update useradd homepage

Signed-off-by: Serge Hallyn <serge@hallyn.com>

man/useradd.8.xml

@@ -119,11 +119,11 @@
 	</term>
 	<listitem>
 	  <para>
-	    The default base directory for the system if <option>-d</option>&nbsp;<replaceable>HOME_DIR</replaceable> is not specified.
+	    The default base directory for the system if
-	    <replaceable>BASE_DIR</replaceable> is
+	    <option>-d</option>&nbsp;<replaceable>HOME_DIR</replaceable>
-	    concatenated with the account name to define the home directory. 
+	    is not specified.  <replaceable>BASE_DIR</replaceable> is
-	    If the <option>-m</option> option is not used,
+	    concatenated with the account name to define the home
-	    <replaceable>BASE_DIR</replaceable> must exist.
+	    directory.
 	  </para>
 	  <para>
 	    If this option is not specified, <command>useradd</command>
@@ -141,7 +141,7 @@
 	<listitem>
 	  <para>
 	    Any text string. It is generally a short description of the
-	    login, and is currently used as the field for the user's full
+	    account, and is currently used as the field for the user's full
 	    name.
 	  </para>
 	</listitem>
@@ -153,14 +153,14 @@
 	<listitem>
 	  <para>
 	    The new user will be created using
-	    <replaceable>HOME_DIR</replaceable> as the value for the user's
+	    <replaceable>HOME_DIR</replaceable> as the value for the
-	    login directory. The default is to append the
+	    user's login directory. The default is to append the
 	    <replaceable>LOGIN</replaceable> name to
-	    <replaceable>BASE_DIR</replaceable> and use that as the login
+	    <replaceable>BASE_DIR</replaceable> and use that as the
-	    directory name.  If the directory
+	    login directory name.  If the directory
-	    <replaceable>HOME_DIR</replaceable> does not exist, then it
+	    <replaceable>HOME_DIR</replaceable> does not exist, then
-	    will be created unless the <option>-M</option> option is
+	    it will be created unless the <option>-M</option> option
-	    specified.
+	    is specified.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -197,10 +197,13 @@
 	</term>
 	<listitem>
 	  <para>
-	    The number of days after a password expires until the account is
+            defines the number of days after the password exceeded its maximum
-	    permanently disabled. A value of 0 disables the account as soon
+            age where the user is expected to replace this password. The value
-	    as the password has expired, and a value of -1 disables the
+            is stored in the shadow password file. An input of 0 will disable an
-	    feature.
+            expired password with no delay. An input of -1 will blank the
+            respective field in the shadow password file. See <citerefentry>
+	    <refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
+            </citerefentry>for more information.
 	  </para>
 	  <para>
 	    If not specified, <command>useradd</command> will use the
@@ -216,7 +219,7 @@
 	</term>
 	<listitem>
 	  <para>
-	    The group name or number of the user's initial login group. The
+	    The name or the number of the user's primary group. The
 	    group name must exist. A group number must refer to an already
 	    existing group.
 	  </para>
@@ -293,14 +296,17 @@
 	    (<option>UID_MIN</option>, <option>UID_MAX</option>,
 	    <option>UMASK</option>, <option>PASS_MAX_DAYS</option>
 	    and others).
-	  <para>
 	  </para>
-	    Example: <option>-K</option>&nbsp;<replaceable>PASS_MAX_DAYS</replaceable>=<replaceable>-1</replaceable>
+	  <para>
-	    can be used when creating system account to turn off password
+	    Example:
-	    aging, even though system account has no password at all.
+	    <option>-K</option>&nbsp;<replaceable>PASS_MAX_DAYS
-	    Multiple <option>-K</option> options can be specified, e.g.:
+	    </replaceable>=<replaceable>-1</replaceable> can be used
-	    <option>-K</option>&nbsp;<replaceable>UID_MIN</replaceable>=<replaceable>100</replaceable>&nbsp;
+	    when creating an account to turn off password aging.
-	    <option>-K</option>&nbsp;<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
+	    Multiple <option>-K</option> options can be specified,
+	    e.g.:
+	    <option>-K</option>&nbsp;<replaceable>UID_MIN</replaceable>
+	    =<replaceable>100</replaceable>&nbsp;<option>-K</option>&nbsp;
+	    <replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
 	  </para>
 	  <!--para>
 	    Note: <option>-K</option>&nbsp;<replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
@@ -387,10 +393,18 @@
 	  <option>-o</option>, <option>--non-unique</option>
 	</term>
 	<listitem>
-	  <para>Allow the creation of a user account with a duplicate (non-unique) UID.</para>
+	  <para>
+	    allows the creation of an account with an already existing
+	    UID.
+	  </para>
 	  <para>
 	    This option is only valid in combination with the
-	    <option>-u</option> option.
+	    <option>-u</option> option. As a user identity
+	    serves as
+	    key to map between users on one hand and permissions, file
+	    ownerships and other aspects that determine the system's
