diff options
Diffstat (limited to 'man/usermod.8.xml')
-rw-r--r-- | man/usermod.8.xml | 121 |
1 files changed, 66 insertions, 55 deletions
diff --git a/man/usermod.8.xml b/man/usermod.8.xml index d121bfd7..7e1342ca 100644 --- a/man/usermod.8.xml +++ b/man/usermod.8.xml @@ -62,7 +62,7 @@ <title>DESCRIPTION</title> <para> The <command>usermod</command> command modifies the system account - files to reflect the changes that are specified on the command line. + files. </para> </refsect1> @@ -86,7 +86,7 @@ </varlistentry> <varlistentry> <term> - <option>-b</option>, <option>--badnames</option> + <option>-b</option>, <option>--badname</option> </term> <listitem> <para> @@ -100,8 +100,8 @@ </term> <listitem> <para> - The new value of the user's password file comment field. It is - normally modified using the <citerefentry> + update the comment field of the user in <filename>/etc/passwd + </filename>, which is normally modified using the <citerefentry> <refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum> </citerefentry> utility. </para> @@ -130,12 +130,15 @@ </term> <listitem> <para> - The date on which the user account will be disabled. The date is - specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>. + The date on which the user account will be disabled. The + date is specified in the format + <emphasis remap="I">YYYY-MM-DD</emphasis>. Integers as input are + interpreted as days after 1970-01-01. </para> <para> - An empty <replaceable>EXPIRE_DATE</replaceable> argument will - disable the expiration of the account. + An input of -1 or an empty string will blank the account + expiration field in the shadow password file. The account + will remain available with no date limit. </para> <para> This option requires a <filename>/etc/shadow</filename> file. @@ -150,13 +153,14 @@ </term> <listitem> <para> - The number of days after a password expires until the account is - permanently disabled. - </para> - <para> - A value of 0 disables the account as soon - as the password has expired, and a value of -1 disables the - feature. + defines the number of days after the password exceeded its maximum + age during which the user may still login by immediately replacing + the password. This grace period before the account becomes inactive + is stored in the shadow password file. An input of 0 will disable an + expired password with no delay. An input of -1 will blank the + respective field in the shadow password file. See <citerefentry> + <refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum> + </citerefentry> for more information. </para> <para> This option requires a <filename>/etc/shadow</filename> file. @@ -171,7 +175,7 @@ </term> <listitem> <para> - The group name or number of the user's new initial login group. + The name or numerical ID of the user's new primary group. The group must exist. </para> <para> @@ -198,9 +202,7 @@ <para> A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no - intervening whitespace. The groups are subject to the same - restrictions as the group given with the <option>-g</option> - option. + intervening whitespace. The groups must exist. </para> <para> If the user is currently a member of a group which is @@ -249,7 +251,7 @@ </term> <listitem> <para> - Move the content of the user's home directory to the new + moves the content of the user's home directory to the new location. If the current home directory does not exist the new home directory will not be created. </para> @@ -270,9 +272,17 @@ </term> <listitem> <para> - When used with the <option>-u</option> option, this option allows to change the user ID to a non-unique value. </para> + <para> + This option is only valid in combination with the + <option>-u</option> option. As a user identity + serves as + key to map between users on one hand and permissions, file + ownerships and other aspects that determine the system's + behavior on the other hand, more than one login name + will access the account of the given UID. + </para> </listitem> </varlistentry> <varlistentry> @@ -281,13 +291,13 @@ </term> <listitem> <para> - The encrypted password, as returned by <citerefentry> - <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. + defines a new password for the user. PASSWORD is expected to + be encrypted, as returned by <citerefentry><refentrytitle>crypt + </refentrytitle><manvolnum>3</manvolnum></citerefentry>. </para> <para> - <emphasis role="bold">Note:</emphasis> This option is not - recommended because the password (or encrypted password) will + <emphasis role="bold">Note:</emphasis> Avoid this option on the + command line because the password (or encrypted password) will be visible by users listing the processes. </para> <para condition="pam"> @@ -322,6 +332,7 @@ Apply changes in the <replaceable>CHROOT_DIR</replaceable> directory and use the configuration files from the <replaceable>CHROOT_DIR</replaceable> directory. + Only absolute paths are supported. </para> </listitem> </varlistentry> @@ -331,14 +342,13 @@ </term> <listitem> <para> - Apply changes in the <replaceable>PREFIX_DIR</replaceable> - directory and use the configuration files from the - <replaceable>PREFIX_DIR</replaceable> directory. - This option