msgid "The <command>vipw</command> and <command>vigr</command> commands edits the files <filename>/etc/passwd</filename> and <filename>/etc/group</filename>, respectively. With the <option>-s</option> flag, they will edit the shadow versions of those files, <filename>/etc/shadow</filename> and <filename>/etc/gshadow</filename>, respectively. The programs will set the appropriate locks to prevent file corruption. When looking for an editor, the programs will first try the environment variable <envar>$VISUAL</envar>, then the environment variable <envar>$EDITOR</envar>, and finally the default editor, <citerefentry><refentrytitle>vi</refentrytitle><manvolnum>1</manvolnum></citerefentry>."
msgid "Apply changes in the <replaceable>CHROOT_DIR</replaceable> directory and use the configuration files from the <replaceable>CHROOT_DIR</replaceable> directory."
msgid "If <replaceable>yes</replaceable>, the <citerefentry><refentrytitle>tcb</refentrytitle><manvolnum>5</manvolnum></citerefentry> password shadowing scheme will be used."
msgid "The new value of the user's password file comment field. It is normally modified using the <citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum></citerefentry> utility."
msgid "If the <option>-m</option> option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist."
msgid "A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the <option>-g</option> option."
msgid "If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the <option>-a</option> option, which appends the user to the current supplementary group list."
msgid "The name of the user will be changed from <replaceable>LOGIN</replaceable> to <replaceable>NEW_LOGIN</replaceable>. Nothing else is changed. In particular, the user's home directory or mail spool should probably be renamed manually to reflect the new login name."
msgid "Lock a user's password. This puts a '!' in front of the encrypted password, effectively disabling the password. You can't use this option with <option>-p</option> or <option>-U</option>."
msgid "Note: if you wish to lock the account (not only access with a password), you should also set the <replaceable>EXPIRE_DATE</replaceable> to <replaceable>1</replaceable>."
msgid "<command>usermod</command> will try to adapt the ownership of the files and to copy the modes, ACL and extended attributes, but manual changes might be needed afterwards."
msgid "<emphasis role=\"bold\">Note:</emphasis> This option is not recommended because the password (or encrypted password) will be visible by users listing the processes."
msgid "The password will be written in the local <filename>/etc/passwd</filename> or <filename>/etc/shadow</filename> file. This might differ from the password database configured in your PAM configuration."
msgid "The user's mailbox, and any files which the user owns and which are located in the user's home directory will have the file user ID changed automatically."
msgid "No checks will be performed with regard to the <option>UID_MIN</option>, <option>UID_MAX</option>, <option>SYS_UID_MIN</option>, or <option>SYS_UID_MAX</option> from <filename>/etc/login.defs</filename>."
msgid "Unlock a user's password. This removes the '!' in front of the encrypted password. You can't use this option with <option>-p</option> or <option>-L</option>."
msgid "Note: if you wish to unlock the account (not only access with a password), you should also set the <replaceable>EXPIRE_DATE</replaceable> (for example to <replaceable>99999</replaceable>, or to the <option>EXPIRE</option> value from <filename>/etc/default/useradd</filename>)."
msgid "You must make certain that the named user is not executing any processes when this command is being executed if the user's numerical user ID, the user's name, or the user's home directory is being changed. <command>usermod</command> checks this on Linux, but only check if the user is logged in according to utmp on other architectures."
msgid "The mail spool directory. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted. If not specified, a compile-time default is used."
msgid "The <option>MAIL_DIR</option> and <option>MAIL_FILE</option> variables are used by <command>useradd</command>, <command>usermod</command>, and <command>userdel</command> to create, move, or delete the user's mail spool."
msgid "If <option>MAIL_CHECK_ENAB</option> is set to <replaceable>yes</replaceable>, they are also used to define the <envar>MAIL</envar> environment variable."
msgid "Maximum members per group entry. When the maximum is reached, a new group entry (line) is started in <filename>/etc/group</filename> (with the same name, same password, and same GID)."
msgid "This feature (split group) permits to limit the length of lines in the group file. This is useful to make sure that lines for NIS groups are not larger than 1024 characters."
msgid "Note: split groups may not be supported by all tools (even in the Shadow toolsuite). You should not use this variable unless you really need it."
msgid "\nif ( UID is less than 1000) {\n use /etc/tcb/user\n} else if ( UID is less than 1000000) {\n kilos = UID / 1000\n use /etc/tcb/:kilos/user\n make symlink /etc/tcb/user to the above directory\n} else {\n megas = UID / 1000000\n kilos = ( UID / megas * 1000000 ) / 1000\n use /etc/tcb/:megas/:kilos/user\n make symlink /etc/tcb/user to the above directory\n}\n "
msgid "If <replaceable>yes</replaceable>, the location of the user tcb directory to be created will not be automatically set to /etc/tcb/user, but will be computed depending on the UID of the user, according to the following algorithm: <placeholder-1/>"
msgid "The <command>userdel</command> command modifies the system account files, deleting all entries that refer to the user name <emphasis remap=\"I\">LOGIN</emphasis>. The named user must exist."
msgid "This option forces the removal of the user account, even if the user is still logged in. It also forces <command>userdel</command> to remove the user's home directory and mail spool, even if another user uses the same home directory or if the mail spool is not owned by the specified user. If <option>USERGROUPS_ENAB</option> is defined to <emphasis remap=\"I\">yes</emphasis> in <filename>/etc/login.defs</filename> and if a group exists with the same name as the deleted user, then this group will be removed, even if it is still the primary group of another user."
msgid "Files in the user's home directory will be removed along with the home directory itself and the user's mail spool. Files located in other file systems will have to be searched for and deleted manually."
msgid "If defined, this command is run when removing a user. It should remove any at/cron/print jobs etc. owned by the user to be removed (passed as the first argument)."
msgid "\n#! /bin/sh\n\n# Check for the required argument.\nif [ $# != 1 ]; then\n\techo \"Usage: $0 username\"\n\texit 1\nfi\n\n# Remove cron jobs.\ncrontab -r -u $1\n\n# Remove at jobs.\n# Note that it will remove any jobs owned by the same UID,\n# even if it was shared by a different username.\nAT_SPOOL_DIR=/var/spool/cron/atjobs\nfind $AT_SPOOL_DIR -name \"[^.]*\" -type f -user $1 -delete \\;\n\n# Remove print jobs.\nlprm $1\n\n# All done.\nexit 0\n "
msgid "Enable setting of the umask group bits to be the same as owner bits (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is the same as gid, and username is the same as the primary group name."
msgid "If set to <replaceable>yes</replaceable>, <command>userdel</command> will remove the user's group if it contains no more members, and <command>useradd</command> will create by default a group with the name of the user."
msgid "<command>userdel</command> will not allow you to remove an account if there are running processes which belong to this account. In that case, you may have to kill those processes or lock the user's password or account and remove the account later. The <option>-f</option> option can force the deletion of this account."
msgid "If <option>USERGROUPS_ENAB</option> is defined to <emphasis remap=\"I\">yes</emphasis> in <filename>/etc/login.defs</filename>, <command>userdel</command> will delete the group with the same name as the user. To avoid inconsistencies in the passwd and group databases, <command>userdel</command> will check that this group is not used as a primary group for another user, and will just warn without deleting the group otherwise. The <option>-f</option> option can force the deletion of this group."
msgid "When invoked without the <option>-D</option> option, the <command>useradd</command> command creates a new user account using the values specified on the command line plus the default values from the system. Depending on command line options, the <command>useradd</command> command will update system files and may also create the new user's home directory and copy initial files."
msgid "By default, a group will also be created for the new user (see <option>-g</option>, <option>-N</option>, <option>-U</option>, and <option>USERGROUPS_ENAB</option>)."