+	    behavior on the other hand, more than one login name
+	    will access the account of the given UID.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -400,13 +414,23 @@
 	</term>
 	<listitem>
 	  <para>
-	    The encrypted password, as returned by <citerefentry>
+	    defines an initial password for the account. PASSWORD is expected to
-	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+	    be encrypted, as returned by <citerefentry><refentrytitle>crypt
-	    </citerefentry>. The default is to disable the password.
+	    </refentrytitle><manvolnum>3</manvolnum></citerefentry>. Within a
+	    shell script, this option allows to create efficiently
+	    batches of users.
 	  </para>
 	  <para>
-	    <emphasis role="bold">Note:</emphasis> This option is not
+            Without this option, the new account will be locked and
-	    recommended because the password (or encrypted password) will
+            with no password defined, i.e. a single exclamation mark
+            in the respective field of
+            <filename>/etc/shadow</filename>. This is a state where the
+            user won't be able to access the account or to define a
+            password himself.
+	  </para>
+	  <para>
+	    <emphasis role="bold">Note:</emphasis>Avoid this option on the command  
+	     line because the password (or encrypted password) will
 	    be visible by users listing the processes.
 	  </para>
 	  <para>
@@ -477,11 +501,11 @@
 	</term>
 	<listitem>
 	  <para>
-	    The name of the user's login shell. The default is to leave this
+            sets the path to the user's login shell. Without this option,
-	    field blank, which causes the system to select the default login
+            the system will use the <option>SHELL</option> variable specified
-	    shell specified by the <option>SHELL</option> variable in
+	    in <filename>/etc/default/useradd</filename>, or, if that is as
-	    <filename>/etc/default/useradd</filename>, or an empty string
+	    well not set, the field for the login shell in <filename>/etc/passwd
-	    by default.
+	    </filename>remains empty.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -526,9 +550,11 @@
 	</term>
 	<listitem>
 	  <para>
-	    The SELinux user for the user's login. The default is to leave this
+	    defines the SELinux user for the new account. Without this
-	    field blank, which causes the system to select the default SELinux
+	    option, a SELinux uses the default user. Note that the
-	    user.
+	    shadow system doesn't store the selinux-user, it uses
+	    <citerefentry><refentrytitle>semanage</refentrytitle>
+	    <manvolnum>8</manvolnum></citerefentry> for that.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -550,7 +576,7 @@
 	  </term>
 	  <listitem>
 	    <para>
-	      The path prefix for a new user's home directory. The
+	      sets the path prefix for a new user's home directory. The
 	      user's name will be affixed to the end of
 	      <replaceable>BASE_DIR</replaceable> to form the new user's
 	      home directory name, if the <option>-d</option> option is not used
@@ -567,7 +593,7 @@
 	    <option>-e</option>, <option>--expiredate</option>&nbsp;<replaceable>EXPIRE_DATE</replaceable>
 	  </term>
 	  <listitem>
-	    <para>The date on which the user account is disabled.</para>
+	    <para>sets the date on which newly created user accounts are disabled.</para>
 	    <para>
 	      This option sets the <option>EXPIRE</option> variable in
 	      <filename>/etc/default/useradd</filename>.
@@ -580,8 +606,10 @@
 	  </term>
 	  <listitem>
 	    <para>
-	      The number of days after a password has expired before the
+              defines the number of days after the password exceeded its maximum
-	      account will be disabled.
+              age where the user is expected to replace this password. See <citerefentry>
+	      <refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
+              </citerefentry>for more information.
 	    </para>
 	    <para>
 	      This option sets the <option>INACTIVE</option> variable in
@@ -594,13 +622,9 @@
 	    <option>-g</option>, <option>--gid</option>&nbsp;<replaceable>GROUP</replaceable>
 	  </term>
 	  <listitem>
-	    <para>
+	    <para>sets the default primary group for newly created users,
-	      The group name or ID for a new user's initial group (when
+	      accepting group names or a numerical group ID. The named
-	      the <option>-N/--no-user-group</option> is used or when the
+	      group must exist, and the GID must have an
-	      <option>USERGROUPS_ENAB</option> variable is set to
-	      <replaceable>no</replaceable> in
-	      <filename>/etc/login.defs</filename>). The named
-	      group must exist, and a numerical group ID must have an
 	      existing entry.
 	    </para>
 	    <para>
@@ -615,7 +639,7 @@
 	  </term>
 	  <listitem>
 	    <para>
-	      The name of a new user's login shell.
+	      defines the default login shell for new users.
 	    </para>
 	    <para>
 	      This option sets the <option>SHELL</option> variable in