|
 |
2de3ab |
diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xml
|
|
|
2de3ab |
--- shadow-4.8.1/man/groupmems.8.xml.manfix 2020-03-17 15:34:48.750414984 +0100
|
|
|
2de3ab |
+++ shadow-4.8.1/man/groupmems.8.xml 2020-03-17 15:41:13.383588722 +0100
|
|
|
2de3ab |
@@ -179,20 +179,10 @@
|
|
|
2de3ab |
<refsect1 id='setup'>
|
|
|
2de3ab |
<title>SETUP</title>
|
|
|
2de3ab |
<para>
|
|
|
2de3ab |
- The <command>groupmems</command> executable should be in mode
|
|
|
2de3ab |
- <literal>2710</literal> as user <emphasis>root</emphasis> and in group
|
|
|
2de3ab |
- <emphasis>groups</emphasis>. The system administrator can add users to
|
|
|
2de3ab |
- group <emphasis>groups</emphasis> to allow or disallow them using the
|
|
|
2de3ab |
- <command>groupmems</command> utility to manage their own group
|
|
|
2de3ab |
- membership list.
|
|
|
2de3ab |
+ In this operating system the <command>groupmems</command> executable
|
|
|
2de3ab |
+ is not setuid and regular users cannot use it to manipulate
|
|
|
2de3ab |
+ the membership of their own group.
|
|
|
2de3ab |
</para>
|
|
|
2de3ab |
-
|
|
|
2de3ab |
- <programlisting>
|
|
|
2de3ab |
- $ groupadd -r groups
|
|
|
2de3ab |
- $ chmod 2710 groupmems
|
|
|
2de3ab |
- $ chown root.groups groupmems
|
|
|
2de3ab |
- $ groupmems -g groups -a gk4
|
|
|
2de3ab |
- </programlisting>
|
|
|
2de3ab |
</refsect1>
|
|
|
2de3ab |
|
|
|
2de3ab |
<refsect1 id='configuration'>
|
|
|
2de3ab |
diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/login.defs.5
|
|
|
2de3ab |
--- shadow-4.8.1/man/ja/man5/login.defs.5.manfix 2019-07-23 17:26:08.000000000 +0200
|
|
|
2de3ab |
+++ shadow-4.8.1/man/ja/man5/login.defs.5 2020-03-17 15:34:48.750414984 +0100
|
|
|
2de3ab |
@@ -147,10 +147,6 @@ 以下の参照表は、
|
|
|
2de3ab |
shadow パスワード機能のどのプログラムが
|
|
|
2de3ab |
どのパラメータを使用するかを示したものである。
|
|
|
2de3ab |
.na
|
|
|
2de3ab |
-.IP chfn 12
|
|
|
2de3ab |
-CHFN_AUTH CHFN_RESTRICT
|
|
|
2de3ab |
-.IP chsh 12
|
|
|
2de3ab |
-CHFN_AUTH
|
|
|
2de3ab |
.IP groupadd 12
|
|
|
2de3ab |
GID_MAX GID_MIN
|
|
|
2de3ab |
.IP newusers 12
|
|
|
2de3ab |
diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.xml
|
|
|
2de3ab |
--- shadow-4.8.1/man/login.defs.5.xml.manfix 2020-01-17 16:47:56.000000000 +0100
|
|
|
2de3ab |
+++ shadow-4.8.1/man/login.defs.5.xml 2020-03-17 15:34:48.750414984 +0100
|
|
|
2de3ab |
@@ -164,6 +164,17 @@
|
|
|
2de3ab |
long numeric parameters is machine-dependent.
