR
+(or
+\fB\-\-create\-home\fR) option is specified\&.
+.sp
+If this option is not set, the skeleton directory is defined by the
+\fBSKEL\fR
+variable in
+/etc/default/useradd
+or, by default,
+/etc/skel\&.
+.sp
+If possible, the ACLs and extended attributes are copied\&.
+.RE
+.PP
+\fB\-K\fR, \fB\-\-key\fR\ \&\fIKEY\fR=\fIVALUE\fR
+.RS 4
+Overrides
+/etc/login\&.defs
+defaults (\fBUID_MIN\fR,
+\fBUID_MAX\fR,
+\fBUMASK\fR,
+\fBPASS_MAX_DAYS\fR
+and others)\&.
+
+Example:
+\fB\-K\fR\ \&\fIPASS_MAX_DAYS\fR=\fI\-1\fR
+can be used when creating system account to turn off password ageing, even though system account has no password at all\&. Multiple
+\fB\-K\fR
+options can be specified, e\&.g\&.:
+\fB\-K\fR\ \&\fIUID_MIN\fR=\fI100\fR\ \&
+\fB\-K\fR\ \&\fIUID_MAX\fR=\fI499\fR
+.RE
+.PP
+\fB\-l\fR, \fB\-\-no\-log\-init\fR
+.RS 4
+Do not add the user to the lastlog and faillog databases\&.
+.sp
+By default, the user\*(Aqs entries in the lastlog and faillog databases are resetted to avoid reusing the entry from a previously deleted user\&.
+.RE
+.PP
+\fB\-m\fR, \fB\-\-create\-home\fR
+.RS 4
+Create the user\*(Aqs home directory if it does not exist\&. The files and directories contained in the skeleton directory (which can be defined with the
+\fB\-k\fR
+option) will be copied to the home directory\&.
+.sp
+By default, if this option is not specified and
+\fBCREATE_HOME\fR
+is not enabled, no home directories are created\&.
+.RE
+.PP
+\fB\-M\fR
+.RS 4
+Do no create the user\*(Aqs home directory, even if the system wide setting from
+/etc/login\&.defs
+(\fBCREATE_HOME\fR) is set to
+\fIyes\fR\&.
+.RE
+.PP
+\fB\-N\fR, \fB\-\-no\-user\-group\fR
+.RS 4
+Do not create a group with the same name as the user, but add the user to the group specified by the
+\fB\-g\fR
+option or by the
+\fBGROUP\fR
+variable in
+/etc/default/useradd\&.
+.sp
+The default behavior (if the
+\fB\-g\fR,
+\fB\-N\fR, and
+\fB\-U\fR
+options are not specified) is defined by the
+\fBUSERGROUPS_ENAB\fR
+variable in
+/etc/login\&.defs\&.
+.RE
+.PP
+\fB\-o\fR, \fB\-\-non\-unique\fR
+.RS 4
+Allow the creation of a user account with a duplicate (non\-unique) UID\&.
+.sp
+This option is only valid in combination with the
+\fB\-u\fR
+option\&.
+.RE
+.PP
+\fB\-p\fR, \fB\-\-password\fR\ \&\fIPASSWORD\fR
+.RS 4
+The encrypted password, as returned by
+\fBcrypt\fR(3)\&. The default is to disable the password\&.
+.sp
+\fBNote:\fR
+This option is not recommended because the password (or encrypted password) will be visible by users listing the processes\&.
+.sp
+You should make sure the password respects the system\*(Aqs password policy\&.
+.RE
+.PP
+\fB\-r\fR, \fB\-\-system\fR
+.RS 4
+Create a system account\&.
+.sp
+System users will be created with no aging information in
+/etc/shadow, and their numeric identifiers are chosen in the
+\fBSYS_UID_MIN\fR\-\fBSYS_UID_MAX\fR
+range, defined in
+/etc/login\&.defs, instead of
+\fBUID_MIN\fR\-\fBUID_MAX\fR
+(and their
+\fBGID\fR
+counterparts for the creation of groups)\&.
+.sp
+Note that
+\fBuseradd\fR
+will not create a home directory for such an user, regardless of the default setting in
+/etc/login\&.defs
+(\fBCREATE_HOME\fR)\&. You have to specify the
+\fB\-m\fR
+options if you want a home directory for a system account to be created\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
+.RS 4
+The name of the user\*(Aqs login shell\&. The default is to leave this field blank, which causes the system to select the default login shell specified by the
+\fBSHELL\fR
+variable in
+/etc/default/useradd, or an empty string by default\&.
+.RE
+.PP
+\fB\-u\fR, \fB\-\-uid\fR\ \&\fIUID\fR
+.RS 4
+The numerical value of the user\*(Aqs ID\&. This value must be unique, unless the
+\fB\-o\fR
+option is used\&. The value must be non\-negative\&. The default is to use the smallest ID value greater than or equal to
+\fBUID_MIN\fR
+and greater than every other user\&.
+.sp
+See also the
+\fB\-r\fR
+option and the
+\fBUID_MAX\fR
+description\&.
+.RE
+.PP
+\fB\-U\fR, \fB\-\-user\-group\fR
+.RS 4
+Create a group with the same name as the user, and add the user to this group\&.
