|
|
827aa9 |
diff -up shadow-4.1.5.1/man/chage.1.xml.manfix shadow-4.1.5.1/man/chage.1.xml
|
|
|
827aa9 |
--- shadow-4.1.5.1/man/chage.1.xml.manfix 2012-05-25 13:45:27.000000000 +0200
|
|
|
827aa9 |
+++ shadow-4.1.5.1/man/chage.1.xml 2014-08-29 13:36:57.713167654 +0200
|
|
|
827aa9 |
@@ -102,6 +102,9 @@
|
|
|
827aa9 |
Set the number of days since January 1st, 1970 when the password
|
|
|
827aa9 |
was last changed. The date may also be expressed in the format
|
|
|
827aa9 |
YYYY-MM-DD (or the format more commonly used in your area).
|
|
|
827aa9 |
+ If the <replaceable>LAST_DAY</replaceable> is set to
|
|
|
827aa9 |
+ <emphasis>0</emphasis> the user is forced to change his password
|
|
|
827aa9 |
+ on the next log on.
|
|
|
827aa9 |
</para>
|
|
|
827aa9 |
</listitem>
|
|
|
827aa9 |
</varlistentry>
|
|
|
78f74e |
diff -up shadow-4.1.5.1/man/login.defs.5.xml.manfix shadow-4.1.5.1/man/login.defs.5.xml
|
|
|
78f74e |
--- shadow-4.1.5.1/man/login.defs.5.xml.manfix 2012-05-25 13:45:28.000000000 +0200
|
|
|
827aa9 |
+++ shadow-4.1.5.1/man/login.defs.5.xml 2014-08-29 13:31:38.364812323 +0200
|
|
|
78f74e |
@@ -160,6 +160,17 @@
|
|
|
78f74e |
long numeric parameters is machine-dependent.
|
|
|
78f74e |
</para>
|
|
|
78f74e |
|
|
|
78f74e |
+ <para>
|
|
|
78f74e |
+ Please note that the parameters in this configuration file control the
|
|
|
78f74e |
+ behavior of the tools from the shadow-utils component. None of these
|
|
|
78f74e |
+ tools uses the PAM mechanism, and the utilities that use PAM (such as the
|
|
|
78f74e |
+ passwd command) should be configured elsewhere. The only values that
|
|
|
78f74e |
+ affect PAM modules are <emphasis>ENCRYPT_METHOD</emphasis> and <emphasis>SHA_CRYPT_MAX_ROUNDS</emphasis>
|
|
|
78f74e |
+ for pam_unix module, <emphasis>FAIL_DELAY</emphasis> for pam_faildelay module,
|
|
|
78f74e |
+ and <emphasis>UMASK</emphasis> for pam_umask module. Refer to
|
|
|
78f74e |
+ pam(8) for more information.
|
|
|
78f74e |
+ </para>
|
|
|
78f74e |
+
|
|
|
78f74e |
<para>The following configuration items are provided:</para>
|
|
|
78f74e |
|
|
|
78f74e |
<variablelist remap='IP'>
|
|
|
827aa9 |
diff -up shadow-4.1.5.1/man/man1/chage.1.manfix shadow-4.1.5.1/man/man1/chage.1
|
|
|
827aa9 |
--- shadow-4.1.5.1/man/man1/chage.1.manfix 2012-05-25 13:58:18.000000000 +0200
|
|
|
827aa9 |
+++ shadow-4.1.5.1/man/man1/chage.1 2014-08-29 13:36:31.303559366 +0200
|
|
|
827aa9 |
@@ -45,7 +45,11 @@ command are:
|
|
|
827aa9 |
.PP
|
|
|
827aa9 |
\fB\-d\fR, \fB\-\-lastday\fR \fILAST_DAY\fR
|
|
|
827aa9 |
.RS 4
|
|
|
827aa9 |
-Set the number of days since January 1st, 1970 when the password was last changed\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&.