|
|
|
2de3ab |
</para>
|
|
|
2de3ab |
|
|
|
2de3ab |
+ <para>
|
|
|
2de3ab |
+ Please note that the parameters in this configuration file control the
|
|
|
2de3ab |
+ behavior of the tools from the shadow-utils component. None of these
|
|
|
2de3ab |
+ tools uses the PAM mechanism, and the utilities that use PAM (such as the
|
|
|
2de3ab |
+ passwd command) should be configured elsewhere. The only values that
|
|
|
2de3ab |
+ affect PAM modules are <emphasis>ENCRYPT_METHOD</emphasis> and <emphasis>SHA_CRYPT_MAX_ROUNDS</emphasis>
|
|
|
2de3ab |
+ for pam_unix module, <emphasis>FAIL_DELAY</emphasis> for pam_faildelay module,
|
|
|
2de3ab |
+ and <emphasis>UMASK</emphasis> for pam_umask module. Refer to
|
|
|
2de3ab |
+ pam(8) for more information.
|
|
|
2de3ab |
+ </para>
|
|
|
2de3ab |
+
|
|
|
2de3ab |
<para>The following configuration items are provided:</para>
|
|
|
2de3ab |
|
|
|
2de3ab |
<variablelist remap='IP'>
|
|
|
2de3ab |
@@ -256,16 +267,6 @@
|
|
|
2de3ab |
</listitem>
|
|
|
2de3ab |
</varlistentry>
|
|
|
2de3ab |
<varlistentry>
|
|
|
2de3ab |
- <term>chfn</term>
|
|
|
2de3ab |
- <listitem>
|
|
|
2de3ab |
- <para>
|
|
|
2de3ab |
- <phrase condition="no_pam">CHFN_AUTH</phrase>
|
|
|
2de3ab |
- CHFN_RESTRICT
|
|
|
2de3ab |
- <phrase condition="no_pam">LOGIN_STRING</phrase>
|
|
|
2de3ab |
- </para>
|
|
|
2de3ab |
- </listitem>
|
|
|
2de3ab |
- </varlistentry>
|
|
|
2de3ab |
- <varlistentry>
|
|
|
2de3ab |
<term>chgpasswd</term>
|
|
|
2de3ab |
<listitem>
|
|
|
2de3ab |
<para>
|
|
|
2de3ab |
@@ -286,14 +287,6 @@
|
|
|
2de3ab |
</para>
|
|
|
2de3ab |
</listitem>
|
|
|
2de3ab |
</varlistentry>
|
|
|
2de3ab |
- <varlistentry condition="no_pam">
|
|
|
2de3ab |
- <term>chsh</term>
|
|
|
2de3ab |
- <listitem>
|
|
|
2de3ab |
- <para>
|
|
|
2de3ab |
- CHSH_AUTH LOGIN_STRING
|
|
|
2de3ab |
- </para>
|
|
|
2de3ab |
- </listitem>
|
|
|
2de3ab |
- </varlistentry>
|
|
|
2de3ab |
|
|
|
2de3ab |
|
|
|
2de3ab |
<varlistentry>
|
|
|
2de3ab |
@@ -359,34 +352,6 @@
|
|
|
2de3ab |
<para>LASTLOG_UID_MAX</para>
|
|
|
2de3ab |
</listitem>
|
|
|
2de3ab |
</varlistentry>
|
|
|
2de3ab |
- <varlistentry>
|
|
|
2de3ab |
- <term>login</term>
|
|
|
2de3ab |
- <listitem>
|
|
|
2de3ab |
- <para>
|
|
|
2de3ab |
- <phrase condition="no_pam">CONSOLE</phrase>
|
|
|
2de3ab |
- CONSOLE_GROUPS DEFAULT_HOME
|
|
|
2de3ab |
- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
|
|
|
2de3ab |
- ENV_TZ ENVIRON_FILE</phrase>
|
|
|
2de3ab |
- ERASECHAR FAIL_DELAY
|
|
|
2de3ab |
- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
|
|
|
2de3ab |
- FAKE_SHELL
|
|
|
2de3ab |
- <phrase condition="no_pam">FTMP_FILE</phrase>
|
|
|
2de3ab |
- HUSHLOGIN_FILE
|
|
|
2de3ab |
- <phrase condition="no_pam">ISSUE_FILE</phrase>