+.sp
+The default behavior (if the
+\fB\-g\fR,
+\fB\-N\fR, and
+\fB\-U\fR
+options are not specified) is defined by the
+\fBUSERGROUPS_ENAB\fR
+variable in
+/etc/login\&.defs\&.
+.RE
+.PP
+\fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
+.RS 4
+The SELinux user for the user\*(Aqs login\&. The default is to leave this field blank, which causes the system to select the default SELinux user\&.
+.RE
+.SS "Changing the default values"
+.PP
+When invoked with only the
+\fB\-D\fR
+option,
+\fBuseradd\fR
+will display the current default values\&. When invoked with
+\fB\-D\fR
+plus other options,
+\fBuseradd\fR
+will update the default values for the specified options\&. Valid default\-changing options are:
+.PP
+\fB\-b\fR, \fB\-\-base\-dir\fR\ \&\fIBASE_DIR\fR
+.RS 4
+The path prefix for a new user\*(Aqs home directory\&. The user\*(Aqs name will be affixed to the end of
+\fIBASE_DIR\fR
+to form the new user\*(Aqs home directory name, if the
+\fB\-d\fR
+option is not used when creating a new account\&.
+.sp
+This option sets the
+\fBHOME\fR
+variable in
+/etc/default/useradd\&.
+.RE
+.PP
+\fB\-e\fR, \fB\-\-expiredate\fR\ \&\fIEXPIRE_DATE\fR
+.RS 4
+The date on which the user account is disabled\&.
+.sp
+This option sets the
+\fBEXPIRE\fR
+variable in
+/etc/default/useradd\&.
+.RE
+.PP
+\fB\-f\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
+.RS 4
+The number of days after a password has expired before the account will be disabled\&.
+.sp
+This option sets the
+\fBINACTIVE\fR
+variable in
+/etc/default/useradd\&.
+.RE
+.PP
+\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGROUP\fR
+.RS 4
+The group name or ID for a new user\*(Aqs initial group (when the
+\fB\-N/\-\-no\-user\-group\fR
+is used or when the
+\fBUSERGROUPS_ENAB\fR
+variable is set to
+\fIno\fR
+in
+/etc/login\&.defs)\&. The named group must exist, and a numerical group ID must have an existing entry\&.
+.sp
+This option sets the
+\fBGROUP\fR
+variable in
+/etc/default/useradd\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
+.RS 4
+The name of a new user\*(Aqs login shell\&.
+.sp
+This option sets the
+\fBSHELL\fR
+variable in
+/etc/default/useradd\&.
+.RE
+.SH "NOTES"
+.PP
+The system administrator is responsible for placing the default user files in the
+/etc/skel/
+directory (or any other skeleton directory specified in
+/etc/default/useradd
+or on the command line)\&.
+.SH "CAVEATS"
+.PP
+You may not add a user to a NIS or LDAP group\&. This must be performed on the corresponding server\&.
+.PP
+Similarly, if the username already exists in an external user database such as NIS or LDAP,
+\fBuseradd\fR
+will deny the user account creation request\&.
+.PP
+Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
+.PP
+Usernames may only be up to 32 characters long\&.
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBCREATE_HOME\fR (boolean)
+.RS 4
+Indicate if a home directory should be created by default for new users\&.
+.sp
+This setting does not apply to system users, and can be overridden on the command line\&.
+.RE
+.PP
+\fBGID_MAX\fR (number), \fBGID_MIN\fR (number)
+.RS 4
+Range of group IDs used for the creation of regular groups by
+\fBuseradd\fR,
+\fBgroupadd\fR, or
+\fBnewusers\fR\&.
+.sp
+The default value for
+\fBGID_MIN\fR
+(resp\&.
+\fBGID_MAX\fR) is 1000 (resp\&. 60000)\&.
+.RE
+.PP
+\fBMAIL_DIR\fR (string)
+.RS 4
+The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&.
+.RE
+.PP
+\fBMAIL_FILE\fR (string)
+.RS 4
+Defines the location of the users mail spool files relatively to their home directory\&.
+.RE
+.PP
+The
+\fBMAIL_DIR\fR
+and
+\fBMAIL_FILE\fR
+variables are used by
+\fBuseradd\fR,
+\fBusermod\fR, and
+\fBuserdel\fR
+to create, move, or delete the user\*(Aqs mail spool\&.
+.PP
+If
+\fBMAIL_CHECK_ENAB\fR
+is set to
+\fIyes\fR, they are also used to define the
+\fBMAIL\fR
+environment variable\&.
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.PP
+\fBPASS_MAX_DAYS\fR (number)
+.RS 4
+The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&.
+.RE
+.PP
+\fBPASS_MIN_DAYS\fR (number)
+.RS 4
+The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, \-1 will be assumed (which disables the restriction)\&.
+.RE
+.PP
+\fBPASS_WARN_AGE\fR (number)
+.RS 4
+The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&.