|
|
|
827aa9 |
+Set the number of days since January 1st, 1970 when the password was last changed\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&. If the
|
|
|
827aa9 |
+\fILAST_DAY\fR
|
|
|
827aa9 |
+is set to
|
|
|
827aa9 |
+\fB0\fR
|
|
|
827aa9 |
+the user is forced to change his password on the next log on\&.
|
|
|
827aa9 |
.RE
|
|
|
827aa9 |
.PP
|
|
|
827aa9 |
\fB\-E\fR, \fB\-\-expiredate\fR \fIEXPIRE_DATE\fR
|
|
|
78f74e |
diff -up shadow-4.1.5.1/man/man5/login.defs.5.manfix shadow-4.1.5.1/man/man5/login.defs.5
|
|
|
78f74e |
--- shadow-4.1.5.1/man/man5/login.defs.5.manfix 2012-05-25 13:59:03.000000000 +0200
|
|
|
827aa9 |
+++ shadow-4.1.5.1/man/man5/login.defs.5 2014-08-29 13:31:38.364812323 +0200
|
|
|
78f74e |
@@ -46,6 +46,14 @@ value\&. Numbers (both regular and long)
|
|
|
78f74e |
\fI0\fR) or hexadecimal values (precede the value with
|
|
|
78f74e |
\fI0x\fR)\&. The maximum value of the regular and long numeric parameters is machine\-dependent\&.
|
|
|
78f74e |
.PP
|
|
|
78f74e |
+Please note that the parameters in this configuration file control the
|
|
|
78f74e |
+behavior of the tools from the shadow-utils component\&. None of these
|
|
|
78f74e |
+tools uses the PAM mechanism, and the utilities that use PAM (such as the
|
|
|
78f74e |
+passwd command) should be configured elsewhere\&. The only values that
|
|
|
78f74e |
+affect PAM modules are \fBENCRYPT_METHOD\fR and \fBSHA_CRYPT_MAX_ROUNDS\fR for pam_unix module,
|
|
|
78f74e |
+\fBFAIL_DELAY\fR for pam_faildelay module, and \fBUMASK\fR for pam_umask module\&. Refer to
|
|
|
78f74e |
+pam(8) for more information\&.
|
|
|
78f74e |
+.PP
|
|
|
78f74e |
The following configuration items are provided:
|
|
|
78f74e |
.PP
|
|
|
78f74e |
\fBCHFN_AUTH\fR (boolean)
|
|
|
78f74e |
@@ -625,20 +633,6 @@ will create by default a group with the
|
|
|
78f74e |
.PP
|
|
|
78f74e |
The following cross references show which programs in the shadow password suite use which parameters\&.
|
|
|
78f74e |
.PP
|
|
|
78f74e |
-chfn
|
|
|
78f74e |
-.RS 4
|
|
|
78f74e |
-
|
|
|
78f74e |
-CHFN_AUTH
|
|
|
78f74e |
-CHFN_RESTRICT
|
|
|
78f74e |
-LOGIN_STRING
|
|
|
78f74e |
-.RE
|
|
|
78f74e |
-.PP
|
|
|
78f74e |
-chgpasswd
|
|
|
78f74e |
-.RS 4
|
|
|
78f74e |
-ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
|
|
|
78f74e |
-SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
|
|
|
78f74e |
-.RE
|
|
|
78f74e |
-.PP
|
|
|
78f74e |
chpasswd
|
|
|
78f74e |
.RS 4
|
|
|
78f74e |
|
|
|
78f74e |
@@ -646,11 +640,6 @@ ENCRYPT_METHOD MD5_CRYPT_ENAB
|
|
|
78f74e |
SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
|
|
|
78f74e |
.RE
|
|
|
78f74e |
.PP
|
|
|
78f74e |
-chsh
|
|
|
78f74e |
-.RS 4
|
|
|
78f74e |
-CHSH_AUTH LOGIN_STRING
|
|
|
78f74e |
-.RE
|
|
|
78f74e |
-.PP
|
|
|
78f74e |
