3 "Project-Id-Version: PACKAGE VERSION\n"
4 "POT-Creation-Date: 2011-02-16 00:14+0100\n"
5 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
6 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
7 "Language-Team: LANGUAGE <LL@li.org>\n"
9 "Content-Type: text/plain; charset=UTF-8\n"
10 "Content-Transfer-Encoding: 8bit\n"
12 #: vipw.8.xml:38(refentrytitle) vipw.8.xml:43(refname) vipw.8.xml:52(command)
16 #: vipw.8.xml:39(manvolnum) usermod.8.xml:40(manvolnum) userdel.8.xml:42(manvolnum) userdel.8.xml:199(replaceable) useradd.8.xml:50(manvolnum) pwconv.8.xml:43(manvolnum) pwck.8.xml:41(manvolnum) nologin.8.xml:35(manvolnum) newusers.8.xml:51(manvolnum) logoutd.8.xml:35(manvolnum) lastlog.8.xml:36(manvolnum) grpck.8.xml:39(manvolnum) groupmod.8.xml:39(manvolnum) groupmems.8.xml:39(manvolnum) groupdel.8.xml:39(manvolnum) groupdel.8.xml:130(replaceable) groupadd.8.xml:42(manvolnum) faillog.8.xml:35(manvolnum) faillog.5.xml:86(manvolnum) chpasswd.8.xml:42(manvolnum) chgpasswd.8.xml:43(manvolnum)
20 #: vipw.8.xml:40(refmiscinfo) usermod.8.xml:41(refmiscinfo) userdel.8.xml:43(refmiscinfo) useradd.8.xml:51(refmiscinfo) pwconv.8.xml:44(refmiscinfo) pwck.8.xml:42(refmiscinfo) nologin.8.xml:36(refmiscinfo) newusers.8.xml:52(refmiscinfo) logoutd.8.xml:36(refmiscinfo) lastlog.8.xml:37(refmiscinfo) grpck.8.xml:40(refmiscinfo) groupmod.8.xml:40(refmiscinfo) groupmems.8.xml:40(refmiscinfo) groupdel.8.xml:40(refmiscinfo) groupadd.8.xml:43(refmiscinfo) faillog.8.xml:36(refmiscinfo) chpasswd.8.xml:43(refmiscinfo) chgpasswd.8.xml:44(refmiscinfo)
21 msgid "System Management Commands"
24 #: vipw.8.xml:44(refname) vipw.8.xml:58(command)
28 #: vipw.8.xml:45(refpurpose)
29 msgid "edit the password, group, shadow-password or shadow-group file"
32 #: vipw.8.xml:54(replaceable) vipw.8.xml:60(replaceable) usermod.8.xml:52(replaceable) userdel.8.xml:52(arg) useradd.8.xml:61(replaceable) useradd.8.xml:73(replaceable) su.1.xml:66(replaceable) passwd.1.xml:57(replaceable) newusers.8.xml:63(replaceable) lastlog.8.xml:48(replaceable) groupmod.8.xml:51(replaceable) groupadd.8.xml:54(replaceable) faillog.8.xml:47(replaceable) chsh.1.xml:53(replaceable) chpasswd.8.xml:54(replaceable) chgpasswd.8.xml:55(replaceable) chage.1.xml:46(replaceable)
36 #: vipw.8.xml:66(title) usermod.8.xml:59(title) userdel.8.xml:60(title) useradd.8.xml:79(title) suauth.5.xml:50(title) su.1.xml:77(title) sg.1.xml:59(title) shadow.5.xml:44(title) shadow.3.xml:93(title) shadow.3.xml:149(title) pwconv.8.xml:70(title) pwck.8.xml:83(title) porttime.5.xml:44(title) passwd.5.xml:44(title) passwd.1.xml:66(title) nologin.8.xml:50(title) newusers.8.xml:70(title) newgrp.1.xml:55(title) logoutd.8.xml:50(title) login.defs.5.xml:107(title) login.access.5.xml:45(title) login.1.xml:103(title) limits.5.xml:46(title) lastlog.8.xml:54(title) gshadow.5.xml:43(title) grpck.8.xml:69(title) groups.1.xml:53(title) groupmod.8.xml:58(title) groupmems.8.xml:60(title) groupdel.8.xml:57(title) groupadd.8.xml:63(title) gpasswd.1.xml:72(title) faillog.8.xml:53(title) faillog.5.xml:44(title) expiry.1.xml:59(title) chsh.1.xml:62(title) chpasswd.8.xml:60(title) chgpasswd.8.xml:61(title) chfn.1.xml:63(title) chage.1.xml:55(title)
40 #: vipw.8.xml:67(para)
41 msgid "The <command>vipw</command> and <command>vigr</command> commands edits the files <filename>/etc/passwd</filename> and <filename>/etc/group</filename>, respectively. With the <option>-s</option> flag, they will edit the shadow versions of those files, <filename>/etc/shadow</filename> and <filename>/etc/gshadow</filename>, respectively. The programs will set the appropriate locks to prevent file corruption. When looking for an editor, the programs will first try the environment variable <envar>$VISUAL</envar>, then the environment variable <envar>$EDITOR</envar>, and finally the default editor, <citerefentry><refentrytitle>vi</refentrytitle><manvolnum>1</manvolnum></citerefentry>."
44 #: vipw.8.xml:84(title) usermod.8.xml:67(title) userdel.8.xml:69(title) useradd.8.xml:97(title) su.1.xml:123(title) pwck.8.xml:164(title) passwd.1.xml:152(title) newusers.8.xml:239(title) login.1.xml:188(title) lastlog.8.xml:66(title) grpck.8.xml:133(title) groupmod.8.xml:67(title) groupmems.8.xml:75(title) groupadd.8.xml:72(title) gpasswd.1.xml:112(title) faillog.8.xml:64(title) chsh.1.xml:73(title) chpasswd.8.xml:109(title) chgpasswd.8.xml:88(title) chage.1.xml:65(title)
48 #: vipw.8.xml:85(para)
49 msgid "The options which apply to the <command>vipw</command> and <command>vigr</command> commands are:"
52 #: vipw.8.xml:91(term)
53 msgid "<option>-g</option>, <option>--group</option>"
56 #: vipw.8.xml:93(para)
57 msgid "Edit group database."
60 #: vipw.8.xml:97(term) userdel.8.xml:99(term) useradd.8.xml:247(term) passwd.1.xml:192(term) newusers.8.xml:257(term) lastlog.8.xml:82(term) groupmod.8.xml:98(term) groupadd.8.xml:107(term) faillog.8.xml:80(term) chsh.1.xml:79(term) chpasswd.8.xml:137(term) chgpasswd.8.xml:114(term) chage.1.xml:103(term)
61 msgid "<option>-h</option>, <option>--help</option>"
64 #: vipw.8.xml:99(para) userdel.8.xml:101(para) useradd.8.xml:249(para) passwd.1.xml:194(para) newusers.8.xml:259(para) lastlog.8.xml:86(para) groupmod.8.xml:100(para) groupadd.8.xml:109(para) faillog.8.xml:82(para) chsh.1.xml:81(para) chpasswd.8.xml:139(para) chgpasswd.8.xml:116(para) chage.1.xml:105(para)
65 msgid "Display help message and exit."
68 #: vipw.8.xml:103(term)
69 msgid "<option>-p</option>, <option>--passwd</option>"
72 #: vipw.8.xml:105(para)
73 msgid "Edit passwd database."
76 #: vipw.8.xml:109(term) passwd.1.xml:259(term)
77 msgid "<option>-q</option>, <option>--quiet</option>"
80 #: vipw.8.xml:111(para) passwd.1.xml:263(para)
84 #: vipw.8.xml:115(term)
85 msgid "<option>-s</option>, <option>--shadow</option>"
88 #: vipw.8.xml:117(para)
89 msgid "Edit shadow or gshadow database."
92 #: vipw.8.xml:124(title) usermod.8.xml:372(title) userdel.8.xml:140(title) useradd.8.xml:644(title) suauth.5.xml:168(title) su.1.xml:338(title) sg.1.xml:88(title) shadow.5.xml:230(title) shadow.3.xml:201(title) pwconv.8.xml:168(title) pwck.8.xml:227(title) porttime.5.xml:105(title) passwd.5.xml:116(title) passwd.1.xml:374(title) newusers.8.xml:357(title) newgrp.1.xml:99(title) logoutd.8.xml:64(title) login.access.5.xml:96(title) login.1.xml:316(title) limits.5.xml:140(title) lastlog.8.xml:147(title) gshadow.5.xml:141(title) grpck.8.xml:185(title) groups.1.xml:75(title) groupmod.8.xml:164(title) groupmems.8.xml:168(title) groupdel.8.xml:89(title) groupadd.8.xml:199(title) gpasswd.1.xml:233(title) faillog.8.xml:202(title) faillog.5.xml:71(title) expiry.1.xml:68(title) chsh.1.xml:133(title) chpasswd.8.xml:208(title) chgpasswd.8.xml:184(title) chfn.1.xml:113(title) chage.1.xml:206(title)
96 #: vipw.8.xml:127(filename) usermod.8.xml:375(filename) userdel.8.xml:143(filename) useradd.8.xml:659(filename) sg.1.xml:103(filename) pwck.8.xml:230(filename) newusers.8.xml:372(filename) newgrp.1.xml:114(filename) gshadow.5.xml:144(filename) grpck.8.xml:188(filename) groups.1.xml:78(filename) groupmod.8.xml:167(filename) groupmems.8.xml:171(filename) groupdel.8.xml:92(filename) groupadd.8.xml:202(filename) gpasswd.1.xml:50(filename) gpasswd.1.xml:53(filename) gpasswd.1.xml:236(filename) chgpasswd.8.xml:187(filename)
100 #: vipw.8.xml:129(para) usermod.8.xml:377(para) userdel.8.xml:145(para) useradd.8.xml:661(para) sg.1.xml:105(para) pwck.8.xml:232(para) newusers.8.xml:374(para) newgrp.1.xml:116(para) gshadow.5.xml:146(para) grpck.8.xml:190(para) groups.1.xml:80(para) groupmod.8.xml:169(para) groupmems.8.xml:173(para) groupdel.8.xml:94(para) groupadd.8.xml:204(para) gpasswd.1.xml:238(para) chgpasswd.8.xml:189(para)
101 msgid "Group account information."
104 #: vipw.8.xml:133(filename) usermod.8.xml:381(filename) useradd.8.xml:665(filename) sg.1.xml:109(filename) newusers.8.xml:378(filename) newgrp.1.xml:120(filename) gshadow.5.xml:150(filename) grpck.8.xml:194(filename) groupmod.8.xml:173(filename) groupmems.8.xml:177(filename) groupdel.8.xml:98(filename) groupadd.8.xml:208(filename) gpasswd.1.xml:54(filename) gpasswd.1.xml:242(filename) chgpasswd.8.xml:193(filename)
108 #: vipw.8.xml:135(para) usermod.8.xml:383(para) useradd.8.xml:667(para) sg.1.xml:111(para) newusers.8.xml:380(para) newgrp.1.xml:122(para) gshadow.5.xml:152(para) grpck.8.xml:196(para) groupmod.8.xml:175(para) groupdel.8.xml:100(para) groupadd.8.xml:210(para) gpasswd.1.xml:244(para) chgpasswd.8.xml:195(para)
109 msgid "Secure group account information."
112 #: vipw.8.xml:139(filename) usermod.8.xml:387(filename) userdel.8.xml:155(filename) useradd.8.xml:647(filename) su.1.xml:341(filename) sg.1.xml:91(filename) shadow.5.xml:233(filename) pwck.8.xml:236(filename) passwd.5.xml:119(filename) passwd.1.xml:377(filename) newusers.8.xml:360(filename) newgrp.1.xml:102(filename) login.1.xml:331(filename) grpck.8.xml:200(filename) expiry.1.xml:71(filename) chsh.1.xml:136(filename) chpasswd.8.xml:211(filename) chfn.1.xml:122(filename) chage.1.xml:210(filename)
116 #: vipw.8.xml:141(para) usermod.8.xml:389(para) userdel.8.xml:157(para) useradd.8.xml:649(para) su.1.xml:343(para) sg.1.xml:93(para) shadow.5.xml:235(para) pwck.8.xml:238(para) passwd.5.xml:121(para) passwd.1.xml:379(para) newusers.8.xml:362(para) newgrp.1.xml:104(para) login.1.xml:333(para) grpck.8.xml:202(para) expiry.1.xml:73(para) chsh.1.xml:138(para) chpasswd.8.xml:213(para) chfn.1.xml:124(para) chage.1.xml:213(para)
117 msgid "User account information."
120 #: vipw.8.xml:145(filename) usermod.8.xml:393(filename) userdel.8.xml:161(filename) useradd.8.xml:653(filename) su.1.xml:347(filename) sg.1.xml:97(filename) shadow.5.xml:239(filename) shadow.3.xml:204(filename) pwck.8.xml:242(filename) passwd.5.xml:125(filename) passwd.1.xml:383(filename) newusers.8.xml:366(filename) newgrp.1.xml:108(filename) login.1.xml:337(filename) expiry.1.xml:77(filename) chpasswd.8.xml:217(filename) chage.1.xml:218(filename)
124 #: vipw.8.xml:147(para) usermod.8.xml:395(para) userdel.8.xml:163(para) useradd.8.xml:655(para) su.1.xml:349(para) sg.1.xml:99(para) shadow.5.xml:241(para) shadow.3.xml:206(para) pwck.8.xml:244(para) passwd.1.xml:385(para) newusers.8.xml:368(para) newgrp.1.xml:110(para) login.1.xml:339(para) expiry.1.xml:79(para) chpasswd.8.xml:219(para) chage.1.xml:221(para)
125 msgid "Secure user account information."
128 #: vipw.8.xml:154(title) usermod.8.xml:402(title) userdel.8.xml:248(title) useradd.8.xml:761(title) suauth.5.xml:197(title) su.1.xml:362(title) sg.1.xml:118(title) shadow.5.xml:258(title) shadow.3.xml:213(title) pwconv.8.xml:180(title) pwck.8.xml:302(title) porttime.5.xml:117(title) passwd.5.xml:144(title) passwd.1.xml:455(title) nologin.8.xml:64(title) newusers.8.xml:399(title) newgrp.1.xml:129(title) login.defs.5.xml:471(title) login.access.5.xml:108(title) login.1.xml:376(title) limits.5.xml:150(title) gshadow.5.xml:159(title) grpck.8.xml:254(title) groups.1.xml:87(title) groupmod.8.xml:233(title) groupmems.8.xml:186(title) groupdel.8.xml:146(title) groupadd.8.xml:290(title) gpasswd.1.xml:251(title) faillog.8.xml:214(title) faillog.5.xml:83(title) expiry.1.xml:86(title) chsh.1.xml:157(title) chpasswd.8.xml:238(title) chgpasswd.8.xml:208(title) chfn.1.xml:131(title) chage.1.xml:261(title)
132 #: vipw.8.xml:155(para)
133 msgid "<citerefentry><refentrytitle>vi</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum></citerefentry><citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
136 #: usermod.8.xml:39(refentrytitle) usermod.8.xml:44(refname) usermod.8.xml:50(command) login.defs.5.xml:443(term)
140 #: usermod.8.xml:45(refpurpose)
141 msgid "modify a user account"
144 #: usermod.8.xml:54(replaceable) userdel.8.xml:54(replaceable) useradd.8.xml:63(replaceable) passwd.1.xml:60(replaceable) chsh.1.xml:56(replaceable) chage.1.xml:49(replaceable)
148 #: usermod.8.xml:60(para)
149 msgid "The <command>usermod</command> command modifies the system account files to reflect the changes that are specified on the command line."