+.RE
+.PP
+\fBSUB_GID_MIN\fR (number), \fBSUB_GID_MAX\fR (number), \fBSUB_GID_COUNT\fR (number)
+.RS 4
+If
+/etc/subuid
+exists, the commands
+\fBuseradd\fR
+and
+\fBnewusers\fR
+(unless the user already have subordinate group IDs) allocate
+\fBSUB_GID_COUNT\fR
+unused group IDs from the range
+\fBSUB_GID_MIN\fR
+to
+\fBSUB_GID_MAX\fR
+for each new user\&.
+.sp
+The default values for
+\fBSUB_GID_MIN\fR,
+\fBSUB_GID_MAX\fR,
+\fBSUB_GID_COUNT\fR
+are respectively 100000, 600100000 and 10000\&.
+.RE
+.PP
+\fBSUB_UID_MIN\fR (number), \fBSUB_UID_MAX\fR (number), \fBSUB_UID_COUNT\fR (number)
+.RS 4
+If
+/etc/subuid
+exists, the commands
+\fBuseradd\fR
+and
+\fBnewusers\fR
+(unless the user already have subordinate user IDs) allocate
+\fBSUB_UID_COUNT\fR
+unused user IDs from the range
+\fBSUB_UID_MIN\fR
+to
+\fBSUB_UID_MAX\fR
+for each new user\&.
+.sp
+The default values for
+\fBSUB_UID_MIN\fR,
+\fBSUB_UID_MAX\fR,
+\fBSUB_UID_COUNT\fR
+are respectively 100000, 600100000 and 10000\&.
+.RE
+.PP
+\fBSYS_GID_MAX\fR (number), \fBSYS_GID_MIN\fR (number)
+.RS 4
+Range of group IDs used for the creation of system groups by
+\fBuseradd\fR,
+\fBgroupadd\fR, or
+\fBnewusers\fR\&.
+.sp
+The default value for
+\fBSYS_GID_MIN\fR
+(resp\&.
+\fBSYS_GID_MAX\fR) is 101 (resp\&.
+\fBGID_MIN\fR\-1)\&.
+.RE
+.PP
+\fBSYS_UID_MAX\fR (number), \fBSYS_UID_MIN\fR (number)
+.RS 4
+Range of user IDs used for the creation of system users by
+\fBuseradd\fR
+or
+\fBnewusers\fR\&.
+.sp
+The default value for
+\fBSYS_UID_MIN\fR
+(resp\&.
+\fBSYS_UID_MAX\fR) is 101 (resp\&.
+\fBUID_MIN\fR\-1)\&.
+.RE
+.PP
+\fBUID_MAX\fR (number), \fBUID_MIN\fR (number)
+.RS 4
+Range of user IDs used for the creation of regular users by
+\fBuseradd\fR
+or
+\fBnewusers\fR\&.
+.sp
+The default value for
+\fBUID_MIN\fR
+(resp\&.
+\fBUID_MAX\fR) is 1000 (resp\&. 60000)\&.
+.RE
+.PP
+\fBUMASK\fR (number)
+.RS 4
+The file mode creation mask is initialized to this value\&. If not specified, the mask will be initialized to 022\&.
+.sp
+\fBuseradd\fR
+and
+\fBnewusers\fR
+use this mask to set the mode of the home directory they create
+.sp
+It is also used by
+\fBlogin\fR
+to define users\*(Aq initial umask\&. Note that this mask can be overridden by the user\*(Aqs GECOS line (if
+\fBQUOTAS_ENAB\fR
+is set) or by the specification of a limit with the
+\fIK\fR
+identifier in
+\fBlimits\fR(5)\&.
+.RE
+.PP
+\fBUSERGROUPS_ENAB\fR (boolean)
+.RS 4
+Enable setting of the umask group bits to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007) for non\-root users, if the uid is the same as gid, and username is the same as the primary group name\&.
+.sp
+If set to
+\fIyes\fR,
+\fBuserdel\fR
+will remove the user\*(Aqs group if it contains no more members, and
+\fBuseradd\fR
+will create by default a group with the name of the user\&.
+.RE
+.SH "FILES"
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.PP
+/etc/shadow
+.RS 4
+Secure user account information\&.
+.RE
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/gshadow
+.RS 4
+Secure group account information\&.
+.RE
+.PP
+/etc/default/useradd
+.RS 4
+Default values for account creation\&.
+.RE
+.PP
+/etc/skel/
+.RS 4
+Directory containing default files\&.
+.RE
+.PP
+/etc/subgid
+.RS 4
+Per user subordinate group IDs\&.
+.RE
+.PP
+/etc/subuid
+.RS 4
+Per user subordinate user IDs\&.
+.RE
+.PP
+/etc/login\&.defs
+.RS 4
+Shadow password suite configuration\&.
