diff options
| author | Christian Perrier <bubulle@debian.org> | 2014-03-01 19:59:36 +0100 |
|---|---|---|
| committer | Christian Perrier <bubulle@debian.org> | 2014-03-01 19:59:36 +0100 |
| commit | 65b471a2f27acb2f3ce378106eb8aeba8b496557 (patch) | |
| tree | 29941e07f9b1d7c9a44a08b65782505eb6ef58a5 /man/man1 | |
| parent | db1dc7288b64873f4f39e8404fd99c1bf55c7a8b (diff) | |
| download | shadow-65b471a2f27acb2f3ce378106eb8aeba8b496557.tar.gz | |
Imported Upstream version 4.2upstream/4.2
Diffstat (limited to 'man/man1')
| -rw-r--r-- | man/man1/chage.1 | 185 | ||||
| -rw-r--r-- | man/man1/chfn.1 | 164 | ||||
| -rw-r--r-- | man/man1/chsh.1 | 122 | ||||
| -rw-r--r-- | man/man1/expiry.1 | 75 | ||||
| -rw-r--r-- | man/man1/gpasswd.1 | 234 | ||||
| -rw-r--r-- | man/man1/groups.1 | 65 | ||||
| -rw-r--r-- | man/man1/id.1 | 61 | ||||
| -rw-r--r-- | man/man1/login.1 | 488 | ||||
| -rw-r--r-- | man/man1/newgrp.1 | 100 | ||||
| -rw-r--r-- | man/man1/passwd.1 | 360 | ||||
| -rw-r--r-- | man/man1/sg.1 | 98 | ||||
| -rw-r--r-- | man/man1/su.1 | 450 |
12 files changed, 0 insertions, 2402 deletions
diff --git a/man/man1/chage.1 b/man/man1/chage.1 deleted file mode 100644 index fe0eef3a..00000000 --- a/man/man1/chage.1 +++ /dev/null @@ -1,185 +0,0 @@ -'\" t -.\" Title: chage -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "CHAGE" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -chage \- change user password expiry information -.SH "SYNOPSIS" -.HP \w'\fBchage\fR\ 'u -\fBchage\fR [\fIoptions\fR] \fILOGIN\fR -.SH "DESCRIPTION" -.PP -The -\fBchage\fR -command changes the number of days between password changes and the date of the last password change\&. This information is used by the system to determine when a user must change his/her password\&. -.SH "OPTIONS" -.PP -The options which apply to the -\fBchage\fR -command are: -.PP -\fB\-d\fR, \fB\-\-lastday\fR \fILAST_DAY\fR -.RS 4 -Set the number of days since January 1st, 1970 when the password was last changed\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&. -.RE -.PP -\fB\-E\fR, \fB\-\-expiredate\fR \fIEXPIRE_DATE\fR -.RS 4 -Set the date or number of days since January 1, 1970 on which the user\*(Aqs account will no longer be accessible\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&. A user whose account is locked must contact the system administrator before being able to use the system again\&. -.sp -Passing the number -\fI\-1\fR -as the -\fIEXPIRE_DATE\fR -will remove an account expiration date\&. -.RE -.PP -\fB\-h\fR, \fB\-\-help\fR -.RS 4 -Display help message and exit\&. -.RE -.PP -\fB\-I\fR, \fB\-\-inactive\fR \fIINACTIVE\fR -.RS 4 -Set the number of days of inactivity after a password has expired before the account is locked\&. The -\fIINACTIVE\fR -option is the number of days of inactivity\&. A user whose account is locked must contact the system administrator before being able to use the system again\&. -.sp -Passing the number -\fI\-1\fR -as the -\fIINACTIVE\fR -will remove an account\*(Aqs inactivity\&. -.RE -.PP -\fB\-l\fR, \fB\-\-list\fR -.RS 4 -Show account aging information\&. -.RE -.PP -\fB\-m\fR, \fB\-\-mindays\fR \fIMIN_DAYS\fR -.RS 4 -Set the minimum number of days between password changes to -\fIMIN_DAYS\fR\&. A value of zero for this field indicates that the user may change his/her password at any time\&. -.RE -.PP -\fB\-M\fR, \fB\-\-maxdays\fR \fIMAX_DAYS\fR -.RS 4 -Set the maximum number of days during which a password is valid\&. When -\fIMAX_DAYS\fR -plus -\fILAST_DAY\fR -is less than the current day, the user will be required to change his/her password before being able to use his/her account\&. This occurrence can be planned for in advance by use of the -\fB\-W\fR -option, which provides the user with advance warning\&. -.sp -Passing the number -\fI\-1\fR -as -\fIMAX_DAYS\fR -will remove checking a password\*(Aqs validity\&. -.RE -.PP -\fB\-R\fR, \fB\-\-root\fR \fICHROOT_DIR\fR -.RS 4 -Apply changes in the -\fICHROOT_DIR\fR -directory and use the configuration files from the -\fICHROOT_DIR\fR -directory\&. -.RE -.PP -\fB\-W\fR, \fB\-\-warndays\fR \fIWARN_DAYS\fR -.RS 4 -Set the number of days of warning before a password change is required\&. The -\fIWARN_DAYS\fR -option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire\&. -.RE -.PP -If none of the options are selected, -\fBchage\fR -operates in an interactive fashion, prompting the user with the current values for all of the fields\&. Enter the new value to change the field, or leave the line blank to use the current value\&. The current value is displayed between a pair of -\fI[ ]\fR -marks\&. -.SH "NOTE" -.PP -The -\fBchage\fR -program requires a shadow password file to be available\&. -.PP -The -\fBchage\fR -command is restricted to the root user, except for the -\fB\-l\fR -option, which may be used by an unprivileged user to determine when his/her password or account is due to expire\&. -.SH "CONFIGURATION" -.PP -The following configuration variables in -/etc/login\&.defs -change the behavior of this tool: -.SH "FILES" -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.PP -/etc/shadow -.RS 4 -Secure user account information\&. -.RE -.SH "EXIT VALUES" -.PP -The -\fBchage\fR -command exits with the following values: -.PP -\fI0\fR -.RS 4 -success -.RE -.PP -\fI1\fR -.RS 4 -permission denied -.RE -.PP -\fI2\fR -.RS 4 -invalid command syntax -.RE -.PP -\fI15\fR -.RS 4 -can\*(Aqt find the shadow password file -.RE -.SH "SEE ALSO" -.PP - -\fBpasswd\fR(5), -\fBshadow\fR(5)\&. diff --git a/man/man1/chfn.1 b/man/man1/chfn.1 deleted file mode 100644 index 149bb8df..00000000 --- a/man/man1/chfn.1 +++ /dev/null @@ -1,164 +0,0 @@ -'\" t -.\" Title: chfn -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "CHFN" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -chfn \- change real user name and information -.SH "SYNOPSIS" -.HP \w'\fBchfn\fR\ 'u -\fBchfn\fR [\fIoptions\fR] [\fILOGIN\fR] -.SH "DESCRIPTION" -.PP -The -\fBchfn\fR -command changes user fullname, office room number, office phone number, and home phone number information for a user\*(Aqs account\&. This information is typically printed by -\fBfinger\fR(1) -and similar programs\&. A normal user may only change the fields for her own account, subject to the restrictions in -/etc/login\&.defs\&. (The default configuration is to prevent users from changing their fullname\&.) The superuser may change any field for any account\&. Additionally, only the superuser may use the -\fB\-o\fR -option to change the undefined portions of the GECOS field\&. -.PP -These fields must not contain any colons\&. Except for the -\fIother\fR -field, they should not contain any comma or equal sign\&. It is also recommended to avoid non\-US\-ASCII characters, but this is only enforced for the phone numbers\&. The -\fIother\fR -field is used to store accounting information used by other applications\&. -.SH "OPTIONS" -.PP -The options which apply to the -\fBchfn\fR -command are: -.PP -\fB\-f\fR, \fB\-\-full\-name\fR \fIFULL_NAME\fR -.RS 4 -Change the user\*(Aqs full name\&. -.RE -.PP -\fB\-h\fR, \fB\-\-home\-phone\fR \fIHOME_PHONE\fR -.RS 4 -Change the user\*(Aqs home phone number\&. -.RE -.PP -\fB\-o\fR, \fB\-\-other\fR \fIOTHER\fR -.RS 4 -Change the user\*(Aqs other GECOS information\&. This field is used to store accounting information used by other applications, and can be changed only by a superuser\&. -.RE -.PP -\fB\-r\fR, \fB\-\-room\fR \fIROOM_NUMBER\fR -.RS 4 -Change the user\*(Aqs room number\&. -.RE -.PP -\fB\-R\fR, \fB\-\-root\fR \fICHROOT_DIR\fR -.RS 4 -Apply changes in the -\fICHROOT_DIR\fR -directory and use the configuration files from the -\fICHROOT_DIR\fR -directory\&. -.RE -.PP -\fB\-u\fR, \fB\-\-help\fR -.RS 4 -Display help message and exit\&. -.RE -.PP -\fB\-w\fR, \fB\-\-work\-phone\fR \fIWORK_PHONE\fR -.RS 4 -Change the user\*(Aqs office phone number\&. -.RE -.PP -If none of the options are selected, -\fBchfn\fR -operates in an interactive fashion, prompting the user with the current values for all of the fields\&. Enter the new value to change the field, or leave the line blank to use the current value\&. The current value is displayed between a pair of -\fB[ ]\fR -marks\&. Without options, -\fBchfn\fR -prompts for the current user account\&. -.SH "CONFIGURATION" -.PP -The following configuration variables in -/etc/login\&.defs -change the behavior of this tool: -.PP -\fBCHFN_AUTH\fR (boolean) -.RS 4 -If -\fIyes\fR, the -\fBchfn\fR -program will require authentication before making any changes, unless run by the superuser\&. -.RE -.PP -\fBCHFN_RESTRICT\fR (string) -.RS 4 -This parameter specifies which values in the -\fIgecos\fR -field of the -/etc/passwd -file may be changed by regular users using the -\fBchfn\fR -program\&. It can be any combination of letters -\fIf\fR, -\fIr\fR, -\fIw\fR, -\fIh\fR, for Full name, Room number, Work phone, and Home phone, respectively\&. For backward compatibility, -\fIyes\fR -is equivalent to -\fIrwh\fR -and -\fIno\fR -is equivalent to -\fIfrwh\fR\&. If not specified, only the superuser can make any changes\&. The most restrictive setting is better achieved by not installing -\fBchfn\fR -SUID\&. -.RE -.PP -\fBLOGIN_STRING\fR (string) -.RS 4 -The string used for prompting a password\&. The default is to use "Password: ", or a translation of that string\&. If you set this variable, the prompt will not be translated\&. -.sp -If the string contains -\fI%s\fR, this will be replaced by the user\*(Aqs name\&. -.RE -.SH "FILES" -.PP -/etc/login\&.defs -.RS 4 -Shadow password suite configuration\&. -.RE -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.SH "SEE ALSO" -.PP - -\fBchsh\fR(1), -\fBlogin.defs\fR(5), -\fBpasswd\fR(5)\&. diff --git a/man/man1/chsh.1 b/man/man1/chsh.1 deleted file mode 100644 index 3dc2730a..00000000 --- a/man/man1/chsh.1 +++ /dev/null @@ -1,122 +0,0 @@ -'\" t -.\" Title: chsh -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "CHSH" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -chsh \- change login shell -.SH "SYNOPSIS" -.HP \w'\fBchsh\fR\ 'u -\fBchsh\fR [\fIoptions\fR] [\fILOGIN\fR] -.SH "DESCRIPTION" -.PP -The -\fBchsh\fR -command changes the user login shell\&. This determines the name of the user\*(Aqs initial login command\&. A normal user may only change the login shell for her own account; the superuser may change the login shell for any account\&. -.SH "OPTIONS" -.PP -The options which apply to the -\fBchsh\fR -command are: -.PP -\fB\-h\fR, \fB\-\-help\fR -.RS 4 -Display help message and exit\&. -.RE -.PP -\fB\-R\fR, \fB\-\-root\fR \fICHROOT_DIR\fR -.RS 4 -Apply changes in the -\fICHROOT_DIR\fR -directory and use the configuration files from the -\fICHROOT_DIR\fR -directory\&. -.RE -.PP -\fB\-s\fR, \fB\-\-shell\fR \fISHELL\fR -.RS 4 -The name of the user\*(Aqs new login shell\&. Setting this field to blank causes the system to select the default login shell\&. -.RE -.PP -If the -\fB\-s\fR -option is not selected, -\fBchsh\fR -operates in an interactive fashion, prompting the user with the current login shell\&. Enter the new value to change the shell, or leave the line blank to use the current one\&. The current shell is displayed between a pair of -\fI[ ]\fR -marks\&. -.SH "NOTE" -.PP -The only restriction placed on the login shell is that the command name must be listed in -/etc/shells, unless the invoker is the superuser, and then any value may be added\&. An account with a restricted login shell may not change her login shell\&. For this reason, placing -/bin/rsh -in -/etc/shells -is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&. -.SH "CONFIGURATION" -.PP -The following configuration variables in -/etc/login\&.defs -change the behavior of this tool: -.PP -\fBCHSH_AUTH\fR (boolean) -.RS 4 -If -\fIyes\fR, the -\fBchsh\fR -program will require authentication before making any changes, unless run by the superuser\&. -.RE -.PP -\fBLOGIN_STRING\fR (string) -.RS 4 -The string used for prompting a password\&. The default is to use "Password: ", or a translation of that string\&. If you set this variable, the prompt will not be translated\&. -.sp -If the string contains -\fI%s\fR, this will be replaced by the user\*(Aqs name\&. -.RE -.SH "FILES" -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.PP -/etc/shells -.RS 4 -List of valid login shells\&. -.RE -.PP -/etc/login\&.defs -.RS 4 -Shadow password suite configuration\&. -.RE -.SH "SEE ALSO" -.PP - -\fBchfn\fR(1), -\fBlogin.defs\fR(5), -\fBpasswd\fR(5)\&. diff --git a/man/man1/expiry.1 b/man/man1/expiry.1 deleted file mode 100644 index f0ea6802..00000000 --- a/man/man1/expiry.1 +++ /dev/null @@ -1,75 +0,0 @@ -'\" t -.\" Title: expiry -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "EXPIRY" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -expiry \- check and enforce password expiration policy -.SH "SYNOPSIS" -.HP \w'\fBexpiry\fR\ 'u -\fBexpiry\fR \fIoption\fR -.SH "DESCRIPTION" -.PP -The -\fBexpiry\fR -command checks (\fB\-c\fR) the current password expiration and forces (\fB\-f\fR) changes when required\&. It is callable as a normal user command\&. -.SH "OPTIONS" -.PP -The options which apply to the -\fBexpiry\fR -command are: -.PP -\fB\-c\fR, \fB\-\-check\fR -.RS 4 -Check the password expiration of the current user\&. -.RE -.PP -\fB\-f\fR, \fB\-\-force\fR -.RS 4 -Force a password change if the current user has an expired password\&. -.RE -.PP -\fB\-h\fR, \fB\-\-help\fR -.RS 4 -Display help message and exit\&. -.RE -.SH "FILES" -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.PP -/etc/shadow -.RS 4 -Secure user account information\&. -.RE -.SH "SEE ALSO" -.PP - -\fBpasswd\fR(5), -\fBshadow\fR(5)\&. diff --git a/man/man1/gpasswd.1 b/man/man1/gpasswd.1 deleted file mode 100644 index 58f68959..00000000 --- a/man/man1/gpasswd.1 +++ /dev/null @@ -1,234 +0,0 @@ -'\" t -.\" Title: gpasswd -.