diff -up shadow-4.6/man/groupmems.8.xml.manfix shadow-4.6/man/groupmems.8.xml

--- shadow-4.6/man/groupmems.8.xml.manfix	2018-04-29 18:42:37.000000000 +0200

+++ shadow-4.6/man/groupmems.8.xml	2020-10-23 13:15:24.105387634 +0200

@@ -179,20 +179,10 @@

   <refsect1 id='setup'>

     <title>SETUP</title>

     <para>

-      The <command>groupmems</command> executable should be in mode

-      <literal>2770</literal> as user <emphasis>root</emphasis> and in group

-      <emphasis>groups</emphasis>. The system administrator can add users to

-      group <emphasis>groups</emphasis> to allow or disallow them using the

-      <command>groupmems</command> utility to manage their own group

-      membership list.

+      In this operating system the <command>groupmems</command> executable

+      is not setuid and regular users cannot use it to manipulate

+      the membership of their own group.

     </para>

-

-    <programlisting>

-	$ groupadd -r groups

-	$ chmod 2770 groupmems

-	$ chown root.groups groupmems

-	$ groupmems -g groups -a gk4

-    </programlisting>

   </refsect1>

   <refsect1 id='configuration'>

diff -up shadow-4.6/man/chage.1.xml.manfix shadow-4.6/man/chage.1.xml

--- shadow-4.6/man/chage.1.xml.manfix	2018-04-29 18:42:37.000000000 +0200

+++ shadow-4.6/man/chage.1.xml	2020-10-23 13:15:24.105387634 +0200

@@ -102,6 +102,9 @@

 	    Set the number of days since January 1st, 1970 when the password

 	    was last changed. The date may also be expressed in the format

 	    YYYY-MM-DD (or the format more commonly used in your area).

+	    If the <replaceable>LAST_DAY</replaceable> is set to

+	    <emphasis>0</emphasis> the user is forced to change his password

+	    on the next log on.

 	  </para>

 	</listitem>

       </varlistentry>

@@ -119,6 +122,13 @@

 	    system again.

 	  </para>

 	  <para>

+	    For example the following can be used to set an account to expire

+	    in 180 days:

+	  </para>

+	  <programlisting>

+	    chage -E $(date -d +180days +%Y-%m-%d)

+	  </programlisting>

+	  <para>

 	    Passing the number <emphasis remap='I'>-1</emphasis> as the

 	    <replaceable>EXPIRE_DATE</replaceable> will remove an account

 	    expiration date.

@@ -233,6 +243,18 @@

       The <command>chage</command> program requires a shadow password file to

       be available.

     </para>

+    <para>

+      The chage program will report only the information from the shadow

+      password file. This implies that configuration from other sources

+     (e.g. LDAP or empty password hash field from the passwd file) that

+     affect the user's login will not be shown in the chage output.

+    </para>

+    <para>

+      The <command>chage</command> program will also not report any

+      inconsistency between the shadow and passwd files (e.g. missing x in

+      the passwd file). The <command>pwck</command> can be used to check

+      for this kind of inconsistencies.

+    </para>

     <para>The <command>chage</command> command is restricted to the root

       user, except for the <option>-l</option> option, which may be used by

       an unprivileged user to determine when their password or account is due

diff -up shadow-4.6/man/ja/man5/login.defs.5.manfix shadow-4.6/man/ja/man5/login.defs.5

--- shadow-4.6/man/ja/man5/login.defs.5.manfix	2018-04-29 18:42:37.000000000 +0200

+++ shadow-4.6/man/ja/man5/login.defs.5	2020-10-23 13:15:24.106387639 +0200

@@ -147,10 +147,6 @@ 以下の参照表は、

 shadow パスワード機能のどのプログラムが

 どのパラメータを使用するかを示したものである。

 .na

-.IP chfn 12

-CHFN_AUTH CHFN_RESTRICT

-.IP chsh 12

-CHFN_AUTH

 .IP groupadd 12

 GID_MAX GID_MIN

 .IP newusers 12

diff -up shadow-4.6/man/login.defs.5.xml.manfix shadow-4.6/man/login.defs.5.xml

--- shadow-4.6/man/login.defs.5.xml.manfix	2018-04-29 18:42:37.000000000 +0200

+++ shadow-4.6/man/login.defs.5.xml	2020-10-23 13:15:43.280475188 +0200

@@ -162,6 +162,27 @@

       long numeric parameters is machine-dependent.

     </para>

+    <para>

+      Please note that the parameters in this configuration file control the

+      behavior of the tools from the shadow-utils component. None of these

+      tools uses the PAM mechanism, and the utilities that use PAM (such as the

+      passwd command) should be configured elsewhere. The only values that

+      affect PAM modules are <emphasis>ENCRYPT_METHOD</emphasis> and <emphasis>SHA_CRYPT_MAX_ROUNDS</emphasis>

+      for pam_unix module, <emphasis>FAIL_DELAY</emphasis> for pam_faildelay module,

+      and <emphasis>UMASK</emphasis> for pam_umask module. Refer to

+      pam(8) for more information.