+.RE
+.SH "EXIT VALUES"
+.PP
+The
+\fBuseradd\fR
+command exits with the following values:
+.PP
+\fI0\fR
+.RS 4
+success
+.RE
+.PP
+\fI1\fR
+.RS 4
+can\*(Aqt update password file
+.RE
+.PP
+\fI2\fR
+.RS 4
+invalid command syntax
+.RE
+.PP
+\fI3\fR
+.RS 4
+invalid argument to option
+.RE
+.PP
+\fI4\fR
+.RS 4
+UID already in use (and no
+\fB\-o\fR)
+.RE
+.PP
+\fI6\fR
+.RS 4
+specified group doesn\*(Aqt exist
+.RE
+.PP
+\fI9\fR
+.RS 4
+username already in use
+.RE
+.PP
+\fI10\fR
+.RS 4
+can\*(Aqt update group file
+.RE
+.PP
+\fI12\fR
+.RS 4
+can\*(Aqt create home directory
+.RE
+.PP
+\fI14\fR
+.RS 4
+can\*(Aqt update SELinux user mapping
+.RE
+.SH "SEE ALSO"
+.PP
+\fBchfn\fR(1),
+\fBchsh\fR(1),
+\fBpasswd\fR(1),
+\fBcrypt\fR(3),
+\fBgroupadd\fR(8),
+\fBgroupdel\fR(8),
+\fBgroupmod\fR(8),
+\fBlogin.defs\fR(5),
+\fBnewusers\fR(8),
+\fBsubgid\fR(5), \fBsubuid\fR(5),\fBuserdel\fR(8),
+\fBusermod\fR(8)\&.
diff --git a/man/man8/userdel.8 b/man/man8/userdel.8
new file mode 100644
index 00000000..ec2ca32f
--- /dev/null
+++ b/man/man8/userdel.8
@@ -0,0 +1,298 @@
+'\" t
+.\" Title: userdel
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "USERDEL" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+userdel \- delete a user account and related files
+.SH "SYNOPSIS"
+.HP \w'\fBuserdel\fR\ 'u
+\fBuserdel\fR [options] \fILOGIN\fR
+.SH "DESCRIPTION"
+.PP
+The
+\fBuserdel\fR
+command modifies the system account files, deleting all entries that refer to the user name
+\fILOGIN\fR\&. The named user must exist\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBuserdel\fR
+command are:
+.PP
+\fB\-f\fR, \fB\-\-force\fR
+.RS 4
+This option forces the removal of the user account, even if the user is still logged in\&. It also forces
+\fBuserdel\fR
+to remove the user\*(Aqs home directory and mail spool, even if another user uses the same home directory or if the mail spool is not owned by the specified user\&. If
+\fBUSERGROUPS_ENAB\fR
+is defined to
+\fIyes\fR
+in
+/etc/login\&.defs
+and if a group exists with the same name as the deleted user, then this group will be removed, even if it is still the primary group of another user\&.
+.sp
+\fINote:\fR
+This option is dangerous and may leave your system in an inconsistent state\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-r\fR, \fB\-\-remove\fR
+.RS 4
+Files in the user\*(Aqs home directory will be removed along with the home directory itself and the user\*(Aqs mail spool\&. Files located in other file systems will have to be searched for and deleted manually\&.
+.sp
+The mail spool is defined by the
+\fBMAIL_DIR\fR
+variable in the
+login\&.defs
+file\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-Z\fR, \fB\-\-selinux\-user\fR
+.RS 4
+Remove any SELinux user mapping for the user\*(Aqs login\&.
+.RE
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBMAIL_DIR\fR (string)
+.RS 4
+The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&.
+.RE
+.PP
+\fBMAIL_FILE\fR (string)
+.RS 4
+Defines the location of the users mail spool files relatively to their home directory\&.
+.RE
+.PP
+The
+\fBMAIL_DIR\fR
+and
+\fBMAIL_FILE\fR
+variables are used by
+\fBuseradd\fR,
+\fBusermod\fR, and
+\fBuserdel\fR
+to create, move, or delete the user\*(Aqs mail spool\&.
+.PP
+If
+\fBMAIL_CHECK_ENAB\fR
+is set to
+\fIyes\fR, they are also used to define the
+\fBMAIL\fR
+environment variable\&.
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.PP
+\fBUSERDEL_CMD\fR (string)
+.RS 4
+If defined, this command is run when removing a user\&. It should remove any at/cron/print jobs etc\&. owned by the user to be removed (passed as the first argument)\&.
+.sp
+The return code of the script is not taken into account\&.
+.sp
+Here is an example script, which removes the user\*(Aqs cron, at and print jobs:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+#! /bin/sh
+
+# Check for the required argument\&.
+if [ $# != 1 ]; then
+ echo "Usage: $0 username"
+ exit 1
+fi
+
+# Remove cron jobs\&.
+crontab \-r \-u $1
+
+# Remove at jobs\&.
+# Note that it will remove any jobs owned by the same UID,
+# even if it was shared by a different username\&.
+AT_SPOOL_DIR=/var/spool/cron/atjobs
+find $AT_SPOOL_DIR \-name "[^\&.]*" \-type f \-user $1 \-delete \e;
+
+# Remove print jobs\&.
+lprm $1
+
+# All done\&.
+exit 0
+
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+.RE
+.PP
+\fBUSERGROUPS_ENAB\fR (boolean)
+.RS 4
+Enable setting of the umask group bits to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007) for non\-root users, if the uid is the same as gid, and username is the same as the primary group name\&.
+.sp
+If set to
+\fIyes\fR,
+\fBuserdel\fR
+will remove the user\*(Aqs group if it contains no more members, and
+\fBuseradd\fR
+will create by default a group with the name of the user\&.
