2007-10-07 17:14:44 +05:30
|
|
|
.\" Copyright 1991 - 1993, Julianne Frances Haugh and Chip Rosenthal
|
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\" 3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
|
|
|
.\" may be used to endorse or promote products derived from this software
|
|
|
|
.\" without specific prior written permission.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
2007-10-07 17:15:14 +05:30
|
|
|
.\"
|
2007-10-07 17:15:23 +05:30
|
|
|
.\" $Id: login.defs.5,v 1.12 2003/05/01 18:17:39 kloczek Exp $
|
2007-10-07 17:15:14 +05:30
|
|
|
.\"
|
|
|
|
.TH LOGIN.DEFS 5
|
2007-10-07 17:14:44 +05:30
|
|
|
.SH NAME
|
2007-10-07 17:15:14 +05:30
|
|
|
/etc/login.defs \- shadow password suite configuration
|
2007-10-07 17:14:44 +05:30
|
|
|
.SH DESCRIPTION
|
|
|
|
The
|
2007-10-07 17:15:23 +05:30
|
|
|
\fI/etc/login.defs\fR file defines the site-specific configuration for the
|
|
|
|
shadow password suite. This file is required. Absence of this file will
|
|
|
|
not prevent system operation, but will probably result in undesirable
|
|
|
|
operation.
|
2007-10-07 17:14:44 +05:30
|
|
|
.PP
|
2007-10-07 17:15:23 +05:30
|
|
|
This file is a readable text file, each line of the file describing one
|
|
|
|
configuration parameter. The lines consist of a configuration name and
|
|
|
|
value, separated by whitespace. Blank lines and comment lines are ignored.
|
|
|
|
Comments are introduced with a `#' pound sign and the pound sign must be the
|
|
|
|
first non-white character of the line.
|
2007-10-07 17:14:44 +05:30
|
|
|
.PP
|
2007-10-07 17:15:23 +05:30
|
|
|
Parameter values may be of four types: strings, booleans, numbers, and long
|
|
|
|
numbers. A string is comprised of any printable characters. A boolean should
|
|
|
|
be either the value ``yes'' or ``no''. An undefined boolean parameter or one
|
|
|
|
with a value other than these will be given a ``no'' value. Numbers (both
|
|
|
|
regular and long) may be either decimal values, octal values (precede the
|
|
|
|
value with ``0'') or hexadecimal values (precede the value with ``0x'').
|
|
|
|
The maximum value of the regular and long numeric parameters is
|
|
|
|
machine-dependent.
|
2007-10-07 17:14:44 +05:30
|
|
|
.PP
|
|
|
|
The following configuration items are provided:
|
|
|
|
.\"
|
|
|
|
.IP "CHFN_AUTH (boolean)"
|
2007-10-07 17:15:23 +05:30
|
|
|
If \fIyes\fR, the \fBchfn\fR and \fBchsh\fR programs will require
|
|
|
|
authentication before making any changes, unless run by the superuser.
|
2007-10-07 17:14:44 +05:30
|
|
|
.\"
|
|
|
|
.IP "CHFN_RESTRICT (string)"
|
2007-10-07 17:15:23 +05:30
|
|
|
This parameter specifies which values in the fIgecos\fR field of the
|
|
|
|
\fI/etc/passwd\fR file may be changed by regular users using the fBchfn\fR
|
|
|
|
program. It can be any combination of letters \fIf\fR, \fIr\fR, \fIw\fR,
|
|
|
|
\fIh\fR, for Full name, Room number, Work phone, and Home phone,
|
|
|
|
respectively. For backward compatibility, "yes" is equivalent to "rwh" and
|
|
|
|
"no" is equivalent to "frwh". If not specified, only the superuser can make
|
|
|
|
any changes. The most restrictive setting is better achieved by not
|
|
|
|
installing chfn SUID.
|
2007-10-07 17:14:44 +05:30
|
|
|
.\"
|
2007-10-07 17:15:14 +05:30
|
|
|
.IP "CREATE_HOME (boolean)"
|
|
|
|
This defines whether useradd should create home directories for users by
|
2007-10-07 17:15:23 +05:30
|
|
|
default. This option is OR'ed with the \fI-m\fR flag on useradd command line.
|
2007-10-07 17:14:44 +05:30
|
|
|
.\"
|
|
|
|
.IP "GID_MAX (number)"
|
|
|
|
.IP "GID_MIN (number)"
|
2007-10-07 17:15:23 +05:30
|
|
|
Range of group IDs to choose from for the fBuseradd\fR and \fBgroupadd\fR
|
2007-10-07 17:15:14 +05:30
|
|
|
programs.
|
2007-10-07 17:14:44 +05:30
|
|
|
.\"
|
|
|
|
.IP "MAIL_DIR (string)"
|
2007-10-07 17:15:23 +05:30
|
|
|
The mail spool directory. This is needed to manipulate the mailbox when its
|
|
|
|
corresponding user account is modified or deleted. If not specified, a
|
|
|
|
compile-time default is used.
|
2007-10-07 17:14:44 +05:30
|
|
|
.\"
|
|
|
|
.IP "PASS_MAX_DAYS (number)"
|
2007-10-07 17:15:23 +05:30
|
|
|
The maximum number of days a password may be used. If the password is older
|
|
|
|
than this, a password change will be forced. If not specified, -1 will be
|
|
|
|
assumed (which disables the restriction).