gpasswd
|
|
|
78f74e |
.RS 4
|
|
|
78f74e |
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
|
|
|
78f74e |
@@ -692,29 +681,6 @@ grpunconv
|
|
|
78f74e |
MAX_MEMBERS_PER_GROUP
|
|
|
78f74e |
.RE
|
|
|
78f74e |
.PP
|
|
|
78f74e |
-login
|
|
|
78f74e |
-.RS 4
|
|
|
78f74e |
-
|
|
|
78f74e |
-CONSOLE
|
|
|
78f74e |
-CONSOLE_GROUPS DEFAULT_HOME
|
|
|
78f74e |
-ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE
|
|
|
78f74e |
-ERASECHAR FAIL_DELAY
|
|
|
78f74e |
-FAILLOG_ENAB
|
|
|
78f74e |
-FAKE_SHELL
|
|
|
78f74e |
-FTMP_FILE
|
|
|
78f74e |
-HUSHLOGIN_FILE
|
|
|
78f74e |
-ISSUE_FILE
|
|
|
78f74e |
-KILLCHAR
|
|
|
78f74e |
-LASTLOG_ENAB
|
|
|
78f74e |
-LOGIN_RETRIES
|
|
|
78f74e |
-LOGIN_STRING
|
|
|
78f74e |
-LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
|
|
|
78f74e |
-MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB
|
|
|
78f74e |
-TTYGROUP TTYPERM TTYTYPE_FILE
|
|
|
78f74e |
-ULIMIT UMASK
|
|
|
78f74e |
-USERGROUPS_ENAB
|
|
|
78f74e |
-.RE
|
|
|
78f74e |
-.PP
|
|
|
78f74e |
newgrp / sg
|
|
|
78f74e |
.RS 4
|
|
|
78f74e |
SYSLOG_SG_ENAB
|
|
|
78f74e |
@@ -727,12 +693,6 @@ SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUND
|
|
|
78f74e |
SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK
|
|
|
78f74e |
.RE
|
|
|
78f74e |
.PP
|
|
|
78f74e |
-passwd
|
|
|
78f74e |
-.RS 4
|
|
|
78f74e |
-ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
|
|
|
78f74e |
-SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
|
|
|
78f74e |
-.RE
|
|
|
78f74e |
-.PP
|
|
|
78f74e |
pwck
|
|
|
78f74e |
.RS 4
|
|
|
78f74e |
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
|
78f74e |
@@ -743,26 +703,6 @@ pwconv
|
|
|
78f74e |
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
|
78f74e |
.RE
|
|
|
78f74e |
.PP
|
|
|
78f74e |
-su
|
|
|
78f74e |
-.RS 4
|
|
|
78f74e |
-
|
|
|
78f74e |
-CONSOLE
|
|
|
78f74e |
-CONSOLE_GROUPS DEFAULT_HOME
|
|
|
78f74e |
-ENV_HZ ENVIRON_FILE
|
|
|
78f74e |
-ENV_PATH ENV_SUPATH
|
|
|
78f74e |
-ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB
|
|
|
78f74e |
-SULOG_FILE SU_NAME
|
|
|
78f74e |
-SU_WHEEL_ONLY
|
|
|
78f74e |
-SYSLOG_SU_ENAB
|
|
|
78f74e |
-USERGROUPS_ENAB
|
|
|
78f74e |
-.RE
|
|
|
78f74e |
-.PP
|
|
|
78f74e |
-sulogin
|
|
|
78f74e |
-.RS 4
|
|
|
78f74e |
-ENV_HZ
|
|
|
78f74e |
-ENV_TZ
|
|
|
78f74e |
-.RE
|
|
|
78f74e |
-.PP
|
|
|
78f74e |
useradd
|
|
|
78f74e |
.RS 4
|
|
|
78f74e |
CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK
|
|
|
9f90df |
diff -up shadow-4.1.5.1/man/man8/useradd.8.manfix shadow-4.1.5.1/man/man8/useradd.8
|
|
|
827aa9 |
--- shadow-4.1.5.1/man/man8/useradd.8.manfix 2014-08-29 13:31:38.347811932 +0200
|
|
|
827aa9 |
+++ shadow-4.1.5.1/man/man8/useradd.8 2014-08-29 13:31:38.364812323 +0200
|
|
|
9f90df |
@@ -85,7 +85,7 @@ by default\&.