msgid "The default base directory for the system if <option>-d</option><replaceable>HOME_DIR</replaceable> is not specified. <replaceable>BASE_DIR</replaceable> is concatenated with the account name to define the home directory. If the <option>-m</option> option is not used, <replaceable>BASE_DIR</replaceable> must exist."
msgid "If this option is not specified, <command>useradd</command> will use the base directory specified by the <option>HOME</option> variable in <filename>/etc/default/useradd</filename>, or <filename>/home</filename> by default."
msgid "The new user will be created using <replaceable>HOME_DIR</replaceable> as the value for the user's login directory. The default is to append the <replaceable>LOGIN</replaceable> name to <replaceable>BASE_DIR</replaceable> and use that as the login directory name. The directory <replaceable>HOME_DIR</replaceable> does not have to exist but will not be created if it is missing."
msgid "If not specified, <command>useradd</command> will use the default expiry date specified by the <option>EXPIRE</option> variable in <filename>/etc/default/useradd</filename>, or an empty string (no expiry) by default."
msgid "The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature."
msgid "If not specified, <command>useradd</command> will use the default inactivity period specified by the <option>INACTIVE</option> variable in <filename>/etc/default/useradd</filename>, or -1 by default."
msgid "If not specified, the behavior of <command>useradd</command> will depend on the <option>USERGROUPS_ENAB</option> variable in <filename>/etc/login.defs</filename>. If this variable is set to <replaceable>yes</replaceable> (or <option>-U/--user-group</option> is specified on the command line), a group will be created for the user, with the same name as her loginname. If the variable is set to <replaceable>no</replaceable> (or <option>-N/--no-user-group</option> is specified on the command line), useradd will set the primary group of the new user to the value specified by the <option>GROUP</option> variable in <filename>/etc/default/useradd</filename>, or 100 by default."
msgid "A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the <option>-g</option> option. The default is for the user to belong only to the initial group."
msgid "The skeleton directory, which contains files and directories to be copied in the user's home directory, when the home directory is created by <command>useradd</command>."
msgid "If this option is not set, the skeleton directory is defined by the <option>SKEL</option> variable in <filename>/etc/default/useradd</filename> or, by default, <filename>/etc/skel</filename>."
msgid "Overrides <filename>/etc/login.defs</filename> defaults (<option>UID_MIN</option>, <option>UID_MAX</option>, <option>UMASK</option>, <option>PASS_MAX_DAYS</option> and others). <placeholder-1/> Example: <option>-K </option><replaceable>PASS_MAX_DAYS</replaceable>=<replaceable>-1</replaceable> can be used when creating system account to turn off password ageing, even though system account has no password at all. Multiple <option>-K</option> options can be specified, e.g.: <option>-K </option><replaceable>UID_MIN</replaceable>=<replaceable>100</replaceable><option>-K </option><replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>"
msgid "Create the user's home directory if it does not exist. The files and directories contained in the skeleton directory (which can be defined with the <option>-k</option> option) will be copied to the home directory."
msgid "Do no create the user's home directory, even if the system wide setting from <filename>/etc/login.defs</filename> (<option>CREATE_HOME</option>) is set to <replaceable>yes</replaceable>."
msgid "Do not create a group with the same name as the user, but add the user to the group specified by the <option>-g</option> option or by the <option>GROUP</option> variable in <filename>/etc/default/useradd</filename>."
msgid "The default behavior (if the <option>-g</option>, <option>-N</option>, and <option>-U</option> options are not specified) is defined by the <option>USERGROUPS_ENAB</option> variable in <filename>/etc/login.defs</filename>."
msgid "The encrypted password, as returned by <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>. The default is to disable the password."
msgid "System users will be created with no aging information in <filename>/etc/shadow</filename>, and their numeric identifiers are chosen in the <option>SYS_UID_MIN</option>-<option>SYS_UID_MAX</option> range, defined in <filename>/etc/login.defs</filename>, instead of <option>UID_MIN</option>-<option>UID_MAX</option> (and their <option>GID</option> counterparts for the creation of groups)."
msgid "Note that <command>useradd</command> will not create a home directory for such an user, regardless of the default setting in <filename>/etc/login.defs</filename> (<option>CREATE_HOME</option>). You have to specify the <option>-m</option> options if you want a home directory for a system account to be created."
msgid "The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell specified by the <option>SHELL</option> variable in <filename>/etc/default/useradd</filename>, or an empty string by default."
msgid "The numerical value of the user's ID. This value must be unique, unless the <option>-o</option> option is used. The value must be non-negative. The default is to use the smallest ID value greater than or equal to <option>UID_MIN</option> and greater than every other user."
msgstr ""
#: useradd.8.xml:478(para)
msgid "See also the <option>-r</option> option and the <option>UID_MAX</option> description."
msgid "When invoked with only the <option>-D</option> option, <command>useradd</command> will display the current default values. When invoked with <option>-D</option> plus other options, <command>useradd</command> will update the default values for the specified options. Valid default-changing options are:"
msgid "The path prefix for a new user's home directory. The user's name will be affixed to the end of <replaceable>BASE_DIR</replaceable> to form the new user's home directory name, if the <option>-d</option> option is not used when creating a new account."
msgid "The group name or ID for a new user's initial group (when the <option>-N/--no-user-group</option> is used or when the <option>USERGROUPS_ENAB</option> variable is set to <replaceable>no</replaceable> in <filename>/etc/login.defs</filename>). The named group must exist, and a numerical group ID must have an existing entry."
msgid "The system administrator is responsible for placing the default user files in the <filename>/etc/skel/</filename> directory (or any other skeleton directory specified in <filename>/etc/default/useradd</filename> or on the command line)."
msgid "Similarly, if the username already exists in an external user database such as NIS or LDAP, <command>useradd</command> will deny the user account creation request."
msgid "Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes. They can end with a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?"
msgid "Range of group IDs used for the creation of regular groups by <command>useradd</command>, <command>groupadd</command>, or <command>newusers</command>."
msgid "The maximum number of days a password may be used. If the password is older than this, a password change will be forced. If not specified, -1 will be assumed (which disables the restriction)."
msgid "The minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected. If not specified, -1 will be assumed (which disables the restriction)."
msgid "The number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided."
msgid "Range of group IDs used for the creation of system groups by <command>useradd</command>, <command>groupadd</command>, or <command>newusers</command>."
msgid "It is also used by <command>login</command> to define users' initial umask. Note that this mask can be overridden by the user's GECOS line (if <option>QUOTAS_ENAB</option> is set) or by the specification of a limit with the <emphasis>K</emphasis> identifier in <citerefentry><refentrytitle>limits</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
msgid "The file <filename>/etc/suauth</filename> is referenced whenever the su command is called. It can change the behaviour of the su command, based upon:"
msgid "Where to-id is either the word <emphasis>ALL</emphasis>, a list of usernames delimited by \",\" or the words <emphasis>ALL EXCEPT</emphasis> followed by a list of usernames delimited by \",\"."
msgid "from-id is formatted the same as to-id except the extra word <emphasis>GROUP</emphasis> is recognised. <emphasis>ALL EXCEPT GROUP</emphasis> is perfectly valid too. Following <emphasis>GROUP</emphasis> appears one or more group names, delimited by \",\". It is not sufficient to have primary group id of the relevant group, an entry in <citerefentry><refentrytitle>/etc/group</refentrytitle><manvolnum>5</manvolnum></citerefentry> is neccessary."
msgid "Note there are three separate fields delimited by a colon. No whitespace must surround this colon. Also note that the file is examined sequentially line by line, and the first applicable rule is used without examining the file further. This makes it possible for a system administrator to exercise as fine control as he or she wishes."