152 #: usermod.8.xml:68(para)
153 msgid "The options which apply to the <command>usermod</command> command are:"
156 #: usermod.8.xml:74(term)
157 msgid "<option>-a</option>, <option>--append</option>"
160 #: usermod.8.xml:78(para)
161 msgid "Add the user to the supplementary group(s). Use only with the <option>-G</option> option."
164 #: usermod.8.xml:85(term) useradd.8.xml:125(term)
165 msgid "<option>-c</option>, <option>--comment</option><replaceable>COMMENT</replaceable>"
168 #: usermod.8.xml:90(para)
169 msgid "The new value of the user's password file comment field. It is normally modified using the <citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum></citerefentry> utility."
172 #: usermod.8.xml:99(term) useradd.8.xml:138(term)
173 msgid "<option>-d</option>, <option>--home</option><replaceable>HOME_DIR</replaceable>"
176 #: usermod.8.xml:104(para)
177 msgid "The user's new login directory."
180 #: usermod.8.xml:107(para)
181 msgid "If the <option>-m</option> option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist."
184 #: usermod.8.xml:116(term) useradd.8.xml:165(term) useradd.8.xml:518(term)
185 msgid "<option>-e</option>, <option>--expiredate</option><replaceable>EXPIRE_DATE</replaceable>"
188 #: usermod.8.xml:121(para) useradd.8.xml:170(para)
189 msgid "The date on which the user account will be disabled. The date is specified in the format <emphasis remap=\"I\">YYYY-MM-DD</emphasis>."
192 #: usermod.8.xml:128(term) useradd.8.xml:183(term) useradd.8.xml:531(term)
193 msgid "<option>-f</option>, <option>--inactive</option><replaceable>INACTIVE</replaceable>"
196 #: usermod.8.xml:133(para)
197 msgid "The number of days after a password expires until the account is permanently disabled."
200 #: usermod.8.xml:137(para)
201 msgid "A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature."
204 #: usermod.8.xml:145(term) useradd.8.xml:203(term) useradd.8.xml:547(term)
205 msgid "<option>-g</option>, <option>--gid</option><replaceable>GROUP</replaceable>"
208 #: usermod.8.xml:150(para)
209 msgid "The group name or number of the user's new initial login group. The group must exist."
212 #: usermod.8.xml:157(term) useradd.8.xml:231(term)
213 msgid "<option>-G</option>, <option>--groups</option><replaceable>GROUP1</replaceable>[<emphasis remap=\"I\">,GROUP2,...</emphasis>[<emphasis remap=\"I\">,GROUPN</emphasis>]]]"
216 #: usermod.8.xml:162(para)
217 msgid "A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the <option>-g</option> option."
220 #: usermod.8.xml:169(para)
221 msgid "If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the <option>-a</option> option, which appends the user to the current supplementary group list."
224 #: usermod.8.xml:178(term)
225 msgid "<option>-l</option>, <option>--login</option><replaceable>NEW_LOGIN</replaceable>"
228 #: usermod.8.xml:183(para)
229 msgid "The name of the user will be changed from <replaceable>LOGIN</replaceable> to <replaceable>NEW_LOGIN</replaceable>. Nothing else is changed. In particular, the user's home directory name should probably be changed manually to reflect the new login name."
232 #: usermod.8.xml:193(term)
233 msgid "<option>-L</option>, <option>--lock</option>"
236 #: usermod.8.xml:197(para)
237 msgid "Lock a user's password. This puts a '!' in front of the encrypted password, effectively disabling the password. You can't use this option with <option>-p</option> or <option>-U</option>."
240 #: usermod.8.xml:203(para)
241 msgid "Note: if you wish to lock the account (not only access with a password), you should also set the <replaceable>EXPIRE_DATE</replaceable> to <replaceable>1</replaceable>."
244 #: usermod.8.xml:212(term)
245 msgid "<option>-m</option>, <option>--move-home</option>"
248 #: usermod.8.xml:216(para)
249 msgid "Move the content of the user's home directory to the new location."
252 #: usermod.8.xml:220(para)
253 msgid "This option is only valid in combination with the <option>-d</option> (or <option>--home</option>) option."
256 #: usermod.8.xml:227(term) useradd.8.xml:366(term) groupmod.8.xml:116(term) groupadd.8.xml:134(term)
257 msgid "<option>-o</option>, <option>--non-unique</option>"
260 #: usermod.8.xml:231(para)
261 msgid "When used with the <option>-u</option> option, this option allows to change the user ID to a non-unique value."
264 #: usermod.8.xml:238(term) useradd.8.xml:378(term) groupmod.8.xml:127(term) groupadd.8.xml:144(term)
265 msgid "<option>-p</option>, <option>--password</option><replaceable>PASSWORD</replaceable>"
268 #: usermod.8.xml:243(para) groupmod.8.xml:132(para)
269 msgid "The encrypted password, as returned by <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>."
272 #: usermod.8.xml:248(para) useradd.8.xml:388(para) groupmod.8.xml:137(para) groupadd.8.xml:154(para)
273 msgid "<emphasis role=\"bold\">Note:</emphasis> This option is not recommended because the password (or encrypted password) will be visible by users listing the processes."
276 #: usermod.8.xml:253(para)
277 msgid "The password will be written in the local <filename>/etc/passwd</filename> or <filename>/etc/shadow</filename> file. This might differ from the password database configured in your PAM configuration."
280 #: usermod.8.xml:259(para) useradd.8.xml:393(para) groupmod.8.xml:142(para) groupadd.8.xml:159(para)
281 msgid "You should make sure the password respects the system's password policy."
284 #: usermod.8.xml:266(term) useradd.8.xml:427(term) useradd.8.xml:568(term) su.1.xml:157(term) chsh.1.xml:85(term)
285 msgid "<option>-s</option>, <option>--shell</option><replaceable>SHELL</replaceable>"
288 #: usermod.8.xml:271(para) chsh.1.xml:89(para)
289 msgid "The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell."
292 #: usermod.8.xml:278(term) useradd.8.xml:442(term)
293 msgid "<option>-u</option>, <option>--uid</option><replaceable>UID</replaceable>"
296 #: usermod.8.xml:283(para)
297 msgid "The new numerical value of the user's ID."
300 #: usermod.8.xml:286(para)
301 msgid "This value must be unique, unless the <option>-o</option> option is used. The value must be non-negative. Values between 0 and 999 are typically reserved for system accounts."
304 #: usermod.8.xml:292(para)
305 msgid "The user's mailbox, and any files which the user owns and which are located in the user's home directory will have the file user ID changed automatically."
308 #: usermod.8.xml:297(para)
309 msgid "The ownership of files outside of the user's home directory must be fixed manually."
312 #: usermod.8.xml:304(term)
313 msgid "<option>-U</option>, <option>--unlock</option>"
316 #: usermod.8.xml:308(para)
317 msgid "Unlock a user's password. This removes the '!' in front of the encrypted password. You can't use this option with <option>-p</option> or <option>-L</option>."
320 #: usermod.8.xml:313(para)
321 msgid "Note: if you wish to unlock the account (not only access with a password), you should also set the <replaceable>EXPIRE_DATE</replaceable> (for example to <replaceable>99999</replaceable>, or to the <option>EXPIRE</option> value from <filename>/etc/default/useradd</filename>)."
324 #: usermod.8.xml:324(term) useradd.8.xml:474(term)
325 msgid "<option>-Z</option>, <option>--selinux-user</option><replaceable>SEUSER</replaceable>"
328 #: usermod.8.xml:329(para)
329 msgid "The SELinux user for the user's login. The default is to leave this field the blank, which causes the system to select the default SELinux user."
332 #: usermod.8.xml:340(title) userdel.8.xml:221(title) useradd.8.xml:597(title) su.1.xml:302(title) shadow.3.xml:193(title) passwd.1.xml:338(title) newusers.8.xml:312(title) login.1.xml:238(title) lastlog.8.xml:159(title) groupdel.8.xml:65(title) groupadd.8.xml:223(title) gpasswd.1.xml:206(title) faillog.8.xml:191(title) chpasswd.8.xml:182(title) chgpasswd.8.xml:157(title)
336 #: usermod.8.xml:341(para)
337 msgid "You must make certain that the named user is not executing any processes when this command is being executed if the user's numerical user ID, the user's name, or the user's home directory is being changed. <command>usermod</command> checks this on Linux, but only check if the user is logged in according to utmp on other architectures."
340 #: usermod.8.xml:349(para)
341 msgid "You must change the owner of any <command>crontab</command> files or <command>at</command> jobs manually."
344 #: usermod.8.xml:353(para)
345 msgid "You must make any changes involving NIS on the NIS server."
348 #: usermod.8.xml:359(title) userdel.8.xml:125(title) useradd.8.xml:621(title) su.1.xml:310(title) sg.1.xml:76(title) pwconv.8.xml:146(title) pwck.8.xml:213(title) passwd.1.xml:356(title) newusers.8.xml:324(title) newgrp.1.xml:87(title) login.1.xml:272(title) grpck.8.xml:173(title) groupmod.8.xml:152(title) groupmems.8.xml:156(title) groupdel.8.xml:77(title) groupadd.8.xml:185(title) gpasswd.1.xml:218(title) chsh.1.xml:120(title) chpasswd.8.xml:194(title) chgpasswd.8.xml:169(title) chfn.1.xml:99(title)
349 msgid "CONFIGURATION"
352 #: usermod.8.xml:360(para) userdel.8.xml:126(para) useradd.8.xml:622(para) su.1.xml:311(para) sg.1.xml:77(para) pwck.8.xml:214(para) passwd.1.xml:357(para) newusers.8.xml:325(para) newgrp.1.xml:88(para) login.1.xml:273(para) grpck.8.xml:174(para) groupmod.8.xml:153(para) groupmems.8.xml:157(para) groupdel.8.xml:78(para) groupadd.8.xml:186(para) gpasswd.1.xml:219(para) chsh.1.xml:121(para) chpasswd.8.xml:195(para) chgpasswd.8.xml:170(para) chfn.1.xml:100(para)
353 msgid "The following configuration variables in <filename>/etc/login.defs</filename> change the behavior of this tool:"
356 #: usermod.8.xml:32(term) userdel.8.xml:32(term) useradd.8.xml:32(term) su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
357 msgid "<option>MAIL_DIR</option> (string)"
360 #: usermod.8.xml:34(para) userdel.8.xml:34(para) useradd.8.xml:34(para) su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
361 msgid "The mail spool directory. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted. If not specified, a compile-time default is used."
364 #: usermod.8.xml:41(term) userdel.8.xml:41(term) useradd.8.xml:41(term) su.1.xml:41(term) login.defs.5.xml:41(term) login.1.xml:41(term)
365 msgid "<option>MAIL_FILE</option> (string)"
368 #: usermod.8.xml:43(para) userdel.8.xml:43(para) useradd.8.xml:43(para) su.1.xml:43(para) login.defs.5.xml:43(para) login.1.xml:43(para)
369 msgid "Defines the location of the users mail spool files relatively to their home directory."
372 #. FIXME: MAIL_FILE not used in useradd
373 #: usermod.8.xml:50(para) userdel.8.xml:50(para) useradd.8.xml:50(para) su.1.xml:50(para) login.defs.5.xml:50(para) login.1.xml:50(para)
374 msgid "The <option>MAIL_DIR</option> and <option>MAIL_FILE</option> variables are used by <command>useradd</command>, <command>usermod</command>, and <command>userdel</command> to create, move, or delete the user's mail spool."
377 #: usermod.8.xml:56(para) userdel.8.xml:56(para) useradd.8.xml:56(para) su.1.xml:56(para) login.defs.5.xml:56(para) login.1.xml:56(para)
378 msgid "If <option>MAIL_CHECK_ENAB</option> is set to <replaceable>yes</replaceable>, they are also used to define the <envar>MAIL</envar> environment variable."
381 #: usermod.8.xml:30(term) userdel.8.xml:30(term) useradd.8.xml:30(term) pwconv.8.xml:30(term) newusers.8.xml:30(term) login.defs.5.xml:30(term) grpck.8.xml:30(term) groupmod.8.xml:30(term) groupmems.8.xml:30(term) groupdel.8.xml:30(term) groupadd.8.xml:30(term) gpasswd.1.xml:30(term) chgpasswd.8.xml:30(term)
382 msgid "<option>MAX_MEMBERS_PER_GROUP</option> (number)"
385 #: usermod.8.xml:32(para) userdel.8.xml:32(para) useradd.8.xml:32(para) pwconv.8.xml:32(para) newusers.8.xml:32(para) login.defs.5.xml:32(para) grpck.8.xml:32(para) groupmod.8.xml:32(para) groupmems.8.xml:32(para) groupdel.8.xml:32(para) groupadd.8.xml:32(para) gpasswd.1.xml:32(para) chgpasswd.8.xml:32(para)
386 msgid "Maximum members per group entry. When the maximum is reached, a new group entry (line) is started in <filename>/etc/group</filename> (with the same name, same password, and same GID)."
389 #: usermod.8.xml:37(para) userdel.8.xml:37(para) useradd.8.xml:37(para) pwconv.8.xml:37(para) newusers.8.xml:37(para) login.defs.5.xml:37(para) grpck.8.xml:37(para) groupmod.8.xml:37(para) groupmems.8.xml:37(para) groupdel.8.xml:37(para) groupadd.8.xml:37(para) gpasswd.1.xml:37(para) chgpasswd.8.xml:37(para)
390 msgid "The default value is 0, meaning that there are no limits in the number of members in a group."
393 #. Note: on HP, split groups have the same ID, but different
395 #: usermod.8.xml:43(para) userdel.8.xml:43(para) useradd.8.xml:43(para) pwconv.8.xml:43(para) newusers.8.xml:43(para) login.defs.5.xml:43(para) grpck.8.xml:43(para) groupmod.8.xml:43(para) groupmems.8.xml:43(para) groupdel.8.xml:43(para) groupadd.8.xml:43(para) gpasswd.1.xml:43(para) chgpasswd.8.xml:43(para)
396 msgid "This feature (split group) permits to limit the length of lines in the group file. This is useful to make sure that lines for NIS groups are not larger than 1024 characters."
