emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
Files
8418f769792a1da0303c07be161f4b27e1c16783
shadow/man/gpasswd.1.xml
nekral-guest 0f7f0ea467 * man/chfn.1.xml: Uses CHFN_AUTH, CHFN_RESTRICT, LOGIN_STRING. 
* man/chgpasswd.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
* man/chpasswd.8.xml: Switch to using entities for ENCRYPT_METHOD,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS).
* man/chsh.1.xml: Uses CHSH_AUTH, LOGIN_STRING.
* man/expiry.1.xml: Does not use any login.defs parameter.
* man/gpasswd.1.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS.
* man/login.defs.5.xml: Added CHSH_AUTH.
* man/login.defs.5.xml: Cross reference -> cross references.
* man/login.defs.5.xml: chfn only uses CHFN_AUTH when no_pam.
* man/login.defs.5.xml: chsh uses CHSH_AUTH, not CHFN_AUTH.
* man/login.defs.d/CHSH_AUTH.xml: Added.
* man/login.defs.5.xml: chsh uses parameters only when no_pam.
* man/login.defs.5.xml: expiry does not use CONSOLE_GROUPS, even
  if linked in the binary.
* man/newusers.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP,
  MD5_CRYPT_ENAB, PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE,
  SHA_CRYPT_MIN_ROUNDS, UMASK.
2007-11-26 23:27:56 +00:00

245 lines
7.2 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
]>
<refentry id='gpasswd.1'>
<!-- $Id$ -->
<refmeta>
<refentrytitle>gpasswd</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="sectdesc">User Commands</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>gpasswd</refname>
<refpurpose>
administer the <filename>/etc/group</filename>
<phrase condition="gshadow">and <filename>/etc/gshadow</filename>
files</phrase>
<phrase condition="no_gshadow">file</phrase>
</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>gpasswd</command>
<arg choice='opt'>
<replaceable>option</replaceable>
</arg>
<arg choice='plain'>
<replaceable>group</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The <command>gpasswd</command> command is used to administer
<filename>/etc/group</filename><phrase condition="gshadow">,
and <filename>/etc/gshadow</filename></phrase>.
Every group can have
<phrase condition="gshadow">administrators,</phrase>
members and a password.
</para>
<para condition="gshadow">
System administrator can use the <option>-A</option> option to define
group administrator(s) and the <option>-M</option> option to define
members and has all rights of group administrators and members.
</para>
<para>
<command>gpasswd</command> called by
<phrase condition="gshadow">a group administrator</phrase>
<phrase condition="no_gshadow">a system administrator</phrase>
with a group name only prompts for the new password of the
<replaceable>group</replaceable>.
</para>
<para>
If a password is set the members can still <citerefentry>
<refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
</citerefentry> without a password, and non-members must supply the
password.
</para>
<refsect2 id='notes_about_group_passwords'>
<title>Notes about group passwords</title>
<para>
Group passwords are an inherent security problem since more than one
person is permitted to know the password. However, groups are a
useful tool for permitting co-operation between different users.
</para>
</refsect2>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<para condition="gshadow">
Except for the <option>-A</option> and <option>-M</option> options,
the options cannot be combined.
</para>
<para condition="no_gshadow">
The options cannot be combined.
</para>
<para>
The options which apply to the <command>gpasswd</command> command are:
</para>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-a</option> <replaceable>user</replaceable>
</term>
<listitem>
<para>
Add the <replaceable>user</replaceable> to the named
<replaceable>group</replaceable>.
</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-d</option> <replaceable>user</replaceable>
</term>
<listitem>
<para>
Remove the <replaceable>user</replaceable> from the named
<replaceable>group</replaceable>.
</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-r</option>
</term>
<listitem>
<para>
Remove the password from the named <replaceable>group</replaceable>.
Only group members will be allowed to use
<command>newgrp</command> to join the named
<replaceable>group</replaceable>.
</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-R</option>
</term>
<listitem>
<para>
Restrict the access to the named <replaceable>group</replaceable>.
Only group members will be allowed to use
<command>newgrp</command> to join the named
<replaceable>group</replaceable>.
</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist remap='IP' condition="gshadow">
<varlistentry>
<term>
<option>-A</option> <replaceable>user</replaceable>,...
</term>
<listitem>
<para>
Set the list of administrative users.
</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist remap='IP'>
<varlistentry>
<term>
<option>-M</option> <replaceable>user</replaceable>,...
</term>
<listitem>
<para>
Set the list of group members.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
This tool only operates on the <filename>/etc/group</filename>
<phrase condition="gshadow"> and <filename>/etc/gshadow</filename>
files.</phrase>
<phrase condition="no_gshadow">file.</phrase>
Thus you cannot change any NIS or LDAP group. This must be performed
on the corresponding server.
</para>
</refsect1>
<refsect1 id='configuration'>
<title>CONFIGURATION</title>
<para>
The following configuration variables in
<filename>/etc/login.defs</filename> change the behavior of this
tool:
</para>
<variablelist>
&ENCRYPT_METHOD;
&MAX_MEMBERS_PER_GROUP;
&MD5_CRYPT_ENAB;
&SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
</variablelist>
</refsect1>
<refsect1 id='files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>Group account information.</para>
</listitem>
</varlistentry>
<varlistentry condition="gshadow">
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>Secure group account information.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
</citerefentry><phrase condition="gshadow">,
<citerefentry>
<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry></phrase>.
</para>
</refsect1>
</refentry>
Reference in New Issue View Git Blame Copy Permalink