+    </para>

+

+    <para>

+      Please also take into account that this man page is generic and some of

+      the options may be unsupported by currently installed tools. In case of

+      doubt check <xref linkend="cross_references"/> and

+      <xref linkend="see_also"/>. For example see

+      <citerefentry><refentrytitle>login</refentrytitle>

+      <manvolnum>1</manvolnum></citerefentry> for login specific options such

+      as <emphasis>LOGIN_STRING</emphasis>.

+    </para>

+

     <para>The following configuration items are provided:</para>

     <variablelist remap='IP'>

@@ -252,16 +273,6 @@

 	</listitem>

       </varlistentry>

       <varlistentry>

-	<term>chfn</term>

-	<listitem>

-	  <para>

-	    <phrase condition="no_pam">CHFN_AUTH</phrase>

-	    CHFN_RESTRICT

-	    <phrase condition="no_pam">LOGIN_STRING</phrase>

-	  </para>

-	</listitem>

-      </varlistentry>

-      <varlistentry>

 	<term>chgpasswd</term>

 	<listitem>

 	  <para>

@@ -282,14 +293,6 @@

 	  </para>

 	</listitem>

       </varlistentry>

-      <varlistentry condition="no_pam">

-	<term>chsh</term>

-	<listitem>

-	  <para>

-	    CHSH_AUTH LOGIN_STRING

-	  </para>

-	</listitem>

-      </varlistentry>

       <varlistentry>

@@ -350,34 +353,6 @@

       </varlistentry>

-      <varlistentry>

-	<term>login</term>

-	<listitem>

-	  <para>

-	    <phrase condition="no_pam">CONSOLE</phrase>

-	    CONSOLE_GROUPS DEFAULT_HOME

-	    <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH

-	    ENV_TZ ENVIRON_FILE</phrase>

-	    ERASECHAR FAIL_DELAY

-	    <phrase condition="no_pam">FAILLOG_ENAB</phrase>

-	    FAKE_SHELL

-	    <phrase condition="no_pam">FTMP_FILE</phrase>

-	    HUSHLOGIN_FILE

-	    <phrase condition="no_pam">ISSUE_FILE</phrase>

-	    KILLCHAR

-	    <phrase condition="no_pam">LASTLOG_ENAB</phrase>

-	    LOGIN_RETRIES

-	    <phrase condition="no_pam">LOGIN_STRING</phrase>

-	    LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB

-	    <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE

-	    MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB

-	    QUOTAS_ENAB</phrase>

-	    TTYGROUP TTYPERM TTYTYPE_FILE

-	    <phrase condition="no_pam">ULIMIT UMASK</phrase>

-	    USERGROUPS_ENAB

-	  </para>

-	</listitem>

-      </varlistentry>

       <varlistentry>

 	<term>newgrp / sg</term>

@@ -405,17 +380,6 @@

 	</listitem>

       </varlistentry>

-      <varlistentry condition="no_pam">

-	<term>passwd</term>

-	<listitem>

-	  <para>

-	    ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB

-	    PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN

-	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS

-	    SHA_CRYPT_MIN_ROUNDS</phrase>

-	  </para>

-	</listitem>

-      </varlistentry>

       <varlistentry>

 	<term>pwck</term>

 	<listitem>

@@ -442,32 +406,6 @@

 	  </para>

 	</listitem>

       </varlistentry>

-      <varlistentry>

-	<term>su</term>

-	<listitem>

-	  <para>

-	    <phrase condition="no_pam">CONSOLE</phrase>

-	    CONSOLE_GROUPS DEFAULT_HOME

-	    <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>

-	    ENV_PATH ENV_SUPATH

-	    <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB

-	    MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>

-	    SULOG_FILE SU_NAME

-	    <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>

-	    SYSLOG_SU_ENAB

-	    <phrase condition="no_pam">USERGROUPS_ENAB</phrase>

-	  </para>

-	</listitem>

-      </varlistentry>

-      <varlistentry>

-	<term>sulogin</term>

-	<listitem>

-	  <para>

-	    ENV_HZ

-	    <phrase condition="no_pam">ENV_TZ</phrase>

-	  </para>

-	</listitem>

-      </varlistentry>

       <varlistentry>

 	<term>useradd</term>

 	<listitem>

diff -up shadow-4.6/man/shadow.5.xml.manfix shadow-4.6/man/shadow.5.xml

--- shadow-4.6/man/shadow.5.xml.manfix	2018-04-29 18:42:37.000000000 +0200

+++ shadow-4.6/man/shadow.5.xml	2020-10-23 13:15:24.106387639 +0200

@@ -129,7 +129,7 @@

 	<listitem>

 	  <para>

 	    The date of the last password change, expressed as the number

-	    of days since Jan 1, 1970.