399 #: usermod.8.xml:48(para) userdel.8.xml:48(para) useradd.8.xml:48(para) pwconv.8.xml:48(para) newusers.8.xml:48(para) login.defs.5.xml:48(para) grpck.8.xml:48(para) groupmod.8.xml:48(para) groupmems.8.xml:48(para) groupdel.8.xml:48(para) groupadd.8.xml:48(para) gpasswd.1.xml:48(para) chgpasswd.8.xml:48(para)
400 msgid "If you need to enforce such limit, you can use 25."
403 #: usermod.8.xml:51(para) userdel.8.xml:51(para) useradd.8.xml:51(para) pwconv.8.xml:51(para) newusers.8.xml:51(para) login.defs.5.xml:51(para) grpck.8.xml:51(para) groupmod.8.xml:51(para) groupmems.8.xml:51(para) groupdel.8.xml:51(para) groupadd.8.xml:51(para) gpasswd.1.xml:51(para) chgpasswd.8.xml:51(para)
404 msgid "Note: split groups may not be supported by all tools (even in the Shadow toolsuite). You should not use this variable unless you really need it."
407 #: usermod.8.xml:403(para)
408 msgid "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
411 #: userdel.8.xml:41(refentrytitle) userdel.8.xml:46(refname) userdel.8.xml:51(command) login.defs.5.xml:434(term)
415 #: userdel.8.xml:47(refpurpose)
416 msgid "delete a user account and related files"
419 #: userdel.8.xml:61(para)
420 msgid "The <command>userdel</command> command modifies the system account files, deleting all entries that refer to the user name <emphasis remap=\"I\">LOGIN</emphasis>. The named user must exist."
423 #: userdel.8.xml:70(para)
424 msgid "The options which apply to the <command>userdel</command> command are:"
427 #: userdel.8.xml:75(term) groupadd.8.xml:79(term)
428 msgid "<option>-f</option>, <option>--force</option>"
431 #: userdel.8.xml:79(para)
432 msgid "This option forces the removal of the user account, even if the user is still logged in. It also forces <command>userdel</command> to remove the user's home directory and mail spool, even if another user uses the same home directory or if the mail spool is not owned by the specified user. If <option>USERGROUPS_ENAB</option> is defined to <emphasis remap=\"I\">yes</emphasis> in <filename>/etc/login.defs</filename> and if a group exists with the same name as the deleted user, then this group will be removed, even if it is still the primary group of another user."
435 #: userdel.8.xml:92(para)
436 msgid "<emphasis>Note:</emphasis> This option is dangerous and may leave your system in an inconsistent state."
439 #: userdel.8.xml:105(term)
440 msgid "<option>-r</option>, <option>--remove</option>"
443 #: userdel.8.xml:109(para)
444 msgid "Files in the user's home directory will be removed along with the home directory itself and the user's mail spool. Files located in other file systems will have to be searched for and deleted manually."
447 #: userdel.8.xml:115(para)
448 msgid "The mail spool is defined by the <option>MAIL_DIR</option> variable in the <filename>login.defs</filename> file."
451 #: userdel.8.xml:33(term) login.defs.5.xml:33(term)
452 msgid "<option>USERDEL_CMD</option> (string)"
455 #: userdel.8.xml:35(para) login.defs.5.xml:35(para)
456 msgid "If defined, this command is run when removing a user. It should remove any at/cron/print jobs etc. owned by the user to be removed (passed as the first argument)."
459 #: userdel.8.xml:40(para) login.defs.5.xml:40(para)
460 msgid "The return code of the script is not taken into account."
463 #: userdel.8.xml:46(programlisting) login.defs.5.xml:46(programlisting)
465 msgid "\n#! /bin/sh\n\n# Check for the required argument.\nif [ $# != 1 ]; then\n\techo \"Usage: $0 username\"\n\texit 1\nfi\n\n# Remove cron jobs.\ncrontab -r -u $1\n\n# Remove at jobs.\n# Note that it will remove any jobs owned by the same UID,\n# even if it was shared by a different username.\nAT_SPOOL_DIR=/var/spool/cron/atjobs\nfind $AT_SPOOL_DIR -name \"[^.]*\" -type f -user $1 -delete \\;\n\n# Remove print jobs.\nlprm $1\n\n# All done.\nexit 0\n "
468 #: userdel.8.xml:43(para) login.defs.5.xml:43(para)
469 msgid "Here is an example script, which removes the user's cron, at and print jobs: <placeholder-1/>"
472 #: userdel.8.xml:32(term) useradd.8.xml:32(term) su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
473 msgid "<option>USERGROUPS_ENAB</option> (boolean)"
476 #: userdel.8.xml:34(para) useradd.8.xml:34(para) su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
477 msgid "Enable setting of the umask group bits to be the same as owner bits (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is the same as gid, and username is the same as the primary group name."
480 #: userdel.8.xml:39(para) useradd.8.xml:39(para) su.1.xml:39(para) login.defs.5.xml:39(para) login.1.xml:39(para)
481 msgid "If set to <replaceable>yes</replaceable>, <command>userdel</command> will remove the user's group if it contains no more members, and <command>useradd</command> will create by default a group with the name of the user."
484 #: userdel.8.xml:149(filename) useradd.8.xml:683(filename) su.1.xml:353(filename) pwconv.8.xml:171(filename) passwd.1.xml:389(filename) newusers.8.xml:384(filename) login.access.5.xml:99(filename) login.1.xml:367(filename) groupadd.8.xml:214(filename) chsh.1.xml:148(filename) chpasswd.8.xml:223(filename) chgpasswd.8.xml:199(filename) chfn.1.xml:116(filename)
485 msgid "/etc/login.defs"
488 #: userdel.8.xml:151(para) useradd.8.xml:685(para) su.1.xml:355(para) pwconv.8.xml:173(para) passwd.1.xml:391(para) newusers.8.xml:386(para) login.access.5.xml:101(para) login.1.xml:369(para) groupadd.8.xml:216(para) chsh.1.xml:150(para) chpasswd.8.xml:225(para) chgpasswd.8.xml:201(para) chfn.1.xml:118(para)
489 msgid "Shadow password suite configuration."
492 #: userdel.8.xml:170(title) useradd.8.xml:692(title) pwck.8.xml:251(title) passwd.1.xml:404(title) grpck.8.xml:209(title) groupmod.8.xml:182(title) groupdel.8.xml:107(title) groupadd.8.xml:245(title) chage.1.xml:228(title)
496 #: userdel.8.xml:175(replaceable) useradd.8.xml:697(replaceable) pwck.8.xml:256(replaceable) passwd.1.xml:409(replaceable) grpck.8.xml:214(replaceable) groupmod.8.xml:187(replaceable) groupdel.8.xml:112(replaceable) groupadd.8.xml:250(replaceable) chage.1.xml:233(replaceable)
500 #: userdel.8.xml:177(para) useradd.8.xml:699(para) pwck.8.xml:258(para) passwd.1.xml:411(para) grpck.8.xml:216(para) groupmod.8.xml:189(para) groupdel.8.xml:114(para) groupadd.8.xml:252(para) chage.1.xml:235(para)
504 #: userdel.8.xml:181(replaceable) useradd.8.xml:703(replaceable) su.1.xml:55(manvolnum) sg.1.xml:39(manvolnum) pwck.8.xml:262(replaceable) passwd.1.xml:45(manvolnum) passwd.1.xml:415(replaceable) newgrp.1.xml:39(manvolnum) login.1.xml:71(manvolnum) grpck.8.xml:220(replaceable) groups.1.xml:35(manvolnum) gpasswd.1.xml:43(manvolnum) expiry.1.xml:42(manvolnum) chsh.1.xml:41(manvolnum) chfn.1.xml:42(manvolnum) chage.1.xml:35(manvolnum) chage.1.xml:239(replaceable)
508 #: userdel.8.xml:183(para) useradd.8.xml:705(para)
509 msgid "can't update password file"
512 #: userdel.8.xml:187(replaceable) useradd.8.xml:709(replaceable) pwck.8.xml:268(replaceable) passwd.1.xml:421(replaceable) grpck.8.xml:226(replaceable) groupmod.8.xml:193(replaceable) groupdel.8.xml:118(replaceable) groupadd.8.xml:256(replaceable) chage.1.xml:245(replaceable)
516 #: userdel.8.xml:189(para) useradd.8.xml:711(para) pwck.8.xml:264(para) grpck.8.xml:222(para) groupmod.8.xml:195(para) groupdel.8.xml:120(para) groupadd.8.xml:258(para) chage.1.xml:247(para)
517 msgid "invalid command syntax"
520 #: userdel.8.xml:193(replaceable) useradd.8.xml:727(replaceable) pwck.8.xml:292(replaceable) passwd.1.xml:445(replaceable) groupmod.8.xml:211(replaceable) groupdel.8.xml:124(replaceable)
524 #: userdel.8.xml:195(para)
525 msgid "specified user doesn't exist"
528 #: userdel.8.xml:201(para)
529 msgid "user currently logged in"
532 #: userdel.8.xml:205(replaceable) useradd.8.xml:739(replaceable) groupmod.8.xml:223(replaceable) groupdel.8.xml:136(replaceable) groupadd.8.xml:280(replaceable)
536 #: userdel.8.xml:207(para) useradd.8.xml:741(para) groupmod.8.xml:225(para) groupdel.8.xml:138(para) groupadd.8.xml:282(para)
537 msgid "can't update group file"
540 #: userdel.8.xml:211(replaceable) useradd.8.xml:745(replaceable)
544 #: userdel.8.xml:213(para)
545 msgid "can't remove home directory"
548 #: userdel.8.xml:171(para)
549 msgid "The <command>userdel</command> command exits with the following values: <placeholder-1/>"
552 #: userdel.8.xml:222(para)
553 msgid "<command>userdel</command> will not allow you to remove an account if there are running processes which belong to this account. In that case, you may have to kill those processes or lock the user's password or account and remove the account later. The <option>-f</option> option can force the deletion of this account."
556 #: userdel.8.xml:229(para)
557 msgid "You should manually check all file systems to ensure that no files remain owned by this user."
560 #: userdel.8.xml:233(para)
561 msgid "You may not remove any NIS attributes on a NIS client. This must be performed on the NIS server."
564 #: userdel.8.xml:236(para)
565 msgid "If <option>USERGROUPS_ENAB</option> is defined to <emphasis remap=\"I\">yes</emphasis> in <filename>/etc/login.defs</filename>, <command>userdel</command> will delete the group with the same name as the user. To avoid inconsistencies in the passwd and group databases, <command>userdel</command> will check that this group is not used as a primary group for another user, and will just warn without deleting the group otherwise. The <option>-f</option> option can force the deletion of this group."
568 #: userdel.8.xml:249(para)
569 msgid "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
572 #: useradd.8.xml:49(refentrytitle) useradd.8.xml:54(refname) useradd.8.xml:59(command) useradd.8.xml:66(command) useradd.8.xml:70(command) login.defs.5.xml:421(term)
576 #: useradd.8.xml:55(refpurpose)
577 msgid "create a new user or update default new user information"
580 #: useradd.8.xml:67(arg) useradd.8.xml:71(arg)
584 #: useradd.8.xml:80(para)
585 msgid "When invoked without the <option>-D</option> option, the <command>useradd</command> command creates a new user account using the values specified on the command line plus the default values from the system. Depending on command line options, the <command>useradd</command> command will update system files and may also create the new user's home directory and copy initial files."
588 #: useradd.8.xml:89(para)
589 msgid "By default, a group will also be created for the new user (see <option>-g</option>, <option>-N</option>, <option>-U</option>, and <option>USERGROUPS_ENAB</option>)."
592 #: useradd.8.xml:98(para)
593 msgid "The options which apply to the <command>useradd</command> command are:"
596 #: useradd.8.xml:102(term) useradd.8.xml:499(term)
597 msgid "<option>-b</option>, <option>--base-dir</option><replaceable>BASE_DIR</replaceable>"
600 #: useradd.8.xml:107(para)
601 msgid "The default base directory for the system if <option>-d</option><replaceable>HOME_DIR</replaceable> is not specified. <replaceable>BASE_DIR</replaceable> is concatenated with the account name to define the home directory. If the <option>-m</option> option is not used, <replaceable>BASE_DIR</replaceable> must exist."
604 #: useradd.8.xml:115(para)
605 msgid "If this option is not specified, <command>useradd</command> will use the base directory specified by the <option>HOME</option> variable in <filename>/etc/default/useradd</filename>, or <filename>/home</filename> by default."
608 #: useradd.8.xml:130(para)
609 msgid "Any text string. It is generally a short description of the login, and is currently used as the field for the user's full name."
612 #: useradd.8.xml:143(para)
613 msgid "The new user will be created using <replaceable>HOME_DIR</replaceable> as the value for the user's login directory. The default is to append the <replaceable>LOGIN</replaceable> name to <replaceable>BASE_DIR</replaceable> and use that as the login directory name. The directory <replaceable>HOME_DIR</replaceable> does not have to exist but will not be created if it is missing."
616 #: useradd.8.xml:155(term)
617 msgid "<option>-D</option>, <option>--defaults</option>"
620 #: useradd.8.xml:159(para)
621 msgid "See below, the subsection \"Changing the default values\"."
624 #: useradd.8.xml:174(para)
625 msgid "If not specified, <command>useradd</command> will use the default expiry date specified by the <option>EXPIRE</option> variable in <filename>/etc/default/useradd</filename>, or an empty string (no expiry) by default."
628 #: useradd.8.xml:188(para)
629 msgid "The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature."
632 #: useradd.8.xml:194(para)
633 msgid "If not specified, <command>useradd</command> will use the default inactivity period specified by the <option>INACTIVE</option> variable in <filename>/etc/default/useradd</filename>, or -1 by default."
636 #: useradd.8.xml:208(para)
637 msgid "The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group."
640 #: useradd.8.xml:213(para)
641 msgid "If not specified, the bahavior of <command>useradd</command> will depend on the <option>USERGROUPS_ENAB</option> variable in <filename>/etc/login.defs</filename>. If this variable is set to <replaceable>yes</replaceable> (or <option>-U/--user-group</option> is specified on the command line), a group will be created for the user, with the same name as her loginname. If the variable is set to <replaceable>no</replaceable> (or <option>-N/--no-user-group</option> is specified on the command line), useradd will set the primary group of the new user to the value specified by the <option>GROUP</option> variable in <filename>/etc/default/useradd</filename>, or 100 by default."
644 #: useradd.8.xml:236(para)
645 msgid "A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the <option>-g</option> option. The default is for the user to belong only to the initial group."
648 #: useradd.8.xml:253(term)
649 msgid "<option>-k</option>, <option>--skel</option><replaceable>SKEL_DIR</replaceable>"
652 #: useradd.8.xml:258(para)
653 msgid "The skeleton directory, which contains files and directories to be copied in the user's home directory, when the home directory is created by <command>useradd</command>."
656 #: useradd.8.xml:263(para)
657 msgid "This option is only valid if the <option>-m</option> (or <option>--create-home</option>) option is specified."
