Commit Graph

438 Commits

Author SHA1 Message Date
Iker Pedrosa
0faec51bf0 man: definition and configuration of subid
Define the subid functionality and explain the way to configure its
delegation.
2021-06-16 12:25:06 +02:00
Iker Pedrosa
68ebbf9360 man: clarify subid delegation behaviour
Following the discussion https://github.com/shadow-maint/shadow/pull/345
I have changed the documentation to clarify the behaviour of subid
delegation when any subid source except files is configured.
2021-06-15 09:25:48 +02:00
Iker Pedrosa
d5b15f8633 man: clarify subid delegation
Clarify that the subid delegation can only come from one source.
Moreover, add an example of what might happen if the subid source is NSS
and useradd is executed.

Related: https://github.com/shadow-maint/shadow/issues/331
2021-05-24 12:43:40 +02:00
Iker Pedrosa
b8cbc2c113 login.defs: include HMAC_CRYPTO_ALGO key
Include the new HMAC_CRYPTO_ALGO key that is needed by pam_timestamp to
select the algorithm that is going to be used to calculate the message
authentication code.

pam_timestamp is currently using an embedded algorithm to calculate the
HMAC message, but the idea is to improve this behaviour by relying on
openssl's implementation. On top of that, the ability to change the
algorithm with a simple configuration change allows to simplify the
process of removing unsecure algorithms.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294
2021-05-06 17:31:53 +02:00
Serge Hallyn
186b1b7ac1 manpages: mention NSS in new[ug]idmap manpages
Closes #328

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-05-04 14:39:26 -05:00
Serge Hallyn
7cfe134090
Merge pull request #314 from sevan/patch-1
passwd(5): Note the use of an ampersand in the comment field
2021-03-30 10:21:17 -05:00
Iker Pedrosa
df6ec1d169
man: include lastlog file caveat (#313)
man/lastlog.8.xml: add another point to the caveats section regarding
the handling of the lastlog file by external tools.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=951564
2021-03-28 22:26:28 -05:00
Sevan Janiyan
9f1a43996c
Note the use of an ampersand in the comment field 2021-03-12 23:56:38 +00:00
Serge Hallyn
c0818ab01d
Merge pull request #310 from ikerexxe/upstream_man_clarifications
Man clarifications
2021-03-01 10:02:44 -06:00
ikerexxe
4faf42b31b man: usermod clarification
man/usermod.8.xml: specify what happens when the current home directory
doesn't exist if using -d and -m options. Moreover, specify what happens
when the group ownership is changed and the uid's don't match in -u and
-g options.
2021-02-18 16:08:27 +01:00
ikerexxe
786e44f6dd man: useradd clarification
man/useradd.8.xml: specify the SELinux requirements for -m option.
2021-02-18 16:08:27 +01:00
ikerexxe
bc22009031 man: shadow clarification
man/shadow.5.xml: indicate the exact time and timezone for the dates.
Moreover, clarify that when the password expires the user won't be able
to login.
2021-02-18 16:08:27 +01:00
ikerexxe
4ea269d23e man: groupadd and groupmod clarification
man/groupadd.8.xml: clarify the exit values meaning.
man/groupmod.8.xml: clarify the E_GID_IN_USE value meaning.
2021-02-18 16:07:03 +01:00
Geert Ijewski
b628850a09 usermod expects a path
Closes #307
2021-02-07 19:31:49 +01:00
ikerexxe
325bf584ce man: chage clarification
man/chage.1.xml: Indicate that -d option with a value of 0 forces the
user to change his password. Besides, set an example on how to use -E
option. Finally, add a general note to clarify that chage only takes
charge of local users and another note to indicate that it doesn't check
inconsistencies between shadow and passwd files.
2021-02-02 11:35:34 +01:00
ikerexxe
88128000c9 newusers: doesn't create parent home directories
man/newusers.8.xml: clarify that newusers doesn't create parent
directories of the new user's home directory.
2020-11-17 16:46:10 +01:00
Jamin W. Collins
a04287cf24 update groupdel man page for the --force option
Signed-off-by: Jamin W. Collins <jamin.collins@gmail.com>
2020-11-01 21:22:54 -07:00
towerpark
287a9041a1 Fix the inaccurate description about the ID range to be verified against /etc/sub{u,g}id. 2020-09-26 21:01:01 +09:00
Serge Hallyn
a271076041
Merge pull request #263 from edneville/261_grpck_questionable_warning
Option to suppress group/gshadow inconsistencies
2020-08-11 13:58:22 -05:00
ed neville
e8c44a4c12 Option to suppress group/gshadow inconsistencies
'gshadow' man page suggests that "You should use the same list of users
as in /etc/group", but not must.

