Commit Graph

450 Commits

Author SHA1 Message Date
Serge Hallyn
e8a2cfa7dc
Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
Serge Hallyn
f93cf255d4 Update licensing info
Closes #238

Update all files to list SPDX license shortname.  Most files are
BSD 3 clause license.

The exceptions are:

serge@sl ~/src/shadow$ git grep SPDX-License | grep -v BSD-3-Clause
contrib/atudel:# SPDX-License-Identifier: BSD-4-Clause
lib/tcbfuncs.c: * SPDX-License-Identifier: 0BSD
libmisc/salt.c: * SPDX-License-Identifier: Unlicense
src/login_nopam.c: * SPDX-License-Identifier: Unlicense
src/nologin.c: * SPDX-License-Identifier: BSD-2-Clause
src/vipw.c: * SPDX-License-Identifier: GPL-2.0-or-later

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-12-23 19:36:50 -06:00
Andy Zaugg
aaaaf21b6f Adding new option -rG to usermod
Adding a new switch -rG, which provides a similar feature set to
-aG, allowing a person to list exactly what groups to remove a
user from.

https://github.com/shadow-maint/shadow/issues/337
2021-12-13 21:42:48 -08:00
Iker Pedrosa
585b6f00f5 man: getsubids define -h
Define -h option behaviour in getsubids man page.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-12-10 16:14:13 +01:00
Serge Hallyn
445e97ba7c Update email address for Julie Haugh 2021-12-04 22:20:23 -06:00
Iker Pedrosa
3b6ccf642c getsubids: system binary for user's sub*ids
Rename list_subid_ranges to getsubids to provide a system binary to
check the sub*ids of a user. The intention is to provide this binary
with any distribution that includes the subid feature, so that system
administrators can check the subid ranges of a given user.

Finally, add a man page to explain the behaviour of getsubids.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1980780

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-11-17 16:35:50 +01:00
Serge Hallyn
33f85e93a1 manpages: fix 'File Formats and Conversions"
Closes #416

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-10-15 16:28:12 -05:00
Andy Zaugg
7e2b522a15 Added a new configurable LOG_INIT to useradd
In some circumstances I want the default behaviour of useradd to
not add user entries to the lastlog and faillog databases. Allowing
this options behaviour to be controlled by the config file
/etc/default/useradd.
2021-10-15 16:20:52 -05:00
Andy Zaugg
d7e2bd6fe1 Added documentation around CREATE_MAIL_SPOOL
Adding documentation aroud the parameter CREATE_MAIL_SPOOL in the
/etc/default/useradd file
2021-10-15 16:20:52 -05:00
Serge Hallyn
02b200c9aa man/po/Makefile.in: switch from xml2po to itstool
xml2po is deprecated.  We've previously replaced xml2po with
itstool in man/generate_translations.mak, but there was still
an instance of it that only is exercised for 'make dist'.
Update that one.  Now 'make dist' succeeds on a ubuntu focal
or newer host where xml2po is not available.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-08-14 14:51:08 -05:00
Serge Hallyn
5939e066db
Merge pull request #353 from ikerexxe/man_subid
man: improve subid documentation
2021-06-22 09:20:11 -05:00
Iker Pedrosa
0faec51bf0 man: definition and configuration of subid
Define the subid functionality and explain the way to configure its
delegation.
2021-06-16 12:25:06 +02:00
Iker Pedrosa
68ebbf9360 man: clarify subid delegation behaviour
Following the discussion https://github.com/shadow-maint/shadow/pull/345
I have changed the documentation to clarify the behaviour of subid
delegation when any subid source except files is configured.
2021-06-15 09:25:48 +02:00
tzccinct
83db204477 man: use the consistent value 0 to disable PASS_MIN_DAYS restriction 2021-06-12 12:55:57 +09:00
Iker Pedrosa
d5b15f8633 man: clarify subid delegation
Clarify that the subid delegation can only come from one source.
Moreover, add an example of what might happen if the subid source is NSS
and useradd is executed.

