* NEWS, libmisc/limits.c, man/limits.5.xml: Add support for
infinite limits.
* NEWS, libmisc/limits.c, man/limits.5.xml: Add support for @group
syntax.
-a option.
* NEWS, man/faillog.8.xml, src/faillog.c: Extend the -a option to
the non-display mode. This changes the default behavior of the -l,
-m, -r, -t options when -a is not specified (restrict to existing
users).
man/pwconv.8.xml, man/useradd.8.xml, man/userdel.8.xml,
man/usermod.8.xml, man/vipw.8.xml: Document the usage of the
TCB_AUTH_GROUP, TCB_SYMLINKS, and USE_TCB configuration
parameters.
* man/pwconv.8.xml, man/pwck.8.xml: Document the behavior when
USE_TCB is enabled.
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
terminate (after sending a SIGTERM), and kill it only if it did
not terminate by itself. No delay will be enforced if the child
cooperates. See http://bugs.gentoo.org/282094
* NEWS, man/su.1.xml: Document su's exit values.
po/Makefile.in.in: Removing and restoring the config.xml file
broke parallel builds. Build the manpages based on *.xml-config
files instead of *.xml files. The *.xml do not include config.xml
anymore, which permits to run xml2po without needing to remove
config.xml. The config.xml is restored in the *.xml-config files.
* man/groupadd.8.xml: Implementation of the above.
* man/generate_mans.deps: Updated dependencies
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
* man/su.1.xml: Improve the documentation of the su behavior
regarding environment variables.
* man/su.1.xml: Document that the login.defs file is used.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
* man/passwd.1.xml: passwd -u does not reset the expiry field.
Harmonize formatting of login.defs and default/useradd variables.
Use an <option> tag.
* man/usermod.8.xml: Added reference to gshadow(5).
* man/login.defs.d/USERDEL_CMD.xml: Shorten the lines of the
USERDEL_CMD example.
man/groupadd.8.xml, man/usermod.8.xml, man/chgpasswd.8.xml,
man/groupmod.8.xml: Added warning: passwords set with these tools
may not respect the password policy.
man/login.defs.d/MD5_CRYPT_ENAB.xml,
man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml: Updated note for PAM
enabled versions. These variables are only used for group
passwords in this case.
changing the passwords with PAM.
* src/newusers.c: Split the usage string in smaller parts to
allow enabling single parts.
* man/newusers.8.xml: Indicate the options and configuration
variables valid for PAM and non-PAM versions.
* man/newusers.8.xml: Added pointer to /etc/pam.d/chpasswd.
* man/chpasswd.8.xml: Describe the PAM enabled chpasswd behavior.
* man/chpasswd.8.xml: Differentiate the files and configurations
needed for PAM and non PAM versions.
man/useradd.8.xml: Added note to warn about insecurity in using
--password.
* man/groupmod.8.xml: Removed not regarding default if --password
is not used. This was a cut&paste from groupadd.8.xml.
* man/passwd.1.xml: Split some paragraphs.
* man/passwd.1.xml: Recommend other encryption methods than DES.
SELinux user for user's login.
* NEWS, src/usermod.c, man/usermod.8.xml: Likewise.
* libmisc/system.c, libmisc/Makefile.am, lib/prototypes.h: Added
safe_system(). Used to run semanage.
* lib/prototypes.h, libmisc/copydir.c: Make a
selinux_file_context() an extern function.
* libmisc/copydir.c: Reset SELinux to create files with default
contexts at the end of copy_tree().
* NEWS, src/userdel.c: Delete the SELinux user mapping for user's
login.
expansion. Make sure config.xml does not exist when the POT file
is created in order to keep the configurations in the POT file
* man/generate_translations.mak: make sure config.xml does not
exist neither when the translated XML is generated. Add the
missing %config; (strip out by xml2po). and make sure config.xml
is present when the translated manpage is generated.
* man/generate_mans.mak: config.xml is needed for the generation
of manpages (already in the .deps for the English manpages, but
needed for the translations).
* man/Makefile.am: Added missing CREATE_HOME.xml.
as newgrp.
* man/login.defs.5.xml: vipw does not use any variable.
* man/login.defs.5.xml: In PAM enabled configurations, login still
uses some login.defs variables.
users with -u.
* src/faillog.c: Do not call print_one() for users which do not
exist.
* src/faillog.c: Make sure the user's entry is not outside the
faillog file and initialize the faillog structure in that case.
* src/faillog.c: Move print_one() closer to print().
* src/faillog.c: reset(), setmax(), set_locktime() can also change
entries of user which do not exist.
* src/faillog.c: reset(), setmax() and set_locktime() shall not
create entries for users which have no entries if the value has to
be set to 0.
* src/faillog.c: reset(), setmax() and set_locktime(): better
handling of users whose entry is outside the faillog file.
* src/faillog.c: Improved option handling. Options can now be
specified in any order.
* src/faillog.c: Improved warnings when options are not
compatible or when the faillog cannot be open with the right mode.
* src/faillog.c: Only fstat the faillog file once.
* man/faillog.8.xml: Improved documentation.