* man/gshadow.5.xml: Updated documentation.

This commit is contained in:
nekral-guest 2009-05-21 13:53:56 +00:00
parent 39b17ee5d5
commit 12235612b5
2 changed files with 90 additions and 34 deletions

View File

@ -1,3 +1,7 @@
2009-05-21 Nicolas François <nicolas.francois@centraliens.net>
* man/gshadow.5.xml: Updated documentation.
2009-05-21 Nicolas François <nicolas.francois@centraliens.net> 2009-05-21 Nicolas François <nicolas.francois@centraliens.net>
* man/usermod.8.xml, man/userdel.8.xml, man/useradd.8.xml: * man/usermod.8.xml, man/userdel.8.xml, man/useradd.8.xml:

View File

@ -43,46 +43,98 @@
<title>DESCRIPTION</title> <title>DESCRIPTION</title>
<para> <para>
<filename>/etc/gshadow</filename> contains the shadowed information <filename>/etc/gshadow</filename> contains the shadowed information
for group accounts. It contains lines with the following for group accounts.
colon-separated fields:
</para>
<itemizedlist mark='bullet'>
<listitem>
<para>group name</para>
</listitem>
<listitem>
<para>encrypted password</para>
</listitem>
<listitem>
<para>comma-separated list of group administrators</para>
</listitem>
<listitem>
<para>comma-separated list of group members</para>
</listitem>
</itemizedlist>
<para>
The group name and password fields must be filled. The encrypted
password consists of characters from the 64-character alphabet a thru
z, A thru Z, 0 thru 9, \. and /. Refer to <citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> for details on how this string is interpreted. If the
password field contains some string that is not valid result of
<citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, for instance ! or *, the user will not be able to use
a unix password to log in, subject to <citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
<para>
This information supersedes any password present in
<filename>/etc/group</filename>.
</para> </para>
<para> <para>
This file must not be readable by regular users if password security This file must not be readable by regular users if password security
is to be maintained. is to be maintained.
</para> </para>
<para>
Each line of this file contains the following colon-separated
fields:
</para>
<variablelist>
<varlistentry>
<term><emphasis role="bold">group name</emphasis></term>
<listitem>
<para>
It must be a valid group name, which exist on the system.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">encrypted password</emphasis></term>
<listitem>
<para>
Refer to <citerefentry><refentrytitle>crypt</refentrytitle>
<manvolnum>3</manvolnum></citerefentry> for details on how
this string is interpreted.
</para>
<para>
If the password field contains some string that is not a valid
result of <citerefentry><refentrytitle>crypt</refentrytitle>
<manvolnum>3</manvolnum></citerefentry>, for instance ! or *,
users will not be able to use a unix password to access the
group (but group members do not need the password).
</para>
<para>
The password is used when an user who is not a member of the
group wants to gain the permissions of this group (see
<citerefentry><refentrytitle>newgrp</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>).
</para>
<para>
This field may be empty, in which case only the group members
can gain the group permissions.
</para>
<para>
A password field which starts with a exclamation mark means
that the password is locked. The remaining characters on the
line represent the password field before the password was
locked.
</para>
<para>
This password supersedes any password specified in
<filename>/etc/group</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">administrators</emphasis></term>
<listitem>
<para>
It must be a comma-separated list of user names.
</para>
<para>
Administrators can change the password or the members of the
group.
</para>
<para>
Administrators also have the same permissions as the members
(see below).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">members</emphasis></term>
<listitem>
<para>
It must be a comma-separated list of user names.
</para>
<para>
Members can access the group without being prompted for a
password.
</para>
<para>
You should use the same list of users as in
<filename>/etc/group</filename>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1> </refsect1>
<refsect1 id='files'> <refsect1 id='files'>