diff --git a/man/usermod.8.xml b/man/usermod.8.xml
index d121bfd7..7725c844 100644
--- a/man/usermod.8.xml
+++ b/man/usermod.8.xml
@@ -62,7 +62,7 @@
DESCRIPTION
The usermod command modifies the system account
- files to reflect the changes that are specified on the command line.
+ files.
@@ -100,8 +100,8 @@
- The new value of the user's password file comment field. It is
- normally modified using the
+ update the comment field of the user in /etc/passwd
+ , which is normally modified using the chfn1 utility.
@@ -130,12 +130,15 @@
- The date on which the user account will be disabled. The date is
- specified in the format YYYY-MM-DD.
+ The date on which the user account will be disabled. The
+ date is specified in the format
+ YYYY-MM-DD. Integers as input are
+ interpreted as days after 1970-01-01.
- An empty EXPIRE_DATE argument will
- disable the expiration of the account.
+ An input of -1 or an empty string will blank the account
+ expiration field in the shadow password file. The account
+ will remain available with no date limit.
This option requires a /etc/shadow file.
@@ -150,13 +153,14 @@
- The number of days after a password expires until the account is
- permanently disabled.
-
-
- A value of 0 disables the account as soon
- as the password has expired, and a value of -1 disables the
- feature.
+ defines the number of days after the password exceeded its maximum
+ age during which the user may still login by immediately replacing
+ the password. This grace period before the account becomes inactive
+ is stored in the shadow password file. An input of 0 will disable an
+ expired password with no delay. An input of -1 will blank the
+ respective field in the shadow password file. See
+ shadow5
+ for more information.
This option requires a /etc/shadow file.
@@ -171,7 +175,7 @@
- The group name or number of the user's new initial login group.
+ The name or numerical ID of the user's new primary group.
The group must exist.
@@ -198,9 +202,7 @@
A list of supplementary groups which the user is also a member
of. Each group is separated from the next by a comma, with no
- intervening whitespace. The groups are subject to the same
- restrictions as the group given with the
- option.
+ intervening whitespace. The groups must exist.
If the user is currently a member of a group which is
@@ -249,7 +251,7 @@
- Move the content of the user's home directory to the new
+ moves the content of the user's home directory to the new
location. If the current home directory does not exist
the new home directory will not be created.
@@ -270,9 +272,17 @@
- When used with the option, this option
allows to change the user ID to a non-unique value.
+
+ This option is only valid in combination with the
+ option. As a user identity
+ serves as
+ key to map between users on one hand and permissions, file
+ ownerships and other aspects that determine the system's
+ behavior on the other hand, more than one login name
+ will access the account of the given UID.
+
@@ -281,13 +291,13 @@
- The encrypted password, as returned by
- crypt3
- .
+ defines a new password for the user. PASSWORD is expected to
+ be encrypted, as returned by crypt
+ 3.
- Note: This option is not
- recommended because the password (or encrypted password) will
+ Note: Avoid this option on the
+ command line because the password (or encrypted password) will
be visible by users listing the processes.
@@ -331,14 +341,13 @@
- Apply changes in the PREFIX_DIR
- directory and use the configuration files from the
- PREFIX_DIR directory.
- This option does not chroot and is intended for preparing
- a cross-compilation target.
- Some limitations: NIS and LDAP users/groups are not verified.
- PAM authentication is using the host files.
- No SELINUX support.
+ Apply changes within the directory tree starting with
+ PREFIX_DIR and use as well the
+ configuration files located there. This option does not
+ chroot and is intended for preparing a cross-compilation
+ target. Some limitations: NIS and LDAP users/groups are
+ not verified. PAM authentication is using the host
+ files. No SELINUX support.
@@ -348,8 +357,9 @@
- The path of the user's new login shell. Setting this field to
- blank causes the system to select the default login shell.
+ changes the user's login shell. An empty string for SHELL blanks the
+ field in /etc/passwd and logs the user into the
+ system's default shell.
@@ -359,7 +369,7 @@
- The new numerical value of the user's ID.
+ The new value of the user's ID.
This value must be unique,
@@ -418,7 +428,7 @@
Add a range of subordinate uids to the user's account.
- This option may be specified multiple times to add multiple ranges to a users account.
+ This option may be specified multiple times to add multiple ranges to a user's account.
No checks will be performed with regard to
@@ -436,7 +446,7 @@
Remove a range of subordinate uids from the user's account.
- This option may be specified multiple times to remove multiple ranges to a users account.
+ This option may be specified multiple times to remove multiple ranges to a user's account.
When both and are specified,
the removal of all subordinate uid ranges happens before any subordinate uid range is added.
@@ -456,7 +466,7 @@
Add a range of subordinate gids to the user's account.
- This option may be specified multiple times to add multiple ranges to a users account.
+ This option may be specified multiple times to add multiple ranges to a user's account.
No checks will be performed with regard to
@@ -474,7 +484,7 @@
Remove a range of subordinate gids from the user's account.
- This option may be specified multiple times to remove multiple ranges to a users account.
+ This option may be specified multiple times to remove multiple ranges to a user's account.
When both and are specified,
the removal of all subordinate gid ranges happens before any subordinate gid range is added.
@@ -491,12 +501,11 @@
- The new SELinux user for the user's login.
-
-
- A blank SEUSER will remove the
- SELinux user mapping for user LOGIN
- (if any).
+ defines the SELinux user to be mapped with
+ LOGIN. An empty string ("")
+ will remove the respective entry (if any). Note that the
+ shadow system doesn't store the selinux-user, it uses
+ semanage(8) for that.
@@ -510,7 +519,8 @@
not executing any processes when this command is being executed if the
user's numerical user ID, the user's name, or the user's home
directory is being changed. usermod checks this
- on Linux. On other platforms it only uses utmp to check if the user is logged in.
+ on Linux. On other operating systems it only uses utmp to check if
+ the user is logged in.
You must change the owner of any crontab files or
@@ -545,43 +555,43 @@
/etc/group
- Group account information.
+ Group account information/etc/gshadow
- Secure group account information.
+ Secure group account informatio./etc/login.defs
- Shadow password suite configuration.
+ Shadow password suite configuration/etc/passwd
- User account information.
+ User account information/etc/shadow
- Secure user account information.
+ Secure user account information/etc/subgid
- Per user subordinate group IDs.
+ Per user subordinate group IDs/etc/subuid
- Per user subordinate user IDs.
+ Per user subordinate user IDs