|
2007-10-07 17:15:14 +05:30
|
|
|
.IP "PASS_MIN_DAYS (number)"
|
2007-10-07 17:15:23 +05:30
|
|
|
The minimum number of days allowed between password changes. Any password
|
|
|
|
changes attempted sooner than this will be rejected. If not specified, -1
|
2007-10-07 17:15:14 +05:30
|
|
|
will be assumed (which disables the restriction).
|
2007-10-07 17:14:44 +05:30
|
|
|
.IP "PASS_WARN_AGE (number)"
|
2007-10-07 17:15:23 +05:30
|
|
|
The number of days warning given before a password expires. A zero means
|
|
|
|
warning is given only upon the day of expiration, a negative value means no
|
|
|
|
warning is given. If not specified, no warning will be provided.
|
2007-10-07 17:15:14 +05:30
|
|
|
.PP
|
|
|
|
PASS_MAX_DAYS, PASS_MIN_DAYS and PASS_WARN_AGE
|
2007-10-07 17:15:23 +05:30
|
|
|
are only used at the time of account creation. Any changes to these
|
2007-10-07 17:15:14 +05:30
|
|
|
settings won't affect existing accounts.
|
2007-10-07 17:14:44 +05:30
|
|
|
.\"
|
|
|
|
.IP "UID_MAX (number)"
|
|
|
|
.IP "UID_MIN (number)"
|
2007-10-07 17:15:23 +05:30
|
|
|
Range of user IDs to choose from for the \fBuseradd\fR program.
|
2007-10-07 17:14:44 +05:30
|
|
|
.\"
|
|
|
|
.IP "UMASK (number)"
|
2007-10-07 17:15:23 +05:30
|
|
|
The permission mask is initialized to this value. If not specified,
|
2007-10-07 17:14:51 +05:30
|
|
|
the permission mask will be initialized to 077.
|
2007-10-07 17:14:44 +05:30
|
|
|
.\"
|
|
|
|
.IP "USERDEL_CMD (string)"
|
2007-10-07 17:15:14 +05:30
|
|
|
If defined, this command is run when removing a user.
|
|
|
|
It should remove any at/cron/print jobs etc. owned by
|
|
|
|
the user to be removed (passed as the first argument).
|
2007-10-07 17:14:44 +05:30
|
|
|
.\"
|
|
|
|
.SH CROSS REFERENCE
|
2007-10-07 17:15:14 +05:30
|
|
|
The following cross reference shows which programs in the shadow password
|
2007-10-07 17:14:44 +05:30
|
|
|
suite use which parameters.
|
|
|
|
.na
|
2007-10-07 17:15:14 +05:30
|
|
|
.IP chfn 12
|
|
|
|
CHFN_AUTH CHFN_RESTRICT
|
|
|
|
.IP chsh 12
|
|
|
|
CHFN_AUTH
|
|
|
|
.IP groupadd 12
|
|
|
|
GID_MAX GID_MIN
|
2007-10-07 17:14:44 +05:30
|
|
|
.IP newusers 12
|
2007-10-07 17:15:14 +05:30
|
|
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
|
|
UMASK
|
2007-10-07 17:14:44 +05:30
|
|
|
.IP pwconv 12
|
|
|
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
2007-10-07 17:15:14 +05:30
|
|
|
.IP useradd 12
|
|
|
|
CREATE_HOME
|
|
|
|
GID_MAX GID_MIN
|
|
|
|
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
|
|
UID_MAX UID_MIN
|
|
|
|
UMASK
|
|
|
|
.IP userdel 12
|
|
|
|
MAIL_DIR
|
|
|
|
USERDEL_CMD
|
|
|
|
.IP usermod 12
|
|
|
|
MAIL_DIR
|
2007-10-07 17:14:44 +05:30
|
|
|
.ad
|
|
|
|
.SH BUGS
|
2007-10-07 17:15:14 +05:30
|
|
|
Much of the functionality that used to be provided by the shadow password
|
2007-10-07 17:15:23 +05:30
|
|
|
suite is now handled by PAM. Thus, \fI/etc/login.defs\fR is no longer used
|
|
|
|
by programs such as
|
2007-10-07 17:15:14 +05:30
|
|
|
.BR login (1),
|
|
|
|
.BR passwd (1)
|
|
|
|
and
|
|
|
|
.BR su (1).
|
|
|
|
Please refer to the corresponding PAM configuration files instead.
|
2007-10-07 17:14:44 +05:30
|
|
|
.SH SEE ALSO
|
|
|
|
.BR login (1),
|
2007-10-07 17:15:14 +05:30
|
|
|
.BR passwd (1),
|
|
|
|
.BR su (1),
|
2007-10-07 17:14:44 +05:30
|
|
|
.BR passwd (5),
|
2007-10-07 17:15:14 +05:30
|
|
|
.BR shadow (5),
|
|
|
|
.BR pam (8)
|
2007-10-07 17:14:44 +05:30
|
|
|
.SH AUTHORS
|
|
|
|
Julianne Frances Haugh (jockgrrl@ix.netcom.com)
|
|
|
|
.br
|
|
|
|
Chip Rosenthal (chip@unicom.com)
|