msgid "\n # sample /etc/suauth file\n #\n # A couple of privileged usernames may\n # su to root with their own password.\n #\n root:chris,birddog:OWNPASS\n #\n # Anyone else may not su to root unless in\n # group wheel. This is how BSD does things.\n #\n root:ALL EXCEPT GROUP wheel:DENY\n #\n # Perhaps terry and birddog are accounts\n # owned by the same person.\n # Access can be arranged between them\n # with no password.\n #\n terry:birddog:NOPASS\n birddog:terry:NOPASS\n #\n "
msgid "There could be plenty lurking. The file parser is particularly unforgiving about syntax errors, expecting no spurious whitespace (apart from beginning and end of lines), and a specific token delimiting different things."
msgid "An error parsing the file is reported using <citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry> as level ERR on facility AUTH."
msgid "The <command>su</command> command is used to become another user during a login session. Invoked without a <option>username</option>, <command>su</command> defaults to becoming the superuser. The optional argument <option>-</option> may be used to provide an environment similar to what the user would expect had the user logged in directly."
msgid "Additional arguments may be provided after the username, in which case they are supplied to the user's login shell. In particular, an argument of <option>-c</option> will cause the next argument to be treated as a command by most command interpreters. The command will be executed by the shell specified in <filename>/etc/passwd</filename> for the target user."
msgid "The user will be prompted for a password, if appropriate. Invalid passwords will produce an error message. All attempts, both valid and invalid, are logged to detect abuse of the system."
msgid "The current environment is passed to the new shell. The value of <envar>$PATH</envar> is reset to <filename>/bin:/usr/bin</filename> for normal users, or <filename>/sbin:/bin:/usr/sbin:/usr/bin</filename> for the superuser. This may be changed with the <option>ENV_PATH</option> and <option>ENV_SUPATH</option> definitions in <filename>/etc/login.defs</filename>."
msgid "A subsystem login is indicated by the presence of a \"*\" as the first character of the login shell. The given home directory will be used as the root of a new file system which the user is actually logged into."
msgid "The executed command will have no controlling terminal. This option cannot be used to execute interractive programs which need a controlling TTY."
msgid "When <option>-</option> is used, it must be specified as the last <command>su</command> option. The other forms (<option>-l</option> and <option>--login</option>) do not have this restriction."
msgid "If the target user has a restricted shell (i.e. the shell field of this user's entry in <filename>/etc/passwd</filename> is not listed in <filename>/etc/shells</filename>), then the <option>--shell</option> option or the <envar>$SHELL</envar> environment variable won't be taken into account, unless <command>su</command> is called by root."
msgid "The <envar>$HOME</envar>, <envar>$SHELL</envar>, <envar>$USER</envar>, <envar>$LOGNAME</envar>, <envar>$PATH</envar>, and <envar>$IFS</envar> environment variables are reset."
msgid "If <option>--login</option> is used, the <envar>$TERM</envar>, <envar>$COLORTERM</envar>, <envar>$DISPLAY</envar>, and <envar>$XAUTHORITY</envar> environment variables are copied if they were set."
msgid "If <option>--login</option> is used, the <envar>$TZ</envar>, <envar>$HZ</envar>, and <envar>$MAIL</envar> environment variables are set according to the <filename>/etc/login.defs</filename> options <option>ENV_TZ</option>, <option>ENV_HZ</option>, <option>MAIL_DIR</option>, and <option>MAIL_FILE</option> (see below)."
msgid "If defined, either full pathname of a file containing device names (one per line) or a \":\" delimited list of device names. Root logins will be allowed only upon these devices."
msgid "List of groups to add to the user's supplementary groups set when logging in on the console (as determined by the CONSOLE setting). Default is none. <placeholder-1/> Use with caution - it is possible for users to gain permanent access to these groups, even when not logged in on the console."
msgid "If set to <replaceable>yes</replaceable>, the user will login in the root (<filename>/</filename>) directory if it is not possible to cd to her home directory."
msgstr ""
#. XXX: When compiled with PAM support, only sulogin uses ENV_HZ
msgid "If set, it will be used to define the HZ environment variable when a user login. The value must be preceded by <replaceable>HZ=</replaceable>. A common value on Linux is <replaceable>HZ=100</replaceable>."
msgid "If set, it will be used to define the PATH environment variable when a regular user login. The value can be preceded by <replaceable>PATH=</replaceable>, or a colon separated list of paths (for example <replaceable>/bin:/usr/bin</replaceable>). The default value is <replaceable>PATH=/bin:/usr/bin</replaceable>."
msgid "If set, it will be used to define the PATH environment variable when the superuser login. The value can be preceded by <replaceable>PATH=</replaceable>, or a colon separated list of paths (for example <replaceable>/sbin:/bin:/usr/sbin:/usr/bin</replaceable>). The default value is <replaceable>PATH=/sbin:/bin:/usr/sbin:/usr/bin</replaceable>."
msgid "If set, it will be used to define the TZ environment variable when a user login. The value can be the name of a timezone preceded by <replaceable>TZ=</replaceable> (for example <replaceable>TZ=CST6CDT</replaceable>), or the full path to the file containing the timezone specification (for example <filename>/etc/tzname</filename>)."
msgstr ""
#. TODO: it can in fact be used to set any other variable
msgid "The string used for prompting a password. The default is to use \"Password: \", or a translation of that string. If you set this variable, the prompt will not be translated."
msgid "If defined, the command name to display when running \"su -\". For example, if this is defined as \"su\" then a \"ps\" will display the command is \"-su\". If not defined, then \"ps\" would display the name of the shell actually being run, e.g. something like \"-sh\"."
msgid "If <replaceable>yes</replaceable>, the user must be listed as a member of the first gid 0 group in <filename>/etc/group</filename> (called <replaceable>root</replaceable> on most Linux systems) to be able to <command>su</command> to uid 0 accounts. If the group doesn't exist or is empty, no one will be able to <command>su</command> to uid 0."
msgid "If su has to kill the command (because it was asked to terminate, and the command did not terminate in time), <command>su</command> returns 255."
msgid "The <command>sg</command> command works similar to <command>newgrp</command> but accepts a command. The command will be executed with the <filename>/bin/sh</filename> shell. With most shells you may run <command>sg</command> from, you need to enclose multi-word commands in quotes. Another difference between <command>newgrp</command> and <command>sg</command> is that some shells treat <command>newgrp</command> specially, replacing themselves with a new instance of a shell that <command>newgrp</command> creates. This doesn't happen with <command>sg</command>, so upon exit from a <command>sg</command> command you are returned to your previous group ID."
msgid "Refer to <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry> for details on how this string is interpreted."
msgid "If the password field contains some string that is not a valid result of <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)."
msgid "This field may be empty, in which case no passwords are required to authenticate as the specified login name. However, some applications which read the <filename>/etc/shadow</filename> file may decide not to permit any access at all if the password field is empty."
msgid "A password field which starts with a exclamation mark means that the password is locked. The remaining characters on the line represent the password field before the password was locked."
msgid "After this number of days is elapsed, the password may still be valid. The user should be asked to change her password the next time she will log in."
msgid "The number of days after a password has expired (see the maximum password age above) during which the password should still be accepted (and the user should update her password during the next login)."
msgid "After expiration of the password and this expiration period is elapsed, no login is possible using the current user's password. The user should contact her administrator."
msgid "Note that an account expiration differs from a password expiration. In case of an acount expiration, the user shall not be allowed to login. In case of a password expiration, the user is not allowed to login using her password."