Related: https://github.com/shadow-maint/shadow/issues/331
2021-05-24 12:43:40 +02:00
Iker Pedrosa
b8cbc2c113 login.defs: include HMAC_CRYPTO_ALGO key
Include the new HMAC_CRYPTO_ALGO key that is needed by pam_timestamp to
select the algorithm that is going to be used to calculate the message
authentication code.

pam_timestamp is currently using an embedded algorithm to calculate the
HMAC message, but the idea is to improve this behaviour by relying on
openssl's implementation. On top of that, the ability to change the
algorithm with a simple configuration change allows to simplify the
process of removing unsecure algorithms.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294
2021-05-06 17:31:53 +02:00
Serge Hallyn
186b1b7ac1 manpages: mention NSS in new[ug]idmap manpages
Closes #328

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-05-04 14:39:26 -05:00
Serge Hallyn
7cfe134090
Merge pull request #314 from sevan/patch-1
passwd(5): Note the use of an ampersand in the comment field
2021-03-30 10:21:17 -05:00
Iker Pedrosa
df6ec1d169
man: include lastlog file caveat (#313)
man/lastlog.8.xml: add another point to the caveats section regarding
the handling of the lastlog file by external tools.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=951564
2021-03-28 22:26:28 -05:00
Sevan Janiyan
9f1a43996c
Note the use of an ampersand in the comment field 2021-03-12 23:56:38 +00:00
Serge Hallyn
c0818ab01d
Merge pull request #310 from ikerexxe/upstream_man_clarifications
Man clarifications
2021-03-01 10:02:44 -06:00
ikerexxe
4faf42b31b man: usermod clarification
man/usermod.8.xml: specify what happens when the current home directory
doesn't exist if using -d and -m options. Moreover, specify what happens
when the group ownership is changed and the uid's don't match in -u and
-g options.
2021-02-18 16:08:27 +01:00
ikerexxe
786e44f6dd man: useradd clarification
man/useradd.8.xml: specify the SELinux requirements for -m option.
2021-02-18 16:08:27 +01:00
ikerexxe
bc22009031 man: shadow clarification
man/shadow.5.xml: indicate the exact time and timezone for the dates.
Moreover, clarify that when the password expires the user won't be able
to login.
2021-02-18 16:08:27 +01:00
ikerexxe
4ea269d23e man: groupadd and groupmod clarification
man/groupadd.8.xml: clarify the exit values meaning.
man/groupmod.8.xml: clarify the E_GID_IN_USE value meaning.
2021-02-18 16:07:03 +01:00
Geert Ijewski
b628850a09 usermod expects a path
Closes #307
2021-02-07 19:31:49 +01:00
ikerexxe
325bf584ce man: chage clarification
man/chage.1.xml: Indicate that -d option with a value of 0 forces the
user to change his password. Besides, set an example on how to use -E
option. Finally, add a general note to clarify that chage only takes
charge of local users and another note to indicate that it doesn't check
inconsistencies between shadow and passwd files.
2021-02-02 11:35:34 +01:00
ikerexxe
88128000c9 newusers: doesn't create parent home directories
man/newusers.8.xml: clarify that newusers doesn't create parent
directories of the new user's home directory.
2020-11-17 16:46:10 +01:00
Jamin W. Collins
a04287cf24 update groupdel man page for the --force option
Signed-off-by: Jamin W. Collins <jamin.collins@gmail.com>
2020-11-01 21:22:54 -07:00
towerpark
287a9041a1 Fix the inaccurate description about the ID range to be verified against /etc/sub{u,g}id. 2020-09-26 21:01:01 +09:00
Serge Hallyn
a271076041
Merge pull request #263 from edneville/261_grpck_questionable_warning
Option to suppress group/gshadow inconsistencies
2020-08-11 13:58:22 -05:00
ed neville
e8c44a4c12 Option to suppress group/gshadow inconsistencies
'gshadow' man page suggests that "You should use the same list of users
as in /etc/group", but not must.

Closes #261
2020-08-11 13:53:48 -05:00
Serge Hallyn
342c934a35 add -U option to groupadd and groupmod
Add a -U option which adds new usernames as members.  For groupmod,
also add -a (append), without which existing members are removed.