Closes #261
2020-08-11 13:53:48 -05:00
Serge Hallyn
342c934a35 add -U option to groupadd and groupmod
Add a -U option which adds new usernames as members.  For groupmod,
also add -a (append), without which existing members are removed.

Closes #265
2020-08-09 22:11:33 -05:00
Serge Hallyn
6baeb25038
Merge pull request #234 from edneville/79_userdel
Adding run-parts for userdel
2020-06-10 00:31:10 -05:00
ed
32cfa176f2 Adding run-parts style for pre and post useradd/del
Signed-off-by: ed neville <ed@s5h.net>
2020-06-10 00:26:55 -05:00
andydna
967bfb0376 correct grammar in shadow(5) 2020-06-04 22:29:15 -05:00
Jason Franklin
096dad6305
Add "NONEXISTENT.xml" to "man/Makefile.am" 2020-05-11 09:27:00 -04:00
Jason Franklin
4772689d27
Name "NONEXISTENT" in the man page for "pwck" 2020-05-11 09:27:00 -04:00
Jason Franklin
1566921dd8
Add detailed documentation for "NONEXISTENT" 2020-05-11 09:26:45 -04:00
Jason Franklin
04062cda11
Add "NONEXISTENT" to the "login.defs" man page 2020-05-11 09:26:43 -04:00
Topi Miettinen
69301dfa24
login.defs: warn about weak choices
According to crypt(5), MD5 and DES should not be used for new
hashes. Also the default number of SHA rounds chosen by libc is orders
of magnitude too low for modern hardware. Let's warn the users about
weak choices.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-04-10 14:09:55 +03:00
Serge Hallyn
e78be3df43
Merge pull request #232 from eagleoflqj/master
fix typo 登陆->登录
2020-03-20 22:29:55 -05:00
ikerexxe
6543c600d8 useradd: clarify the useradd -d parameter behavior in man page
Explanation: clarify the useradd -d parameter as it does create directory HOME_DIR if it doesn't exit.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1677005

Changelog: [serge] minor tweak to the text
2020-03-20 17:45:01 -05:00
eagleoflqj
143b97193d fix typo 登陆->登录 2020-03-11 18:51:02 -04:00
Serge Hallyn
b2753b146a man/Makefile.am: add HOME_MODE.xml
Closes #217

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-02-26 19:57:17 -06:00
谭九鼎
915cc6bb9c
man(zh_CN): fix typo 现实 -> 显示 2020-02-03 22:02:16 +08:00
Duncan Overbruck
085d04c3dd
add new HOME_MODE login.defs(5) option
This option can be used to set a separate mode for useradd(8) and
newusers(8) to create the home directories with.
If this option is not set, the current behavior of using UMASK
or the default umask is preserved.

There are many distributions that set UMASK to 077 by default just
to create home directories not readable by others and use things like
/etc/profile, bashrc or sudo configuration files to set a less
restrictive
umask. This has always resulted in bug reports because it is hard
to follow as users tend to change files like bashrc and are not about
setting the umask to counteract the umask set in /etc/login.defs.