msgid "<emphasis remap=\"I\">shadow</emphasis> manipulates the contents of the shadow password file, <filename>/etc/shadow</filename>. The structure in the <emphasis remap=\"I\">#include</emphasis> file is:"
msgid "struct spwd {\n char\t\t*sp_namp; /* user login name */\n char\t\t*sp_pwdp; /* encrypted password */\n long int\t\tsp_lstchg; /* last password change */\n long int\t\tsp_min; /* days until change allowed. */\n long int\t\tsp_max; /* days before change required */\n long int\t\tsp_warn; /* days warning for expiration */\n long int\t\tsp_inact; /* days before account inactive */\n long int\t\tsp_expire; /* date when account expires */\n unsigned long int\tsp_flag; /* reserved for future use */\n}\n "
msgid "<emphasis>getspent</emphasis>, <emphasis>getspname</emphasis>, <emphasis>fgetspent</emphasis>, and <emphasis>sgetspent</emphasis> each return a pointer to a <emphasis>struct spwd</emphasis>. <emphasis>getspent</emphasis> returns the next entry from the file, and <emphasis>fgetspent</emphasis> returns the next entry from the given stream, which is assumed to be a file of the proper format. <emphasis>sgetspent</emphasis> returns a pointer to a <emphasis>struct spwd</emphasis> using the provided string as input. <emphasis>getspnam</emphasis> searches from the current position in the file for an entry matching <emphasis>name</emphasis>."
msgid "<emphasis>setspent</emphasis> and <emphasis>endspent</emphasis> may be used to begin and end, respectively, access to the shadow password file."
msgid "The <emphasis>lckpwdf</emphasis> and <emphasis>ulckpwdf</emphasis> routines should be used to insure exclusive access to the <filename>/etc/shadow</filename> file. <emphasis>lckpwdf</emphasis> attempts to acquire a lock using <emphasis>pw_lock</emphasis> for up to 15 seconds. It continues by attempting to acquire a second lock using <emphasis>spw_lock</emphasis> for the remainder of the initial 15 seconds. Should either attempt fail after a total of 15 seconds, <emphasis>lckpwdf</emphasis> returns -1. When both locks are acquired 0 is returned."
msgid "Routines return NULL if no more entries are available or if an error occurs during processing. Routines which have <emphasis>int</emphasis> as the return value return 0 for success and -1 for failure."
msgid "The <command>pwconv</command> command creates <emphasis remap=\"I\">shadow</emphasis> from <emphasis remap=\"I\">passwd</emphasis> and an optionally existing <emphasis remap=\"I\">shadow</emphasis>."
msgid "<command>pwconv</command> does not work with <option>USE_TCB</option> enabled. To convert to tcb passwords, you should first use <command>pwconv</command> to convert to shadowed passwords by disabling <option>USE_TCB</option> in <filename>login.defs</filename> and then convert to tcb password using <command>tcb_convert</command> (and re-enable <option>USE_TCB</option> in <filename>login.defs</filename>.)"
msgid "The <command>pwunconv</command> command creates <emphasis remap=\"I\">passwd</emphasis> from <emphasis remap=\"I\">passwd</emphasis> and <emphasis remap=\"I\">shadow</emphasis> and then removes <emphasis remap=\"I\">shadow</emphasis>."
msgid "<command>pwunconv</command> does not work with <option>USE_TCB</option> enabled. You should first switch back from tcb to shadowed passwords using <command>tcb_unconvert</command>, and then disable <option>USE_TCB</option> in <filename>login.defs</filename> before using <command>pwunconv</command>."
msgid "The <command>grpconv</command> command creates <emphasis remap=\"I\">gshadow</emphasis> from <emphasis remap=\"I\">group</emphasis> and an optionally existing <emphasis remap=\"I\">gshadow</emphasis>."
msgid "The <command>grpunconv</command> command creates <emphasis remap=\"I\">group</emphasis> from <emphasis remap=\"I\">group</emphasis> and <emphasis remap=\"I\">gshadow</emphasis> and then removes <emphasis remap=\"I\">gshadow</emphasis>."
msgid "These four programs all operate on the normal and shadow password and group files: <filename>/etc/passwd</filename>, <filename>/etc/group</filename>, <filename>/etc/shadow</filename>, and <filename>/etc/gshadow</filename>."
msgid "Each program acquires the necessary locks before conversion. <command>pwconv</command> and <command>grpconv</command> are similar. First, entries in the shadowed file which don't exist in the main file are removed. Then, shadowed entries which don't have `x' as the password in the main file are updated. Any missing shadowed entries are added. Finally, passwords in the main file are replaced with `x'. These programs can be used for initial conversion as well to update the shadowed file if the main file is edited by hand."
msgid "<command>pwconv</command> will use the values of <emphasis remap=\"I\">PASS_MIN_DAYS</emphasis>, <emphasis remap=\"I\">PASS_MAX_DAYS</emphasis>, and <emphasis remap=\"I\">PASS_WARN_AGE</emphasis> from <filename>/etc/login.defs</filename> when adding new entries to <filename>/etc/shadow</filename>."
msgid "Likewise <command>pwunconv</command> and <command>grpunconv</command> are similar. Passwords in the main file are updated from the shadowed file. Entries which exist in the main file but not in the shadowed file are left alone. Finally, the shadowed file is removed. Some password aging information is lost by <command>pwunconv</command>. It will convert what it can."
msgid "The options which apply to the <command>pwconv</command>, <command>pwunconv</command>, <command>grpconv</command>, and <command>grpunconv</command> commands are:"
msgid "Errors in the password or group files (such as invalid or duplicate entries) may cause these programs to loop forever or fail in other strange ways. Please run <command>pwck</command> and <command>grpck</command> to correct any such errors before converting to or from shadow passwords or groups."
msgid "The following configuration variable in <filename>/etc/login.defs</filename> changes the behavior of <command>grpconv</command> and <command>grpunconv</command>:"
msgid "The <command>pwck</command> command verifies the integrity of the users and authentication information. It checks that all entries in <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename><phrase condition=\"tcb\">(or the files in <filename>/etc/tcb</filename>, when <option>USE_TCB</option> is enabled)</phrase> have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors."
msgid "<filename>shadow</filename> checks are enabled when a second file parameter is specified or when <filename>/etc/shadow</filename> exists on the system."
msgid "The checks for correct number of fields and unique user name are fatal. If the entry has the wrong number of fields, the user will be prompted to delete the entire line. If the user does not answer affirmatively, all further checks are bypassed. An entry with a duplicated user name is prompted for deletion, but the remaining checks will still be made. All other errors are warning and the user is encouraged to run the <command>usermod</command> command to correct the error."
msgid "The commands which operate on the <filename>/etc/passwd</filename> file are not able to alter corrupted or duplicated entries. <command>pwck</command> should be used in those circumstances to remove the offending entry."
msgid "By default, <command>pwck</command> operates on the files <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename><phrase condition=\"tcb\"> (or the files in <filename>/etc/tcb</filename>)</phrase>. The user may select alternate files with the <replaceable>passwd</replaceable> and <replaceable>shadow</replaceable> parameters."
msgid "Note that when <option>USE_TCB</option> is enabled, you cannot specify an alternative <replaceable>shadow</replaceable> file. In future releases, this paramater could be replaced by an alternate TCB directory."
msgid "Each entry consists of three colon separated fields. The first field is a comma separated list of tty devices, or an asterisk to indicate that all tty devices are matched by this entry. The second field is a comma separated list of user names, or an asterisk to indicated that all user names are matched by this entry. The third field is a comma separated list of permitted access times."
msgid "Each access time entry consists of zero or more days of the week, abbreviated <emphasis>Su</emphasis>, <emphasis>Mo</emphasis>, <emphasis>Tu</emphasis>, <emphasis>We</emphasis>, <emphasis>Th</emphasis>, <emphasis>Fr</emphasis>, and <emphasis>Sa</emphasis>, followed by a pair of times separated by a hyphen. The abbreviation <emphasis>Wk</emphasis> may be used to represent Monday thru Friday, and <emphasis>Al</emphasis> may be used to indicate every day. If no days are given, <emphasis>Al</emphasis> is assumed."
msgid "The following entries allow access only to the users <emphasis>root</emphasis> and <emphasis>oper</emphasis> on <filename>/dev/console</filename> at any time. This illustrates how the <filename>/etc/porttime</filename> file is an ordered list of access times. Any other user would match the second entry which does not permit access at any time."