\" Author: Rafal Maszkowski -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "GPASSWD" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -gpasswd \- administer /etc/group and /etc/gshadow -.SH "SYNOPSIS" -.HP \w'\fBgpasswd\fR\ 'u -\fBgpasswd\fR [\fIoption\fR] \fIgroup\fR -.SH "DESCRIPTION" -.PP -The -\fBgpasswd\fR -command is used to administer -/etc/group, and /etc/gshadow\&. Every group can have -administrators, -members and a password\&. -.PP -System administrators can use the -\fB\-A\fR -option to define group administrator(s) and the -\fB\-M\fR -option to define members\&. They have all rights of group administrators and members\&. -.PP - -\fBgpasswd\fR -called by -a group administrator -with a group name only prompts for the new password of the -\fIgroup\fR\&. -.PP -If a password is set the members can still use -\fBnewgrp\fR(1) -without a password, and non\-members must supply the password\&. -.SS "Notes about group passwords" -.PP -Group passwords are an inherent security problem since more than one person is permitted to know the password\&. However, groups are a useful tool for permitting co\-operation between different users\&. -.SH "OPTIONS" -.PP -Except for the -\fB\-A\fR -and -\fB\-M\fR -options, the options cannot be combined\&. -.PP -The options which apply to the -\fBgpasswd\fR -command are: -.PP -\fB\-a\fR, \fB\-\-add\fR \fIuser\fR -.RS 4 -Add the -\fIuser\fR -to the named -\fIgroup\fR\&. -.RE -.PP -\fB\-d\fR, \fB\-\-delete\fR \fIuser\fR -.RS 4 -Remove the -\fIuser\fR -from the named -\fIgroup\fR\&. -.RE -.PP -\fB\-h\fR, \fB\-\-help\fR -.RS 4 -Display help message and exit\&. -.RE -.PP -\fB\-Q\fR, \fB\-\-root\fR \fICHROOT_DIR\fR -.RS 4 -Apply changes in the -\fICHROOT_DIR\fR -directory and use the configuration files from the -\fICHROOT_DIR\fR -directory\&. -.RE -.PP -\fB\-r\fR, \fB\-\-remove\-password\fR -.RS 4 -Remove the password from the named -\fIgroup\fR\&. The group password will be empty\&. Only group members will be allowed to use -\fBnewgrp\fR -to join the named -\fIgroup\fR\&. -.RE -.PP -\fB\-R\fR, \fB\-\-restrict\fR -.RS 4 -Restrict the access to the named -\fIgroup\fR\&. The group password is set to "!"\&. Only group members with a password will be allowed to use -\fBnewgrp\fR -to join the named -\fIgroup\fR\&. -.RE -.PP -\fB\-A\fR, \fB\-\-administrators\fR \fIuser\fR,\&.\&.\&. -.RS 4 -Set the list of administrative users\&. -.RE -.PP -\fB\-M\fR, \fB\-\-members\fR \fIuser\fR,\&.\&.\&. -.RS 4 -Set the list of group members\&. -.RE -.SH "CAVEATS" -.PP -This tool only operates on the -/etc/group -and /etc/gshadow files\&. -Thus you cannot change any NIS or LDAP group\&. This must be performed on the corresponding server\&. -.SH "CONFIGURATION" -.PP -The following configuration variables in -/etc/login\&.defs -change the behavior of this tool: -.PP -\fBENCRYPT_METHOD\fR (string) -.RS 4 -This defines the system default encryption algorithm for encrypting passwords (if no algorithm are specified on the command line)\&. -.sp -It can take one of these values: -\fIDES\fR -(default), -\fIMD5\fR, \fISHA256\fR, \fISHA512\fR\&. -.sp -Note: this parameter overrides the -\fBMD5_CRYPT_ENAB\fR -variable\&. -.RE -.PP -\fBMAX_MEMBERS_PER_GROUP\fR (number) -.RS 4 -Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in -/etc/group -(with the same name, same password, and same GID)\&. -.sp -The default value is 0, meaning that there are no limits in the number of members in a group\&. -.sp -This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&. -.sp -If you need to enforce such limit, you can use 25\&. -.sp -Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&. -.RE -.PP -\fBMD5_CRYPT_ENAB\fR (boolean) -.RS 4 -Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to -\fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to -\fIno\fR -if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is -\fIno\fR\&. -.sp -This variable is superseded by the -\fBENCRYPT_METHOD\fR -variable or by any command line option used to configure the encryption algorithm\&. -.sp -This variable is deprecated\&. You should use -\fBENCRYPT_METHOD\fR\&. -.RE -.PP -\fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number) -.RS 4 -When -\fBENCRYPT_METHOD\fR -is set to -\fISHA256\fR -or -\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&. -.sp -With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&. -.sp -If not specified, the libc will choose the default number of rounds (5000)\&. -.sp -The values must be inside the 1000\-999,999,999 range\&. -.sp -If only one of the -\fBSHA_CRYPT_MIN_ROUNDS\fR -or -\fBSHA_CRYPT_MAX_ROUNDS\fR -values is set, then this value will be used\&. -.sp -If -\fBSHA_CRYPT_MIN_ROUNDS\fR -> -\fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&. -.RE -.SH "FILES" -.PP -/etc/group -.RS 4 -Group account information\&. -.RE -.PP -/etc/gshadow -.RS 4 -Secure group account information\&. -.RE -.SH "SEE ALSO" -.PP - -\fBnewgrp\fR(1), -\fBgroupadd\fR(8), -\fBgroupdel\fR(8), -\fBgroupmod\fR(8), -\fBgrpck\fR(8), -\fBgroup\fR(5), \fBgshadow\fR(5)\&. diff --git a/man/man1/groups.1 b/man/man1/groups.1 deleted file mode 100644 index 0b094371..00000000 --- a/man/man1/groups.1 +++ /dev/null @@ -1,65 +0,0 @@ -'\" t -.\" Title: groups -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "GROUPS" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -groups \- display current group names -.SH "SYNOPSIS" -.HP \w'\fBgroups\fR\ 'u -\fBgroups\fR [\fIuser\fR] -.SH "DESCRIPTION" -.PP -The -\fBgroups\fR -command displays the current group names or ID values\&. If the value does not have a corresponding entry in -/etc/group, the value will be displayed as the numerical group value\&. The optional -\fIuser\fR -parameter will display the groups for the named -\fIuser\fR\&. -.SH "NOTE" -.PP -Systems which do not support concurrent group sets will have the information from -/etc/group -reported\&. The user must use -\fBnewgrp\fR -or -\fBsg\fR -to change his current real and effective group ID\&. -.SH "FILES" -.PP -/etc/group -.RS 4 -Group account information\&. -.RE -.SH "SEE ALSO" -.PP - -\fBnewgrp\fR(1), -\fBgetgid\fR(2), -\fBgetgroups\fR(2), -\fBgetuid\fR(2)\&. diff --git a/man/man1/id.1 b/man/man1/id.1 deleted file mode 100644 index 96c11e00..00000000 --- a/man/man1/id.1 +++ /dev/null @@ -1,61 +0,0 @@ -'\" t -.\" Title: id -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "ID" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -id \- display current user and group ID names -.SH "SYNOPSIS" -.HP \w'\fBid\fR\ 'u -\fBid\fR [\-a] -.SH "DESCRIPTION" -.PP -The -\fBid\fR -command displays the current real and effective user and group ID names or values\&. If the value does not have a corresponding entry in -/etc/passwd -or -/etc/group, the value will be displayed without the corresponding name\&. The optional -\fB\-a\fR -flag will display the group set on systems which support multiple concurrent group membership\&. -.SH "FILES" -.PP -/etc/group -.RS 4 -Group account information\&. -.RE -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.SH "SEE ALSO" -.PP - -\fBgetgid\fR(2), -\fBgetgroups\fR(2), -\fBgetuid\fR(2) diff --git a/man/man1/login.1 b/man/man1/login.1 deleted file mode 100644 index 9c1d3787..00000000 --- a/man/man1/login.1 +++ /dev/null @@ -1,488 +0,0 @@ -'\" t -.\" Title: login -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "LOGIN" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -login \- begin session on the system -.SH "SYNOPSIS" -.HP \w'\fBlogin\fR\ 'u -\fBlogin\fR [\-p] [\-h\ \fIhost\fR] [\fIusername\fR] [\fIENV=VAR\fR...] -.HP \w'\fBlogin\fR\ 'u -\fBlogin\fR [\-p] [\-h\ \fIhost\fR] \-f \fIusername\fR -.HP \w'\fBlogin\fR\ 'u -\fBlogin\fR [\-p] \-r\ \fIhost\fR -.SH "DESCRIPTION" -.PP -The -\fBlogin\fR -program is used to establish a new session with the system\&. It is normally invoked automatically by responding to the -\fIlogin:\fR -prompt on the user\*(Aqs terminal\&. -\fBlogin\fR -may be special to the shell and may not be invoked as a sub\-process\&. When called from a shell, -\fBlogin\fR -should be executed as -\fBexec login\fR -which will cause the user to exit from the current shell (and thus will prevent the new logged in user to return to the session of the caller)\&. Attempting to execute -\fBlogin\fR -from any shell but the login shell will produce an error message\&. -.PP -The user is then prompted for a password, where appropriate\&. Echoing is disabled to prevent revealing the password\&. Only a small number of password failures are permitted before -\fBlogin\fR -exits and the communications link is severed\&. -.PP -If password aging has been enabled for your account, you may be prompted for a new password before proceeding\&. You will be forced to provide your old password and the new password before continuing\&. Please refer to -\fBpasswd\fR(1) -for more information\&. -.PP -After a successful login, you will be informed of any system messages and the presence of mail\&. You may turn off the printing of the system message file, -/etc/motd, by creating a zero\-length file -\&.hushlogin -in your login directory\&. The mail message will be one of "\fIYou have new mail\&.