660 #: useradd.8.xml:267(para)
661 msgid "If this option is not set, the skeleton directory is defined by the <option>SKEL</option> variable in <filename>/etc/default/useradd</filename> or, by default, <filename>/etc/skel</filename>."
664 #: useradd.8.xml:276(term) groupadd.8.xml:113(term)
665 msgid "<option>-K</option>, <option>--key</option><replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable>"
668 #: useradd.8.xml:281(para)
669 msgid "Overrides <filename>/etc/login.defs</filename> defaults (<option>UID_MIN</option>, <option>UID_MAX</option>, <option>UMASK</option>, <option>PASS_MAX_DAYS</option> and others). <placeholder-1/> Example: <option>-K </option><replaceable>PASS_MAX_DAYS</replaceable>=<replaceable>-1</replaceable> can be used when creating system account to turn off password ageing, even though system account has no password at all. Multiple <option>-K</option> options can be specified, e.g.: <option>-K </option><replaceable>UID_MIN</replaceable>=<replaceable>100</replaceable><option>-K </option><replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>"
672 #: useradd.8.xml:297(para)
673 msgid "Note: <option>-K </option><replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable> doesn't work yet."
676 #: useradd.8.xml:305(term)
677 msgid "<option>-l</option>, <option>--no-log-init</option>"
680 #: useradd.8.xml:307(para)
681 msgid "Do not add the user to the lastlog and faillog databases."
684 #: useradd.8.xml:310(para)
685 msgid "By default, the user's entries in the lastlog and faillog databases are resetted to avoid reusing the entry from a previously deleted user."
688 #: useradd.8.xml:318(term)
689 msgid "<option>-m</option>, <option>--create-home</option>"
692 #: useradd.8.xml:322(para)
693 msgid "Create the user's home directory if it does not exist. The files and directories contained in the skeleton directory (which can be defined with the <option>-k</option> option) will be copied to the home directory."
696 #: useradd.8.xml:328(para)
697 msgid "By default, no home directories are created."
700 #: useradd.8.xml:335(option)
704 #: useradd.8.xml:338(para)
705 msgid "Do no create the user's home directory, even if the system wide setting from <filename>/etc/login.defs</filename> (<option>CREATE_HOME</option>) is set to <replaceable>yes</replaceable>."
708 #: useradd.8.xml:347(term)
709 msgid "<option>-N</option>, <option>--no-user-group</option>"
712 #: useradd.8.xml:351(para)
713 msgid "Do not create a group with the same name as the user, but add the user to the group specified by the <option>-g</option> option or by the <option>GROUP</option> variable in <filename>/etc/default/useradd</filename>."
716 #: useradd.8.xml:357(para) useradd.8.xml:465(para)
717 msgid "The default behavior (if the <option>-g</option>, <option>-N</option>, and <option>-U</option> options are not specified) is defined by the <option>USERGROUPS_ENAB</option> variable in <filename>/etc/login.defs</filename>."
720 #: useradd.8.xml:370(para)
721 msgid "Allow the creation of a user account with a duplicate (non-unique) UID."
724 #: useradd.8.xml:371(para)
725 msgid "This option is only valid in combination with the <option>-o</option> option."
728 #: useradd.8.xml:383(para) groupadd.8.xml:149(para)
729 msgid "The encrypted password, as returned by <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>. The default is to disable the password."
732 #: useradd.8.xml:400(term) newusers.8.xml:263(term) groupadd.8.xml:166(term)
733 msgid "<option>-r</option>, <option>--system</option>"
736 #: useradd.8.xml:404(para) newusers.8.xml:267(para)
737 msgid "Create a system account."
740 #: useradd.8.xml:407(para)
741 msgid "System users will be created with no aging information in <filename>/etc/shadow</filename>, and their numeric identifiers are choosen in the <option>SYS_UID_MIN</option>-<option>SYS_UID_MAX</option> range, defined in <filename>/etc/login.defs</filename>, instead of <option>UID_MIN</option>-<option>UID_MAX</option> (and their <option>GID</option> counterparts for the creation of groups)."
744 #: useradd.8.xml:416(para)
745 msgid "Note that <command>useradd</command> will not create a home directory for such an user, regardless of the default setting in <filename>/etc/login.defs</filename> (<option>CREATE_HOME</option>). You have to specify the <option>-m</option> options if you want a home directory for a system account to be created."
748 #: useradd.8.xml:432(para)
749 msgid "The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell specified by the <option>SHELL</option> variable in <filename>/etc/default/useradd</filename>, or an empty string by default."
752 #: useradd.8.xml:447(para)
753 msgid "The numerical value of the user's ID. This value must be unique, unless the <option>-o</option> option is used. The value must be non-negative. The default is to use the smallest ID value greater than 999 and greater than every other user. Values between 0 and 999 are typically reserved for system accounts."
756 #: useradd.8.xml:457(term)
757 msgid "<option>-U</option>, <option>--user-group</option>"
760 #: useradd.8.xml:461(para)
761 msgid "Create a group with the same name as the user, and add the user to this group."
764 #: useradd.8.xml:479(para)
765 msgid "The SELinux user for the user's login. The default is to leave this field blank, which causes the system to select the default SELinux user."
768 #: useradd.8.xml:489(title)
769 msgid "Changing the default values"
772 #: useradd.8.xml:490(para)
773 msgid "When invoked with only the <option>-D</option> option, <command>useradd</command> will display the current default values. When invoked with <option>-D</option> plus other options, <command>useradd</command> will update the default values for the specified options. Valid default-changing options are:"
776 #: useradd.8.xml:504(para)
777 msgid "The path prefix for a new user's home directory. The user's name will be affixed to the end of <replaceable>BASE_DIR</replaceable> to form the new user's home directory name, if the <option>-d</option> option is not used when creating a new account."
780 #: useradd.8.xml:511(para)
781 msgid "This option sets the <option>HOME</option> variable in <filename>/etc/default/useradd</filename>."
784 #: useradd.8.xml:523(para)
785 msgid "The date on which the user account is disabled."
788 #: useradd.8.xml:524(para)
789 msgid "This option sets the <option>EXPIRE</option> variable in <filename>/etc/default/useradd</filename>."
792 #: useradd.8.xml:536(para)
793 msgid "The number of days after a password has expired before the account will be disabled."
796 #: useradd.8.xml:540(para)
797 msgid "This option sets the <option>INACTIVE</option> variable in <filename>/etc/default/useradd</filename>."
800 #: useradd.8.xml:552(para)
801 msgid "The group name or ID for a new user's initial group (when the <option>-N/--no-user-group</option> is used or when the <option>USERGROUPS_ENAB</option> variable is set to <replaceable>no</replaceable> in <filename>/etc/login.defs</filename>. The named group must exist, and a numerical group ID must have an existing entry."
804 #: useradd.8.xml:561(para)
805 msgid "This option sets the <option>GROUP</option> variable in <filename>/etc/default/useradd</filename>."
808 #: useradd.8.xml:573(para)
809 msgid "The name of a new user's login shell."
812 #: useradd.8.xml:576(para)
813 msgid "This option sets the <option>SHELL</option> variable in <filename>/etc/default/useradd</filename>."
816 #: useradd.8.xml:588(title)
820 #: useradd.8.xml:589(para)
821 msgid "The system administrator is responsible for placing the default user files in the <filename>/etc/skel/</filename> directory (or any other skeleton directory specified in <filename>/etc/default/useradd</filename> or on the command line)."
824 #: useradd.8.xml:598(para)
825 msgid "You may not add a user to a NIS or LDAP group. This must be performed on the corresponding server."
828 #: useradd.8.xml:603(para)
829 msgid "Similarly, if the username already exists in an external user database such as NIS or LDAP, <command>useradd</command> will deny the user account creation request."
832 #: useradd.8.xml:609(para)
833 msgid "Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes. They can end with a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?"
836 #: useradd.8.xml:615(para)
837 msgid "Usernames may only be up to 32 characters long."
840 #: useradd.8.xml:30(term) login.defs.5.xml:30(term)
841 msgid "<option>CREATE_HOME</option> (boolean)"
844 #: useradd.8.xml:32(para) login.defs.5.xml:32(para)
845 msgid "Indicate if a home directory should be created by default for new users."
848 #: useradd.8.xml:36(para) login.defs.5.xml:36(para)
849 msgid "This setting does not apply to system users, and can be overriden on the command line."
852 #: useradd.8.xml:32(term) newusers.8.xml:32(term) login.defs.5.xml:32(term) groupadd.8.xml:32(term)
853 msgid "<option>GID_MAX</option> (number)"
856 #: useradd.8.xml:33(term) newusers.8.xml:33(term) login.defs.5.xml:33(term) groupadd.8.xml:33(term)
857 msgid "<option>GID_MIN</option> (number)"
860 #: useradd.8.xml:35(para) newusers.8.xml:35(para) login.defs.5.xml:35(para) groupadd.8.xml:35(para)
861 msgid "Range of group IDs used for the creation of regular groups by <command>useradd</command>, <command>groupadd</command>, or <command>newusers</command>."
864 #: useradd.8.xml:32(term) pwconv.8.xml:32(term) pwck.8.xml:32(term) newusers.8.xml:32(term) login.defs.5.xml:32(term)
865 msgid "<option>PASS_MAX_DAYS</option> (number)"
868 #: useradd.8.xml:34(para) pwconv.8.xml:34(para) pwck.8.xml:34(para) newusers.8.xml:34(para) login.defs.5.xml:34(para)
869 msgid "The maximum number of days a password may be used. If the password is older than this, a password change will be forced. If not specified, -1 will be assumed (which disables the restriction)."
872 #: useradd.8.xml:32(term) pwconv.8.xml:32(term) pwck.8.xml:32(term) newusers.8.xml:32(term) login.defs.5.xml:32(term)
873 msgid "<option>PASS_MIN_DAYS</option> (number)"
876 #: useradd.8.xml:34(para) pwconv.8.xml:34(para) pwck.8.xml:34(para) newusers.8.xml:34(para) login.defs.5.xml:34(para)
877 msgid "The minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected. If not specified, -1 will be assumed (which disables the restriction)."
880 #: useradd.8.xml:32(term) pwconv.8.xml:32(term) pwck.8.xml:32(term) newusers.8.xml:32(term) login.defs.5.xml:32(term)
881 msgid "<option>PASS_WARN_AGE</option> (number)"
884 #: useradd.8.xml:34(para) pwconv.8.xml:34(para) pwck.8.xml:34(para) newusers.8.xml:34(para) login.defs.5.xml:34(para)
885 msgid "The number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided."
888 #: useradd.8.xml:30(term) newusers.8.xml:30(term) login.defs.5.xml:30(term) groupadd.8.xml:30(term)
889 msgid "<option>SYS_GID_MAX</option> (number)"
892 #: useradd.8.xml:31(term) newusers.8.xml:31(term) login.defs.5.xml:31(term) groupadd.8.xml:31(term)
893 msgid "<option>SYS_GID_MIN</option> (number)"
896 #: useradd.8.xml:33(para) newusers.8.xml:33(para) login.defs.5.xml:33(para) groupadd.8.xml:33(para)
897 msgid "Range of group IDs used for the creation of system groups by <command>useradd</command>, <command>groupadd</command>, or <command>newusers</command>."
900 #: useradd.8.xml:30(term) newusers.8.xml:30(term) login.defs.5.xml:30(term)
901 msgid "<option>SYS_UID_MAX</option> (number)"
904 #: useradd.8.xml:31(term) newusers.8.xml:31(term) login.defs.5.xml:31(term)
905 msgid "<option>SYS_UID_MIN</option> (number)"
908 #: useradd.8.xml:33(para) newusers.8.xml:33(para) login.defs.5.xml:33(para)
909 msgid "Range of user IDs used for the creation of system users by <command>useradd</command> or <command>newusers</command>."
912 #: useradd.8.xml:32(term) newusers.8.xml:32(term) login.defs.5.xml:32(term)
913 msgid "<option>UID_MAX</option> (number)"
916 #: useradd.8.xml:33(term) newusers.8.xml:33(term) login.defs.5.xml:33(term)
917 msgid "<option>UID_MIN</option> (number)"
920 #: useradd.8.xml:35(para) newusers.8.xml:35(para) login.defs.5.xml:35(para)
921 msgid "Range of user IDs used for the creation of regular users by <command>useradd</command> or <command>newusers</command>."
924 #: useradd.8.xml:32(term) newusers.8.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
925 msgid "<option>UMASK</option> (number)"
928 #: useradd.8.xml:34(para) newusers.8.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
929 msgid "The file mode creation mask is initialized to this value. If not specified, the mask will be initialized to 022."
932 #: useradd.8.xml:38(para) newusers.8.xml:38(para) login.defs.5.xml:38(para) login.1.xml:38(para)
933 msgid "<command>useradd</command> and <command>newusers</command> use this mask to set the mode of the home directory they create"
936 #: useradd.8.xml:42(para) newusers.8.xml:42(para) login.defs.5.xml:42(para) login.1.xml:42(para)
937 msgid "It is also used by <command>login</command> to define users' initial umask. Note that this mask can be overriden by the user's GECOS line (if <option>QUOTAS_ENAB</option> is set) or by the specification of a limit with the <emphasis>K</emphasis> identifier in <citerefentry><refentrytitle>limits</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
940 #: useradd.8.xml:671(filename)
941 msgid "/etc/default/useradd"
944 #: useradd.8.xml:673(para)
945 msgid "Default values for account creation."
948 #: useradd.8.xml:677(filename)
952 #: useradd.8.xml:679(para)
953 msgid "Directory containing default files."
