diff options
Diffstat (limited to 'man/zh_CN/man5/login.defs.5')
-rw-r--r-- | man/zh_CN/man5/login.defs.5 | 263 |
1 files changed, 138 insertions, 125 deletions
diff --git a/man/zh_CN/man5/login.defs.5 b/man/zh_CN/man5/login.defs.5 index b5ebccb5..71816917 100644 --- a/man/zh_CN/man5/login.defs.5 +++ b/man/zh_CN/man5/login.defs.5 @@ -2,12 +2,12 @@ .\" Title: login.defs .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 2019-06-13 +.\" Date: 2019-12-01 .\" Manual: 文件格式和转化 -.\" Source: shadow-utils 4.7 +.\" Source: shadow-utils 4.8 .\" Language: Chinese Simplified .\" -.TH "LOGIN\&.DEFS" "5" "2019-06-13" "shadow\-utils 4\&.7" "文件格式和转化" +.TH "LOGIN\&.DEFS" "5" "2019-12-01" "shadow\-utils 4\&.8" "文件格式和转化" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -50,9 +50,10 @@ value\&. Numbers (both regular and long) may be either decimal values, octal val .PP \fBCHFN_AUTH\fR (boolean) .RS 4 -如果为 -\fIyes\fR,\fBchfn\fR -进行任何更改前都要要求认证,除非由超级用户运行。 +If +\fIyes\fR, the +\fBchfn\fR +program will require authentication before making any changes, unless run by the superuser\&. .RE .PP \fBCHFN_RESTRICT\fR (string) @@ -81,9 +82,10 @@ SUID\&. .PP \fBCHSH_AUTH\fR (boolean) .RS 4 -如果 -\fIyes\fR,\fBchsh\fR -程序在做任何更改之前都会要求认证,除非是以超级用户身份运行的。 +If +\fIyes\fR, the +\fBchsh\fR +program will require authentication before making any changes, unless run by the superuser\&. .RE .PP \fBCONSOLE\fR (string) @@ -97,8 +99,9 @@ SUID\&. .PP \fBCONSOLE_GROUPS\fR (string) .RS 4 -在控制台登录时,添加到用户附加组集中的组列表(就如 CONSOLE 所确定的)。默认是无。 -使用时需要注意:这可能使用户获取这些组的永久权限,甚至登录到的不是此控制台时。 +List of groups to add to the user\*(Aqs supplementary groups set when logging in on the console (as determined by the CONSOLE setting)\&. Default is none\&. + +Use with caution \- it is possible for users to gain permanent access to these groups, even when not logged in on the console\&. .RE .PP \fBCREATE_HOME\fR (boolean) @@ -112,29 +115,29 @@ SUID\&. .RS 4 如果不能 cd 到主目录时,说明是否允许登录。默认是否。 .sp -如果设置为 -\fIyes\fR,如果不能 cd 到主目录时,用户将会登录到根目录(/)。 +If set to +\fIyes\fR, the user will login in the root (/) directory if it is not possible to cd to her home directory\&. .RE .PP \fBENCRYPT_METHOD\fR (string) .RS 4 这定义了系统加密密码的默认算法(如果没有在命令行上指定算法)。 .sp -可以使用如下值:\fIDES\fR +It can take one of these values: +\fIDES\fR (default), \fIMD5\fR, \fISHA256\fR, \fISHA512\fR\&. .sp -注意,此参数会覆盖 +Note: this parameter overrides the \fBMD5_CRYPT_ENAB\fR -变量。 +variable\&. .RE .PP \fBENV_HZ\fR (string) .RS 4 -如果设置了,将会用于在用户登录时定义 HZ 环境变量。值必须以 -\fIHZ=\fR -开头。Linux 上的常用值是 -\fIHZ=100\fR。 +If set, it will be used to define the HZ environment variable when a user login\&. The value must be preceded by +\fIHZ=\fR\&. A common value on Linux is +\fIHZ=100\fR\&. .RE .PP \fBENV_PATH\fR (string) @@ -155,14 +158,14 @@ If set, it will be used to define the PATH environment variable when the superus .PP \fBENV_TZ\fR (string) .RS 4 -如果设置了,它将用于在用户登录时定义 TZ 环境变量。此值可以是以 +If set, it will be used to define the TZ environment variable when a user login\&. The value can be the name of a timezone preceded by \fITZ=\fR -开头的时区名(例如 -\fITZ=CST6CDT\fR),或者是包含时区规则的文件完整路径(例如 -/etc/tzname)。 +(for example +\fITZ=CST6CDT\fR), or the full path to the file containing the timezone specification (for example +/etc/tzname)\&. .sp -如果将完整路径指定为了一个不存在或不可读的文件,则默认使用 -\fITZ=CST6CDT\fR。 +If a full path is specified but the file does not exist or cannot be read, the default is to use +\fITZ=CST6CDT\fR\&. .RE .PP \fBENVIRON_FILE\fR (string) @@ -174,10 +177,10 @@ If set, it will be used to define the PATH environment variable when the superus .PP \fBERASECHAR\fR (number) .RS 4 -终端擦除字符 (\fI010\fR +Terminal ERASE character (\fI010\fR = backspace, \fI0177\fR -= DEL)。 += DEL)\&. .sp 此值可以使用前缀\(lq0\(rq表示八进制,\(lq0x\(rq表示十六进制。 .RE @@ -189,17 +192,17 @@ If set, it will be used to define the PATH environment variable when the superus .PP \fBFAILLOG_ENAB\fR (boolean) .RS 4 -允许登录并显示 +Enable logging and display of /var/log/faillog -登录失败信息。 +login failure info\&. .RE .PP \fBFAKE_SHELL\fR (string) .RS 4 -如果设置了,\fBlogin\fR -将执行此 shell 而不是在 -/etc/passwd -中指定的用户 shell。 +If set, +\fBlogin\fR +will execute this shell instead of the users\*(Aq shell specified in +/etc/passwd\&. .RE .PP \fBFTMP_FILE\fR (string) @@ -209,15 +212,15 @@ If set, it will be used to define the PATH environment variable when the superus .PP \fBGID_MAX\fR (number), \fBGID_MIN\fR (number) .RS 4 -\fBuseradd\fR,\fBgroupadd\fR -或 -\fBnewusers\fR -创建的常规组的组 ID 的范围。 +Range of group IDs used for the creation of regular groups by +\fBuseradd\fR, +\fBgroupadd\fR, or +\fBnewusers\fR\&. .sp +The default value for \fBGID_MIN\fR -和 -\fBGID_MAX\fR -的默认值分别是 1000 和 60000。 +(resp\&. +\fBGID_MAX\fR) is 1000 (resp\&. 60000)\&. .RE .PP \fBHUSHLOGIN_FILE\fR (string) @@ -232,8 +235,8 @@ If defined, this file can inhibit all the usual chatter during the login sequenc .PP \fBKILLCHAR\fR (number) .RS 4 -终端 KILL 字符 (\fI025\fR -= CTRL/U)。 +Terminal KILL character (\fI025\fR += CTRL/U)\&. .sp 此值可以使用前缀\(lq0\(rq表示八进制,\(lq0x\(rq表示十六进制。 .RE @@ -273,8 +276,8 @@ option present in the configuration means that there is no user ID limit for wri .RS 4 此字符串用于提示输入密码。默认是 "Password: ",或者翻译了的结果(汉语中翻译为了\(lq密码:\(rq)。如果设置了此变量,提示不会被翻译。 .sp -如果字符串包含 -\fI%s\fR,将会被用户名替换。 +If the string contains +\fI%s\fR, this will be replaced by the user\*(Aqs name\&. .RE .PP \fBLOGIN_TIMEOUT\fR (number) @@ -299,27 +302,28 @@ option present in the configuration means that there is no user ID limit for wri 定义用户邮箱文件的位置(相对于主目录)。 .RE .PP +The \fBMAIL_DIR\fR and \fBMAIL_FILE\fR -变量由 -\fBuseradd\fR,\fBusermod\fR -和 +variables are used by +\fBuseradd\fR, +\fBusermod\fR, and \fBuserdel\fR -用于创建、移动或删除用户邮箱。 +to create, move, or delete the user\*(Aqs mail spool\&. .PP -如果 +If \fBMAIL_CHECK_ENAB\fR -设置为 -\fIyes\fR,它们也被用于定义 +is set to +\fIyes\fR, they are also used to define the \fBMAIL\fR -环境变量。 +environment variable\&. .PP \fBMAX_MEMBERS_PER_GROUP\fR (number) .RS 4 -每个组条目的最大成员数。达到最大值时,在 +Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in /etc/group -开始一个新条目(行)(使用同样的名称,同样的密码,同样的 GID)。 +(with the same name, same password, and same GID)\&. .sp 默认值是 0,意味着组中的成员数没有限制。 .sp @@ -332,17 +336,18 @@ and .PP \fBMD5_CRYPT_ENAB\fR (boolean) .RS 4 -表示密码是否必须使用基于 MD5 的算法加密。如果设为 -\fIyes\fR,新密码将使用可以和新版 FreeBSD 兼容的基于 MD5 的算法加密。它支持无限长度的密码以及更长的盐字符串。