+.RE
+.SH "FILES"
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/login\&.defs
+.RS 4
+Shadow password suite configuration\&.
+.RE
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.PP
+/etc/shadow
+.RS 4
+Secure user account information\&.
+.RE
+.PP
+/etc/subgid
+.RS 4
+Per user subordinate group IDs\&.
+.RE
+.PP
+/etc/subuid
+.RS 4
+Per user subordinate user IDs\&.
+.RE
+.SH "EXIT VALUES"
+.PP
+The
+\fBuserdel\fR
+command exits with the following values:
+.PP
+\fI0\fR
+.RS 4
+success
+.RE
+.PP
+\fI1\fR
+.RS 4
+can\*(Aqt update password file
+.RE
+.PP
+\fI2\fR
+.RS 4
+invalid command syntax
+.RE
+.PP
+\fI6\fR
+.RS 4
+specified user doesn\*(Aqt exist
+.RE
+.PP
+\fI8\fR
+.RS 4
+user currently logged in
+.RE
+.PP
+\fI10\fR
+.RS 4
+can\*(Aqt update group file
+.RE
+.PP
+\fI12\fR
+.RS 4
+can\*(Aqt remove home directory
+.RE
+.SH "CAVEATS"
+.PP
+\fBuserdel\fR
+will not allow you to remove an account if there are running processes which belong to this account\&. In that case, you may have to kill those processes or lock the user\*(Aqs password or account and remove the account later\&. The
+\fB\-f\fR
+option can force the deletion of this account\&.
+.PP
+You should manually check all file systems to ensure that no files remain owned by this user\&.
+.PP
+You may not remove any NIS attributes on a NIS client\&. This must be performed on the NIS server\&.
+.PP
+If
+\fBUSERGROUPS_ENAB\fR
+is defined to
+\fIyes\fR
+in
+/etc/login\&.defs,
+\fBuserdel\fR
+will delete the group with the same name as the user\&. To avoid inconsistencies in the passwd and group databases,
+\fBuserdel\fR
+will check that this group is not used as a primary group for another user, and will just warn without deleting the group otherwise\&. The
+\fB\-f\fR
+option can force the deletion of this group\&.
+.SH "SEE ALSO"
+.PP
+\fBchfn\fR(1),
+\fBchsh\fR(1),
+\fBpasswd\fR(1),
+\fBlogin.defs\fR(5),
+\fBgpasswd\fR(8),
+\fBgroupadd\fR(8),
+\fBgroupdel\fR(8),
+\fBgroupmod\fR(8),
+\fBsubgid\fR(5), \fBsubuid\fR(5),\fBuseradd\fR(8),
+\fBusermod\fR(8)\&.
diff --git a/man/man8/usermod.8 b/man/man8/usermod.8
new file mode 100644
index 00000000..c0a4f1ef
--- /dev/null
+++ b/man/man8/usermod.8
@@ -0,0 +1,445 @@
+'\" t
+.\" Title: usermod
+.\" Author: Julianne Frances Haugh
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "USERMOD" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+usermod \- modify a user account
+.SH "SYNOPSIS"
+.HP \w'\fBusermod\fR\ 'u
+\fBusermod\fR [\fIoptions\fR] \fILOGIN\fR
+.SH "DESCRIPTION"
+.PP
+The
+\fBusermod\fR
+command modifies the system account files to reflect the changes that are specified on the command line\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBusermod\fR
+command are:
+.PP
+\fB\-a\fR, \fB\-\-append\fR
+.RS 4
+Add the user to the supplementary group(s)\&. Use only with the
+\fB\-G\fR
+option\&.
+.RE
+.PP
+\fB\-c\fR, \fB\-\-comment\fR\ \&\fICOMMENT\fR
+.RS 4
+The new value of the user\*(Aqs password file comment field\&. It is normally modified using the
+\fBchfn\fR(1)
+utility\&.
+.RE
+.PP
+\fB\-d\fR, \fB\-\-home\fR\ \&\fIHOME_DIR\fR
+.RS 4
+The user\*(Aqs new login directory\&.
+.sp
+If the
+\fB\-m\fR
+option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&.
+.RE
+.PP
+\fB\-e\fR, \fB\-\-expiredate\fR\ \&\fIEXPIRE_DATE\fR
+.RS 4
+The date on which the user account will be disabled\&. The date is specified in the format
+\fIYYYY\-MM\-DD\fR\&.
+.sp
+An empty
+\fIEXPIRE_DATE\fR
+argument will disable the expiration of the account\&.
+.sp
+This option requires a
+/etc/shadow
+file\&. A
+/etc/shadow
+entry will be created if there were none\&.
+.RE
+.PP
+\fB\-f\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR
+.RS 4
+The number of days after a password expires until the account is permanently disabled\&.
+.sp
+A value of 0 disables the account as soon as the password has expired, and a value of \-1 disables the feature\&.
+.sp
+This option requires a
+/etc/shadow
+file\&. A
+/etc/shadow
+entry will be created if there were none\&.
+.RE
+.PP
+\fB\-g\fR, \fB\-\-gid\fR\ \&\fIGROUP\fR
+.RS 4
+The group name or number of the user\*(Aqs new initial login group\&. The group must exist\&.