956 #: useradd.8.xml:715(replaceable) shadow.3.xml:35(manvolnum) pwck.8.xml:274(replaceable) passwd.1.xml:427(replaceable) grpck.8.xml:232(replaceable) groupmod.8.xml:199(replaceable) groupadd.8.xml:262(replaceable)
960 #: useradd.8.xml:717(para) passwd.1.xml:447(para) groupmod.8.xml:201(para) groupadd.8.xml:264(para)
961 msgid "invalid argument to option"
964 #: useradd.8.xml:721(replaceable) pwck.8.xml:280(replaceable) passwd.1.xml:433(replaceable) grpck.8.xml:238(replaceable) groupmod.8.xml:205(replaceable) groupadd.8.xml:268(replaceable)
968 #: useradd.8.xml:723(para)
969 msgid "UID already in use (and no <option>-o</option>)"
972 #: useradd.8.xml:729(para) groupmod.8.xml:207(para) groupmod.8.xml:213(para) groupdel.8.xml:126(para)
973 msgid "specified group doesn't exist"
976 #: useradd.8.xml:733(replaceable) groupmod.8.xml:217(replaceable) groupadd.8.xml:274(replaceable)
980 #: useradd.8.xml:735(para)
981 msgid "username already in use"
984 #: useradd.8.xml:747(para)
985 msgid "can't create home directory"
988 #: useradd.8.xml:751(replaceable)
992 #: useradd.8.xml:753(para)
993 msgid "can't create mail spool"
996 #: useradd.8.xml:693(para)
997 msgid "The <command>useradd</command> command exits with the following values: <placeholder-1/>"
1000 #: useradd.8.xml:762(para)
1001 msgid "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>newusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
1004 #: suauth.5.xml:34(refentrytitle) suauth.5.xml:39(refname)
1008 #: suauth.5.xml:35(manvolnum) shadow.5.xml:35(manvolnum) pwck.8.xml:286(replaceable) porttime.5.xml:35(manvolnum) passwd.5.xml:35(manvolnum) passwd.1.xml:439(replaceable) login.defs.5.xml:98(manvolnum) login.access.5.xml:36(manvolnum) limits.5.xml:36(manvolnum) gshadow.5.xml:34(manvolnum) grpck.8.xml:244(replaceable) faillog.5.xml:35(manvolnum)
1012 #: suauth.5.xml:36(refmiscinfo) shadow.5.xml:36(refmiscinfo) porttime.5.xml:36(refmiscinfo) passwd.5.xml:36(refmiscinfo) login.defs.5.xml:99(refmiscinfo) login.access.5.xml:37(refmiscinfo) limits.5.xml:37(refmiscinfo) gshadow.5.xml:35(refmiscinfo) faillog.5.xml:36(refmiscinfo)
1013 msgid "File Formats and Conversions"
1016 #: suauth.5.xml:40(refpurpose)
1017 msgid "detailed su control file"
1020 #: suauth.5.xml:45(command) suauth.5.xml:171(filename)
1024 #: suauth.5.xml:51(para)
1025 msgid "The file <filename>/etc/suauth</filename> is referenced whenever the su command is called. It can change the behaviour of the su command, based upon:"
1029 #: suauth.5.xml:58(literallayout)
1031 msgid "\n 1) the user su is targetting\n "
1035 #: suauth.5.xml:62(para)
1036 msgid "2) the user executing the su command (or any groups he might be a member of)"
1039 #: suauth.5.xml:67(para)
1040 msgid "The file is formatted like this, with lines starting with a # being treated as comment lines and ignored;"
1043 #: suauth.5.xml:72(literallayout)
1045 msgid "\n to-id:from-id:ACTION\n "
1048 #: suauth.5.xml:76(para)
1049 msgid "Where to-id is either the word <emphasis>ALL</emphasis>, a list of usernames delimited by \",\" or the words <emphasis>ALL EXCEPT</emphasis> followed by a list of usernames delimited by \",\""
1052 #: suauth.5.xml:82(para)
1053 msgid "from-id is formatted the same as to-id except the extra word <emphasis>GROUP</emphasis> is recognised. <emphasis>ALL EXCEPT GROUP</emphasis> is perfectly valid too. Following <emphasis>GROUP</emphasis> appears one or more group names, delimited by \",\". It is not sufficient to have primary group id of the relevant group, an entry in <citerefentry><refentrytitle>/etc/group</refentrytitle><manvolnum>5</manvolnum></citerefentry> is neccessary."
1056 #: suauth.5.xml:93(para)
1057 msgid "Action can be one only of the following currently supported options."
1060 #: suauth.5.xml:99(emphasis)
1064 #: suauth.5.xml:102(para)
1065 msgid "The attempt to su is stopped before a password is even asked for."
1068 #: suauth.5.xml:109(emphasis)
1072 #: suauth.5.xml:112(para)
1073 msgid "The attempt to su is automatically successful; no password is asked for."
1076 #: suauth.5.xml:120(emphasis)
1080 #: suauth.5.xml:123(para)
1081 msgid "For the su command to be successful, the user must enter his or her own password. They are told this."
1084 #: suauth.5.xml:131(para)
1085 msgid "Note there are three separate fields delimited by a colon. No whitespace must surround this colon. Also note that the file is examined sequentially line by line, and the first applicable rule is used without examining the file further. This makes it possible for a system administrator to exercise as fine control as he or she wishes."
1088 #: suauth.5.xml:141(title)
1092 #: suauth.5.xml:142(literallayout)
1094 msgid "\n # sample /etc/suauth file\n #\n # A couple of privileged usernames may\n # su to root with their own password.\n #\n root:chris,birddog:OWNPASS\n #\n # Anyone else may not su to root unless in\n # group wheel. This is how BSD does things.\n #\n root:ALL EXCEPT GROUP wheel:DENY\n #\n # Perhaps terry and birddog are accounts\n # owned by the same person.\n # Access can be arranged between them\n # with no password.\n #\n terry:birddog:NOPASS\n birddog:terry:NOPASS\n #\n "
1097 #: suauth.5.xml:178(title) pwconv.8.xml:135(title) login.defs.5.xml:455(title)
1101 #: suauth.5.xml:179(para)
1102 msgid "There could be plenty lurking. The file parser is particularly unforgiving about syntax errors, expecting no spurious whitespace (apart from beginning and end of lines), and a specific token delimiting different things."
1105 #: suauth.5.xml:188(title) shadow.3.xml:183(title)
1109 #: suauth.5.xml:189(para)
1110 msgid "An error parsing the file is reported using <citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry> as level ERR on facility AUTH."
1113 #: suauth.5.xml:198(para)
1114 msgid "<citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>."
1117 #: su.1.xml:54(refentrytitle) su.1.xml:59(refname) su.1.xml:64(command) login.defs.5.xml:395(term)
1121 #: su.1.xml:56(refmiscinfo) sg.1.xml:40(refmiscinfo) passwd.1.xml:46(refmiscinfo) newgrp.1.xml:40(refmiscinfo) login.1.xml:72(refmiscinfo) groups.1.xml:36(refmiscinfo) gpasswd.1.xml:44(refmiscinfo) expiry.1.xml:43(refmiscinfo) chsh.1.xml:42(refmiscinfo) chfn.1.xml:43(refmiscinfo) chage.1.xml:36(refmiscinfo)
1122 msgid "User Commands"
1125 #: su.1.xml:60(refpurpose)
1126 msgid "change user ID or become superuser"
1129 #: su.1.xml:70(replaceable) login.1.xml:85(replaceable) login.1.xml:93(replaceable)
1133 #: su.1.xml:78(para)
1134 msgid "The <command>su</command> command is used to become another user during a login session. Invoked without a <option>username</option>, <command>su</command> defaults to becoming the superuser. The optional argument <option>-</option> may be used to provide an environment similar to what the user would expect had the user logged in directly."
1137 #: su.1.xml:87(para)
1138 msgid "Additional arguments may be provided after the username, in which case they are supplied to the user's login shell. In particular, an argument of <option>-c</option> will cause the next argument to be treated as a command by most command interpreters. The command will be executed by the shell specified in <filename>/etc/passwd</filename> for the target user."
1141 #: su.1.xml:96(para)
1142 msgid "You can use the <option>--</option> argument to separate <command>su</command> options from the arguments supplied to the shell."
1145 #: su.1.xml:101(para)
1146 msgid "The user will be prompted for a password, if appropriate. Invalid passwords will produce an error message. All attempts, both valid and invalid, are logged to detect abuse of the system."
1149 #: su.1.xml:106(para)
1150 msgid "The current environment is passed to the new shell. The value of <envar>$PATH</envar> is reset to <filename>/bin:/usr/bin</filename> for normal users, or <filename>/sbin:/bin:/usr/sbin:/usr/bin</filename> for the superuser. This may be changed with the <option>ENV_PATH</option> and <option>ENV_SUPATH</option> definitions in <filename>/etc/login.defs</filename>."
1153 #: su.1.xml:115(para) login.1.xml:166(para)
1154 msgid "A subsystem login is indicated by the presence of a \"*\" as the first character of the login shell. The given home directory will be used as the root of a new file system which the user is actually logged into."
1157 #: su.1.xml:124(para)
1158 msgid "The options which apply to the <command>su</command> command are:"
1161 #: su.1.xml:128(term)
1162 msgid "<option>-c</option>, <option>--command</option><replaceable>COMMAND</replaceable>"
1165 #: su.1.xml:133(para)
1166 msgid "Specify a command that will be invoked by the shell using its <option>-c</option>."
1169 #: su.1.xml:140(term)
1170 msgid "<option>-</option>, <option>-l</option>, <option>--login</option>"
1173 #: su.1.xml:144(para)
1174 msgid "Provide an environment similar to what the user would expect had the user logged in directly."
1177 #: su.1.xml:148(para)
1178 msgid "When <option>-</option> is used, it must be specified as the last <command>su</command> option. The other forms (<option>-l</option> and <option>--login</option>) do not have this restriction."
1181 #: su.1.xml:162(para)
1182 msgid "The shell that will be invoked."
1185 #: su.1.xml:170(para)
1186 msgid "The shell specified with --shell."
1189 #: su.1.xml:173(para)
1190 msgid "If <option>--preserve-environment</option> is used, the shell specified by the <envar>$SHELL</envar> environment variable."
1193 #: su.1.xml:180(para)
1194 msgid "The shell indicated in the <filename>/etc/passwd</filename> entry for the target user."
1197 #: su.1.xml:186(para)
1198 msgid "<filename>/bin/sh</filename> if a shell could not be found by any above method."
1201 #: su.1.xml:163(para)
1202 msgid "The invoked shell is chosen from (highest priority first): <placeholder-1/>"
1205 #: su.1.xml:191(para)
1206 msgid "If the target user has a restricted shell (i.e. the shell field of this user's entry in <filename>/etc/passwd</filename> is not listed in <filename>/etc/shell</filename>), then the <option>--shell</option> option or the <envar>$SHELL</envar> environment variable won't be taken into account, unless <command>su</command> is called by root."
1209 #: su.1.xml:202(term)
1210 msgid "<option>-m</option>, <option>-p</option>, <option>--preserve-environment</option>"
1213 #: su.1.xml:211(envar)
1217 #: su.1.xml:213(para)
1218 msgid "reset according to the <filename>/etc/login.defs</filename> options <option>ENV_PATH</option> or <option>ENV_SUPATH</option> (see below);"
1221 #: su.1.xml:222(envar)
1225 #: su.1.xml:224(para)
1226 msgid "reset to <quote><space><tab><newline></quote>, if it was set."
1229 #: su.1.xml:207(para)
1230 msgid "Preserve the current environment, except for: <placeholder-1/>"
1233 #: su.1.xml:233(para)
1234 msgid "If the target user has a restricted shell, this option has no effect (unless <command>su</command> is called by root)."
1237 #: su.1.xml:242(para)
1238 msgid "The <envar>$HOME</envar>, <envar>$SHELL</envar>, <envar>$USER</envar>, <envar>$LOGNAME</envar>, <envar>$PATH</envar>, and <envar>$IFS</envar> environment variables are reset."
1241 #: su.1.xml:251(para)
1242 msgid "If <option>--login</option> is not used, the environment is copied, except for the variables above."
1245 #: su.1.xml:258(para)
1246 msgid "If <option>--login</option> is used, the <envar>$TERM</envar>, <envar>$COLORTERM</envar>, <envar>$DISPLAY</envar>, and <envar>$XAUTHORITY</envar> environment variables are copied if they were set."
1249 #: su.1.xml:268(para)
1250 msgid "If <option>--login</option> is used, the <envar>$TZ</envar>, <envar>$HZ</envar>, and <envar>$MAIL</envar> environment variables are set according to the <filename>/etc/login.defs</filename> options <option>ENV_TZ</option>, <option>ENV_HZ</option>, <option>MAIL_DIR</option>, and <option>MAIL_FILE</option> (see below)."
1253 #: su.1.xml:281(para)
1254 msgid "If <option>--login</option> is used, other environment variables might be set by the <option>ENVIRON_FILE</option> file (see below)."
1257 #: su.1.xml:289(para)
1258 msgid "Other environment might be set by PAM modules."
1261 #: su.1.xml:237(para)
1262 msgid "Note that the default behavior for the environment is the following: <placeholder-1/>"
1265 #: su.1.xml:303(para)
1266 msgid "This version of <command>su</command> has many compilation options, only some of which may be in use at any particular site."
1269 #: su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
1270 msgid "<option>CONSOLE</option> (string)"
1273 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
1274 msgid "If defined, either full pathname of a file containing device names (one per line) or a \":\" delimited list of device names. Root logins will be allowed only upon these devices."
1277 #: su.1.xml:39(para) login.defs.5.xml:39(para) login.1.xml:39(para)
1278 msgid "If not defined, root will be allowed on any device."
1281 #: su.1.xml:42(para) login.defs.5.xml:42(para) login.1.xml:42(para)
1282 msgid "The device should be specified without the /dev/ prefix."
1285 #: su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
1286 msgid "<option>CONSOLE_GROUPS</option> (string)"
1289 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
1290 msgid "List of groups to add to the user's supplementary groups set when logging in on the console (as determined by the CONSOLE setting). Default is none. <placeholder-1/> Use with caution - it is possible for users to gain permanent access to these groups, even when not logged in on the console."
1293 #: su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
1294 msgid "<option>DEFAULT_HOME</option> (boolean)"
1297 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
1298 msgid "Indicate if login is allowed if we can't cd to the home directory. Default in no."
1301 #: su.1.xml:38(para) login.defs.5.xml:38(para) login.1.xml:38(para)
1302 msgid "If set to <replaceable>yes</replaceable>, the user will login in the root (<filename>/</filename>) directory if it is not possible to cd to her home directory."
1305 #. XXX: When compiled with PAM support, only sulogin uses ENV_HZ
1306 #: su.1.xml:33(term) login.defs.5.xml:33(term) login.1.xml:33(term)
1307 msgid "<option>ENV_HZ</option> (string)"
1310 #: su.1.xml:35(para) login.defs.5.xml:35(para) login.1.xml:35(para)
1311 msgid "If set, it will be used to define the HZ environment variable when a user login. The value must be preceded by <replaceable>HZ=</replaceable>. A common value on Linux is <replaceable>HZ=100</replaceable>."
1314 #: su.1.xml:41(para) login.defs.5.xml:41(para) login.1.xml:41(para)
1315 msgid "The <envar>HZ</envar> environment variable is only set when the user (the superuser) logs in with <command>sulogin</command>."
1318 #: su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
1319 msgid "<option>ENVIRON_FILE</option> (string)"
1322 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
1323 msgid "If this file exists and is readable, login environment will be read from it. Every line should be in the form name=value."
1326 #: su.1.xml:38(para) login.defs.5.xml:38(para) login.1.xml:38(para)
1327 msgid "Lines starting with a # are treated as comment lines and ignored."
1330 #: su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
1331 msgid "<option>ENV_PATH</option> (string)"
1334 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
1335 msgid "If set, it will be used to define the PATH environment variable when a regular user login. The value can be preceded by <replaceable>PATH=</replaceable>, or a colon separated list of paths (for example <replaceable>/bin:/usr/bin</replaceable>). The default value is <replaceable>PATH=/bin:/usr/bin</replaceable>."