如果您需要将加密的密码复制到其它不理解新算法的系统,设置为 -\fIno\fR。默认值是 -\fIno\fR。 +Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to +\fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to +\fIno\fR +if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is +\fIno\fR\&. .sp This variable is superseded by the \fBENCRYPT_METHOD\fR variable or by any command line option used to configure the encryption algorithm\&. .sp -此变量已经废弃。您应该使用 -\fBENCRYPT_METHOD\fR。 +This variable is deprecated\&. You should use +\fBENCRYPT_METHOD\fR\&. .RE .PP \fBMOTD_FILE\fR (string) @@ -393,11 +398,12 @@ are only used at the time of account creation\&. Any changes to these settings w .PP \fBPASS_MAX_LEN\fR (number), \fBPASS_MIN_LEN\fR (number) .RS 4 -crypt() 的有效字符位数。\fBPASS_MAX_LEN\fR -默认是 8,除非您自己的 crypt() 更好,否则不要更改。如果 +Number of significant characters in the password for crypt()\&. +\fBPASS_MAX_LEN\fR +is 8 by default\&. Don\*(Aqt change unless your crypt() is better\&. This is ignored if \fBMD5_CRYPT_ENAB\fR -设为 -\fIyes\fR,会被忽略。 +set to +\fIyes\fR\&. .RE .PP \fBPORTTIME_CHECKS_ENAB\fR (boolean) @@ -415,12 +421,12 @@ and ulimit, umask, and niceness from the user\*(Aqs passwd gecos field\&. .PP \fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number) .RS 4 +When \fBENCRYPT_METHOD\fR -设为 +is set to \fISHA256\fR -或 -\fISHA512\fR -时,此项确定加密算法默认使用 SHA 轮转数目(当轮转数没有通过命令行指定时)。 +or +\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&. .sp 使用很多轮转,会让暴力破解更加困难。但是需要注意,认证用户时也会需要更多的 CPU 资源。 .sp @@ -428,16 +434,16 @@ and ulimit, umask, and niceness from the user\*(Aqs passwd gecos field\&. .sp 值必须在 1000 \- 999,999,999 之间。 .sp -如果只设置了一个 +If only one of the \fBSHA_CRYPT_MIN_ROUNDS\fR -或 +or \fBSHA_CRYPT_MAX_ROUNDS\fR -值,就会使用这个值。 +values is set, then this value will be used\&. .sp -如果 +If \fBSHA_CRYPT_MIN_ROUNDS\fR > -\fBSHA_CRYPT_MAX_ROUNDS\fR,将会使用大的那个。 +\fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&. .RE .PP \fBSULOG_FILE\fR (string) @@ -452,11 +458,16 @@ and ulimit, umask, and niceness from the user\*(Aqs passwd gecos field\&. .PP \fBSU_WHEEL_ONLY\fR (boolean) .RS 4 -如果为 -\fIyes\fR,用户必须在 +If +\fIyes\fR, the user must be listed as a member of the first gid 0 group in /etc/group -中别设定为 GID 为 0 的组(在大部分 Linux 上叫 -\fIroot\fR)的成员。 +(called +\fIroot\fR +on most Linux systems) to be able to +\fBsu\fR +to uid 0 accounts\&. If the group doesn\*(Aqt exist or is empty, no one will be able to +\fBsu\fR +to uid 0\&. .RE .PP \fBSUB_GID_MIN\fR (number), \fBSUB_GID_MAX\fR (number), \fBSUB_GID_COUNT\fR (number) @@ -507,44 +518,44 @@ are respectively 100000, 600100000 and 65536\&. .PP \fBSYS_GID_MAX\fR (number), \fBSYS_GID_MIN\fR (number) .RS 4 -\fBuseradd\fR、\fBgroupadd\fR -或 -\fBnewusers\fR -创建的系统组的组 ID 的范围。 +Range of group IDs used for the creation of system groups by +\fBuseradd\fR, +\fBgroupadd\fR, or +\fBnewusers\fR\&. .sp +The default value for \fBSYS_GID_MIN\fR -和 -\fBSYS_GID_MAX\fR -的默认值分别是 101 和 -\fBGID_MIN\fR\-1。 +(resp\&. +\fBSYS_GID_MAX\fR) is 101 (resp\&. +\fBGID_MIN\fR\-1)\&. .RE .PP \fBSYS_UID_MAX\fR (number), \fBSYS_UID_MIN\fR (number) .RS 4 +Range of user IDs used for the creation of system users by \fBuseradd\fR -或 -\fBnewusers\fR -创建的系统用户的用户 ID 的范围。 +or +\fBnewusers\fR\&. .sp +The default value for \fBSYS_UID_MIN\fR -和 -\fBSYS_UID_MAX\fR -的默认值分别是 101 和 -\fBUID_MIN\fR\-1。 +(resp\&. +\fBSYS_UID_MAX\fR) is 101 (resp\&. +\fBUID_MIN\fR\-1)\&. .RE .PP \fBSYSLOG_SG_ENAB\fR (boolean) .RS 4 -允许\(lqsyslog\(rq记录 +Enable "syslog" logging of \fBsg\fR -的活动。 +activity\&. .RE .PP \fBSYSLOG_SU_ENAB\fR (boolean) .RS 4 -除了 sulog 文件日志,也为 +Enable "syslog" logging of \fBsu\fR -活动启用\(lqsyslog\(rq日志。 +activity \- in addition to sulog file logging\&. .RE .PP \fBTTYGROUP\fR (string), \fBTTYPERM\fR (string) @@ -572,22 +583,22 @@ If defined, file which maps tty line to TERM environment parameter\&. Each line .PP \fBUID_MAX\fR (number), \fBUID_MIN\fR (number) .RS 4 +Range of user IDs used for the creation of regular users by \fBuseradd\fR -或 -\fBnewusers\fR -创建的普通用户的用户 ID 的范围。 +or +\fBnewusers\fR\&. .sp +The default value for \fBUID_MIN\fR -和 -\fBUID_MAX\fR -的默认值分别是 1000 和 60000。 +(resp\&. +\fBUID_MAX\fR) is 1000 (resp\&. 60000)\&. .RE .PP \fBULIMIT\fR (number) .RS 4 -默认 +Default \fBulimit\fR -值。 +value\&. .RE .PP \fBUMASK\fR (number) @@ -595,19 +606,18 @@ If defined, file which maps tty line to TERM environment parameter\&. Each line 文件模式创建掩码初始化为此值。如果没有指定,掩码初始化为 022。 .sp \fBuseradd\fR -和 +and \fBnewusers\fR -使用此掩码设置它们创建的用户主目录的模式。 +use this mask to set the mode of the home directory they create .sp -也被 +It is also used by \fBlogin\fR -用于指定用户的初始 umask。注意,此掩码可以被用户的 GECOS 行覆盖(当设置了 +to define users\*(Aq initial umask\&. Note that this mask can be overridden by the user\*(Aqs GECOS line (if \fBQUOTAS_ENAB\fR -时),也可以被带 +is set) or by the specification of a limit with the \fIK\fR -指示符的 -\fBlimits\fR(5) -定义的限制值覆盖。 +identifier in +\fBlimits\fR(5)\&. .RE .PP \fBUSERDEL_CMD\fR (string) @@ -616,7 +626,7 @@ If defined, file which maps tty line to TERM environment parameter\&. Each line .sp 这个脚本的返回值并不被带到账户中去。 .sp -这是一个示例脚本,它移除用户的 cron、at 和 print 作业: +Here is an example script, which removes the user\*(Aqs cron, at and print jobs: .sp .if n \{\ .RS 4 @@ -624,41 +634,44 @@ If defined, file which maps tty line to TERM environment parameter\&. Each line .nf #! /bin/sh -# 检查需要的参数 +# Check for the required argument\&. if [ $# != 1 ]; then echo "Usage: $0 username" exit 1 fi -# 移除 cron 作业 +# Remove cron jobs\&. crontab \-r \-u $1 -# 移除 at 作业 -# 注意这将移除所有属于同一个 UID 的作业 -# 即使此 ID 由多个用户名共享 +# Remove at jobs\&. +# Note that it will remove any jobs owned by the same UID, +# even if it was shared by a different username\&. AT_SPOOL_DIR=/var/spool/cron/atjobs find $AT_SPOOL_DIR \-name "[^\&.]*" \-type f \-user $1 \-delete \e; -# 移除 print 作业 +# Remove print jobs\&. lprm $1 -# 全部完成 +# All done\&. exit 0 .fi .if n \{\ .RE .\} +.sp .RE .PP \fBUSERGROUPS_ENAB\fR (boolean) .RS 4 如果 uid 和 gid 相同,用户名和主用户名也相同,使非 root 组的组掩码位和属主位相同 (如:022 \-> 002, 077 \-> 007)。 .sp -如果设置为 -\fIyes\fR,如果组中没有成员了,\fBuserdel\fR -将移除此用户组,\fBuseradd\fR -创建用户时,也会创建一个同名的默认组。 +If set to +\fIyes\fR, +\fBuserdel\fR +will remove the user\*(Aqs group if it contains no more members, and +\fBuseradd\fR +will create by default a group with the name of the user\&. .RE .SH "交叉引用" .PP |