From 325bf584cee6d32a4b15246be12a80c9e8751334 Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Tue, 2 Feb 2021 10:24:32 +0100 Subject: [PATCH 1/5] man: chage clarification man/chage.1.xml: Indicate that -d option with a value of 0 forces the user to change his password. Besides, set an example on how to use -E option. Finally, add a general note to clarify that chage only takes charge of local users and another note to indicate that it doesn't check inconsistencies between shadow and passwd files. --- man/chage.1.xml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/man/chage.1.xml b/man/chage.1.xml index 1e4cc539..afc9ed7a 100644 --- a/man/chage.1.xml +++ b/man/chage.1.xml @@ -102,6 +102,9 @@ Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). + If the LAST_DAY is set to + 0 the user is forced to change his password + on the next log on. @@ -118,6 +121,13 @@ contact the system administrator before being able to use the system again. + + For example the following can be used to set an account to expire + in 180 days: + + + chage -E $(date -d +180days +%Y-%m-%d) + Passing the number -1 as the EXPIRE_DATE will remove an account @@ -239,6 +249,18 @@ The chage program requires a shadow password file to be available. + + The chage program will report only the information from the shadow + password file. This implies that configuration from other sources + (e.g. LDAP or empty password hash field from the passwd file) that + affect the user's login will not be shown in the chage output. + + + The chage program will also not report any + inconsistency between the shadow and passwd files (e.g. missing x in + the passwd file). The pwck can be used to check + for this kind of inconsistencies. + The chage command is restricted to the root user, except for the option, which may be used by an unprivileged user to determine when their password or account is due From 4ea269d23effb2b1929b76fb6cc855a2d2fb658c Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Tue, 2 Feb 2021 11:19:58 +0100 Subject: [PATCH 2/5] man: groupadd and groupmod clarification man/groupadd.8.xml: clarify the exit values meaning. man/groupmod.8.xml: clarify the E_GID_IN_USE value meaning. --- man/groupadd.8.xml | 4 ++-- man/groupmod.8.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml index f838c91e..56803b3c 100644 --- a/man/groupadd.8.xml +++ b/man/groupadd.8.xml @@ -334,13 +334,13 @@ 4 - GID not unique (when not used) + GID is already used (when called without ) 9 - group name not unique + group name is already used diff --git a/man/groupmod.8.xml b/man/groupmod.8.xml index 79233273..10062b08 100644 --- a/man/groupmod.8.xml +++ b/man/groupmod.8.xml @@ -299,7 +299,7 @@ 4 - E_GID_IN_USE: specified group doesn't exist + E_GID_IN_USE: group id already in use From bc220090314353b1ffc002c69977f4058b149731 Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Tue, 2 Feb 2021 11:21:12 +0100 Subject: [PATCH 3/5] man: shadow clarification man/shadow.5.xml: indicate the exact time and timezone for the dates. Moreover, clarify that when the password expires the user won't be able to login. --- man/shadow.5.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/man/shadow.5.xml b/man/shadow.5.xml index 0af8babb..70cea3e1 100644 --- a/man/shadow.5.xml +++ b/man/shadow.5.xml @@ -129,7 +129,7 @@ The date of the last password change, expressed as the number - of days since Jan 1, 1970. + of days since Jan 1, 1970 00:00 UTC. The value 0 has a special meaning, which is that the user @@ -208,8 +208,8 @@ After expiration of the password and this expiration period is - elapsed, no login is possible using the current user's - password. The user should contact her administrator. + elapsed, no login is possible for the user. The user should contact + her administrator. An empty field means that there are no enforcement of an @@ -224,7 +224,7 @@ The date of expiration of the account, expressed as the number - of days since Jan 1, 1970. + of days since Jan 1, 1970 00:00 UTC. Note that an account expiration differs from a password From 786e44f6ddb47648c724a82c7dc74ac692e02dd9 Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Tue, 2 Feb 2021 11:25:03 +0100 Subject: [PATCH 4/5] man: useradd clarification man/useradd.8.xml: specify the SELinux requirements for -m option. --- man/useradd.8.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/man/useradd.8.xml b/man/useradd.8.xml index 28c6d578..85d83560 100644 --- a/man/useradd.8.xml +++ b/man/useradd.8.xml @@ -361,6 +361,11 @@ is not enabled, no home directories are created. + + The directory where the user's home directory is created must + exist and have proper SELinux context and permissions. Otherwise + the user's home directory cannot be created or accessed. + From 4faf42b31b05e55b3b6330bdd5ce8b7c57b811f9 Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Tue, 2 Feb 2021 11:27:17 +0100 Subject: [PATCH 5/5] man: usermod clarification man/usermod.8.xml: specify what happens when the current home directory doesn't exist if using -d and -m options. Moreover, specify what happens when the group ownership is changed and the uid's don't match in -u and -g options. --- man/usermod.8.xml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/man/usermod.8.xml b/man/usermod.8.xml index a1d0efd8..79305896 100644 --- a/man/usermod.8.xml +++ b/man/usermod.8.xml @@ -143,7 +143,8 @@ If the option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does - not already exist. + not already exist. If the current home directory does not exist + the new home directory will not be created. @@ -205,6 +206,12 @@ The group ownership of files outside of the user's home directory must be fixed manually. + + The change of the group ownership of files inside of the user's + home directory is also not done if the home dir owner uid is + different from the current or new user id. This is a safety measure + for special home directories such as /. + @@ -267,7 +274,8 @@ Move the content of the user's home directory to the new - location. + location. If the current home directory does not exist + the new home directory will not be created. This option is only valid in combination with the @@ -380,6 +388,12 @@ The ownership of files outside of the user's home directory must be fixed manually. + + The change of the user ownership of files inside of the user's + home directory is also not done if the home dir owner uid is + different from the current or new user id. This is a safety measure + for special home directories such as /. + No checks will be performed with regard to the , ,