A recent change in sudo has also resulted in many bug reports about
this. sudo now tries to respect the umask set by pam modules and on
systems where pam does not set a umask, the login.defs UMASK value is
used.
2020-01-12 16:18:32 +01:00
Serge Hallyn
93f1f35123 Revert "add new HOME_MODE login.defs(5) option"
Missing file

This reverts commit a847899b52.
2020-01-12 07:56:19 -06:00
Serge Hallyn
5a6ddf3b57 man: add missing author entries
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-01-12 07:24:04 -06:00
Duncan Overbruck
a847899b52
add new HOME_MODE login.defs(5) option
This option can be used to set a separate mode for useradd(8) and
newusers(8) to create the home directories with.
If this option is not set, the current behavior of using UMASK
or the default umask is preserved.

There are many distributions that set UMASK to 077 by default just
to create home directories not readable by others and use things like
/etc/profile, bashrc or sudo configuration files to set a less
restrictive
umask. This has always resulted in bug reports because it is hard
to follow as users tend to change files like bashrc and are not about
setting the umask to counteract the umask set in /etc/login.defs.

A recent change in sudo has also resulted in many bug reports about
this. sudo now tries to respect the umask set by pam modules and on
systems where pam does not set a umask, the login.defs UMASK value is
used.
2020-01-11 22:27:39 +01:00
ed
4c9ec2f5a4 Adding logging of SSH_ORIGINAL_COMMAND to nologin.
If SSH_ORIGINAL_COMMAND is set, it will be added to the syslog entry.

Closes #123.

Changelog: (SEH squashed commit): Fixing indentation
Changelog: (SEH) break up long line
2020-01-11 14:46:52 -06:00
Serge Hallyn
bd3c39f1c8
Merge pull request #201 from michaelweiser/groupmems-man
man: Don't suggest making groupmems user-writeable
2019-12-19 14:49:45 -06:00
Rushikesh Jogdand
0f332f48bc Deduplicate usermod manual (fixes #202)
Changelog:
1) modified:   man/usermod.8.xml
   Removed duplicate "badnames" options entry.
2019-12-18 11:20:40 +05:30
Michael Weiser
a73d4aee75 man: Don't suggest making groupmems user-writeable
Suggesting mode 2770 is dangerous because it makes the binary writeable
by all members of the owning group which is supposed to be normal
end-users. Suggest 2710 instead as is usual for s[ug]id binaries,
allowing execution but neither reading nor writing.

Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
2019-12-17 21:27:46 +01:00
Lars Wendler
19bac44dde
build: Make build/installation of su and its support files optional
Enabled by default
This is necessary because coreutils and util-linux can also provide su

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
2019-11-19 11:28:45 +01:00
Topi Miettinen
cdbe1310cc
man: sync and reorder password field descriptions
Synchronize how passwd(5) and shadow(5) describe the password field.
Reorder the descriptions more logically.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2019-11-16 15:35:08 +02:00
Frederik Rietdijk
6c6c8d3a33 man: generate translations using itstool instead of xml2po
This patch was taken from Fedora Rawhide
b41cff1956/f/shadow-4.6-use-itstool.patch
2019-11-03 13:04:17 +01:00
ed
a2cd3e9ef0 chkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that do not conform to standards
Closes #121.

Changelog: squashed commits fixing tab style
Changelog: update 'return true' to match file's style (no parens).
2019-10-04 18:40:41 -05:00
ed
5687be5f31 chage.c: add support for YYYY-MM-DD date printing 2019-08-06 19:40:36 +01:00
Serge Hallyn
d66a1fe069
Merge pull request #153 from AlbanVidal/man-po-fr
French man translation update
2019-02-19 00:49:40 -06:00
Alban VIDAL
beb75c6fd6 French man translation update
- translated by Jean-Philippe MENGUAL
- proofread by the debian-l10n-french mailing list contributors

Signed-off-by: Alban VIDAL <alban.vidal@zordhak.fr>
2019-02-11 07:02:52 +01:00
Tomas Mraz
ebad423023 Fix the default mentioned in man page for SUB_UID/GID_COUNT variables. 2019-01-31 13:30:59 +01:00