|
|
|
9f90df |
Any text string\&. It is generally a short description of the login, and is currently used as the field for the user\*(Aqs full name\&.
|
|
|
9f90df |
.RE
|
|
|
9f90df |
.PP
|
|
|
9f90df |
-\fB\-d\fR, \fB\-\-home\fR \fIHOME_DIR\fR
|
|
|
9f90df |
+\fB\-d\fR, \fB\-\-home\-dir\fR \fIHOME_DIR\fR
|
|
|
9f90df |
.RS 4
|
|
|
9f90df |
The new user will be created using
|
|
|
9f90df |
\fIHOME_DIR\fR
|
|
|
9f90df |
@@ -220,9 +220,13 @@ option) will be copied to the home direc
|
|
|
9f90df |
By default, if this option is not specified and
|
|
|
9f90df |
\fBCREATE_HOME\fR
|
|
|
9f90df |
is not enabled, no home directories are created\&.
|
|
|
9f90df |
+.sp
|
|
|
9f90df |
+The directory where the user\*(Aqs home directory is created must
|
|
|
9f90df |
+exist and have proper SELinux context and permissions\&. Otherwise
|
|
|
9f90df |
+the user\*(Aqs home directory cannot be created or accessed\&.
|
|
|
9f90df |
.RE
|
|
|
9f90df |
.PP
|
|
|
9f90df |
-\fB\-M\fR
|
|
|
9f90df |
+\fB\-M\fR, \fB\-\-no\-create\-home\fR
|
|
|
9f90df |
.RS 4
|
|
|
9f90df |
Do not create the user\*(Aqs home directory, even if the system wide setting from
|
|
|
9f90df |
/etc/login\&.defs
|
|
|
827aa9 |
diff -up shadow-4.1.5.1/man/man8/usermod.8.manfix shadow-4.1.5.1/man/man8/usermod.8
|
|
|
827aa9 |
--- shadow-4.1.5.1/man/man8/usermod.8.manfix 2012-05-25 13:59:33.000000000 +0200
|
|
|
827aa9 |
+++ shadow-4.1.5.1/man/man8/usermod.8 2014-08-29 13:35:27.343086211 +0200
|
|
|
827aa9 |
@@ -63,7 +63,7 @@ The user\*(Aqs new login directory\&.
|
|
|
827aa9 |
.sp
|
|
|
827aa9 |
If the
|
|
|
827aa9 |
\fB\-m\fR
|
|
|
827aa9 |
-option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&.
|
|
|
827aa9 |
+option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&. If the current home directory does not exist the new home directory will not be created\&.
|
|
|
827aa9 |
.RE
|
|
|
827aa9 |
.PP
|
|
|
827aa9 |
\fB\-e\fR, \fB\-\-expiredate\fR \fIEXPIRE_DATE\fR
|
|
|
827aa9 |
@@ -143,7 +143,7 @@ Move the content of the user\*(Aqs home
|
|
|
827aa9 |
This option is only valid in combination with the
|
|
|
827aa9 |
\fB\-d\fR
|
|
|
827aa9 |
(or
|
|
|
827aa9 |
-\fB\-\-home\fR) option\&.
|
|
|
827aa9 |
+\fB\-\-home\fR) option\&. If the current home directory does not exist the new home directory will not be created\&.