does not chroot and is intended for preparing - a cross-compilation target. - Some limitations: NIS and LDAP users/groups are not verified. - PAM authentication is using the host files. - No SELINUX support. + Apply changes within the directory tree starting with + <replaceable>PREFIX_DIR</replaceable> and use as well the + configuration files located there. This option does not + chroot and is intended for preparing a cross-compilation + target. Some limitations: NIS and LDAP users/groups are + not verified. PAM authentication is using the host + files. No SELINUX support. </para> </listitem> </varlistentry> @@ -348,8 +358,9 @@ </term> <listitem> <para> - The path of the user's new login shell. Setting this field to - blank causes the system to select the default login shell. + changes the user's login shell. An empty string for SHELL blanks the + field in <filename>/etc/passwd</filename> and logs the user into the + system's default shell. </para> </listitem> </varlistentry> @@ -359,7 +370,7 @@ </term> <listitem> <para> - The new numerical value of the user's ID. + The new value of the user's ID. </para> <para> This value must be unique, @@ -418,7 +429,7 @@ Add a range of subordinate uids to the user's account. </para> <para> - This option may be specified multiple times to add multiple ranges to a users account. + This option may be specified multiple times to add multiple ranges to a user's account. </para> <para> No checks will be performed with regard to @@ -436,7 +447,7 @@ Remove a range of subordinate uids from the user's account. </para> <para> - This option may be specified multiple times to remove multiple ranges to a users account. + This option may be specified multiple times to remove multiple ranges to a user's account. When both <option>--del-subuids</option> and <option>--add-subuids</option> are specified, the removal of all subordinate uid ranges happens before any subordinate uid range is added. </para> @@ -456,7 +467,7 @@ Add a range of subordinate gids to the user's account. </para> <para> - This option may be specified multiple times to add multiple ranges to a users account. + This option may be specified multiple times to add multiple ranges to a user's account. </para> <para> No checks will be performed with regard to @@ -474,7 +485,7 @@ Remove a range of subordinate gids from the user's account. </para> <para> - This option may be specified multiple times to remove multiple ranges to a users account. + This option may be specified multiple times to remove multiple ranges to a user's account. When both <option>--del-subgids</option> and <option>--add-subgids</option> are specified, the removal of all subordinate gid ranges happens before any subordinate gid range is added. </para> @@ -491,12 +502,11 @@ </term> <listitem> <para> - The new SELinux user for the user's login. - </para> - <para> - A blank <replaceable>SEUSER</replaceable> will remove the - SELinux user mapping for user <replaceable>LOGIN</replaceable> - (if any). + defines the SELinux user to be mapped with + <replaceable>LOGIN</replaceable>. An empty string ("") + will remove the respective entry (if any). Note that the + shadow system doesn't store the selinux-user, it uses + semanage(8) for that. </para> </listitem> </varlistentry> @@ -510,7 +520,8 @@ not executing any processes when this command is being executed if the user's numerical user ID, the user's name, or the user's home directory is being changed. <command>usermod</command> checks this - on Linux. On other platforms it only uses utmp to check if the user is logged in. + on Linux. On other operating systems it only uses utmp to check if + the user is logged in. </para> <para> You must change the owner of any <command>crontab</command> files or @@ -545,43 +556,43 @@ <varlistentry> <term><filename>/etc/group</filename></term> <listitem> - <para>Group account information.</para> + <para>Group account information</para> </listitem> </varlistentry> <varlistentry condition="gshadow"> <term><filename>/etc/gshadow</filename></term> <listitem> - <para>Secure group account information.</para> + <para>Secure group account informatio.</para> </listitem> </varlistentry> <varlistentry> <term><filename>/etc/login.defs</filename></term> <listitem> - <para>Shadow password suite configuration.</para> + <para>Shadow password suite configuration</para> </listitem> </varlistentry> <varlistentry> <term><filename>/etc/passwd</filename></term> <listitem> - <para>User account information.</para> + <para>User account information</para> </listitem> </varlistentry> <varlistentry> <term><filename>/etc/shadow</filename></term> <listitem> - <para>Secure user account information.</para> + <para>Secure user account information</para> </listitem> </varlistentry> <varlistentry condition="subids"> <term><filename>/etc/subgid</filename></term> <listitem> - <para>Per user subordinate group IDs.</para> + <para>Per user subordinate group IDs</para> </listitem> </varlistentry> <varlistentry condition="subids"> <term><filename>/etc/subuid</filename></term> <listitem> - <para>Per user subordinate user IDs.</para> + <para>Per user subordinate user IDs</para> </listitem> </varlistentry> </variablelist> |