* man/pwck.8.xml: The shadow file is optional.

* man/pwck.8.xml: Updated description of the checks. Added
	description of the shadow checks.
	* man/pwck.8.xml: Updated description of the checks.
This commit is contained in:
nekral-guest 2009-06-20 13:02:33 +00:00
parent 885692e3c5
commit 7e96d749e4
3 changed files with 71 additions and 14 deletions

View File

@ -1,3 +1,10 @@
2009-06-20 Nicolas François <nicolas.francois@centraliens.net>
* man/pwck.8.xml: The shadow file is optional.
* man/pwck.8.xml: Updated description of the checks. Added
description of the shadow checks.
* man/pwck.8.xml: Updated description of the checks.
2009-06-12 Nicolas François <nicolas.francois@centraliens.net> 2009-06-12 Nicolas François <nicolas.francois@centraliens.net>
* man/po/fr.po: Fixed typo (forunis) * man/po/fr.po: Fixed typo (forunis)

View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- <!--
Copyright (c) 1992 - 1993, Julianne Frances Haugh Copyright (c) 1992 - 1993, Julianne Frances Haugh
Copyright (c) 2007 - 2008, Nicolas François Copyright (c) 2007 - 2009, Nicolas François
All rights reserved. All rights reserved.
Redistribution and use in source and binary forms, with or without Redistribution and use in source and binary forms, with or without
@ -69,11 +69,11 @@
<title>DESCRIPTION</title> <title>DESCRIPTION</title>
<para> <para>
The <command>grpck</command> command verifies the integrity of the The <command>grpck</command> command verifies the integrity of the
system authentication information. All entries in groups information. It checks that all entries in
<filename>/etc/group</filename> <phrase condition="gshadow">and <filename>/etc/group</filename> <phrase condition="gshadow">and
<filename>/etc/gshadow</filename></phrase> <filename>/etc/gshadow</filename></phrase>
are checked to see that the entry has the proper format and valid data have the proper format and contain valid data.
in each field. The user is prompted to delete entries that are The user is prompted to delete entries that are
improperly formatted or which have other uncorrectable errors. improperly formatted or which have other uncorrectable errors.
</para> </para>
@ -84,16 +84,33 @@
<para>the correct number of fields</para> <para>the correct number of fields</para>
</listitem> </listitem>
<listitem> <listitem>
<para>a unique group name</para> <para>a unique and valid group name</para>
</listitem> </listitem>
<listitem> <listitem>
<para>a valid list of members and administrators</para> <para>
a valid group identifier
<phrase condition="gshadow"> (<filename>/etc/group</filename>
only)</phrase>
</para>
</listitem>
<listitem>
<para>
a valid list of members
<phrase condition="gshadow"> and administrators</phrase>
</para>
</listitem>
<listitem condition="gshadow">
<para>
a corresponding entry in the <filename>/etc/gshadow</filename>
file (respectively <filename>/etc/group</filename> for the
<filename>gshadow</filename> checks)
</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para> <para>
The checks for correct number of fields and unique group name are The checks for correct number of fields and unique group name are
fatal. If the entry has the wrong number of fields, the user will be fatal. If an entry has the wrong number of fields, the user will be
prompted to delete the entire line. If the user does not answer prompted to delete the entire line. If the user does not answer
affirmatively, all further checks are bypassed. An entry with a affirmatively, all further checks are bypassed. An entry with a
duplicated group name is prompted for deletion, but the remaining duplicated group name is prompted for deletion, but the remaining
@ -103,10 +120,12 @@
</para> </para>
<para> <para>
The commands which operate on the <filename>/etc/group</filename> file The commands which operate on the <filename>/etc/group</filename>
<phrase condition="no_gshadow">file</phrase><phrase
condition="gshadow">and <filename>/etc/gshadow</filename> files</phrase>
are not able to alter corrupted or duplicated entries. are not able to alter corrupted or duplicated entries.
<command>grpck</command> should be used in those circumstances to <command>grpck</command> should be used in those circumstances to
remove the offending entry. remove the offending entries.
</para> </para>
</refsect1> </refsect1>

View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- <!--
Copyright (c) 1992 , Julianne Frances Haugh Copyright (c) 1992 , Julianne Frances Haugh
Copyright (c) 2007 - 2008, Nicolas François Copyright (c) 2007 - 2009, Nicolas François
All rights reserved. All rights reserved.
Redistribution and use in source and binary forms, with or without Redistribution and use in source and binary forms, with or without
@ -70,9 +70,11 @@
<arg choice='plain'> <arg choice='plain'>
<replaceable>passwd</replaceable> <replaceable>passwd</replaceable>
</arg> </arg>
<arg choice='opt'>
<arg choice='plain'> <arg choice='plain'>
<replaceable>shadow</replaceable> <replaceable>shadow</replaceable>
</arg> </arg>
</arg>
</arg> </arg>
</cmdsynopsis> </cmdsynopsis>
</refsynopsisdiv> </refsynopsisdiv>
@ -81,10 +83,10 @@
<title>DESCRIPTION</title> <title>DESCRIPTION</title>
<para> <para>
The <command>pwck</command> command verifies the integrity of the The <command>pwck</command> command verifies the integrity of the
system authentication information. All entries in the users and authentication information. It checks that all entries in
<filename>/etc/passwd</filename> and <filename>/etc/shadow</filename> <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
are checked to see that the entry has the proper format and valid data have the proper format and contain valid data.
in each field. The user is prompted to delete entries that are The user is prompted to delete entries that are
improperly formatted or which have other uncorrectable errors. improperly formatted or which have other uncorrectable errors.
</para> </para>
@ -94,7 +96,7 @@
<para>the correct number of fields</para> <para>the correct number of fields</para>
</listitem> </listitem>
<listitem> <listitem>
<para>a unique user name</para> <para>a unique and valid user name</para>
</listitem> </listitem>
<listitem> <listitem>
<para>a valid user and group identifier</para> <para>a valid user and group identifier</para>
@ -110,6 +112,35 @@
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>
<filename>shadow</filename> checks are enabled when a second file
parameter is specified or when <filename>/etc/shadow</filename>
exists on the system.
</para>
<para>
These checks are the following:
</para>
<itemizedlist mark='bullet'>
<listitem>
<para>
every passwd entry has a matching shadow entry, and every shadow
entry has a matching passwd entry
</para>
</listitem>
<listitem>
<para>passwords are specified in the shadowed file</para>
</listitem>
<listitem>
<para>shadow entries have the correct number of fields</para>
</listitem>
<listitem>
<para>shadow entries are unique in shadow</para>
</listitem>
<listitem>
<para>the last password changes are not in the future</para>
</listitem>
</itemizedlist>
<para> <para>
The checks for correct number of fields and unique user name are The checks for correct number of fields and unique user name are
fatal. If the entry has the wrong number of fields, the user will be fatal. If the entry has the wrong number of fields, the user will be