|
|
|
827aa9 |
.sp
|
|
|
827aa9 |
|
|
|
827aa9 |
\fBusermod\fR
|
|
|
9f90df |
diff -up shadow-4.1.5.1/man/useradd.8.xml.manfix shadow-4.1.5.1/man/useradd.8.xml
|
|
|
827aa9 |
--- shadow-4.1.5.1/man/useradd.8.xml.manfix 2014-08-29 13:31:38.347811932 +0200
|
|
|
827aa9 |
+++ shadow-4.1.5.1/man/useradd.8.xml 2014-08-29 13:31:38.364812323 +0200
|
|
|
9f90df |
@@ -161,7 +161,7 @@
|
|
|
9f90df |
</varlistentry>
|
|
|
9f90df |
<varlistentry>
|
|
|
9f90df |
<term>
|
|
|
9f90df |
- <option>-d</option>, <option>--home</option>
|
|
|
9f90df |
+ <option>-d</option>, <option>--home-dir</option>
|
|
|
9f90df |
<replaceable>HOME_DIR</replaceable>
|
|
|
9f90df |
</term>
|
|
|
9f90df |
<listitem>
|
|
|
9f90df |
@@ -358,11 +358,16 @@
|
|
|
9f90df |
<option>CREATE_HOME</option> is not enabled, no home
|
|
|
9f90df |
directories are created.
|
|
|
9f90df |
</para>
|
|
|
9f90df |
+ <para>
|
|
|
9f90df |
+ The directory where the user's home directory is created must
|
|
|
9f90df |
+ exist and have proper SELinux context and permissions. Otherwise
|
|
|
9f90df |
+ the user's home directory cannot be created or accessed.
|
|
|
9f90df |
+ </para>
|
|
|
9f90df |
</listitem>
|
|
|
9f90df |
</varlistentry>
|
|
|
9f90df |
<varlistentry>
|
|
|
9f90df |
<term>
|
|
|
9f90df |
- <option>-M</option>
|
|
|
9f90df |
+ <option>-M</option>, <option>--no-create-home</option>
|
|
|
9f90df |
</term>
|
|
|
9f90df |
<listitem>
|
|
|
9f90df |
<para>
|
|
|
827aa9 |
diff -up shadow-4.1.5.1/man/usermod.8.xml.manfix shadow-4.1.5.1/man/usermod.8.xml
|
|
|
827aa9 |
--- shadow-4.1.5.1/man/usermod.8.xml.manfix 2012-05-25 13:45:29.000000000 +0200
|
|
|
827aa9 |
+++ shadow-4.1.5.1/man/usermod.8.xml 2014-08-29 13:33:40.814632618 +0200
|
|
|
827aa9 |
@@ -132,7 +132,8 @@
|
|
|
827aa9 |
If the <option>-m</option>
|
|
|
827aa9 |
option is given, the contents of the current home directory will
|
|
|
827aa9 |
be moved to the new home directory, which is created if it does
|
|
|
827aa9 |
- not already exist.
|
|
|
827aa9 |
+ not already exist. If the current home directory does not exist
|
|
|
827aa9 |
+ the new home directory will not be created.
|
|
|
827aa9 |
</para>
|
|
|
827aa9 |
</listitem>
|
|
|
827aa9 |
</varlistentry>
|
|
|
827aa9 |
@@ -261,7 +262,8 @@
|
|
|
827aa9 |
<listitem>
|
|
|
827aa9 |
<para>
|
|
|
827aa9 |
Move the content of the user's home directory to the new
|
|
|
827aa9 |
- location.
|
|
|
827aa9 |
+ location. If the current home directory does not exist
|
|
|
827aa9 |
+ the new home directory will not be created.
|
|
|
827aa9 |
</para>
|
|
|
827aa9 |
<para>
|
|
|
827aa9 |
This option is only valid in combination with the
|