msgid "<filename>/etc/passwd</filename> contains one line for each user account, with seven fields delimited by colons (<quote>:</quote>). These fields are:"
msgid "The encrypted password field may be blank, in which case no password is required to authenticate as the specified login name. However, some applications which read the <filename>/etc/passwd</filename> file may decide not to permit <emphasis>any</emphasis> access at all if the <emphasis>password</emphasis> field is blank. If the <emphasis>password</emphasis> field is a lower-case <quote>x</quote>, then the encrypted password is actually stored in the <citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry> file instead; there <emphasis>must</emphasis> be a corresponding line in the <filename>/etc/shadow</filename> file, or else the user account is invalid. If the <emphasis>password</emphasis> field is any other string, then it will be treated as an encrypted password, as specified by <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>."
msgid "The comment field is used by various system utilities, such as <citerefentry><refentrytitle>finger</refentrytitle><manvolnum>1</manvolnum></citerefentry>."
msgid "The home directory field provides the name of the initial working directory. The <command>login</command> program uses this information to set the value of the <envar>$HOME</envar> environmental variable."
msgid "The command interpreter field provides the name of the user's command language interpreter, or the name of the initial program to execute. The <command>login</command> program uses this information to set the value of the <envar>$SHELL</envar> environmental variable. If this field is empty, it defaults to the value <filename>/bin/sh</filename>."
msgid "The <command>passwd</command> command changes passwords for user accounts. A normal user may only change the password for his/her own account, while the superuser may change the password for any account. <command>passwd</command> also changes the account or associated password validity period."
msgid "The user is first prompted for his/her old password, if one is present. This password is then encrypted and compared against the stored password. The user has only one chance to enter the correct password. The superuser is permitted to bypass this step so that forgotten passwords may be changed."
msgid "After the password has been entered, password aging information is checked to see if the user is permitted to change the password at this time. If not, <command>passwd</command> refuses to change the password and exits."
msgid "The user is then prompted twice for a replacement password. The second entry is compared against the first and both are required to match in order for the password to be changed."
msgid "Then, the password is tested for complexity. As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:"
msgid "Care must be taken not to include the system default erase or kill characters. <command>passwd</command> will reject any password which is not suitably complex."
msgid "The security of a password depends upon the strength of the encryption algorithm and the size of the key space. The legacy <emphasis>UNIX</emphasis> System encryption method is based on the NBS DES algorithm. More recent methods are now recommended (see <option>ENCRYPT_METHOD</option>). The size of the key space depends upon the randomness of the password which is selected."
msgid "Compromises in password security normally result from careless password selection or handling. For this reason, you should not select a password which appears in a dictionary or which must be written down. The password should also not be a proper name, your license number, birth date, or street address. Any of these may be used as guesses to violate system security."
msgid "Delete a user's password (make it empty). This is a quick way to disable a password for an account. It will set the named account passwordless."
msgid "This option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for <replaceable>INACTIVE</replaceable> days, the user may no longer sign on to the account."
msgid "Indicate password change should be performed only for expired authentication tokens (passwords). The user wishes to keep their non-expired tokens as before."
msgid "Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ´!´ at the beginning of the password)."
msgid "Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use <command>usermod --expiredate 1</command> (this set the account's expire date to Jan 2, 1970)."
msgid "Set the minimum number of days between password changes to <replaceable>MIN_DAYS</replaceable>. A value of zero for this field indicates that the user may change his/her password at any time."
msgid "Display account status information. The status information consists of 7 fields. The first field is the user's login name. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P). The third field gives the date of the last password change. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password. These ages are expressed in days."
msgid "Unlock the password of the named account. This option re-enables a password by changing the password back to its previous value (to the value before using the <option>-l</option> option)."
msgid "Set the number of days of warning before a password change is required. The <replaceable>WARN_DAYS</replaceable> option is the number of days prior to the password expiring that a user will be warned that his/her password is about to expire."
msgid "Password complexity checking may vary from site to site. The user is urged to select a password as complex as he or she feels comfortable with."
msgid "It can take one of these values: <replaceable>DES</replaceable> (default), <replaceable>MD5</replaceable><phrase condition=\"sha_crypt\">, <replaceable>SHA256</replaceable>, <replaceable>SHA512</replaceable></phrase>."
msgid "Note: This only affect the generation of group passwords. The generation of user passwords is done by PAM and subject to the PAM configuration. It is recommended to set this variable consistently with the PAM configuration."
msgid "Indicate if passwords must be encrypted using the MD5-based algorithm. If set to <replaceable>yes</replaceable>, new passwords will be encrypted using the MD5-based algorithm compatible with the one used by recent releases of FreeBSD. It supports passwords of unlimited length and longer salt strings. Set to <replaceable>no</replaceable> if you need to copy encrypted passwords to other systems which don't understand the new algorithm. Default is <replaceable>no</replaceable>."
msgid "This variable is superseded by the <option>ENCRYPT_METHOD</option> variable or by any command line option used to configure the encryption algorithm."
msgid "Number of significant characters in the password for crypt(). <option>PASS_MAX_LEN</option> is 8 by default. Don't change unless your crypt() is better. This is ignored if <option>MD5_CRYPT_ENAB</option> set to <replaceable>yes</replaceable>."
msgid "When <option>ENCRYPT_METHOD</option> is set to <replaceable>SHA256</replaceable> or <replaceable>SHA512</replaceable>, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)."
msgid "With a lot of rounds, it is more difficult to brute forcing the password. But note also that more CPU resources will be needed to authenticate users."
msgid "The <command>nologin</command> command displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled."
msgid "The <command>newusers</command> command reads a <replaceable>file</replaceable> (or the standard input by default) and uses this information to update a set of existing users or to create new users. Each line is in the same format as the standard password file (see <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>) with the exceptions explained below:"
msgid "It can be the name of a new user or the name of an existing user (or an user created before by <command>newusers</command>). In case of an existing user, the user's information will be changed, otherwise a new user will be created."
msgid "If this field contains the name of an existing user (or the name of an user created before by <command>newusers</command>), the UID of the specified user will be used."
msgid "If this field contains the name of an existing group (or a group created before by <command>newusers</command>), the GID of this group will be used as the primary group ID for the user."
msgid "If this field is a number, this number will be used as the primary group ID of the user. If no groups exist with this GID, a new group will be created with this GID, and the name of the user."
msgid "If this field is empty, a new group will be created with the name of the user and a GID will be automatically defined by <command>newusers</command> to be used as the primary group ID for the user and as the GID for the new group."
msgid "If this field contains the name of a group which does not exist (and was not created before by <command>newusers</command>), a new group will be created with the specified name and a GID will be automatically defined by <command>newusers</command> to be used as the primary group ID for the user and GID for the new group."
msgid "If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group."
msgid "If the home directory of an existing user is changed, <command>newusers</command> does not move or copy the content of the old directory to the new location. This should be done manually."
msgid "<command>newusers</command> first tries to create or change all the specified users, and then write these changes to the user or group databases. If an error occurs (except in the final writes to the databases), no changes are committed to the databases."
msgid "During this first pass, users are created with a locked password (and passwords are not changed for the users which are not created). A second pass is used to update the passwords using PAM. Failures to update a password are reported, but will not stop the other password updates."
msgid "System users will be created with no aging information in <filename>/etc/shadow</filename>, and their numeric identifiers are chosen in the <option>SYS_UID_MIN</option>-<option>SYS_UID_MAX</option> range, defined in <filename>login.defs</filename>, instead of <option>UID_MIN</option>-<option>UID_MAX</option> (and their <option>GID</option> counterparts for the creation of groups)."
msgid "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</filename>."
