228 lines
6.9 KiB
XML
228 lines
6.9 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
SPDX-FileCopyrightText: 2006 , Tomasz Kłoczko
|
|
SPDX-FileCopyrightText: 2007 - 2011, Nicolas François
|
|
SPDX-License-Identifier: BSD-3-Clause
|
|
-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
|
|
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
|
|
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
|
|
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
|
|
<!-- SHADOW-CONFIG-HERE -->
|
|
]>
|
|
|
|
<refentry id='chgpasswd.8'>
|
|
<!-- $Id$ -->
|
|
<refentryinfo>
|
|
<author>
|
|
<firstname>Thomas</firstname>
|
|
<surname>Kłoczko</surname>
|
|
<email>kloczek@pld.org.pl</email>
|
|
<contrib>Creation, 2006</contrib>
|
|
</author>
|
|
<author>
|
|
<firstname>Nicolas</firstname>
|
|
<surname>François</surname>
|
|
<email>nicolas.francois@centraliens.net</email>
|
|
<contrib>shadow-utils maintainer, 2007 - now</contrib>
|
|
</author>
|
|
</refentryinfo>
|
|
<refmeta>
|
|
<refentrytitle>chgpasswd</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
|
|
<refmiscinfo class="source">shadow-utils</refmiscinfo>
|
|
<refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
|
|
</refmeta>
|
|
<refnamediv id='name'>
|
|
<refname>chgpasswd</refname>
|
|
<refpurpose>update group passwords in batch mode</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv id='synopsis'>
|
|
<cmdsynopsis>
|
|
<command>chgpasswd</command>
|
|
<arg choice='opt'>
|
|
<replaceable>options</replaceable>
|
|
</arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1 id='description'>
|
|
<title>DESCRIPTION</title>
|
|
<para>
|
|
The <command>chgpasswd</command> command reads a list of group name
|
|
and password pairs from standard input and uses this information to
|
|
update a set of existing groups. Each line is of the format:
|
|
</para>
|
|
<para>
|
|
<emphasis remap='I'>group_name</emphasis>:<emphasis
|
|
remap='I'>password</emphasis>
|
|
</para>
|
|
<para>
|
|
By default the supplied password must be in clear-text, and is
|
|
encrypted by <command>chgpasswd</command>.
|
|
</para>
|
|
<para>
|
|
The default encryption algorithm can be defined for the system with
|
|
the <option>ENCRYPT_METHOD</option> variable of <filename>/etc/login.defs</filename>,
|
|
and can be overwritten with the <option>-e</option>,
|
|
<option>-m</option>, or <option>-c</option> options.
|
|
</para>
|
|
<para>
|
|
This command is intended to be used in a large system environment
|
|
where many accounts are created at a single time.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='options'>
|
|
<title>OPTIONS</title>
|
|
<para>
|
|
The options which apply to the <command>chgpasswd</command> command
|
|
are:
|
|
</para>
|
|
<variablelist remap='IP'>
|
|
<varlistentry>
|
|
<term><option>-c</option>, <option>--crypt-method</option></term>
|
|
<listitem>
|
|
<para>Use the specified method to encrypt the passwords.</para>
|
|
<para condition="no_sha_crypt">
|
|
The available methods are DES, MD5, and NONE.
|
|
</para>
|
|
<para condition="sha_crypt">
|
|
The available methods are DES, MD5, NONE, and SHA256 or SHA512
|
|
if your libc support these methods.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><option>-e</option>, <option>--encrypted</option></term>
|
|
<listitem>
|
|
<para>Supplied passwords are in encrypted form.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><option>-h</option>, <option>--help</option></term>
|
|
<listitem>
|
|
<para>Display help message and exit.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><option>-m</option>, <option>--md5</option></term>
|
|
<listitem>
|
|
<para>
|
|
Use MD5 encryption instead of DES when the supplied passwords are
|
|
not encrypted.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-R</option>, <option>--root</option> <replaceable>CHROOT_DIR</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Apply changes in the <replaceable>CHROOT_DIR</replaceable>
|
|
directory and use the configuration files from the
|
|
<replaceable>CHROOT_DIR</replaceable> directory.
|
|
Only absolute paths are supported.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry condition="sha_crypt">
|
|
<term><option>-s</option>, <option>--sha-rounds</option></term>
|
|
<listitem>
|
|
<para>
|
|
Use the specified number of rounds to encrypt the passwords.
|
|
</para>
|
|
<para>
|
|
The value 0 means that the system will choose the default
|
|
number of rounds for the crypt method (5000).
|
|
</para>
|
|
<para>
|
|
A minimal value of 1000 and a maximal value of 999,999,999
|
|
will be enforced.
|
|
</para>
|
|
<para>
|
|
You can only use this option with the SHA256 or SHA512
|
|
crypt method.
|
|
</para>
|
|
<para>
|
|
By default, the number of rounds is defined by the
|
|
SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in
|
|
<filename>/etc/login.defs</filename>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='caveats'>
|
|
<title>CAVEATS</title>
|
|
<para>
|
|
Remember to set permissions or umask to prevent readability of
|
|
unencrypted files by other users.
|
|
</para>
|
|
<para>
|
|
You should make sure the passwords and the encryption method respect
|
|
the system's password policy.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='configuration'>
|
|
<title>CONFIGURATION</title>
|
|
<para>
|
|
The following configuration variables in
|
|
<filename>/etc/login.defs</filename> change the behavior of this
|
|
tool:
|
|
</para>
|
|
<variablelist>
|
|
&ENCRYPT_METHOD;
|
|
&MAX_MEMBERS_PER_GROUP;
|
|
&MD5_CRYPT_ENAB;
|
|
&SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='files'>
|
|
<title>FILES</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><filename>/etc/group</filename></term>
|
|
<listitem>
|
|
<para>Group account information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry condition="gshadow">
|
|
<term><filename>/etc/gshadow</filename></term>
|
|
<listitem>
|
|
<para>Secure group account information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><filename>/etc/login.defs</filename></term>
|
|
<listitem>
|
|
<para>Shadow password suite configuration.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='see_also'>
|
|
<title>SEE ALSO</title>
|
|
<para>
|
|
<citerefentry>
|
|
<refentrytitle>gpasswd</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>.
|
|
</para>
|
|
</refsect1>
|
|
</refentry>
|