\fR", "\fIYou have mail\&.\fR", or "\fINo Mail\&.\fR" according to the condition of your mailbox\&. -.PP -Your user and group ID will be set according to their values in the -/etc/passwd -file\&. The value for -\fB$HOME\fR, -\fB$SHELL\fR, -\fB$PATH\fR, -\fB$LOGNAME\fR, and -\fB$MAIL\fR -are set according to the appropriate fields in the password entry\&. Ulimit, umask and nice values may also be set according to entries in the GECOS field\&. -.PP -On some installations, the environmental variable -\fB$TERM\fR -will be initialized to the terminal type on your tty line, as specified in -/etc/ttytype\&. -.PP -An initialization script for your command interpreter may also be executed\&. Please see the appropriate manual section for more information on this function\&. -.PP -A subsystem login is indicated by the presence of a "*" as the first character of the login shell\&. The given home directory will be used as the root of a new file system which the user is actually logged into\&. -.PP -The -\fBlogin\fR -program is NOT responsible for removing users from the utmp file\&. It is the responsibility of -\fBgetty\fR(8) -and -\fBinit\fR(8) -to clean up apparent ownership of a terminal session\&. If you use -\fBlogin\fR -from the shell prompt without -\fBexec\fR, the user you use will continue to appear to be logged in even after you log out of the "subsession"\&. -.SH "OPTIONS" -.PP -\fB\-f\fR -.RS 4 -Do not perform authentication, user is preauthenticated\&. -.sp -Note: In that case, -\fIusername\fR -is mandatory\&. -.RE -.PP -\fB\-h\fR -.RS 4 -Name of the remote host for this login\&. -.RE -.PP -\fB\-p\fR -.RS 4 -Preserve environment\&. -.RE -.PP -\fB\-r\fR -.RS 4 -Perform autologin protocol for rlogin\&. -.RE -.PP -The -\fB\-r\fR, -\fB\-h\fR -and -\fB\-f\fR -options are only used when -\fBlogin\fR -is invoked by root\&. -.SH "CAVEATS" -.PP -This version of -\fBlogin\fR -has many compilation options, only some of which may be in use at any particular site\&. -.PP -The location of files is subject to differences in system configuration\&. -.PP -The -\fBlogin\fR -program is NOT responsible for removing users from the utmp file\&. It is the responsibility of -\fBgetty\fR(8) -and -\fBinit\fR(8) -to clean up apparent ownership of a terminal session\&. If you use -\fBlogin\fR -from the shell prompt without -\fBexec\fR, the user you use will continue to appear to be logged in even after you log out of the "subsession"\&. -.PP -As with any program, -\fBlogin\fR\*(Aqs appearance can be faked\&. If non\-trusted users have physical access to a machine, an attacker could use this to obtain the password of the next person coming to sit in front of the machine\&. Under Linux, the SAK mechanism can be used by users to initiate a trusted path and prevent this kind of attack\&. -.SH "CONFIGURATION" -.PP -The following configuration variables in -/etc/login\&.defs -change the behavior of this tool: -.PP -\fBCONSOLE\fR (string) -.RS 4 -If defined, either full pathname of a file containing device names (one per line) or a ":" delimited list of device names\&. Root logins will be allowed only upon these devices\&. -.sp -If not defined, root will be allowed on any device\&. -.sp -The device should be specified without the /dev/ prefix\&. -.RE -.PP -\fBCONSOLE_GROUPS\fR (string) -.RS 4 -List of groups to add to the user\*(Aqs supplementary groups set when logging in on the console (as determined by the CONSOLE setting)\&. Default is none\&. - -Use with caution \- it is possible for users to gain permanent access to these groups, even when not logged in on the console\&. -.RE -.PP -\fBDEFAULT_HOME\fR (boolean) -.RS 4 -Indicate if login is allowed if we can\*(Aqt cd to the home directory\&. Default is no\&. -.sp -If set to -\fIyes\fR, the user will login in the root (/) directory if it is not possible to cd to her home directory\&. -.RE -.PP -\fBENV_HZ\fR (string) -.RS 4 -If set, it will be used to define the HZ environment variable when a user login\&. The value must be preceded by -\fIHZ=\fR\&. A common value on Linux is -\fIHZ=100\fR\&. -.RE -.PP -\fBENV_PATH\fR (string) -.RS 4 -If set, it will be used to define the PATH environment variable when a regular user login\&. The value is a colon separated list of paths (for example -\fI/bin:/usr/bin\fR) and can be preceded by -\fIPATH=\fR\&. The default value is -\fIPATH=/bin:/usr/bin\fR\&. -.RE -.PP -\fBENV_SUPATH\fR (string) -.RS 4 -If set, it will be used to define the PATH environment variable when the superuser login\&. The value is a colon separated list of paths (for example -\fI/sbin:/bin:/usr/sbin:/usr/bin\fR) and can be preceded by -\fIPATH=\fR\&. The default value is -\fIPATH=/sbin:/bin:/usr/sbin:/usr/bin\fR\&. -.RE -.PP -\fBENV_TZ\fR (string) -.RS 4 -If set, it will be used to define the TZ environment variable when a user login\&. The value can be the name of a timezone preceded by -\fITZ=\fR -(for example -\fITZ=CST6CDT\fR), or the full path to the file containing the timezone specification (for example -/etc/tzname)\&. -.sp -If a full path is specified but the file does not exist or cannot be read, the default is to use -\fITZ=CST6CDT\fR\&. -.RE -.PP -\fBENVIRON_FILE\fR (string) -.RS 4 -If this file exists and is readable, login environment will be read from it\&. Every line should be in the form name=value\&. -.sp -Lines starting with a # are treated as comment lines and ignored\&. -.RE -.PP -\fBERASECHAR\fR (number) -.RS 4 -Terminal ERASE character (\fI010\fR -= backspace, -\fI0177\fR -= DEL)\&. -.sp -The value can be prefixed "0" for an octal value, or "0x" for an hexadecimal value\&. -.RE -.PP -\fBFAIL_DELAY\fR (number) -.RS 4 -Delay in seconds before being allowed another attempt after a login failure\&. -.RE -.PP -\fBFAILLOG_ENAB\fR (boolean) -.RS 4 -Enable logging and display of -/var/log/faillog -login failure info\&. -.RE -.PP -\fBFAKE_SHELL\fR (string) -.RS 4 -If set, -\fBlogin\fR -will execute this shell instead of the users\*(Aq shell specified in -/etc/passwd\&. -.RE -.PP -\fBFTMP_FILE\fR (string) -.RS 4 -If defined, login failures will be logged in this file in a utmp format\&. -.RE -.PP -\fBHUSHLOGIN_FILE\fR (string) -.RS 4 -If defined, this file can inhibit all the usual chatter during the login sequence\&. If a full pathname is specified, then hushed mode will be enabled if the user\*(Aqs name or shell are found in the file\&. If not a full pathname, then hushed mode will be enabled if the file exists in the user\*(Aqs home directory\&. -.RE -.PP -\fBISSUE_FILE\fR (string) -.RS 4 -If defined, this file will be displayed before each login prompt\&. -.RE -.PP -\fBKILLCHAR\fR (number) -.RS 4 -Terminal KILL character (\fI025\fR -= CTRL/U)\&. -.sp -The value can be prefixed "0" for an octal value, or "0x" for an hexadecimal value\&. -.RE -.PP -\fBLASTLOG_ENAB\fR (boolean) -.RS 4 -Enable logging and display of /var/log/lastlog login time info\&. -.RE -.PP -\fBLOGIN_RETRIES\fR (number) -.RS 4 -Maximum number of login retries in case of bad password\&. -.RE -.PP -\fBLOGIN_STRING\fR (string) -.RS 4 -The string used for prompting a password\&. The default is to use "Password: ", or a translation of that string\&. If you set this variable, the prompt will not be translated\&. -.sp -If the string contains -\fI%s\fR, this will be replaced by the user\*(Aqs name\&. -.RE -.PP -\fBLOGIN_TIMEOUT\fR (number) -.RS 4 -Max time in seconds for login\&. -.RE -.PP -\fBLOG_OK_LOGINS\fR (boolean) -.RS 4 -Enable logging of successful logins\&. -.RE -.PP -\fBLOG_UNKFAIL_ENAB\fR (boolean) -.RS 4 -Enable display of unknown usernames when login failures are recorded\&. -.sp -Note: logging unknown usernames may be a security issue if an user enter her password instead of her login name\&. -.RE -.PP -\fBMAIL_CHECK_ENAB\fR (boolean) -.RS 4 -Enable checking and display of mailbox status upon login\&. -.sp -You should disable it if the shell startup files already check for mail ("mailx \-e" or equivalent)\&. -.RE -.PP -\fBMAIL_DIR\fR (string) -.RS 4 -The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&. -.RE -.PP -\fBMAIL_FILE\fR (string) -.RS 4 -Defines the location of the users mail spool files relatively to their home directory\&. -.RE -.PP -The -\fBMAIL_DIR\fR -and -\fBMAIL_FILE\fR -variables are used by -\fBuseradd\fR, -\fBusermod\fR, and -\fBuserdel\fR -to create, move, or delete the user\*(Aqs mail spool\&. -.PP -If -\fBMAIL_CHECK_ENAB\fR -is set to -\fIyes\fR, they are also used to define the -\fBMAIL\fR -environment variable\&. -.PP -\fBMOTD_FILE\fR (string) -.RS 4 -If defined, ":" delimited list of "message of the day" files to be displayed upon login\&. -.RE -.PP -\fBNOLOGINS_FILE\fR (string) -.RS 4 -If defined, name of file whose presence will inhibit non\-root logins\&. The contents of this file should be a message indicating why logins are inhibited\&. -.RE -.PP -\fBPORTTIME_CHECKS_ENAB\fR (boolean) -.RS 4 -Enable checking of time restrictions specified in -/etc/porttime\&. -.RE -.PP -\fBQUOTAS_ENAB\fR (boolean) -.RS 4 -Enable setting of resource limits from -/etc/limits -and ulimit, umask, and niceness from the user\*(Aqs passwd gecos field\&. -.RE -.PP -\fBTTYGROUP\fR (string), \fBTTYPERM\fR (string) -.RS 4 -The terminal permissions: the login tty will be owned by the -\fBTTYGROUP\fR -group, and the permissions will be set to -\fBTTYPERM\fR\&. -.sp -By default, the ownership of the terminal is set to the user\*(Aqs primary group and the permissions are set to -\fI0600\fR\&. -.sp - -\fBTTYGROUP\fR -can be either the name of a group or a numeric group identifier\&. -.sp -If you have a -\fBwrite\fR -program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620\&. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600\&. -.RE -.PP -\fBTTYTYPE_FILE\fR (string) -.RS 4 -If defined, file which maps tty line to TERM environment parameter\&. Each line of the file is in a format something like "vt100 tty01"\&. -.RE -.PP -\fBULIMIT\fR (number) -.RS 4 -Default -\fBulimit\fR -value\&. -.RE -.PP -\fBUMASK\fR (number) -.RS 4 -The file mode creation mask is initialized to this value\&. If not specified, the mask will be initialized to 022\&. -.sp - -\fBuseradd\fR -and -\fBnewusers\fR -use this mask to set the mode of the home directory they create -.sp -It is also used by -\fBlogin\fR -to define users\*(Aq initial umask\&. Note that this mask can be overridden by the user\*(Aqs GECOS line (if -\fBQUOTAS_ENAB\fR -is set) or by the specification of a limit with the -\fIK\fR -identifier in -\fBlimits\fR(5)\&. -.RE -.PP -\fBUSERGROUPS_ENAB\fR (boolean) -.RS 4 -Enable setting of the umask group bits to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007) for non\-root users, if the uid is the same as gid, and username is the same as the primary group name\&. -.sp -If set to -\fIyes\fR, -\fBuserdel\fR -will remove the user\*(Aqs group if it contains no more members, and -\fBuseradd\fR -will create by default a group with the name of the user\&. -.RE -.SH "FILES" -.PP -/var/run/utmp -.RS 4 -List of current login sessions\&. -.RE -.PP -/var/log/wtmp -.RS 4 -List of previous login sessions\&. -.RE -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.PP -/etc/shadow -.RS 4 -Secure user account information\&. -.RE -.PP -/etc/motd -.RS 4 -System message of the day file\&. -.RE -.PP -/etc/nologin -.RS 4 -Prevent non\-root users from logging in\&. -.RE -.PP -/etc/ttytype -.RS 4 -List of terminal types\&. -.RE -.PP -$HOME/\&.hushlogin -.RS 4 -Suppress printing of system messages\&. -.RE -.PP -/etc/login\&.defs -.RS 4 -Shadow password suite configuration\&. -.RE -.SH "SEE ALSO" -.PP - -\fBmail\fR(1), -\fBpasswd\fR(1), -\fBsh\fR(1), -\fBsu\fR(1), -\fBlogin.defs\fR(5), -\fBnologin\fR(5), -\fBpasswd\fR(5), -\fBsecuretty\fR(5), -\fBgetty\fR(8)\&. diff --git a/man/man1/newgrp.1 b/man/man1/newgrp.1 deleted file mode 100644 index 577d15f2..00000000 --- a/man/man1/newgrp.1 +++ /dev/null @@ -1,100 +0,0 @@ -'\" t -.\" Title: newgrp -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "NEWGRP" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -newgrp \- log in to a new group -.SH "SYNOPSIS" -.HP \w'\fBnewgrp\fR\ 'u -\fBnewgrp\fR [\-] [\fIgroup\fR] -.SH "DESCRIPTION" -.PP -The -\fBnewgrp\fR -command is used to change the current group ID during a login session\&. If the optional -\fB\-\fR -flag is given, the user\*(Aqs environment will be reinitialized as though the user had logged in, otherwise the current environment, including current working directory, remains unchanged\&. -.PP - -\fBnewgrp\fR -changes the current real group ID to the named group, or to the default group listed in -/etc/passwd -if no group name is given\&. -\fBnewgrp\fR -also tries to add the group to the user groupset\&. If not root, the user will be prompted for a password if she does not have a password (in -/etc/shadow -if this user has an entry in the shadowed password file, or in -/etc/passwd -otherwise) and the group does, or if the user is not listed as a member and the group has a password\&. The user will be denied access if the group password is empty and the user is not listed as a member\&. -.PP -If there is an entry for this group in -/etc/gshadow, then the list of members and the password of this group will be taken from this file, otherwise, the entry in -/etc/group -is considered\&. -.SH "CONFIGURATION" -.PP -The following configuration variables in -/etc/login\&.defs -change the behavior of this tool: -.PP -\fBSYSLOG_SG_ENAB\fR (boolean) -.RS 4 -Enable "syslog" logging of -\fBsg\fR -activity\&. -.RE -.SH "FILES" -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.PP -/etc/shadow -.RS 4 -Secure user account information\&. -.RE -.PP -/etc/group -.RS 4 -Group account information\&. -.RE -.PP -/etc/gshadow -.RS 4 -Secure group account information\&. -.RE -.SH "SEE ALSO" -.PP - -\fBid\fR(1), -\fBlogin\fR(1), -\fBsu\fR(1), -\fBsg\fR(1), -\fBgpasswd\fR(1), -\fBgroup\fR(5), \fBgshadow\fR(5)\&. diff --git a/man/man1/passwd.1 b/man/man1/passwd.1 deleted file mode 100644 index c708cf51..00000000 --- a/man/man1/passwd.1 +++ /dev/null @@ -1,360 +0,0 @@ -'\" t -.