+	    of days since Jan 1, 1970 00:00 UTC.

 	  </para>

 	  <para>

 	    The value 0 has a special meaning, which is that the user

@@ -208,8 +208,8 @@

 	  </para>

 	  <para>

 	    After expiration of the password and this expiration period is

-	    elapsed, no login is possible using the current user's

-	    password.  The user should contact her administrator.

+	    elapsed, no login is possible for the user.

+	    The user should contact her administrator.

 	  </para>

 	  <para>

 	    An empty field means that there are no enforcement of an

@@ -224,7 +224,7 @@

 	<listitem>

 	  <para>

 	    The date of expiration of the account, expressed as the number

-	    of days since Jan 1, 1970.

+	    of days since Jan 1, 1970 00:00 UTC.

 	  </para>

 	  <para>

 	    Note that an account expiration differs from a password

diff -up shadow-4.6/man/useradd.8.xml.manfix shadow-4.6/man/useradd.8.xml

--- shadow-4.6/man/useradd.8.xml.manfix	2020-10-23 13:15:24.100387611 +0200

+++ shadow-4.6/man/useradd.8.xml	2020-10-23 13:15:24.106387639 +0200

@@ -347,6 +347,11 @@

 	    <option>CREATE_HOME</option> is not enabled, no home

 	    directories are created.

 	  </para>

+	  <para>

+	    The directory where the user's home directory is created must

+	    exist and have proper SELinux context and permissions. Otherwise

+	    the user's home directory cannot be created or accessed.

+	  </para>

 	</listitem>

       </varlistentry>

       <varlistentry>

diff -up shadow-4.6/man/usermod.8.xml.manfix shadow-4.6/man/usermod.8.xml

--- shadow-4.6/man/usermod.8.xml.manfix	2018-04-29 18:42:37.000000000 +0200

+++ shadow-4.6/man/usermod.8.xml	2020-10-23 13:15:24.106387639 +0200

@@ -132,7 +132,8 @@

 	    If the <option>-m</option>

 	    option is given, the contents of the current home directory will

 	    be moved to the new home directory, which is created if it does

-	    not already exist.

+	    not already exist. If the current home directory does not exist

+	    the new home directory will not be created.

 	  </para>

 	</listitem>

       </varlistentry>

@@ -256,7 +257,8 @@

 	<listitem>

 	  <para>

 	    Move the content of the user's home directory to the new

-	    location.

+	    location. If the current home directory does not exist

+	    the new home directory will not be created.

 	  </para>

 	  <para>

 	    This option is only valid in combination with the

diff -up shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml.manfix shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml

--- shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml.manfix	2018-04-29 18:42:37.000000000 +0200

+++ shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml	2020-10-23 13:15:24.106387639 +0200

@@ -42,7 +42,7 @@

     <para>

       The default values for <option>SUB_GID_MIN</option>,

       <option>SUB_GID_MAX</option>, <option>SUB_GID_COUNT</option>

-      are respectively 100000, 600100000 and 10000.

+      are respectively 100000, 600100000 and 65536.

     </para>

   </listitem>

 </varlistentry>

diff -up shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml.manfix shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml

--- shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml.manfix	2018-04-29 18:42:37.000000000 +0200

+++ shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml	2020-10-23 13:15:24.106387639 +0200

@@ -42,7 +42,7 @@

     <para>

       The default values for <option>SUB_UID_MIN</option>,

       <option>SUB_UID_MAX</option>, <option>SUB_UID_COUNT</option>

-      are respectively 100000, 600100000 and 10000.

+      are respectively 100000, 600100000 and 65536.

     </para>

   </listitem>

 </varlistentry>

diff -up shadow-4.6/man/groupadd.8.xml.manfix shadow-4.6/man/groupadd.8.xml

--- shadow-4.6/man/groupadd.8.xml.manfix	2020-10-23 13:15:24.100387611 +0200

+++ shadow-4.6/man/groupadd.8.xml	2020-10-23 13:15:24.106387639 +0200

@@ -322,13 +322,13 @@

 	<varlistentry>

 	  <term><replaceable>4</replaceable></term>

 	  <listitem>

-	    <para>GID not unique (when <option>-o</option> not used)</para>

+	    <para>GID is already used (when called without <option>-o</option>)</para>

 	  </listitem>

 	</varlistentry>

 	<varlistentry>

 	  <term><replaceable>9</replaceable></term>

 	  <listitem>

-	    <para>group name not unique</para>

+	    <para>group name is already used</para>

 	  </listitem>

 	</varlistentry>

 	<varlistentry>