msgid "The <command>newgrp</command> command is used to change the current group ID during a login session. If the optional <option>-</option> flag is given, the user's environment will be reinitialized as though the user had logged in, otherwise the current environment, including current working directory, remains unchanged."
msgid "<command>newgrp</command> changes the current real group ID to the named group, or to the default group listed in <filename>/etc/passwd</filename> if no group name is given. <command>newgrp</command> also tries to add the group to the user groupset. If not root, the user will be prompted for a password if she does not have a password (in <filename>/etc/shadow</filename> if this user has an entry in the shadowed password file, or in <filename>/etc/passwd</filename> otherwise) and the group does, or if the user is not listed as a member and the group has a password. The user will be denied access if the group password is empty and the user is not listed as a member."
msgid "If there is an entry for this group in <filename>/etc/gshadow</filename>, then the list of members and the password of this group will be taken from this file, otherwise, the entry in <filename>/etc/group</filename> is considered."
msgid "<command>logoutd</command> enforces the login time and port restrictions specified in <filename>/etc/porttime</filename>. <command>logoutd</command> should be started from <filename>/etc/rc</filename>. The <filename>/var/run/utmp</filename> file is scanned periodically and each user name is checked to see if the named user is permitted on the named port at the current time. Any login session which is violating the restrictions in <filename>/etc/porttime</filename> is terminated."
msgid "The <filename>/etc/login.defs</filename> file defines the site-specific configuration for the shadow password suite. This file is required. Absence of this file will not prevent system operation, but will probably result in undesirable operation."
msgid "This file is a readable text file, each line of the file describing one configuration parameter. The lines consist of a configuration name and value, separated by whitespace. Blank lines and comment lines are ignored. Comments are introduced with a \"#\" pound sign and the pound sign must be the first non-white character of the line."
msgid "Parameter values may be of four types: strings, booleans, numbers, and long numbers. A string is comprised of any printable characters. A boolean should be either the value <replaceable>yes</replaceable> or <replaceable>no</replaceable>. An undefined boolean parameter or one with a value other than these will be given a <replaceable>no</replaceable> value. Numbers (both regular and long) may be either decimal values, octal values (precede the value with <replaceable>0</replaceable>) or hexadecimal values (precede the value with <replaceable>0x</replaceable>). The maximum value of the regular and long numeric parameters is machine-dependent."
msgid "If <replaceable>yes</replaceable>, the <command>chfn</command> program will require authentication before making any changes, unless run by the superuser."
msgid "This parameter specifies which values in the <emphasis remap=\"I\">gecos</emphasis> field of the <filename>/etc/passwd</filename> file may be changed by regular users using the <command>chfn</command> program. It can be any combination of letters <replaceable>f</replaceable>, <replaceable>r</replaceable>, <replaceable>w</replaceable>, <replaceable>h</replaceable>, for Full name, Room number, Work phone, and Home phone, respectively. For backward compatibility, <replaceable>yes</replaceable> is equivalent to <replaceable>rwh</replaceable> and <replaceable>no</replaceable> is equivalent to <replaceable>frwh</replaceable>. If not specified, only the superuser can make any changes. The most restrictive setting is better achieved by not installing <command>chfn</command> SUID."
msgid "If <replaceable>yes</replaceable>, the <command>chsh</command> program will require authentication before making any changes, unless run by the superuser."
msgid "If defined, this file can inhibit all the usual chatter during the login sequence. If a full pathname is specified, then hushed mode will be enabled if the user's name or shell are found in the file. If not a full pathname, then hushed mode will be enabled if the file exists in the user's home directory."
msgid "This will most likely be overridden by PAM, since the default pam_unix module has its own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES."
msgid "If defined, name of file whose presence will inhibit non-root logins. The contents of this file should be a message indicating why logins are inhibited."
msgid "<option>PASS_MAX_DAYS</option>, <option>PASS_MIN_DAYS</option> and <option>PASS_WARN_AGE</option> are only used at the time of account creation. Any changes to these settings won't affect existing accounts."
msgid "The terminal permissions: the login tty will be owned by the <option>TTYGROUP</option> group, and the permissions will be set to <option>TTYPERM</option>."
msgid "If you have a <command>write</command> program which is \"setgid\" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600."
msgid "Much of the functionality that used to be provided by the shadow password suite is now handled by PAM. Thus, <filename>/etc/login.defs</filename> is no longer used by <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, or less used by <citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, and <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>. Please refer to the corresponding PAM configuration files instead."
msgid "The <emphasis remap=\"I\">login.access</emphasis> file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused."
msgid "When someone logs in, the <emphasis remap=\"I\">login.access</emphasis> is scanned for the first entry that matches the (user, host) combination, or, in case of non-networked logins, the first entry that matches the (user, tty) combination. The permissions field of that table entry determines whether the login will be accepted or refused."
msgid "The first field should be a \"<emphasis>+</emphasis>\" (access granted) or \"<emphasis>-</emphasis>\" (access denied) character. The second field should be a list of one or more login names, group names, or <emphasis>ALL</emphasis> (always matches). The third field should be a list of one or more tty names (for non-networked logins), host names, domain names (begin with \"<literal>.</literal>\"), host addresses, internet network numbers (end with \"<literal>.</literal>\"), <emphasis>ALL</emphasis> (always matches) or <emphasis>LOCAL</emphasis> (matches any string that does not contain a \"<literal>.</literal>\" character). If you run NIS you can use @netgroupname in host or user patterns."
msgid "The group file is searched only when a name does not match that of the logged-in user. Only groups are matched in which users are explicitly listed: the program does not look at a user's primary group id value."
msgid "The <command>login</command> program is used to establish a new session with the system. It is normally invoked automatically by responding to the <emphasis remap=\"I\">login:</emphasis> prompt on the user's terminal. <command>login</command> may be special to the shell and may not be invoked as a sub-process. When called from a shell, <command>login</command> should be executed as <emphasis remap=\"B\">exec login</emphasis> which will cause the user to exit from the current shell (and thus will prevent the new logged in user to return to the session of the caller). Attempting to execute <command>login</command> from any shell but the login shell will produce an error message."
msgid "The user is then prompted for a password, where appropriate. Echoing is disabled to prevent revealing the password. Only a small number of password failures are permitted before <command>login</command> exits and the communications link is severed."
msgid "If password aging has been enabled for your account, you may be prompted for a new password before proceeding. You will be forced to provide your old password and the new password before continuing. Please refer to <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more information."
msgid "After a successful login, you will be informed of any system messages and the presence of mail. You may turn off the printing of the system message file, <filename>/etc/motd</filename>, by creating a zero-length file <filename>.hushlogin</filename> in your login directory. The mail message will be one of \"<emphasis>You have new mail.</emphasis>\", \"<emphasis>You have mail.</emphasis>\", or \"<emphasis>No Mail.</emphasis>\" according to the condition of your mailbox."
msgid "Your user and group ID will be set according to their values in the <filename>/etc/passwd</filename> file. The value for <envar>$HOME</envar>, <envar>$SHELL</envar>, <envar>$PATH</envar>, <envar>$LOGNAME</envar>, and <envar>$MAIL</envar> are set according to the appropriate fields in the password entry. Ulimit, umask and nice values may also be set according to entries in the GECOS field."
msgid "On some installations, the environmental variable <envar>$TERM</envar> will be initialized to the terminal type on your tty line, as specified in <filename>/etc/ttytype</filename>."
msgid "An initialization script for your command interpreter may also be executed. Please see the appropriate manual section for more information on this function."
msgid "The <command>login</command> program is NOT responsible for removing users from the utmp file. It is the responsibility of <citerefentry><refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>init</refentrytitle><manvolnum>8</manvolnum></citerefentry> to clean up apparent ownership of a terminal session. If you use <command>login</command> from the shell prompt without <command>exec</command>, the user you use will continue to appear to be logged in even after you log out of the \"subsession\"."
