Index: shadow-4.5/man/groupmems.8.xml
===================================================================
--- shadow-4.5.orig/man/groupmems.8.xml
+++ shadow-4.5/man/groupmems.8.xml
@@ -179,20 +179,10 @@
SETUP
- The groupmems executable should be in mode
- 2770 as user root and in group
- groups. The system administrator can add users to
- group groups to allow or disallow them using the
- groupmems utility to manage their own group
- membership list.
+ In this operating system the groupmems executable
+ is not setuid and regular users cannot use it to manipulate
+ the membership of their own group.
-
-
- $ groupadd -r groups
- $ chmod 2770 groupmems
- $ chown root.groups groupmems
- $ groupmems -g groups -a gk4
-
Index: shadow-4.5/man/chage.1.xml
===================================================================
--- shadow-4.5.orig/man/chage.1.xml
+++ shadow-4.5/man/chage.1.xml
@@ -102,6 +102,9 @@
Set the number of days since January 1st, 1970 when the password
was last changed. The date may also be expressed in the format
YYYY-MM-DD (or the format more commonly used in your area).
+ If the LAST_DAY is set to
+ 0 the user is forced to change his password
+ on the next log on.
@@ -119,6 +122,13 @@
system again.
+ For example the following can be used to set an account to expire
+ in 180 days:
+
+
+ chage -E $(date -d +180days +%Y-%m-%d)
+
+
Passing the number -1 as the
EXPIRE_DATE will remove an account
expiration date.
@@ -233,6 +243,18 @@
The chage program requires a shadow password file to
be available.
+
+ The chage program will report only the information from the shadow
+ password file. This implies that configuration from other sources
+ (e.g. LDAP or empty password hash field from the passwd file) that
+ affect the user's login will not be shown in the chage output.
+
+
+ The chage program will also not report any
+ inconsistency between the shadow and passwd files (e.g. missing x in
+ the passwd file). The pwck can be used to check
+ for this kind of inconsistencies.
+ The chage command is restricted to the root
user, except for the option, which may be used by
an unprivileged user to determine when their password or account is due
Index: shadow-4.5/man/ja/man5/login.defs.5
===================================================================
--- shadow-4.5.orig/man/ja/man5/login.defs.5
+++ shadow-4.5/man/ja/man5/login.defs.5
@@ -147,10 +147,6 @@ PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_
shadow パスワード機能のどのプログラムが
どのパラメータを使用するかを示したものである。
.na
-.IP chfn 12
-CHFN_AUTH CHFN_RESTRICT
-.IP chsh 12
-CHFN_AUTH
.IP groupadd 12
GID_MAX GID_MIN
.IP newusers 12
Index: shadow-4.5/man/login.defs.5.xml
===================================================================
--- shadow-4.5.orig/man/login.defs.5.xml
+++ shadow-4.5/man/login.defs.5.xml
@@ -162,6 +162,17 @@
long numeric parameters is machine-dependent.
+
+ Please note that the parameters in this configuration file control the
+ behavior of the tools from the shadow-utils component. None of these
+ tools uses the PAM mechanism, and the utilities that use PAM (such as the
+ passwd command) should be configured elsewhere. The only values that
+ affect PAM modules are ENCRYPT_METHOD and SHA_CRYPT_MAX_ROUNDS
+ for pam_unix module, FAIL_DELAY for pam_faildelay module,
+ and UMASK for pam_umask module. Refer to
+ pam(8) for more information.