+.sp
+Any file from the user\*(Aqs home directory owned by the previous primary group of the user will be owned by this new group\&.
+.sp
+The group ownership of files outside of the user\*(Aqs home directory must be fixed manually\&.
+.RE
+.PP
+\fB\-G\fR, \fB\-\-groups\fR\ \&\fIGROUP1\fR[\fI,GROUP2,\&.\&.\&.\fR[\fI,GROUPN\fR]]]
+.RS 4
+A list of supplementary groups which the user is also a member of\&. Each group is separated from the next by a comma, with no intervening whitespace\&. The groups are subject to the same restrictions as the group given with the
+\fB\-g\fR
+option\&.
+.sp
+If the user is currently a member of a group which is not listed, the user will be removed from the group\&. This behaviour can be changed via the
+\fB\-a\fR
+option, which appends the user to the current supplementary group list\&.
+.RE
+.PP
+\fB\-l\fR, \fB\-\-login\fR\ \&\fINEW_LOGIN\fR
+.RS 4
+The name of the user will be changed from
+\fILOGIN\fR
+to
+\fINEW_LOGIN\fR\&. Nothing else is changed\&. In particular, the user\*(Aqs home directory or mail spool should probably be renamed manually to reflect the new login name\&.
+.RE
+.PP
+\fB\-L\fR, \fB\-\-lock\fR
+.RS 4
+Lock a user\*(Aqs password\&. This puts a \*(Aq!\*(Aq in front of the encrypted password, effectively disabling the password\&. You can\*(Aqt use this option with
+\fB\-p\fR
+or
+\fB\-U\fR\&.
+.sp
+Note: if you wish to lock the account (not only access with a password), you should also set the
+\fIEXPIRE_DATE\fR
+to
+\fI1\fR\&.
+.RE
+.PP
+\fB\-m\fR, \fB\-\-move\-home\fR
+.RS 4
+Move the content of the user\*(Aqs home directory to the new location\&.
+.sp
+This option is only valid in combination with the
+\fB\-d\fR
+(or
+\fB\-\-home\fR) option\&.
+.sp
+\fBusermod\fR
+will try to adapt the ownership of the files and to copy the modes, ACL and extended attributes, but manual changes might be needed afterwards\&.
+.RE
+.PP
+\fB\-o\fR, \fB\-\-non\-unique\fR
+.RS 4
+When used with the
+\fB\-u\fR
+option, this option allows to change the user ID to a non\-unique value\&.
+.RE
+.PP
+\fB\-p\fR, \fB\-\-password\fR\ \&\fIPASSWORD\fR
+.RS 4
+The encrypted password, as returned by
+\fBcrypt\fR(3)\&.
+.sp
+\fBNote:\fR
+This option is not recommended because the password (or encrypted password) will be visible by users listing the processes\&.
+.sp
+You should make sure the password respects the system\*(Aqs password policy\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-shell\fR\ \&\fISHELL\fR
+.RS 4
+The name of the user\*(Aqs new login shell\&. Setting this field to blank causes the system to select the default login shell\&.
+.RE
+.PP
+\fB\-u\fR, \fB\-\-uid\fR\ \&\fIUID\fR
+.RS 4
+The new numerical value of the user\*(Aqs ID\&.
+.sp
+This value must be unique, unless the
+\fB\-o\fR
+option is used\&. The value must be non\-negative\&.
+.sp
+The user\*(Aqs mailbox, and any files which the user owns and which are located in the user\*(Aqs home directory will have the file user ID changed automatically\&.
+.sp
+The ownership of files outside of the user\*(Aqs home directory must be fixed manually\&.
+.sp
+No checks will be performed with regard to the
+\fBUID_MIN\fR,
+\fBUID_MAX\fR,
+\fBSYS_UID_MIN\fR, or
+\fBSYS_UID_MAX\fR
+from
+/etc/login\&.defs\&.
+.RE
+.PP
+\fB\-U\fR, \fB\-\-unlock\fR
+.RS 4
+Unlock a user\*(Aqs password\&. This removes the \*(Aq!\*(Aq in front of the encrypted password\&. You can\*(Aqt use this option with
+\fB\-p\fR
+or
+\fB\-L\fR\&.
+.sp
+Note: if you wish to unlock the account (not only access with a password), you should also set the
+\fIEXPIRE_DATE\fR
+(for example to
+\fI99999\fR, or to the
+\fBEXPIRE\fR
+value from
+/etc/default/useradd)\&.
+.RE
+.PP
+\fB\-v\fR, \fB\-\-add\-sub\-uids\fR\ \&\fIFIRST\fR\-\fILAST\fR
+.RS 4
+Add a range of subordinate uids to the user\*(Aqs account\&.
+.sp
+This option may be specified multiple times to add multiple ranges to a users account\&.
+.sp
+No checks will be performed with regard to
+\fBSUB_UID_MIN\fR,
+\fBSUB_UID_MAX\fR, or
+\fBSUB_UID_COUNT\fR
+from /etc/login\&.defs\&.