\" Title: passwd -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "PASSWD" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -passwd \- change user password -.SH "SYNOPSIS" -.HP \w'\fBpasswd\fR\ 'u -\fBpasswd\fR [\fIoptions\fR] [\fILOGIN\fR] -.SH "DESCRIPTION" -.PP -The -\fBpasswd\fR -command changes passwords for user accounts\&. A normal user may only change the password for his/her own account, while the superuser may change the password for any account\&. -\fBpasswd\fR -also changes the account or associated password validity period\&. -.SS "Password Changes" -.PP -The user is first prompted for his/her old password, if one is present\&. This password is then encrypted and compared against the stored password\&. The user has only one chance to enter the correct password\&. The superuser is permitted to bypass this step so that forgotten passwords may be changed\&. -.PP -After the password has been entered, password aging information is checked to see if the user is permitted to change the password at this time\&. If not, -\fBpasswd\fR -refuses to change the password and exits\&. -.PP -The user is then prompted twice for a replacement password\&. The second entry is compared against the first and both are required to match in order for the password to be changed\&. -.PP -Then, the password is tested for complexity\&. As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets: -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -lower case alphabetics -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -digits 0 thru 9 -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -punctuation marks -.RE -.PP -Care must be taken not to include the system default erase or kill characters\&. -\fBpasswd\fR -will reject any password which is not suitably complex\&. -.SS "Hints for user passwords" -.PP -The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy -\fIUNIX\fR -System encryption method is based on the NBS DES algorithm\&. More recent methods are now recommended (see -\fBENCRYPT_METHOD\fR)\&. The size of the key space depends upon the randomness of the password which is selected\&. -.PP -Compromises in password security normally result from careless password selection or handling\&. For this reason, you should not select a password which appears in a dictionary or which must be written down\&. The password should also not be a proper name, your license number, birth date, or street address\&. Any of these may be used as guesses to violate system security\&. -.PP -You can find advices on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength -.SH "OPTIONS" -.PP -The options which apply to the -\fBpasswd\fR -command are: -.PP -\fB\-a\fR, \fB\-\-all\fR -.RS 4 -This option can be used only with -\fB\-S\fR -and causes show status for all users\&. -.RE -.PP -\fB\-d\fR, \fB\-\-delete\fR -.RS 4 -Delete a user\*(Aqs password (make it empty)\&. This is a quick way to disable a password for an account\&. It will set the named account passwordless\&. -.RE -.PP -\fB\-e\fR, \fB\-\-expire\fR -.RS 4 -Immediately expire an account\*(Aqs password\&. This in effect can force a user to change his/her password at the user\*(Aqs next login\&. -.RE -.PP -\fB\-h\fR, \fB\-\-help\fR -.RS 4 -Display help message and exit\&. -.RE -.PP -\fB\-i\fR, \fB\-\-inactive\fR \fIINACTIVE\fR -.RS 4 -This option is used to disable an account after the password has been expired for a number of days\&. After a user account has had an expired password for -\fIINACTIVE\fR -days, the user may no longer sign on to the account\&. -.RE -.PP -\fB\-k\fR, \fB\-\-keep\-tokens\fR -.RS 4 -Indicate password change should be performed only for expired authentication tokens (passwords)\&. The user wishes to keep their non\-expired tokens as before\&. -.RE -.PP -\fB\-l\fR, \fB\-\-lock\fR -.RS 4 -Lock the password of the named account\&. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a \(aa!\(aa at the beginning of the password)\&. -.sp -Note that this does not disable the account\&. The user may still be able to login using another authentication token (e\&.g\&. an SSH key)\&. To disable the account, administrators should use -\fBusermod \-\-expiredate 1\fR -(this set the account\*(Aqs expire date to Jan 2, 1970)\&. -.sp -Users with a locked password are not allowed to change their password\&. -.RE -.PP -\fB\-n\fR, \fB\-\-mindays\fR \fIMIN_DAYS\fR -.RS 4 -Set the minimum number of days between password changes to -\fIMIN_DAYS\fR\&. A value of zero for this field indicates that the user may change his/her password at any time\&. -.RE -.PP -\fB\-q\fR, \fB\-\-quiet\fR -.RS 4 -Quiet mode\&. -.RE -.PP -\fB\-r\fR, \fB\-\-repository\fR \fIREPOSITORY\fR -.RS 4 -change password in -\fIREPOSITORY\fR -repository -.RE -.PP -\fB\-R\fR, \fB\-\-root\fR \fICHROOT_DIR\fR -.RS 4 -Apply changes in the -\fICHROOT_DIR\fR -directory and use the configuration files from the -\fICHROOT_DIR\fR -directory\&. -.RE -.PP -\fB\-S\fR, \fB\-\-status\fR -.RS 4 -Display account status information\&. The status information consists of 7 fields\&. The first field is the user\*(Aqs login name\&. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P)\&. The third field gives the date of the last password change\&. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password\&. These ages are expressed in days\&. -.RE -.PP -\fB\-u\fR, \fB\-\-unlock\fR -.RS 4 -Unlock the password of the named account\&. This option re\-enables a password by changing the password back to its previous value (to the value before using the -\fB\-l\fR -option)\&. -.RE -.PP -\fB\-w\fR, \fB\-\-warndays\fR \fIWARN_DAYS\fR -.RS 4 -Set the number of days of warning before a password change is required\&. The -\fIWARN_DAYS\fR -option is the number of days prior to the password expiring that a user will be warned that his/her password is about to expire\&. -.RE -.PP -\fB\-x\fR, \fB\-\-maxdays\fR \fIMAX_DAYS\fR -.RS 4 -Set the maximum number of days a password remains valid\&. After -\fIMAX_DAYS\fR, the password is required to be changed\&. -.RE -.SH "CAVEATS" -.PP -Password complexity checking may vary from site to site\&. The user is urged to select a password as complex as he or she feels comfortable with\&. -.PP -Users may not be able to change their password on a system if NIS is enabled and they are not logged into the NIS server\&. -.SH "CONFIGURATION" -.PP -The following configuration variables in -/etc/login\&.defs -change the behavior of this tool: -.PP -\fBENCRYPT_METHOD\fR (string) -.RS 4 -This defines the system default encryption algorithm for encrypting passwords (if no algorithm are specified on the command line)\&. -.sp -It can take one of these values: -\fIDES\fR -(default), -\fIMD5\fR, \fISHA256\fR, \fISHA512\fR\&. -.sp -Note: this parameter overrides the -\fBMD5_CRYPT_ENAB\fR -variable\&. -.RE -.PP -\fBMD5_CRYPT_ENAB\fR (boolean) -.RS 4 -Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to -\fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to -\fIno\fR -if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is -\fIno\fR\&. -.sp -This variable is superseded by the -\fBENCRYPT_METHOD\fR -variable or by any command line option used to configure the encryption algorithm\&. -.sp -This variable is deprecated\&. You should use -\fBENCRYPT_METHOD\fR\&. -.RE -.PP -\fBOBSCURE_CHECKS_ENAB\fR (boolean) -.RS 4 -Enable additional checks upon password changes\&. -.RE -.PP -\fBPASS_ALWAYS_WARN\fR (boolean) -.RS 4 -Warn about weak passwords (but still allow them) if you are root\&. -.RE -.PP -\fBPASS_CHANGE_TRIES\fR (number) -.RS 4 -Maximum number of attempts to change password if rejected (too easy)\&. -.RE -.PP -\fBPASS_MAX_LEN\fR (number), \fBPASS_MIN_LEN\fR (number) -.RS 4 -Number of significant characters in the password for crypt()\&. -\fBPASS_MAX_LEN\fR -is 8 by default\&. Don\*(Aqt change unless your crypt() is better\&. This is ignored if -\fBMD5_CRYPT_ENAB\fR -set to -\fIyes\fR\&. -.RE -.PP -\fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number) -.RS 4 -When -\fBENCRYPT_METHOD\fR -is set to -\fISHA256\fR -or -\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&. -.sp -With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&. -.sp -If not specified, the libc will choose the default number of rounds (5000)\&. -.sp -The values must be inside the 1000\-999,999,999 range\&. -.sp -If only one of the -\fBSHA_CRYPT_MIN_ROUNDS\fR -or -\fBSHA_CRYPT_MAX_ROUNDS\fR -values is set, then this value will be used\&. -.sp -If -\fBSHA_CRYPT_MIN_ROUNDS\fR -> -\fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&. -.RE -.SH "FILES" -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.PP -/etc/shadow -.RS 4 -Secure user account information\&. -.RE -.PP -/etc/login\&.defs -.RS 4 -Shadow password suite configuration\&. -.RE -.SH "EXIT VALUES" -.PP -The -\fBpasswd\fR -command exits with the following values: -.PP -\fI0\fR -.RS 4 -success -.RE -.PP -\fI1\fR -.RS 4 -permission denied -.RE -.PP -\fI2\fR -.RS 4 -invalid combination of options -.RE -.PP -\fI3\fR -.RS 4 -unexpected failure, nothing done -.RE -.PP -\fI4\fR -.RS 4 -unexpected failure, -passwd -file missing -.RE -.PP -\fI5\fR -.RS 4 -passwd -file busy, try again -.RE -.PP -\fI6\fR -.RS 4 -invalid argument to option -.RE -.SH "SEE ALSO" -.PP - -\fBchpasswd\fR(8), -\fBpasswd\fR(5), -\fBshadow\fR(5), -\fBlogin.defs\fR(5), -\fBusermod\fR(8)\&. diff --git a/man/man1/sg.1 b/man/man1/sg.1 deleted file mode 100644 index e1bb4faa..00000000 --- a/man/man1/sg.1 +++ /dev/null @@ -1,98 +0,0 @@ -'\" t -.\" Title: sg -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "SG" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -sg \- execute command as different group ID -.SH "SYNOPSIS" -.HP \w'\fBsg\fR\ 'u -\fBsg\fR [\-] [group\ [\-c\ ]\ command] -.SH "DESCRIPTION" -.PP -The -\fBsg\fR -command works similar to -\fBnewgrp\fR -but accepts a command\&. The command will be executed with the -/bin/sh -shell\&. With most shells you may run -\fBsg\fR -from, you need to enclose multi\-word commands in quotes\&. Another difference between -\fBnewgrp\fR -and -\fBsg\fR -is that some shells treat -\fBnewgrp\fR -specially, replacing themselves with a new instance of a shell that -\fBnewgrp\fR -creates\&. This doesn\*(Aqt happen with -\fBsg\fR, so upon exit from a -\fBsg\fR -command you are returned to your previous group ID\&. -.SH "CONFIGURATION" -.PP -The following configuration variables in -/etc/login\&.defs -change the behavior of this tool: -.PP -\fBSYSLOG_SG_ENAB\fR (boolean) -.RS 4 -Enable "syslog" logging of -\fBsg\fR -activity\&. -.RE -.SH "FILES" -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.PP -/etc/shadow -.RS 4 -Secure user account information\&. -.RE -.PP -/etc/group -.RS 4 -Group account information\&. -.RE -.PP -/etc/gshadow -.RS 4 -Secure group account information\&. -.RE -.SH "SEE ALSO" -.PP - -\fBid\fR(1), -\fBlogin\fR(1), -\fBnewgrp\fR(1), -\fBsu\fR(1), -\fBgpasswd\fR(1), -\fBgroup\fR(5), \fBgshadow\fR(5)\&. diff --git a/man/man1/su.1 b/man/man1/su.1 deleted file mode 100644 index 580b2637..00000000 --- a/man/man1/su.1 +++ /dev/null @@ -1,450 +0,0 @@ -'\" t -.\" Title: su -.\" Author: Julianne Frances Haugh -.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/25/2012 -.\" Manual: User Commands -.\" Source: shadow-utils 4.1.5.1 -.\" Language: English -.\" -.TH "SU" "1" "05/25/2012" "shadow\-utils 4\&.1\&.5\&.1" "User Commands" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -su \- change user ID or become superuser -.SH "SYNOPSIS" -.HP \w'\fBsu\fR\ 'u -\fBsu\fR [\fIoptions\fR] [\fIusername\fR] -.SH "DESCRIPTION" -.PP -The -\fBsu\fR -command is used to become another user during a login session\&. Invoked without a -\fBusername\fR, -\fBsu\fR -defaults to becoming the superuser\&. The optional argument -\fB\-\fR -may be used to provide an environment similar to what the user would expect had the user logged in directly\&. -.PP -Additional arguments may be provided after the username, in which case they are supplied to the user\*(Aqs login shell\&. In particular, an argument of -\fB\-c\fR -will cause the next argument to be treated as a command by most command interpreters\&. The command will be executed by the shell specified in -/etc/passwd -for the target user\&. -.PP -You can use the -\fB\-\-\fR -argument to separate -\fBsu\fR -options from the arguments supplied to the shell\&. -.PP -The user will be prompted for a password, if appropriate\&. Invalid passwords will produce an error message\&. All attempts, both valid and invalid, are logged to detect abuse of the system\&. -.PP -The current environment is passed to the new shell\&. The value of -\fB$PATH\fR -is reset to -/bin:/usr/bin -for normal users, or -/sbin:/bin:/usr/sbin:/usr/bin -for the superuser\&. This may be changed with the -\fBENV_PATH\fR -and -\fBENV_SUPATH\fR -definitions in -/etc/login\&.defs\&. -.PP -A subsystem login is indicated by the presence of a "*" as the first character of the login shell\&. The given home directory will be used as the root of a new file system which the user is actually logged into\&. -.SH "OPTIONS" -.PP -The options which apply to the -\fBsu\fR -command are: -.PP -\fB\-c\fR, \fB\-\-command\fR \fICOMMAND\fR -.RS 4 -Specify a command that will be invoked by the shell using its -\fB\-c\fR\&. -.sp -The executed command will have no controlling terminal\&. This option cannot be used to execute interractive programs which need a controlling TTY\&. -.RE -.PP -\fB\-\fR, \fB\-l\fR, \fB\-\-login\fR -.RS 4 -Provide an environment similar to what the user would expect had the user logged in directly\&. -.sp -When -\fB\-\fR -is used, it must be specified as the last -\fBsu\fR -option\&. The other forms (\fB\-l\fR -and -\fB\-\-login\fR) do not have this restriction\&. -.RE -.PP -\fB\-s\fR, \fB\-\-shell\fR \fISHELL\fR -.RS 4 -The shell that will be invoked\&. -.sp -The invoked shell is chosen from (highest priority first): -.PP -.RS 4 -The shell specified with \-\-shell\&. -.RE -.PP -.RS 4 -If -\fB\-\-preserve\-environment\fR -is used, the shell specified by the -\fB$SHELL\fR -environment variable\&. -.RE -.PP -.RS 4 -The shell indicated in the -/etc/passwd -entry for the target user\&. -.RE -.PP -.RS 4 -/bin/sh -if a shell could not be found by any above method\&. -.RE -.sp -If the target user has a restricted shell (i\&.e\&. the shell field of this user\*(Aqs entry in -/etc/passwd -is not listed in -/etc/shells), then the -\fB\-\-shell\fR -option or the -\fB$SHELL\fR -environment variable won\*(Aqt be taken into account, unless -\fBsu\fR -is called by root\&. -.RE -.PP -\fB\-m\fR, \fB\-p\fR, \fB\-\-preserve\-environment\fR -.RS 4 -Preserve the current environment, except for: -.PP -\fB$PATH\fR -.RS 4 -reset according to the -/etc/login\&.defs -options -\fBENV_PATH\fR -or -\fBENV_SUPATH\fR -(see