1338 #: su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
1339 msgid "<option>ENV_SUPATH</option> (string)"
1342 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
1343 msgid "If set, it will be used to define the PATH environment variable when the superuser login. The value can be preceded by <replaceable>PATH=</replaceable>, or a colon separated list of paths (for example <replaceable>/sbin:/bin:/usr/sbin:/usr/bin</replaceable>). The default value is <replaceable>PATH=/bin:/usr/bin</replaceable>."
1346 #: su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
1347 msgid "<option>ENV_TZ</option> (string)"
1350 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
1351 msgid "If set, it will be used to define the TZ environment variable when a user login. The value can be the name of a timezone preceded by <replaceable>TZ=</replaceable> (for example <replaceable>TZ=CST6CDT</replaceable>), or the full path to the file containing the timezone specification (for example <filename>/etc/tzname</filename>)."
1354 #. TODO: it can in fact be used to set any other variable
1355 #: su.1.xml:43(para) login.defs.5.xml:43(para) login.1.xml:43(para)
1356 msgid "If a full path is specified but the file does not exist or cannot be read, the default is to use <replaceable>TZ=CST6CDT</replaceable>."
1359 #: su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term) chsh.1.xml:32(term) chfn.1.xml:32(term)
1360 msgid "<option>LOGIN_STRING</option> (string)"
1363 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para) chsh.1.xml:34(para) chfn.1.xml:34(para)
1364 msgid "The string used for prompting a password. The default is to use \"Password: \", or a translation of that string. If you set this variable, the prompt will no be translated."
1367 #: su.1.xml:39(para) login.defs.5.xml:39(para) login.1.xml:39(para) chsh.1.xml:39(para) chfn.1.xml:39(para)
1368 msgid "If the string contains <replaceable>%s</replaceable>, this will be replaced by the user's name."
1371 #: su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
1372 msgid "<option>MAIL_CHECK_ENAB</option> (boolean)"
1375 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
1376 msgid "Enable checking and display of mailbox status upon login."
1379 #: su.1.xml:37(para) login.defs.5.xml:37(para) login.1.xml:37(para)
1380 msgid "You should disable it if the shell startup files already check for mail (\"mailx -e\" or equivalent)."
1383 #: su.1.xml:32(term) login.defs.5.xml:32(term) login.1.xml:32(term)
1384 msgid "<option>QUOTAS_ENAB</option> (boolean)"
1387 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
1388 msgid "Enable setting of ulimit, umask, and niceness from passwd gecos field."
1391 #: su.1.xml:32(term) login.defs.5.xml:32(term)
1392 msgid "<option>SULOG_FILE</option> (string)"
1395 #: su.1.xml:34(para) login.defs.5.xml:34(para)
1396 msgid "If defined, all su activity is logged to this file."
1399 #: su.1.xml:32(term) login.defs.5.xml:32(term)
1400 msgid "<option>SU_NAME</option> (string)"
1403 #: su.1.xml:34(para) login.defs.5.xml:34(para)
1404 msgid "If defined, the command name to display when running \"su -\". For example, if this is defined as \"su\" then a \"ps\" will display the command is \"-su\". If not defined, then \"ps\" would display the name of the shell actually being run, e.g. something like \"-sh\"."
1407 #: su.1.xml:33(term) login.defs.5.xml:33(term)
1408 msgid "<option>SU_WHEEL_ONLY</option> (boolean)"
1411 #: su.1.xml:35(para) login.defs.5.xml:35(para)
1412 msgid "If <replaceable>yes</replaceable>, the user must be listed as a member of the first gid 0 group in <filename>/etc/group</filename> (called <replaceable>root</replaceable> on most Linux systems) to be able to <command>su</command> to uid 0 accounts. If the group doesn't exist or is empty, no one will be able to <command>su</command> to uid 0."
1415 #: su.1.xml:32(term) login.defs.5.xml:32(term)
1416 msgid "<option>SYSLOG_SU_ENAB</option> (boolean)"
1419 #: su.1.xml:34(para) login.defs.5.xml:34(para)
1420 msgid "Enable \"syslog\" logging of <command>su</command> activity - in addition to sulog file logging."
1423 #: su.1.xml:363(para)
1424 msgid "<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>sg</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum></citerefentry>."
1427 #: sg.1.xml:38(refentrytitle) sg.1.xml:43(refname) sg.1.xml:49(command)
1431 #: sg.1.xml:44(refpurpose)
1432 msgid "execute command as different group ID"
1435 #: sg.1.xml:50(arg) newgrp.1.xml:49(arg)
1439 #: sg.1.xml:52(arg) expiry.1.xml:53(arg)
1444 msgid "group <placeholder-1/> command"
1447 #: sg.1.xml:60(para)
1448 msgid "The <command>sg</command> command works similar to <command>newgrp</command> but accepts a command. The command will be executed with the <filename>/bin/sh</filename> shell. With most shells you may run <command>sg</command> from, you need to enclose multi-word commands in quotes. Another difference between <command>newgrp</command> and <command>sg</command> is that some shells treat <command>newgrp</command> specially, replacing themselves with a new instance of a shell that <command>newgrp</command> creates. This doesn't happen with <command>sg</command>, so upon exit from a <command>sg</command> command you are returned to your previous group ID."
1451 #: sg.1.xml:32(term) newgrp.1.xml:32(term) login.defs.5.xml:32(term)
1452 msgid "<option>SYSLOG_SG_ENAB</option> (boolean)"
1455 #: sg.1.xml:34(para) newgrp.1.xml:34(para) login.defs.5.xml:34(para)
1456 msgid "Enable \"syslog\" logging of <command>sg</command> activity."
1459 #: sg.1.xml:119(para)
1460 msgid "<citerefentry><refentrytitle>id</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</manvolnum></citerefentry><phrase condition=\"gshadow\">, <citerefentry><refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum></citerefentry></phrase>."
1463 #: shadow.5.xml:34(refentrytitle) shadow.5.xml:39(refname) shadow.3.xml:34(refentrytitle) shadow.3.xml:39(refname) pwck.8.xml:60(replaceable) pwck.8.xml:75(replaceable) grpck.8.xml:53(replaceable) grpck.8.xml:62(replaceable)
1467 #: shadow.5.xml:40(refpurpose)
1468 msgid "shadowed password file"
1471 #: shadow.5.xml:45(para)
1472 msgid "<filename>shadow</filename> is a file which contains the password information for the system's accounts and optional aging information."
1475 #: shadow.5.xml:51(para) gshadow.5.xml:49(para)
1476 msgid "This file must not be readable by regular users if password security is to be maintained."
1479 #: shadow.5.xml:56(para)
1480 msgid "Each line of this file contains 9 fields, separated by colons (<quote>:</quote>), in the following order:"
1483 #: shadow.5.xml:63(emphasis) passwd.5.xml:53(para)
1487 #: shadow.5.xml:65(para)
1488 msgid "It must be a valid account name, which exist on the system."
1491 #: shadow.5.xml:71(emphasis) gshadow.5.xml:68(emphasis)
1492 msgid "encrypted password"
1495 #: shadow.5.xml:73(para) gshadow.5.xml:70(para)
1496 msgid "Refer to <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry> for details on how this string is interpreted."
1499 #: shadow.5.xml:78(para)
1500 msgid "If the password field contains some string that is not a valid result of <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)."
1503 #: shadow.5.xml:85(para)
1504 msgid "This field may be empty, in which case no passwords are required to authenticate as the specified login name. However, some applications which read the <filename>/etc/shadow</filename> file may decide not to permit any access at all if the password field is empty."
1507 #: shadow.5.xml:92(para) gshadow.5.xml:92(para)
1508 msgid "A password field which starts with a exclamation mark means that the password is locked. The remaining characters on the line represent the password field before the password was locked."
1511 #: shadow.5.xml:102(emphasis)
1512 msgid "date of last password change"
1515 #: shadow.5.xml:105(para)
1516 msgid "The date of the last password change, expressed as the number of days since Jan 1, 1970."
1519 #: shadow.5.xml:109(para)
1520 msgid "The value 0 has a special meaning, which is that the user should change her pasword the next time she will log in the system."
1523 #: shadow.5.xml:114(para)
1524 msgid "An empty field means that password aging features are disabled."
1527 #: shadow.5.xml:121(emphasis)
1528 msgid "minimum password age"
1531 #: shadow.5.xml:123(para)
1532 msgid "The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again."
1535 #: shadow.5.xml:128(para)
1536 msgid "An empty field and value 0 mean that there are no minimum password age."
1539 #: shadow.5.xml:135(emphasis)
1540 msgid "maximum password age"
1543 #: shadow.5.xml:137(para)
1544 msgid "The maximum password age is the number of days after which the user will have to change her password."
1547 #: shadow.5.xml:141(para)
1548 msgid "After this number of days is elapsed, the password may still be valid. The user should be asked to change her password the next time she will log in."
1551 #: shadow.5.xml:146(para)
1552 msgid "An empty field means that there are no maximum password age, no password warning period, and no password inactivity period (see below)."
1555 #: shadow.5.xml:151(para)
1556 msgid "If the maximum password age is lower than the minimum password age, the user cannot change her password."
1559 #: shadow.5.xml:159(emphasis)
1560 msgid "password warning period"
1563 #: shadow.5.xml:162(para)
1564 msgid "The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned."
1567 #: shadow.5.xml:167(para)
1568 msgid "An empty field and value 0 mean that there are no password warning period."
1571 #: shadow.5.xml:175(emphasis)
1572 msgid "password inactivity period"
1575 #: shadow.5.xml:178(para)
1576 msgid "The number of days after a password has expired (see the maximum password age above) during which the password should still be accepted (and the user should update her password during the next login)."
1579 #: shadow.5.xml:184(para)
1580 msgid "After expiration of the password and this expiration period is elapsed, no login is possible using the current user's password. The user should contact her administrator."
1583 #: shadow.5.xml:189(para)
1584 msgid "An empty field means that there are no enforcement of an inactivity period."
1587 #: shadow.5.xml:197(emphasis)
1588 msgid "account expiration date"
1591 #: shadow.5.xml:200(para)
1592 msgid "The date of expiration of the account, expressed as the number of days since Jan 1, 1970."
1595 #: shadow.5.xml:204(para)
1596 msgid "Note that an account expiration differs from a password expiration. In case of an acount expiration, the user shall not be allowed to login. In case of a password expiration, the user is not allowed to login using her password."
1599 #: shadow.5.xml:210(para)
1600 msgid "An empty field means that the account will never expire."
1603 #: shadow.5.xml:213(para)
1604 msgid "The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan 1, 1970."
1607 #: shadow.5.xml:221(emphasis)
1608 msgid "reserved field"
1611 #: shadow.5.xml:223(para)
1612 msgid "This field is reserved for future use."
1615 #: shadow.5.xml:245(filename)
1616 msgid "/etc/shadow-"
1619 #: shadow.5.xml:247(para)
1620 msgid "Backup file for /etc/shadow."
1623 #: shadow.5.xml:248(para) passwd.5.xml:134(para)
1624 msgid "Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools."
1627 #: shadow.5.xml:259(para)
1628 msgid "<citerefentry><refentrytitle>chage</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>pwck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pwconv</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pwunconv</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>sulogin</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
1631 #: shadow.3.xml:36(refmiscinfo)
1632 msgid "Library Calls"
1635 #: shadow.3.xml:40(refname)
1639 #: shadow.3.xml:41(refpurpose)
1640 msgid "encrypted password file routines"
1643 #: shadow.3.xml:45(title)
1647 #: shadow.3.xml:47(emphasis)
1648 msgid "#include <shadow.h>"
1651 #: shadow.3.xml:51(emphasis)
1652 msgid "struct spwd *getspent();"
1655 #: shadow.3.xml:55(emphasis)
1656 msgid "struct spwd *getspnam(char"
1659 #: shadow.3.xml:56(emphasis)
1663 #: shadow.3.xml:56(emphasis) shadow.3.xml:69(emphasis) shadow.3.xml:74(emphasis) shadow.3.xml:80(emphasis)
1667 #: shadow.3.xml:60(emphasis)
1668 msgid "void setspent();"
1671 #: shadow.3.xml:64(emphasis)
1672 msgid "void endspent();"
1675 #: shadow.3.xml:68(emphasis)
1676 msgid "struct spwd *fgetspent(FILE"
1679 #: shadow.3.xml:69(emphasis) shadow.3.xml:80(emphasis)
1683 #: shadow.3.xml:73(emphasis)
1684 msgid "struct spwd *sgetspent(char"
1687 #: shadow.3.xml:74(emphasis)
1691 #: shadow.3.xml:78(emphasis)
1692 msgid "int putspent(struct spwd"
1695 #: shadow.3.xml:79(emphasis)
1699 #: shadow.3.xml:79(emphasis)
1703 #: shadow.3.xml:84(emphasis)
1704 msgid "int lckpwdf();"
1707 #: shadow.3.xml:88(emphasis)
1708 msgid "int ulckpwdf();"
1711 #: shadow.3.xml:94(para)
1712 msgid "<emphasis remap=\"I\">shadow</emphasis> manipulates the contents of the shadow password file, <filename>/etc/shadow</filename>. The structure in the <emphasis remap=\"I\">#include</emphasis> file is:"
1715 #: shadow.3.xml:99(programlisting)
1717 msgid "struct spwd {\n char\t\t*sp_namp; /* user login name */\n char\t\t*sp_pwdp; /* encrypted password */\n long int\t\tsp_lstchg; /* last password change */\n long int\t\tsp_min; /* days until change allowed. */\n long int\t\tsp_max; /* days before change required */\n long int\t\tsp_warn; /* days warning for expiration */\n long int\t\tsp_inact; /* days before account inactive */\n long int\t\tsp_expire; /* date when account expires */\n unsigned long int\tsp_flag; /* reserved for future use */\n}\n "
1720 #: shadow.3.xml:111(para)
1721 msgid "The meanings of each field are:"
1724 #: shadow.3.xml:114(para)
1725 msgid "sp_namp - pointer to null-terminated user name"
1728 #: shadow.3.xml:117(para)
1729 msgid "sp_pwdp - pointer to null-terminated password"
1732 #: shadow.3.xml:120(para)
1733 msgid "sp_lstchg - days since Jan 1, 1970 password was last changed"
1736 #: shadow.3.xml:123(para)
1737 msgid "sp_min - days before which password may not be changed"
1740 #: shadow.3.xml:126(para)
1741 msgid "sp_max - days after which password must be changed"
1744 #: shadow.3.xml:129(para)
1745 msgid "sp_warn - days before password is to expire that user is warned of pending password expiration"
1748 #: shadow.3.xml:134(para)
1749 msgid "sp_inact - days after password expires that account is considered inactive and disabled"
1752 #: shadow.3.xml:139(para)
1753 msgid "sp_expire - days since Jan 1, 1970 when account will be disabled"
1756 #: shadow.3.xml:142(para)
1757 msgid "sp_flag - reserved for future use"
1760 #: shadow.3.xml:150(para)
1761 msgid "<emphasis>getspent</emphasis>, <emphasis>getspname</emphasis>, <emphasis>fgetspent</emphasis>, and <emphasis>sgetspent</emphasis> each return a pointer to a <emphasis>struct spwd</emphasis>. <emphasis>getspent</emphasis> returns the next entry from the file, and <emphasis>fgetspent</emphasis> returns the next entry from the given stream, which is assumed to be a file of the proper format. <emphasis>sgetspent</emphasis> returns a pointer to a <emphasis>struct spwd</emphasis> using the provided string as input. <emphasis>getspnam</emphasis> searches from the current position in the file for an entry matching <emphasis>name</emphasis>."