Closes #265
2020-08-09 22:11:33 -05:00
Serge Hallyn
6baeb25038
Merge pull request #234 from edneville/79_userdel
Adding run-parts for userdel
2020-06-10 00:31:10 -05:00
ed
32cfa176f2 Adding run-parts style for pre and post useradd/del
Signed-off-by: ed neville <ed@s5h.net>
2020-06-10 00:26:55 -05:00
andydna
967bfb0376 correct grammar in shadow(5) 2020-06-04 22:29:15 -05:00
Jason Franklin
096dad6305
Add "NONEXISTENT.xml" to "man/Makefile.am" 2020-05-11 09:27:00 -04:00
Jason Franklin
4772689d27
Name "NONEXISTENT" in the man page for "pwck" 2020-05-11 09:27:00 -04:00
Jason Franklin
1566921dd8
Add detailed documentation for "NONEXISTENT" 2020-05-11 09:26:45 -04:00
Jason Franklin
04062cda11
Add "NONEXISTENT" to the "login.defs" man page 2020-05-11 09:26:43 -04:00
Topi Miettinen
69301dfa24
login.defs: warn about weak choices
According to crypt(5), MD5 and DES should not be used for new
hashes. Also the default number of SHA rounds chosen by libc is orders
of magnitude too low for modern hardware. Let's warn the users about
weak choices.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-04-10 14:09:55 +03:00
Serge Hallyn
e78be3df43
Merge pull request #232 from eagleoflqj/master
fix typo 登陆->登录
2020-03-20 22:29:55 -05:00
ikerexxe
6543c600d8 useradd: clarify the useradd -d parameter behavior in man page
Explanation: clarify the useradd -d parameter as it does create directory HOME_DIR if it doesn't exit.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1677005

Changelog: [serge] minor tweak to the text
2020-03-20 17:45:01 -05:00
eagleoflqj
143b97193d fix typo 登陆->登录 2020-03-11 18:51:02 -04:00
Serge Hallyn
b2753b146a man/Makefile.am: add HOME_MODE.xml
Closes #217

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-02-26 19:57:17 -06:00
谭九鼎
915cc6bb9c
man(zh_CN): fix typo 现实 -> 显示 2020-02-03 22:02:16 +08:00
Duncan Overbruck
085d04c3dd
add new HOME_MODE login.defs(5) option
This option can be used to set a separate mode for useradd(8) and
newusers(8) to create the home directories with.
If this option is not set, the current behavior of using UMASK
or the default umask is preserved.

There are many distributions that set UMASK to 077 by default just
to create home directories not readable by others and use things like
/etc/profile, bashrc or sudo configuration files to set a less
restrictive
umask. This has always resulted in bug reports because it is hard
to follow as users tend to change files like bashrc and are not about
setting the umask to counteract the umask set in /etc/login.defs.

A recent change in sudo has also resulted in many bug reports about
this. sudo now tries to respect the umask set by pam modules and on
systems where pam does not set a umask, the login.defs UMASK value is
used.
2020-01-12 16:18:32 +01:00
Serge Hallyn
93f1f35123 Revert "add new HOME_MODE login.defs(5) option"
Missing file

This reverts commit a847899b52.
2020-01-12 07:56:19 -06:00
Serge Hallyn
5a6ddf3b57 man: add missing author entries
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
2020-01-12 07:24:04 -06:00
Duncan Overbruck
a847899b52
add new HOME_MODE login.defs(5) option
This option can be used to set a separate mode for useradd(8) and
newusers(8) to create the home directories with.
If this option is not set, the current behavior of using UMASK
or the default umask is preserved.

There are many distributions that set UMASK to 077 by default just
to create home directories not readable by others and use things like
/etc/profile, bashrc or sudo configuration files to set a less
restrictive
umask. This has always resulted in bug reports because it is hard
to follow as users tend to change files like bashrc and are not about
setting the umask to counteract the umask set in /etc/login.defs.

A recent change in sudo has also resulted in many bug reports about
this. sudo now tries to respect the umask set by pam modules and on
systems where pam does not set a umask, the login.defs UMASK value is
used.
2020-01-11 22:27:39 +01:00