below); -.RE -.PP -\fB$IFS\fR -.RS 4 -reset to -\(lq<space><tab><newline>\(rq, if it was set\&. -.RE -.sp -If the target user has a restricted shell, this option has no effect (unless -\fBsu\fR -is called by root)\&. -.sp -Note that the default behavior for the environment is the following: -.PP -.RS 4 -The -\fB$HOME\fR, -\fB$SHELL\fR, -\fB$USER\fR, -\fB$LOGNAME\fR, -\fB$PATH\fR, and -\fB$IFS\fR -environment variables are reset\&. -.RE -.PP -.RS 4 -If -\fB\-\-login\fR -is not used, the environment is copied, except for the variables above\&. -.RE -.PP -.RS 4 -If -\fB\-\-login\fR -is used, the -\fB$TERM\fR, -\fB$COLORTERM\fR, -\fB$DISPLAY\fR, and -\fB$XAUTHORITY\fR -environment variables are copied if they were set\&. -.RE -.PP -.RS 4 -If -\fB\-\-login\fR -is used, the -\fB$TZ\fR, -\fB$HZ\fR, and -\fB$MAIL\fR -environment variables are set according to the -/etc/login\&.defs -options -\fBENV_TZ\fR, -\fBENV_HZ\fR, -\fBMAIL_DIR\fR, and -\fBMAIL_FILE\fR -(see below)\&. -.RE -.PP -.RS 4 -If -\fB\-\-login\fR -is used, other environment variables might be set by the -\fBENVIRON_FILE\fR -file (see below)\&. -.RE -.sp -.RE -.SH "CAVEATS" -.PP -This version of -\fBsu\fR -has many compilation options, only some of which may be in use at any particular site\&. -.SH "CONFIGURATION" -.PP -The following configuration variables in -/etc/login\&.defs -change the behavior of this tool: -.PP -\fBCONSOLE\fR (string) -.RS 4 -If defined, either full pathname of a file containing device names (one per line) or a ":" delimited list of device names\&. Root logins will be allowed only upon these devices\&. -.sp -If not defined, root will be allowed on any device\&. -.sp -The device should be specified without the /dev/ prefix\&. -.RE -.PP -\fBCONSOLE_GROUPS\fR (string) -.RS 4 -List of groups to add to the user\*(Aqs supplementary groups set when logging in on the console (as determined by the CONSOLE setting)\&. Default is none\&. - -Use with caution \- it is possible for users to gain permanent access to these groups, even when not logged in on the console\&. -.RE -.PP -\fBDEFAULT_HOME\fR (boolean) -.RS 4 -Indicate if login is allowed if we can\*(Aqt cd to the home directory\&. Default is no\&. -.sp -If set to -\fIyes\fR, the user will login in the root (/) directory if it is not possible to cd to her home directory\&. -.RE -.PP -\fBENV_HZ\fR (string) -.RS 4 -If set, it will be used to define the HZ environment variable when a user login\&. The value must be preceded by -\fIHZ=\fR\&. A common value on Linux is -\fIHZ=100\fR\&. -.RE -.PP -\fBENVIRON_FILE\fR (string) -.RS 4 -If this file exists and is readable, login environment will be read from it\&. Every line should be in the form name=value\&. -.sp -Lines starting with a # are treated as comment lines and ignored\&. -.RE -.PP -\fBENV_PATH\fR (string) -.RS 4 -If set, it will be used to define the PATH environment variable when a regular user login\&. The value is a colon separated list of paths (for example -\fI/bin:/usr/bin\fR) and can be preceded by -\fIPATH=\fR\&. The default value is -\fIPATH=/bin:/usr/bin\fR\&. -.RE -.PP -\fBENV_SUPATH\fR (string) -.RS 4 -If set, it will be used to define the PATH environment variable when the superuser login\&. The value is a colon separated list of paths (for example -\fI/sbin:/bin:/usr/sbin:/usr/bin\fR) and can be preceded by -\fIPATH=\fR\&. The default value is -\fIPATH=/sbin:/bin:/usr/sbin:/usr/bin\fR\&. -.RE -.PP -\fBENV_TZ\fR (string) -.RS 4 -If set, it will be used to define the TZ environment variable when a user login\&. The value can be the name of a timezone preceded by -\fITZ=\fR -(for example -\fITZ=CST6CDT\fR), or the full path to the file containing the timezone specification (for example -/etc/tzname)\&. -.sp -If a full path is specified but the file does not exist or cannot be read, the default is to use -\fITZ=CST6CDT\fR\&. -.RE -.PP -\fBLOGIN_STRING\fR (string) -.RS 4 -The string used for prompting a password\&. The default is to use "Password: ", or a translation of that string\&. If you set this variable, the prompt will not be translated\&. -.sp -If the string contains -\fI%s\fR, this will be replaced by the user\*(Aqs name\&. -.RE -.PP -\fBMAIL_CHECK_ENAB\fR (boolean) -.RS 4 -Enable checking and display of mailbox status upon login\&. -.sp -You should disable it if the shell startup files already check for mail ("mailx \-e" or equivalent)\&. -.RE -.PP -\fBMAIL_DIR\fR (string) -.RS 4 -The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&. -.RE -.PP -\fBMAIL_FILE\fR (string) -.RS 4 -Defines the location of the users mail spool files relatively to their home directory\&. -.RE -.PP -The -\fBMAIL_DIR\fR -and -\fBMAIL_FILE\fR -variables are used by -\fBuseradd\fR, -\fBusermod\fR, and -\fBuserdel\fR -to create, move, or delete the user\*(Aqs mail spool\&. -.PP -If -\fBMAIL_CHECK_ENAB\fR -is set to -\fIyes\fR, they are also used to define the -\fBMAIL\fR -environment variable\&. -.PP -\fBQUOTAS_ENAB\fR (boolean) -.RS 4 -Enable setting of resource limits from -/etc/limits -and ulimit, umask, and niceness from the user\*(Aqs passwd gecos field\&. -.RE -.PP -\fBSULOG_FILE\fR (string) -.RS 4 -If defined, all su activity is logged to this file\&. -.RE -.PP -\fBSU_NAME\fR (string) -.RS 4 -If defined, the command name to display when running "su \-"\&. For example, if this is defined as "su" then a "ps" will display the command is "\-su"\&. If not defined, then "ps" would display the name of the shell actually being run, e\&.g\&. something like "\-sh"\&. -.RE -.PP -\fBSU_WHEEL_ONLY\fR (boolean) -.RS 4 -If -\fIyes\fR, the user must be listed as a member of the first gid 0 group in -/etc/group -(called -\fIroot\fR -on most Linux systems) to be able to -\fBsu\fR -to uid 0 accounts\&. If the group doesn\*(Aqt exist or is empty, no one will be able to -\fBsu\fR -to uid 0\&. -.RE -.PP -\fBSYSLOG_SU_ENAB\fR (boolean) -.RS 4 -Enable "syslog" logging of -\fBsu\fR -activity \- in addition to sulog file logging\&. -.RE -.PP -\fBUSERGROUPS_ENAB\fR (boolean) -.RS 4 -Enable setting of the umask group bits to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007) for non\-root users, if the uid is the same as gid, and username is the same as the primary group name\&. -.sp -If set to -\fIyes\fR, -\fBuserdel\fR -will remove the user\*(Aqs group if it contains no more members, and -\fBuseradd\fR -will create by default a group with the name of the user\&. -.RE -.SH "FILES" -.PP -/etc/passwd -.RS 4 -User account information\&. -.RE -.PP -/etc/shadow -.RS 4 -Secure user account information\&. -.RE -.PP -/etc/login\&.defs -.RS 4 -Shadow password suite configuration\&. -.RE -.SH "EXIT VALUES" -.PP -On success, -\fBsu\fR -returns the exit value of the command it executed\&. -.PP -If this command was terminated by a signal, -\fBsu\fR -returns the number of this signal plus 128\&. -.PP -If su has to kill the command (because it was asked to terminate, and the command did not terminate in time), -\fBsu\fR -returns 255\&. -.PP -Some exit values from -\fBsu\fR -are independent from the executed command: -.PP -\fI0\fR -.RS 4 -success (\fB\-\-help\fR -only) -.RE -.PP -\fI1\fR -.RS 4 -System or authentication failure -.RE -.PP -\fI126\fR -.RS 4 -The requested command was not found -.RE -.PP -\fI127\fR -.RS 4 -The requested command could not be executed -.RE -.SH "SEE ALSO" -.PP -\fBlogin\fR(1), -\fBlogin.defs\fR(5), -\fBsg\fR(1), -\fBsh\fR(1)\&. |