msgid "As with any program, <command>login</command>'s appearance can be faked. If non-trusted users have physical access to a machine, an attacker could use this to obtain the password of the next person coming to sit in front of the machine. Under Linux, the SAK mechanism can be used by users to initiate a trusted path and prevent this kind of attack."
msgid "The <emphasis remap=\"I\">limits</emphasis> file (<filename>/etc/limits</filename> by default or LIMITS_FILE defined <filename>config.h</filename>) describes the resource limits you wish to impose. It should be owned by root and readable by root account only."
msgid "By default no quota is imposed on 'root'. In fact, there is no way to impose limits via this procedure to root-equiv accounts (accounts with UID 0)."
msgid "The <emphasis>LIMITS_STRING</emphasis> is a string of a concatenated list of resource limits. Each limit consists of a letter identifier followed by a numerical limit."
msgid "For example, <emphasis remap=\"I\">L2D2048N5</emphasis> is a valid <emphasis>LIMITS_STRING</emphasis>. For reading convenience, the following entries are equivalent:"
msgid "Be aware that after <emphasis remap=\"I\">username</emphasis> the rest of the line is considered a limit string, thus comments are not allowed. A invalid limits string will be rejected (not considered) by the <command>login</command> program."
msgid "The default entry is denoted by username \"<emphasis>*</emphasis>\". If you have multiple <emphasis remap=\"I\">default</emphasis> entries in your <emphasis>LIMITS_FILE</emphasis>, then the last one will be used as the default entry."
msgid "If no lines are specified for an user, the last <replaceable>@group</replaceable> line matching a group whose the user is a member of will be considered, or the last line with default limits if no groups contain the user."
msgid "Also, please note that all limit settings are set PER LOGIN. They are not global, nor are they permanent. Perhaps global limits will come, but for now this will have to do ;)"
msgid "<command>lastlog</command> formats and prints the contents of the last login log <filename>/var/log/lastlog</filename> file. The <emphasis>login-name</emphasis>, <emphasis>port</emphasis>, and <emphasis>last login time</emphasis> will be printed. The default (no flags) causes lastlog entries to be printed, sorted by their order in <filename>/etc/passwd</filename>."
msgid "The users can be specified by a login name, a numerical user ID, or a <replaceable>RANGE</replaceable> of users. This <replaceable>RANGE</replaceable> of users can be specified with a min and max values (<replaceable>UID_MIN-UID_MAX</replaceable>), a max value (<replaceable>-UID_MAX</replaceable>), or a min value (<replaceable>UID_MIN-</replaceable>)."
msgid "The <filename>lastlog</filename> file is a database which contains info on the last login of each user. You should not rotate it. It is a sparse file, so its size on the disk is usually much smaller than the one shown by \"<command>ls -l</command>\" (which can indicate a really big file if you have in <filename>passwd</filename> users with a high UID). You can display its real size with \"<command>ls -s</command>\"."
msgid "Large gaps in UID numbers will cause the lastlog program to run longer with no output to the screen (i.e. if in lastlog database there is no entries for users with UID between 170 and 800 lastlog will appear to hang as it processes entries with UIDs 171-799)."
msgid "If the password field contains some string that is not a valid result of <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for instance ! or *, users will not be able to use a unix password to access the group (but group members do not need the password)."
msgid "The password is used when an user who is not a member of the group wants to gain the permissions of this group (see <citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum></citerefentry>)."
msgid "The <command>grpck</command> command verifies the integrity of the groups information. It checks that all entries in <filename>/etc/group</filename><phrase condition=\"gshadow\">and <filename>/etc/gshadow</filename></phrase> have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors."
msgid "a corresponding entry in the <filename>/etc/gshadow</filename> file (respectively <filename>/etc/group</filename> for the <filename>gshadow</filename> checks)"
msgid "The checks for correct number of fields and unique group name are fatal. If an entry has the wrong number of fields, the user will be prompted to delete the entire line. If the user does not answer affirmatively, all further checks are bypassed. An entry with a duplicated group name is prompted for deletion, but the remaining checks will still be made. All other errors are warnings and the user is encouraged to run the <command>groupmod</command> command to correct the error."
msgid "The commands which operate on the <filename>/etc/group</filename><phrase condition=\"no_gshadow\">file</phrase><phrase condition=\"gshadow\">and <filename>/etc/gshadow</filename> files</phrase> are not able to alter corrupted or duplicated entries. <command>grpck</command> should be used in those circumstances to remove the offending entries."
msgid "Execute the <command>grpck</command> command in read-only mode. This causes all questions regarding changes to be answered <emphasis>no</emphasis> without user intervention."
msgid "By default, <command>grpck</command> operates on <filename>/etc/group</filename><phrase condition=\"gshadow\"> and <filename>/etc/gshadow</filename></phrase>. The user may select alternate files with the <emphasis remap=\"I\">group</emphasis><phrase condition=\"no_gshadow\">parameter.</phrase><phrase condition=\"gshadow\">and <emphasis remap=\"I\">shadow</emphasis> parameters.</phrase>"
msgid "The <command>groups</command> command displays the current group names or ID values. If the value does not have a corresponding entry in <filename>/etc/group</filename>, the value will be displayed as the numerical group value. The optional <emphasis remap=\"I\">user</emphasis> parameter will display the groups for the named <emphasis remap=\"I\">user</emphasis>."
msgid "Systems which do not support concurrent group sets will have the information from <filename>/etc/group</filename> reported. The user must use <command>newgrp</command> or <command>sg</command> to change his current real and effective group ID."
msgid "The <command>groupmod</command> command modifies the definition of the specified <replaceable>GROUP</replaceable> by modifying the appropriate entry in the group database."
msgid "The value of <replaceable>GID</replaceable> must be a non-negative decimal integer. This value must be unique, unless the <option>-o</option> option is used."
msgid "Any files that have the old group ID and must continue to belong to <replaceable>GROUP</replaceable>, must have their group ID changed manually."
msgid "No checks will be performed with regard to the <option>GID_MIN</option>, <option>GID_MAX</option>, <option>SYS_GID_MIN</option>, or <option>SYS_GID_MAX</option> from <filename>/etc/login.defs</filename>."
msgid "The <command>groupmems</command> command allows a user to administer his/her own group membership list without the requirement of superuser privileges. The <command>groupmems</command> utility is for systems that configure its users to be in their own name sake primary group (i.e., guest / guest)."
msgid "If the <filename>/etc/gshadow</filename> file exist, and the group has no entry in the <filename>/etc/gshadow</filename> file, a new entry will be created."
msgid "The <command>groupmems</command> executable should be in mode <literal>2770</literal> as user <emphasis>root</emphasis> and in group <emphasis>groups</emphasis>. The system administrator can add users to group <emphasis>groups</emphasis> to allow or disallow them using the <command>groupmems</command> utility to manage their own group membership list."
msgid "The <command>groupdel</command> command modifies the system account files, deleting all entries that refer to <replaceable>GROUP</replaceable>. The named group must exist."
msgid "The <command>groupadd</command> command creates a new group account using the values specified on the command line plus the default values from the system. The new group will be entered into the system files as needed."
msgid "This option causes the command to simply exit with success status if the specified group already exists. When used with <option>-g</option>, and the specified GID already exists, another (unique) GID is chosen (i.e. <option>-g</option> is turned off)."
msgid "The numerical value of the group's ID. This value must be unique, unless the <option>-o</option> option is used. The value must be non-negative. The default is to use the smallest ID value greater than or equal to <option>GID_MIN</option> and greater than every other group."
msgid "The numeric identifiers of new system groups are chosen in the <option>SYS_GID_MIN</option>-<option>SYS_GID_MAX</option> range, defined in <filename>login.defs</filename>, instead of <option>GID_MIN</option>-<option>GID_MAX</option>."