+.RE
+.PP
+\fB\-V\fR, \fB\-\-del\-sub\-uids\fR\ \&\fIFIRST\fR\-\fILAST\fR
+.RS 4
+Remove a range of subordinate uids from the user\*(Aqs account\&.
+.sp
+This option may be specified multiple times to remove multiple ranges to a users account\&. When both
+\fB\-\-del\-sub\-uids\fR
+and
+\fB\-\-add\-sub\-uids\fR
+are specified, the removal of all subordinate uid ranges happens before any subordinate uid range is added\&.
+.sp
+No checks will be performed with regard to
+\fBSUB_UID_MIN\fR,
+\fBSUB_UID_MAX\fR, or
+\fBSUB_UID_COUNT\fR
+from /etc/login\&.defs\&.
+.RE
+.PP
+\fB\-w\fR, \fB\-\-add\-sub\-gids\fR\ \&\fIFIRST\fR\-\fILAST\fR
+.RS 4
+Add a range of subordinate gids to the user\*(Aqs account\&.
+.sp
+This option may be specified multiple times to add multiple ranges to a users account\&.
+.sp
+No checks will be performed with regard to
+\fBSUB_GID_MIN\fR,
+\fBSUB_GID_MAX\fR, or
+\fBSUB_GID_COUNT\fR
+from /etc/login\&.defs\&.
+.RE
+.PP
+\fB\-W\fR, \fB\-\-del\-sub\-gids\fR\ \&\fIFIRST\fR\-\fILAST\fR
+.RS 4
+Remove a range of subordinate gids from the user\*(Aqs account\&.
+.sp
+This option may be specified multiple times to remove multiple ranges to a users account\&. When both
+\fB\-\-del\-sub\-gids\fR
+and
+\fB\-\-add\-sub\-gids\fR
+are specified, the removal of all subordinate gid ranges happens before any subordinate gid range is added\&.
+.sp
+No checks will be performed with regard to
+\fBSUB_GID_MIN\fR,
+\fBSUB_GID_MAX\fR, or
+\fBSUB_GID_COUNT\fR
+from /etc/login\&.defs\&.
+.RE
+.PP
+\fB\-Z\fR, \fB\-\-selinux\-user\fR\ \&\fISEUSER\fR
+.RS 4
+The new SELinux user for the user\*(Aqs login\&.
+.sp
+A blank
+\fISEUSER\fR
+will remove the SELinux user mapping for user
+\fILOGIN\fR
+(if any)\&.
+.RE
+.SH "CAVEATS"
+.PP
+You must make certain that the named user is not executing any processes when this command is being executed if the user\*(Aqs numerical user ID, the user\*(Aqs name, or the user\*(Aqs home directory is being changed\&.
+\fBusermod\fR
+checks this on Linux, but only check if the user is logged in according to utmp on other architectures\&.
+.PP
+You must change the owner of any
+\fBcrontab\fR
+files or
+\fBat\fR
+jobs manually\&.
+.PP
+You must make any changes involving NIS on the NIS server\&.
+.SH "CONFIGURATION"
+.PP
+The following configuration variables in
+/etc/login\&.defs
+change the behavior of this tool:
+.PP
+\fBMAIL_DIR\fR (string)
+.RS 4
+The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&.
+.RE
+.PP
+\fBMAIL_FILE\fR (string)
+.RS 4
+Defines the location of the users mail spool files relatively to their home directory\&.
+.RE
+.PP
+The
+\fBMAIL_DIR\fR
+and
+\fBMAIL_FILE\fR
+variables are used by
+\fBuseradd\fR,
+\fBusermod\fR, and
+\fBuserdel\fR
+to create, move, or delete the user\*(Aqs mail spool\&.
+.PP
+If
+\fBMAIL_CHECK_ENAB\fR
+is set to
+\fIyes\fR, they are also used to define the
+\fBMAIL\fR
+environment variable\&.
+.PP
+\fBMAX_MEMBERS_PER_GROUP\fR (number)
+.RS 4
+Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
+/etc/group
+(with the same name, same password, and same GID)\&.
+.sp
+The default value is 0, meaning that there are no limits in the number of members in a group\&.
+.sp
+This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
+.sp
+If you need to enforce such limit, you can use 25\&.
+.sp
+Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
+.RE
+.PP
+\fBSUB_GID_MIN\fR (number), \fBSUB_GID_MAX\fR (number), \fBSUB_GID_COUNT\fR (number)
+.RS 4
+If
+/etc/subuid
+exists, the commands
+\fBuseradd\fR
+and
+\fBnewusers\fR
+(unless the user already have subordinate group IDs) allocate
+\fBSUB_GID_COUNT\fR
+unused group IDs from the range
+\fBSUB_GID_MIN\fR
+to
+\fBSUB_GID_MAX\fR
+for each new user\&.
+.sp
+The default values for
+\fBSUB_GID_MIN\fR,
+\fBSUB_GID_MAX\fR,
+\fBSUB_GID_COUNT\fR
+are respectively 100000, 600100000 and 10000\&.