|
|
|
2de3ab |
- KILLCHAR
|
|
|
2de3ab |
- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
|
|
|
2de3ab |
- LOGIN_RETRIES
|
|
|
2de3ab |
- <phrase condition="no_pam">LOGIN_STRING</phrase>
|
|
|
2de3ab |
- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
|
|
|
2de3ab |
- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
|
|
|
2de3ab |
- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
|
|
|
2de3ab |
- QUOTAS_ENAB</phrase>
|
|
|
2de3ab |
- TTYGROUP TTYPERM TTYTYPE_FILE
|
|
|
2de3ab |
- <phrase condition="no_pam">ULIMIT UMASK</phrase>
|
|
|
2de3ab |
- USERGROUPS_ENAB
|
|
|
2de3ab |
- </para>
|
|
|
2de3ab |
- </listitem>
|
|
|
2de3ab |
- </varlistentry>
|
|
|
2de3ab |
|
|
|
2de3ab |
<varlistentry>
|
|
|
2de3ab |
<term>newgrp / sg</term>
|
|
|
2de3ab |
@@ -415,17 +380,6 @@
|
|
|
2de3ab |
</listitem>
|
|
|
2de3ab |
</varlistentry>
|
|
|
2de3ab |
|
|
|
2de3ab |
- <varlistentry condition="no_pam">
|
|
|
2de3ab |
- <term>passwd</term>
|
|
|
2de3ab |
- <listitem>
|
|
|
2de3ab |
- <para>
|
|
|
2de3ab |
- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
|
|
|
2de3ab |
- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
|
|
|
2de3ab |
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
|
|
|
2de3ab |
- SHA_CRYPT_MIN_ROUNDS</phrase>
|
|
|
2de3ab |
- </para>
|
|
|
2de3ab |
- </listitem>
|
|
|
2de3ab |
- </varlistentry>
|
|
|
2de3ab |
<varlistentry>
|
|
|
2de3ab |
<term>pwck</term>
|
|
|
2de3ab |
<listitem>
|
|
|
2de3ab |
@@ -452,32 +406,6 @@
|
|
|
2de3ab |
</para>
|
|
|
2de3ab |
</listitem>
|
|
|
2de3ab |
</varlistentry>
|
|
|
2de3ab |
- <varlistentry>
|
|
|
2de3ab |
- <term>su</term>
|
|
|
2de3ab |
- <listitem>
|
|
|
2de3ab |
- <para>
|
|
|
2de3ab |
- <phrase condition="no_pam">CONSOLE</phrase>
|
|
|
2de3ab |
- CONSOLE_GROUPS DEFAULT_HOME
|
|
|
2de3ab |
- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
|
|
|
2de3ab |
- ENV_PATH ENV_SUPATH
|
|
|
2de3ab |
- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
|
|
|
2de3ab |
- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
|
|
|
2de3ab |
- SULOG_FILE SU_NAME
|
|
|
2de3ab |
- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
|
|
|
2de3ab |
- SYSLOG_SU_ENAB
|
|
|
2de3ab |
- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
|
|
|
2de3ab |
- </para>
|
|
|
2de3ab |
- </listitem>
|
|
|
2de3ab |
- </varlistentry>
|
|
|
2de3ab |
- <varlistentry>
|
|
|
2de3ab |
- <term>sulogin</term>
|
|
|
2de3ab |
- <listitem>
|
|
|
2de3ab |
- <para>
|
|
|
2de3ab |
- ENV_HZ
|
|
|
2de3ab |
- <phrase condition="no_pam">ENV_TZ</phrase>
|
|
|
2de3ab |
- </para>
|
|
|
2de3ab |
- </listitem>
|
|
|
2de3ab |
- </varlistentry>
|
|
|
2de3ab |
<varlistentry>
|
|
|
2de3ab |
<term>useradd</term>
|
|
|
2de3ab |
<listitem>
|