1764 #: shadow.3.xml:163(para)
1765 msgid "<emphasis>setspent</emphasis> and <emphasis>endspent</emphasis> may be used to begin and end, respectively, access to the shadow password file."
1768 #: shadow.3.xml:169(para)
1769 msgid "The <emphasis>lckpwdf</emphasis> and <emphasis>ulckpwdf</emphasis> routines should be used to insure exclusive access to the <filename>/etc/shadow</filename> file. <emphasis>lckpwdf</emphasis> attempts to acquire a lock using <emphasis>pw_lock</emphasis> for up to 15 seconds. It continues by attempting to acquire a second lock using <emphasis>spw_lock</emphasis> for the remainder of the initial 15 seconds. Should either attempt fail after a total of 15 seconds, <emphasis>lckpwdf</emphasis> returns -1. When both locks are acquired 0 is returned."
1772 #: shadow.3.xml:184(para)
1773 msgid "Routines return NULL if no more entries are available or if an error occurs during processing. Routines which have <emphasis>int</emphasis> as the return value return 0 for success and -1 for failure."
1776 #: shadow.3.xml:194(para)
1777 msgid "These routines may only be used by the superuser as access to the shadow password file is restricted."
1780 #: shadow.3.xml:214(para)
1781 msgid "<citerefentry><refentrytitle>getpwent</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
1784 #: pwconv.8.xml:42(refentrytitle) pwconv.8.xml:47(refname) pwconv.8.xml:56(command) login.defs.5.xml:388(term)
1788 #: pwconv.8.xml:48(refname) pwconv.8.xml:59(command)
1792 #: pwconv.8.xml:49(refname) pwconv.8.xml:62(command) login.defs.5.xml:302(term)
1796 #: pwconv.8.xml:50(refname) pwconv.8.xml:65(command) login.defs.5.xml:308(term)
1800 #: pwconv.8.xml:51(refpurpose)
1801 msgid "convert to and from shadow passwords and groups"
1804 #: pwconv.8.xml:71(para)
1805 msgid "The <command>pwconv</command> command creates <emphasis remap=\"I\">shadow</emphasis> from <emphasis remap=\"I\">passwd</emphasis> and an optionally existing <emphasis remap=\"I\">shadow</emphasis>."
1808 #: pwconv.8.xml:77(para)
1809 msgid "The <command>pwunconv</command> command creates <emphasis remap=\"I\">passwd</emphasis> from <emphasis remap=\"I\">passwd</emphasis> and <emphasis remap=\"I\">shadow</emphasis> and then removes <emphasis remap=\"I\">shadow</emphasis>."
1812 #: pwconv.8.xml:84(para)
1813 msgid "The <command>grpconv</command> command creates <emphasis remap=\"I\">gshadow</emphasis> from <emphasis remap=\"I\">group</emphasis> and an optionally existing <emphasis remap=\"I\">gshadow</emphasis>."
1816 #: pwconv.8.xml:90(para)
1817 msgid "The <command>grpunconv</command> command creates <emphasis remap=\"I\">group</emphasis> from <emphasis remap=\"I\">group</emphasis> and <emphasis remap=\"I\">gshadow</emphasis> and then removes <emphasis remap=\"I\">gshadow</emphasis>."
1820 #: pwconv.8.xml:97(para)
1821 msgid "These four programs all operate on the normal and shadow password and group files: <filename>/etc/passwd</filename>, <filename>/etc/group</filename>, <filename>/etc/shadow</filename>, and <filename>/etc/gshadow</filename>."
1824 #: pwconv.8.xml:104(para)
1825 msgid "Each program acquires the necessary locks before conversion. <command>pwconv</command> and <command>grpconv</command> are similar. First, entries in the shadowed file which don't exist in the main file are removed. Then, shadowed entries which don't have `x' as the password in the main file are updated. Any missing shadowed entries are added. Finally, passwords in the main file are replaced with `x'. These programs can be used for initial conversion as well to update the shadowed file if the main file is edited by hand."
1828 #: pwconv.8.xml:115(para)
1829 msgid "<command>pwconv</command> will use the values of <emphasis remap=\"I\">PASS_MIN_DAYS</emphasis>, <emphasis remap=\"I\">PASS_MAX_DAYS</emphasis>, and <emphasis remap=\"I\">PASS_WARN_AGE</emphasis> from <filename>/etc/login.defs</filename> when adding new entries to <filename>/etc/shadow</filename>."
1832 #: pwconv.8.xml:124(para)
1833 msgid "Likewise <command>pwunconv</command> and <command>grpunconv</command> are similar. Passwords in the main file are updated from the shadowed file. Entries which exist in the main file but not in the shadowed file are left alone. Finally, the shadowed file is removed. Some password aging information is lost by <command>pwunconv</command>. It will convert what it can."
1836 #: pwconv.8.xml:136(para)
1837 msgid "Errors in the password or group files (such as invalid or duplicate entries) may cause these programs to loop forever or fail in other strange ways. Please run <command>pwck</command> and <command>grpck</command> to correct any such errors before converting to or from shadow passwords or groups."
1840 #: pwconv.8.xml:147(para)
1841 msgid "The following configuration variable in <filename>/etc/login.defs</filename> changes the behavior of <command>grpconv</command> and <command>grpunconv</command>:"
1844 #: pwconv.8.xml:155(para)
1845 msgid "The following configuration variables in <filename>/etc/login.defs</filename> change the behavior of <command>pwconv</command>:"
1848 #: pwconv.8.xml:181(para)
1849 msgid "<citerefentry><refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>pwck</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
1852 #: pwck.8.xml:40(refentrytitle) pwck.8.xml:45(refname) pwck.8.xml:51(command) pwck.8.xml:66(command) login.defs.5.xml:380(term)
1856 #: pwck.8.xml:46(refpurpose)
1857 msgid "verify integrity of password files"
1860 #: pwck.8.xml:52(arg) pwck.8.xml:67(arg) pwck.8.xml:171(option)
1864 #: pwck.8.xml:53(arg) pwck.8.xml:192(option) grpck.8.xml:58(arg) grpck.8.xml:149(option)
1868 #: pwck.8.xml:56(replaceable) pwck.8.xml:71(replaceable) passwd.5.xml:34(refentrytitle) passwd.5.xml:39(refname) passwd.1.xml:44(refentrytitle) passwd.1.xml:49(refname) passwd.1.xml:55(command) login.defs.5.xml:369(term)
1872 #: pwck.8.xml:68(arg) pwck.8.xml:182(option) login.1.xml:222(option) grpck.8.xml:49(arg) grpck.8.xml:139(option)
1876 #: pwck.8.xml:84(para)
1877 msgid "The <command>pwck</command> command verifies the integrity of the users and authentication information. It checks that all entries in <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename> have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors."
1880 #: pwck.8.xml:93(para) grpck.8.xml:80(para)
1881 msgid "Checks are made to verify that each entry has:"
1884 #: pwck.8.xml:96(para) grpck.8.xml:84(para)
1885 msgid "the correct number of fields"
1888 #: pwck.8.xml:99(para)
1889 msgid "a unique and valid user name"
1892 #: pwck.8.xml:102(para)
1893 msgid "a valid user and group identifier"
1896 #: pwck.8.xml:105(para)
1897 msgid "a valid primary group"
1900 #: pwck.8.xml:108(para)
1901 msgid "a valid home directory"
1904 #: pwck.8.xml:111(para)
1905 msgid "a valid login shell"
1908 #: pwck.8.xml:115(para)
1909 msgid "<filename>shadow</filename> checks are enabled when a second file parameter is specified or when <filename>/etc/shadow</filename> exists on the system."
1912 #: pwck.8.xml:120(para)
1913 msgid "These checks are the following:"
1916 #: pwck.8.xml:125(para)
1917 msgid "every passwd entry has a matching shadow entry, and every shadow entry has a matching passwd entry"
1920 #: pwck.8.xml:131(para)
1921 msgid "passwords are specified in the shadowed file"
1924 #: pwck.8.xml:134(para)
1925 msgid "shadow entries have the correct number of fields"
1928 #: pwck.8.xml:137(para)
1929 msgid "shadow entries are unique in shadow"
1932 #: pwck.8.xml:140(para)
1933 msgid "the last password changes are not in the future"
1936 #: pwck.8.xml:144(para)
1937 msgid "The checks for correct number of fields and unique user name are fatal. If the entry has the wrong number of fields, the user will be prompted to delete the entire line. If the user does not answer affirmatively, all further checks are bypassed. An entry with a duplicated user name is prompted for deletion, but the remaining checks will still be made. All other errors are warning and the user is encouraged to run the <command>usermod</command> command to correct the error."
1940 #: pwck.8.xml:155(para)
1941 msgid "The commands which operate on the <filename>/etc/passwd</filename> file are not able to alter corrupted or duplicated entries. <command>pwck</command> should be used in those circumstances to remove the offending entry."
1944 #: pwck.8.xml:165(para)
1945 msgid "The options which apply to the <command>pwck</command> command are:"
1948 #: pwck.8.xml:174(para)
1949 msgid "Report errors only. The warnings which do not require any action from the user won't be displayed."
1952 #: pwck.8.xml:185(para)
1953 msgid "Execute the <command>pwck</command> command in read-only mode."
1956 #: pwck.8.xml:195(para)
1957 msgid "Sort entries in <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename> by UID."
1960 #: pwck.8.xml:203(para)
1961 msgid "By default, <command>pwck</command> operates on the files <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>. The user may select alternate files with the <emphasis remap=\"I\">passwd</emphasis> and <emphasis remap=\"I\">shadow</emphasis> parameters."
1964 #: pwck.8.xml:270(para)
1965 msgid "one or more bad password entries"
1968 #: pwck.8.xml:276(para)
1969 msgid "can't open password files"
1972 #: pwck.8.xml:282(para)
1973 msgid "can't lock password files"
1976 #: pwck.8.xml:288(para)
1977 msgid "can't update password files"
1980 #: pwck.8.xml:294(para)
1981 msgid "can't sort password files"
1984 #: pwck.8.xml:252(para)
1985 msgid "The <command>pwck</command> command exits with the following values: <placeholder-1/>"
1988 #: pwck.8.xml:303(para)
1989 msgid "<citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
1992 #: porttime.5.xml:34(refentrytitle) porttime.5.xml:39(refname)
1996 #: porttime.5.xml:40(refpurpose)
1997 msgid "port access time file"
2000 #: porttime.5.xml:45(para)
2001 msgid "<emphasis remap=\"I\">porttime</emphasis> contains a list of tty devices, user names, and permitted login times."
2004 #: porttime.5.xml:50(para)
2005 msgid "Each entry consists of three colon separated fields. The first field is a comma separated list of tty devices, or an asterisk to indicate that all tty devices are matched by this entry. The second field is a comma separated list of user names, or an asterisk to indicated that all user names are matched by this entry. The third field is a comma separated list of permitted access times."
2008 #: porttime.5.xml:59(para)
2009 msgid "Each access time entry consists of zero or more days of the week, abbreviated <emphasis>Su</emphasis>, <emphasis>Mo</emphasis>, <emphasis>Tu</emphasis>, <emphasis>We</emphasis>, <emphasis>Th</emphasis>, <emphasis>Fr</emphasis>, and <emphasis>Sa</emphasis>, followed by a pair of times separated by a hyphen. The abbreviation <emphasis>Wk</emphasis> may be used to represent Monday thru Friday, and <emphasis>Al</emphasis> may be used to indicate every day. If no days are given, <emphasis>Al</emphasis> is assumed."
2012 #: porttime.5.xml:73(title)
2016 #: porttime.5.xml:74(para)
2017 msgid "The following entry allows access to user <emphasis remap=\"B\">jfh</emphasis> on every port during weekdays from 9am to 5pm."
2020 #: porttime.5.xml:80(para)
2021 msgid "*:jfh:Wk0900-1700"
2024 #: porttime.5.xml:82(para)
2025 msgid "The following entries allow access only to the users <emphasis>root</emphasis> and <emphasis>oper</emphasis> on <filename>/dev/console</filename> at any time. This illustrates how the <filename>/etc/porttime</filename> file is an ordered list of access times. Any other user would match the second entry which does not permit access at any time."
2028 #: porttime.5.xml:91(programlisting)
2030 msgid "\n console:root,oper:Al0000-2400\n console:*:\n "
2033 #: porttime.5.xml:96(para)
2034 msgid "The following entry allows access for the user <emphasis>games</emphasis> on any port during non-working hours."
2037 #: porttime.5.xml:101(para)
2038 msgid "*:games:Wk1700-0900,SaSu0000-2400"
2041 #: porttime.5.xml:108(filename) logoutd.8.xml:67(filename)
2042 msgid "/etc/porttime"
2045 #: porttime.5.xml:110(para) logoutd.8.xml:69(para)
2046 msgid "File containing port access."
2049 #: porttime.5.xml:118(para) login.access.5.xml:109(para)
2050 msgid "<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>."
2053 #: passwd.5.xml:40(refpurpose)
2054 msgid "the password file"
2057 #: passwd.5.xml:45(para)
2058 msgid "<filename>/etc/passwd</filename> contains one line for each user account, with seven fields delimited by colons (<quote>:</quote>). These fields are:"
2061 #: passwd.5.xml:56(para)
2062 msgid "optional encrypted password"
2065 #: passwd.5.xml:59(para)
2066 msgid "numerical user ID"
2069 #: passwd.5.xml:62(para)
2070 msgid "numerical group ID"
2073 #: passwd.5.xml:65(para)
2074 msgid "user name or comment field"
2077 #: passwd.5.xml:68(para)
2078 msgid "user home directory"
2081 #: passwd.5.xml:71(para)
2082 msgid "optional user command interpreter"
2085 #: passwd.5.xml:75(para)
2086 msgid "The encrypted password field may be blank, in which case no password is required to authenticate as the specified login name. However, some applications which read the <filename>/etc/passwd</filename> file may decide not to permit <emphasis>any</emphasis> access at all if the <emphasis>password</emphasis> field is blank. If the <emphasis>password</emphasis> field is a lower-case <quote>x</quote>, then the encrypted password is actually stored in the <citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry> file instead; there <emphasis>must</emphasis> be a corresponding line in the <filename>/etc/shadow</filename> file, or else the user account is invalid. If the <emphasis>password</emphasis> field is any other string, then it will be treated as an encrypted password, as specified by <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>."
2089 #: passwd.5.xml:94(para)
2090 msgid "The comment field is used by various system utilities, such as <citerefentry><refentrytitle>finger</refentrytitle><manvolnum>1</manvolnum></citerefentry>."