+.RE
+.PP
+\fBSUB_UID_MIN\fR (number), \fBSUB_UID_MAX\fR (number), \fBSUB_UID_COUNT\fR (number)
+.RS 4
+If
+/etc/subuid
+exists, the commands
+\fBuseradd\fR
+and
+\fBnewusers\fR
+(unless the user already have subordinate user IDs) allocate
+\fBSUB_UID_COUNT\fR
+unused user IDs from the range
+\fBSUB_UID_MIN\fR
+to
+\fBSUB_UID_MAX\fR
+for each new user\&.
+.sp
+The default values for
+\fBSUB_UID_MIN\fR,
+\fBSUB_UID_MAX\fR,
+\fBSUB_UID_COUNT\fR
+are respectively 100000, 600100000 and 10000\&.
+.RE
+.SH "FILES"
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/gshadow
+.RS 4
+Secure group account information\&.
+.RE
+.PP
+/etc/login\&.defs
+.RS 4
+Shadow password suite configuration\&.
+.RE
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.PP
+/etc/shadow
+.RS 4
+Secure user account information\&.
+.RE
+.PP
+/etc/subgid
+.RS 4
+Per user subordinate group IDs\&.
+.RE
+.PP
+/etc/subuid
+.RS 4
+Per user subordinate user IDs\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBchfn\fR(1),
+\fBchsh\fR(1),
+\fBpasswd\fR(1),
+\fBcrypt\fR(3),
+\fBgpasswd\fR(8),
+\fBgroupadd\fR(8),
+\fBgroupdel\fR(8),
+\fBgroupmod\fR(8),
+\fBlogin.defs\fR(5),
+\fBsubgid\fR(5), \fBsubuid\fR(5),\fBuseradd\fR(8),
+\fBuserdel\fR(8)\&.
diff --git a/man/man8/vigr.8 b/man/man8/vigr.8
new file mode 100644
index 00000000..ff72d7ae
--- /dev/null
+++ b/man/man8/vigr.8
@@ -0,0 +1 @@
+.so man8/vipw.8
diff --git a/man/man8/vipw.8 b/man/man8/vipw.8
new file mode 100644
index 00000000..7fffae68
--- /dev/null
+++ b/man/man8/vipw.8
@@ -0,0 +1,137 @@
+'\" t
+.\" Title: vipw
+.\" Author: Marek Michałkiewicz
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 05/09/2014
+.\" Manual: System Management Commands
+.\" Source: shadow-utils 4.2.1
+.\" Language: English
+.\"
+.TH "VIPW" "8" "05/09/2014" "shadow\-utils 4\&.2\&.1" "System Management Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+vipw, vigr \- edit the password, group, shadow\-password or shadow\-group file
+.SH "SYNOPSIS"
+.HP \w'\fBvipw\fR\ 'u
+\fBvipw\fR [\fIoptions\fR]
+.HP \w'\fBvigr\fR\ 'u
+\fBvigr\fR [\fIoptions\fR]
+.SH "DESCRIPTION"
+.PP
+The
+\fBvipw\fR
+and
+\fBvigr\fR
+commands edits the files
+/etc/passwd
+and
+/etc/group, respectively\&. With the
+\fB\-s\fR
+flag, they will edit the shadow versions of those files,
+/etc/shadow
+and
+/etc/gshadow, respectively\&. The programs will set the appropriate locks to prevent file corruption\&. When looking for an editor, the programs will first try the environment variable
+\fB$VISUAL\fR, then the environment variable
+\fB$EDITOR\fR, and finally the default editor,
+\fBvi\fR(1)\&.
+.SH "OPTIONS"
+.PP
+The options which apply to the
+\fBvipw\fR
+and
+\fBvigr\fR
+commands are:
+.PP
+\fB\-g\fR, \fB\-\-group\fR
+.RS 4
+Edit group database\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Display help message and exit\&.
+.RE
+.PP
+\fB\-p\fR, \fB\-\-passwd\fR
+.RS 4
+Edit passwd database\&.
+.RE
+.PP
+\fB\-q\fR, \fB\-\-quiet\fR
+.RS 4
+Quiet mode\&.
+.RE
+.PP
+\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
+.RS 4
+Apply changes in the
+\fICHROOT_DIR\fR
+directory and use the configuration files from the
+\fICHROOT_DIR\fR
+directory\&.
+.RE
+.PP
+\fB\-s\fR, \fB\-\-shadow\fR
+.RS 4
+Edit shadow or gshadow database\&.
+.RE
+.SH "ENVIRONMENT"
+.PP
+\fBVISUAL\fR
+.RS 4
+Editor to be used\&.
+.RE
+.PP
+\fBEDITOR\fR
+.RS 4
+Editor to be used if
+\fBVISUAL\fR
+is not set\&.
+.RE
+.SH "FILES"
+.PP
+/etc/group
+.RS 4
+Group account information\&.
+.RE
+.PP
+/etc/gshadow
+.RS 4
+Secure group account information\&.
+.RE
+.PP
+/etc/passwd
+.RS 4
+User account information\&.
+.RE
+.PP
+/etc/shadow
+.RS 4
+Secure user account information\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBvi\fR(1),
+\fBgroup\fR(5),
+\fBgshadow\fR(5)
+,
+\fBpasswd\fR(5), ,
+\fBshadow\fR(5)\&.