+
+
The following configuration items are provided:
@@ -252,16 +263,6 @@
- chfn
-
-
- CHFN_AUTH
- CHFN_RESTRICT
- LOGIN_STRING
-
-
-
- chgpasswd
@@ -282,14 +283,6 @@
-
- chsh
-
-
- CHSH_AUTH LOGIN_STRING
-
-
-
@@ -350,34 +343,6 @@
-
- login
-
-
- CONSOLE
- CONSOLE_GROUPS DEFAULT_HOME
- ENV_HZ ENV_PATH ENV_SUPATH
- ENV_TZ ENVIRON_FILE
- ERASECHAR FAIL_DELAY
- FAILLOG_ENAB
- FAKE_SHELL
- FTMP_FILE
- HUSHLOGIN_FILE
- ISSUE_FILE
- KILLCHAR
- LASTLOG_ENAB
- LOGIN_RETRIES
- LOGIN_STRING
- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
- MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
- QUOTAS_ENAB
- TTYGROUP TTYPERM TTYTYPE_FILE
- ULIMIT UMASK
- USERGROUPS_ENAB
-
-
- newgrp / sg
@@ -405,17 +370,6 @@
-
- passwd
-
-
- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
- SHA_CRYPT_MAX_ROUNDS
- SHA_CRYPT_MIN_ROUNDS
-
-
- pwck
@@ -442,32 +396,6 @@
-
- su
-
-
- CONSOLE
- CONSOLE_GROUPS DEFAULT_HOME
- ENV_HZ ENVIRON_FILE
- ENV_PATH ENV_SUPATH
- ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
- MAIL_DIR MAIL_FILE QUOTAS_ENAB
- SULOG_FILE SU_NAME
- SU_WHEEL_ONLY
- SYSLOG_SU_ENAB
- USERGROUPS_ENAB
-
-
-
-
- sulogin
-
-
- ENV_HZ
- ENV_TZ
-
-
- useradd
Index: shadow-4.5/man/shadow.5.xml
===================================================================
--- shadow-4.5.orig/man/shadow.5.xml
+++ shadow-4.5/man/shadow.5.xml
@@ -129,7 +129,7 @@
The date of the last password change, expressed as the number
- of days since Jan 1, 1970.
+ of days since Jan 1, 1970 00:00 UTC.
The value 0 has a special meaning, which is that the user
@@ -208,8 +208,8 @@
After expiration of the password and this expiration period is
- elapsed, no login is possible using the current user's
- password. The user should contact her administrator.
+ elapsed, no login is possible for the user.
+ The user should contact her administrator.
An empty field means that there are no enforcement of an
@@ -224,7 +224,7 @@
The date of expiration of the account, expressed as the number
- of days since Jan 1, 1970.
+ of days since Jan 1, 1970 00:00 UTC.
Note that an account expiration differs from a password
Index: shadow-4.5/man/useradd.8.xml
===================================================================
--- shadow-4.5.orig/man/useradd.8.xml
+++ shadow-4.5/man/useradd.8.xml
@@ -347,6 +347,11 @@
is not enabled, no home
directories are created.
+
+ The directory where the user's home directory is created must
+ exist and have proper SELinux context and permissions. Otherwise
+ the user's home directory cannot be created or accessed.
+
Index: shadow-4.5/man/usermod.8.xml
===================================================================
--- shadow-4.5.orig/man/usermod.8.xml
+++ shadow-4.5/man/usermod.8.xml
@@ -132,7 +132,8 @@
If the
option is given, the contents of the current home directory will
be moved to the new home directory, which is created if it does
- not already exist.
+ not already exist. If the current home directory does not exist
+ the new home directory will not be created.
@@ -256,7 +257,8 @@
Move the content of the user's home directory to the new
- location.
+ location. If the current home directory does not exist
+ the new home directory will not be created.
This option is only valid in combination with the
diff --git a/man/login.defs.d/SUB_GID_COUNT.xml b/man/login.defs.d/SUB_GID_COUNT.xml
index 01ace007..93fe7421 100644
--- a/man/login.defs.d/SUB_GID_COUNT.xml
+++ b/man/login.defs.d/SUB_GID_COUNT.xml
@@ -42,7 +42,7 @@
The default values for ,
,
- are respectively 100000, 600100000 and 10000.
+ are respectively 100000, 600100000 and 65536.
diff --git a/man/login.defs.d/SUB_UID_COUNT.xml b/man/login.defs.d/SUB_UID_COUNT.xml
index 5ad812f7..516417b7 100644
--- a/man/login.defs.d/SUB_UID_COUNT.xml
+++ b/man/login.defs.d/SUB_UID_COUNT.xml
@@ -42,7 +42,7 @@
The default values for ,
,
- are respectively 100000, 600100000 and 10000.
+ are respectively 100000, 600100000 and 65536.
diff -up shadow-4.6/man/groupadd.8.xml.manfix shadow-4.6/man/groupadd.8.xml
--- shadow-4.6/man/groupadd.8.xml.manfix 2019-04-02 16:35:52.096637444 +0200
+++ shadow-4.6/man/groupadd.8.xml 2019-06-07 14:23:57.477602106 +0200
@@ -320,13 +320,13 @@
4
- GID not unique (when not used)
+ GID is already used (when called without )9
- group name not unique
+ group name is already used