msgid "Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes. They can end with a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?"
msgid "If the groupname already exists in an external group database such as NIS or LDAP, <command>groupadd</command> will deny the group creation request."
msgid "The <command>gpasswd</command> command is used to administer <filename>/etc/group</filename><phrase condition=\"gshadow\">, and <filename>/etc/gshadow</filename></phrase>. Every group can have <phrase condition=\"gshadow\">administrators,</phrase> members and a password."
msgid "System administrators can use the <option>-A</option> option to define group administrator(s) and the <option>-M</option> option to define members. They have all rights of group administrators and members."
msgid "<command>gpasswd</command> called by <phrase condition=\"gshadow\">a group administrator</phrase><phrase condition=\"no_gshadow\">a system administrator</phrase> with a group name only prompts for the new password of the <replaceable>group</replaceable>."
msgid "If a password is set the members can still use <citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum></citerefentry> without a password, and non-members must supply the password."
msgid "Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users."
msgid "Remove the password from the named <replaceable>group</replaceable>. The group password will be empty. Only group members will be allowed to use <command>newgrp</command> to join the named <replaceable>group</replaceable>."
msgid "Restrict the access to the named <replaceable>group</replaceable>. The group password is set to \"!\". Only group members with a password will be allowed to use <command>newgrp</command> to join the named <replaceable>group</replaceable>."
msgid "This tool only operates on the <filename>/etc/group</filename><phrase condition=\"gshadow\"> and <filename>/etc/gshadow</filename> files.</phrase><phrase condition=\"no_gshadow\">file.</phrase> Thus you cannot change any NIS or LDAP group. This must be performed on the corresponding server."
msgid "<command>faillog</command> displays the contents of the failure log database (<filename>/var/log/faillog</filename>). It can also set the failure counters and limits. When <command>faillog</command> is run without arguments, it only displays the faillog records of the users who had a login failure."
msgid "With the <option>-l</option>, <option>-m</option>, <option>-r</option>, <option>-t</option> options, the users' records are changed, even if the user does not exist on the system. This is useful to reset records of users that have been deleted or to set a policy in advance for a range of users."
msgid "Display faillog record or maintains failure counters and limits (if used with <option>-l</option>, <option>-m</option> or <option>-r</option> options) only for the specified user(s)."
msgid "When none of the <option>-l</option>, <option>-m</option>, or <option>-r</option> options are used, <command>faillog</command> displays the faillog record of the specified user(s)."
msgid "<command>faillog</command> only prints out users with no successful login since the last failure. To print out a user who has had a successful login since their last failure, you must explicitly request the user with the <option>-u</option> flag, or print out all users with the <option>-a</option> flag."
msgid "The file contains fixed length records, indexed by numerical UID. Each record contains the count of login failures since the last successful login; the maximum number of failures before the account is disabled; the line on which the last login failure occurred; the date of the last login failure; and the duration (in seconds) during which the account will be locked after a failure."
msgid "The <command>expiry</command> command checks (<option>-c</option>) the current password expiration and forces (<option>-f</option>) changes when required. It is callable as a normal user command."
msgid "The <command>chsh</command> command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change the login shell for her own account; the superuser may change the login shell for any account."
msgid "If the <option>-s</option> option is not selected, <command>chsh</command> operates in an interactive fashion, prompting the user with the current login shell. Enter the new value to change the shell, or leave the line blank to use the current one. The current shell is displayed between a pair of <emphasis>[ ]</emphasis> marks."
msgid "The only restriction placed on the login shell is that the command name must be listed in <filename>/etc/shells</filename>, unless the invoker is the superuser, and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing <filename>/bin/rsh</filename> in <filename>/etc/shells</filename> is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value."
msgid "The <command>chpasswd</command> command reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. Each line is of the format:"
msgid "By default the passwords must be supplied in clear-text, and are encrypted by <command>chpasswd</command>. Also the password age will be updated, if present."
msgid "The default encryption algorithm can be defined for the system with the <option>ENCRYPT_METHOD</option> or <option>MD5_CRYPT_ENAB</option> variables of <filename>/etc/login.defs</filename>, and can be overwitten with the <option>-e</option>, <option>-m</option>, or <option>-c</option> options."
msgid "By default, passwords are encrypted by PAM, but (even if not recommended) you can select a different encryption method with the <option>-e</option>, <option>-m</option>, or <option>-c</option> options."
msgid "<phrase condition=\"pam\">Except when PAM is used to encrypt the passwords,</phrase><command>chpasswd</command> first updates all the passwords in memory, and then commits all the changes to disk if no errors occured for any user."
msgid "When PAM is used to encrypt the passwords (and update the passwords in the system database) then if a password cannot be updated <command>chpasswd</command> continues updating the passwords of the next users, and will return an error code on exit."
msgid "By default (if none of the <option>-c</option>, <option>-m</option>, or <option>-e</option> options are specified), the encryption method is defined by the <option>ENCRYPT_METHOD</option> or <option>MD5_CRYPT_ENAB</option> variables of <filename>/etc/login.defs</filename>."
msgid "By default, the number of rounds is defined by the <option>SHA_CRYPT_MIN_ROUNDS</option> and <option>SHA_CRYPT_MAX_ROUNDS</option> variables in <filename>/etc/login.defs</filename>."
msgid "The <command>chgpasswd</command> command reads a list of group name and password pairs from standard input and uses this information to update a set of existing groups. Each line is of the format:"
msgid "The default encryption algorithm can be defined for the system with the <option>ENCRYPT_METHOD</option> variable of <filename>/etc/login.defs</filename>, and can be overwiten with the <option>-e</option>, <option>-m</option>, or <option>-c</option> options."
msgid "The <command>chfn</command> command changes user fullname, office room number, office phone number, and home phone number information for a user's account. This information is typically printed by <citerefentry><refentrytitle>finger</refentrytitle><manvolnum>1</manvolnum></citerefentry> and similar programs. A normal user may only change the fields for her own account, subject to the restrictions in <filename>/etc/login.defs</filename>. (The default configuration is to prevent users from changing their fullname.) The superuser may change any field for any account. Additionally, only the superuser may use the <option>-o</option> option to change the undefined portions of the GECOS field."
msgid "These fields must not contain any colons. Except for the <emphasis remap=\"I\">other</emphasis> field, they should not contain any comma or equal sign. It is also recommended to avoid non-US-ASCII characters, but this is only enforced for the phone numbers. The <emphasis remap=\"I\">other</emphasis> field is used to store accounting information used by other applications."
msgid "Change the user's other GECOS information. This field is used to store accounting information used by other applications, and can be changed only by a superuser."
msgid "If none of the options are selected, <command>chfn</command> operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of <emphasis remap=\"B\">[ ]</emphasis> marks. Without options, <command>chfn</command> prompts for the current user account."
msgid "The <command>chage</command> command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password."
msgid "Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area)."
msgid "Set the date or number of days since January 1, 1970 on which the user's account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again."
msgid "Set the number of days of inactivity after a password has expired before the account is locked. The <replaceable>INACTIVE</replaceable> option is the number of days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again."
msgid "Set the maximum number of days during which a password is valid. When <replaceable>MAX_DAYS</replaceable> plus <replaceable>LAST_DAY</replaceable> is less than the current day, the user will be required to change his/her password before being able to use his/her account. This occurrence can be planned for in advance by use of the <option>-W</option> option, which provides the user with advance warning."
msgid "Set the number of days of warning before a password change is required. The <replaceable>WARN_DAYS</replaceable> option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire."
msgid "If none of the options are selected, <command>chage</command> operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of <emphasis>[ ]</emphasis> marks."
msgid "The <command>chage</command> command is restricted to the root user, except for the <option>-l</option> option, which may be used by an unprivileged user to determine when his/her password or account is due to expire."