2093 #: passwd.5.xml:100(para)
2094 msgid "The home directory field provides the name of the initial working directory. The <command>login</command> program uses this information to set the value of the <envar>$HOME</envar> environmental variable."
2097 #: passwd.5.xml:106(para)
2098 msgid "The command interpreter field provides the name of the user's command language interpreter, or the name of the initial program to execute. The <command>login</command> program uses this information to set the value of the <envar>$SHELL</envar> environmental variable. If this field is empty, it defaults to the value <filename>/bin/sh</filename>."
2101 #: passwd.5.xml:127(para)
2102 msgid "optional encrypted password file"
2105 #: passwd.5.xml:131(filename)
2106 msgid "/etc/passwd-"
2109 #: passwd.5.xml:133(para)
2110 msgid "Backup file for /etc/passwd."
2113 #: passwd.5.xml:145(para)
2114 msgid "<citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>getpwnam</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>pwck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pwconv</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pwunconv</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>sulogin</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
2117 #: passwd.1.xml:50(refpurpose)
2118 msgid "change user password"
2121 #: passwd.1.xml:67(para)
2122 msgid "The <command>passwd</command> command changes passwords for user accounts. A normal user may only change the password for his/her own account, while the superuser may change the password for any account. <command>passwd</command> also changes the account or associated password validity period."
2125 #: passwd.1.xml:76(title)
2126 msgid "Password Changes"
2129 #: passwd.1.xml:77(para)
2130 msgid "The user is first prompted for his/her old password, if one is present. This password is then encrypted and compared against the stored password. The user has only one chance to enter the correct password. The superuser is permitted to bypass this step so that forgotten passwords may be changed."
2133 #: passwd.1.xml:85(para)
2134 msgid "After the password has been entered, password aging information is checked to see if the user is permitted to change the password at this time. If not, <command>passwd</command> refuses to change the password and exits."
2137 #: passwd.1.xml:92(para)
2138 msgid "The user is then prompted twice for a replacement password. The second entry is compared against the first and both are required to match in order for the password to be changed."
2141 #: passwd.1.xml:98(para)
2142 msgid "Then, the password is tested for complexity. As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:"
2145 #: passwd.1.xml:106(para)
2146 msgid "lower case alphabetics"
2149 #: passwd.1.xml:109(para)
2150 msgid "digits 0 thru 9"
2153 #: passwd.1.xml:112(para)
2154 msgid "punctuation marks"
2157 #: passwd.1.xml:116(para)
2158 msgid "Care must be taken not to include the system default erase or kill characters. <command>passwd</command> will reject any password which is not suitably complex."
2161 #: passwd.1.xml:125(title)
2162 msgid "Hints for user passwords"
2165 #: passwd.1.xml:126(para)
2166 msgid "The security of a password depends upon the strength of the encryption algorithm and the size of the key space. The legacy <emphasis>UNIX</emphasis> System encryption method is based on the NBS DES algorithm. More recent methods are now recommended (see <option>ENCRYPT_METHOD</option>). The size of the key space depends upon the randomness of the password which is selected."
2169 #: passwd.1.xml:135(para)
2170 msgid "Compromises in password security normally result from careless password selection or handling. For this reason, you should not select a password which appears in a dictionary or which must be written down. The password should also not be a proper name, your license number, birth date, or street address. Any of these may be used as guesses to violate system security."
2173 #: passwd.1.xml:144(para)
2174 msgid "You can find advices on how to choose a strong password on http://en.wikipedia.org/wiki/Password_strength"
2177 #: passwd.1.xml:153(para)
2178 msgid "The options which apply to the <command>passwd</command> command are:"
2181 #: passwd.1.xml:158(term) faillog.8.xml:71(term)
2182 msgid "<option>-a</option>, <option>--all</option>"
2185 #: passwd.1.xml:162(para)
2186 msgid "This option can be used only with <option>-S</option> and causes show status for all users."
2189 #: passwd.1.xml:169(term)
2190 msgid "<option>-d</option>, <option>--delete</option>"
2193 #: passwd.1.xml:173(para)
2194 msgid "Delete a user's password (make it empty). This is a quick way to disable a password for an account. It will set the named account passwordless."
2197 #: passwd.1.xml:181(term)
2198 msgid "<option>-e</option>, <option>--expire</option>"
2201 #: passwd.1.xml:185(para)
2202 msgid "Immediately expire an account's password. This in effect can force a user to change his/her password at the user's next login."
2205 #: passwd.1.xml:198(term)
2206 msgid "<option>-i</option>, <option>--inactive</option><replaceable>INACTIVE</replaceable>"
2209 #: passwd.1.xml:202(para)
2210 msgid "This option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for <replaceable>INACTIVE</replaceable> days, the user may no longer sign on to the account."
2213 #: passwd.1.xml:211(term)
2214 msgid "<option>-k</option>, <option>--keep-tokens</option>"
2217 #: passwd.1.xml:215(para)
2218 msgid "Indicate password change should be performed only for expired authentication tokens (passwords). The user wishes to keep their non-expired tokens as before."
2221 #: passwd.1.xml:223(term)
2222 msgid "<option>-l</option>, <option>--lock</option>"
2225 #: passwd.1.xml:227(para)
2226 msgid "Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ´!´ at the beginning of the password)."
2229 #: passwd.1.xml:233(para)
2230 msgid "Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use <command>usermod --expiredate 1</command> (this set the account's expire date to Jan 2, 1970)."
2233 #: passwd.1.xml:240(para)
2234 msgid "Users with a locked password are not allowed to change their password."
2237 #: passwd.1.xml:247(term)
2238 msgid "<option>-n</option>, <option>--mindays</option><replaceable>MIN_DAYS</replaceable>"
2241 #: passwd.1.xml:251(para) chage.1.xml:142(para)
2242 msgid "Set the minimum number of days between password changes to <replaceable>MIN_DAYS</replaceable>. A value of zero for this field indicates that the user may change his/her password at any time."
2245 #: passwd.1.xml:269(term)
2246 msgid "<option>-r</option>, <option>--repository</option><replaceable>REPOSITORY</replaceable>"
2249 #: passwd.1.xml:273(para)
2250 msgid "change password in <replaceable>REPOSITORY</replaceable> repository"
2253 #: passwd.1.xml:279(term)
2254 msgid "<option>-S</option>, <option>--status</option>"
2257 #: passwd.1.xml:283(para)
2258 msgid "Display account status information. The status information consists of 7 fields. The first field is the user's login name. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P). The third field gives the date of the last password change. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password. These ages are expressed in days."
2261 #: passwd.1.xml:297(term)
2262 msgid "<option>-u</option>, <option>--unlock</option>"
2265 #: passwd.1.xml:301(para)
2266 msgid "Unlock the password of the named account. This option re-enables a password by changing the password back to its previous value (to the value before using the <option>-l</option> option)."
2269 #: passwd.1.xml:310(term)
2270 msgid "<option>-w</option>, <option>--warndays</option><replaceable>WARN_DAYS</replaceable>"
2273 #: passwd.1.xml:314(para)
2274 msgid "Set the number of days of warning before a password change is required. The <replaceable>WARN_DAYS</replaceable> option is the number of days prior to the password expiring that a user will be warned that his/her password is about to expire."
2277 #: passwd.1.xml:323(term)
2278 msgid "<option>-x</option>, <option>--maxdays</option><replaceable>MAX_DAYS</replaceable>"
2281 #: passwd.1.xml:327(para)
2282 msgid "Set the maximum number of days a password remains valid. After <replaceable>MAX_DAYS</replaceable>, the password is required to be changed."
2285 #: passwd.1.xml:339(para)
2286 msgid "Password complexity checking may vary from site to site. The user is urged to select a password as complex as he or she feels comfortable with."
2289 #: passwd.1.xml:344(para)
2290 msgid "Users may not be able to change their password on a system if NIS is enabled and they are not logged into the NIS server."
2293 #: passwd.1.xml:349(para)
2294 msgid "<command>passwd</command> uses PAM to authenticate users and to change their passwords."
2297 #: passwd.1.xml:30(term) newusers.8.xml:30(term) login.defs.5.xml:30(term) gpasswd.1.xml:30(term) chpasswd.8.xml:30(term) chgpasswd.8.xml:30(term)
2298 msgid "<option>ENCRYPT_METHOD</option> (string)"
2301 #: passwd.1.xml:32(para) newusers.8.xml:32(para) login.defs.5.xml:32(para) gpasswd.1.xml:32(para) chpasswd.8.xml:32(para) chgpasswd.8.xml:32(para)
2302 msgid "This defines the system default encryption algorithm for encrypting passwords (if no algorithm are specified on the command line)."
2305 #: passwd.1.xml:40(para) newusers.8.xml:40(para) login.defs.5.xml:40(para) gpasswd.1.xml:40(para) chpasswd.8.xml:40(para) chgpasswd.8.xml:40(para)
2306 msgid "<replaceable>DES</replaceable> (default)"
2309 #: passwd.1.xml:43(replaceable) newusers.8.xml:43(replaceable) login.defs.5.xml:43(replaceable) gpasswd.1.xml:43(replaceable) chpasswd.8.xml:43(replaceable) chgpasswd.8.xml:43(replaceable)
2313 #: passwd.1.xml:46(replaceable) newusers.8.xml:46(replaceable) login.defs.5.xml:46(replaceable) gpasswd.1.xml:46(replaceable) chpasswd.8.xml:46(replaceable) chgpasswd.8.xml:46(replaceable)
2317 #: passwd.1.xml:49(replaceable) newusers.8.xml:49(replaceable) login.defs.5.xml:49(replaceable) gpasswd.1.xml:49(replaceable) chpasswd.8.xml:49(replaceable) chgpasswd.8.xml:49(replaceable)
2321 #: passwd.1.xml:36(para) newusers.8.xml:36(para) login.defs.5.xml:36(para) gpasswd.1.xml:36(para) chpasswd.8.xml:36(para) chgpasswd.8.xml:36(para)
2322 msgid "It can take one of these values: <placeholder-1/>"
2325 #: passwd.1.xml:53(para) newusers.8.xml:53(para) login.defs.5.xml:53(para) gpasswd.1.xml:53(para) chpasswd.8.xml:53(para) chgpasswd.8.xml:53(para)
2326 msgid "Note: this parameter overrides the <option>MD5_CRYPT_ENAB</option> variable."
2329 #: passwd.1.xml:57(para) passwd.1.xml:53(para) passwd.1.xml:62(para) newusers.8.xml:57(para) newusers.8.xml:53(para) newusers.8.xml:62(para) login.defs.5.xml:57(para) login.defs.5.xml:53(para) login.defs.5.xml:62(para) gpasswd.1.xml:57(para) gpasswd.1.xml:53(para) gpasswd.1.xml:62(para) chpasswd.8.xml:57(para) chpasswd.8.xml:53(para) chpasswd.8.xml:62(para) chgpasswd.8.xml:57(para) chgpasswd.8.xml:53(para) chgpasswd.8.xml:62(para)
2330 msgid "Note: This only affect the generation of group passwords. The generation of user passwords is done by PAM and subject to the PAM configuration. It is recommended to set this variable consistently with the PAM configuration."
2333 #: passwd.1.xml:32(term) newusers.8.xml:32(term) login.defs.5.xml:32(term) gpasswd.1.xml:32(term) chpasswd.8.xml:32(term) chgpasswd.8.xml:32(term)
2334 msgid "<option>MD5_CRYPT_ENAB</option> (boolean)"
2337 #: passwd.1.xml:34(para) newusers.8.xml:34(para) login.defs.5.xml:34(para) gpasswd.1.xml:34(para) chpasswd.8.xml:34(para) chgpasswd.8.xml:34(para)
2338 msgid "Indicate if passwords must be encrypted using the MD5-based algorithm. If set to <replaceable>yes</replaceable>, new passwords will be encrypted using the MD5-based algorithm compatible with the one used by recent releases of FreeBSD. It supports passwords of unlimited length and longer salt strings. Set to <replaceable>no</replaceable> if you need to copy encrypted passwords to other systems which don't understand the new algorithm. Default is <replaceable>no</replaceable>."
2341 #: passwd.1.xml:44(para) newusers.8.xml:44(para) login.defs.5.xml:44(para) gpasswd.1.xml:44(para) chpasswd.8.xml:44(para) chgpasswd.8.xml:44(para)
2342 msgid "This variable is superceded by the <option>ENCRYPT_METHOD</option> variable or by any command line option used to configure the encryption algorithm."
2345 #: passwd.1.xml:49(para) newusers.8.xml:49(para) login.defs.5.xml:49(para) gpasswd.1.xml:49(para) chpasswd.8.xml:49(para) chgpasswd.8.xml:49(para)
2346 msgid "This variable is deprecated. You should use <option>ENCRYPT_METHOD</option>."
2349 #: passwd.1.xml:32(term) login.defs.5.xml:32(term)
2350 msgid "<option>OBSCURE_CHECKS_ENAB</option> (boolean)"
2353 #: passwd.1.xml:34(para) login.defs.5.xml:34(para)
2354 msgid "Enable additional checks upon password changes."
2357 #: passwd.1.xml:32(term) login.defs.5.xml:32(term)
2358 msgid "<option>PASS_ALWAYS_WARN</option> (boolean)"
2361 #: passwd.1.xml:34(para) login.defs.5.xml:34(para)
2362 msgid "Warn about weak passwords (but still allow them) if you are root."
2365 #: passwd.1.xml:32(term) login.defs.5.xml:32(term)
2366 msgid "<option>PASS_CHANGE_TRIES</option> (number)"
2369 #: passwd.1.xml:34(para) login.defs.5.xml:34(para)
2370 msgid "Maximum number of attempts to change password if rejected (too easy)."
2373 #: passwd.1.xml:32(term) login.defs.5.xml:32(term)
2374 msgid "<option>PASS_MAX_LEN</option> (number)"
2377 #: passwd.1.xml:33(term) login.defs.5.xml:33(term)
2378 msgid "<option>PASS_MIN_LEN</option> (number)"
2381 #: passwd.1.xml:35(para) login.defs.5.xml:35(para)
2382 msgid "Number of significant characters in the password for crypt(). <option>PASS_MAX_LEN</option> is 8 by default. Don't change unless your crypt() is better. This is ignored if <option>MD5_CRYPT_ENAB</option> set to <replaceable>yes</replaceable>."
2385 #: passwd.1.xml:30(term) newusers.8.xml:30(term) login.defs.5.xml:30(term) gpasswd.1.xml:30(term) chpasswd.8.xml:30(term) chgpasswd.8.xml:30(term)
2386 msgid "<option>SHA_CRYPT_MIN_ROUNDS</option> (number)"
2389 #: passwd.1.xml:31(term) newusers.8.xml:31(term) login.defs.5.xml:31(term) gpasswd.1.xml:31(term) chpasswd.8.xml:31(term) chgpasswd.8.xml:31(term)
2390 msgid "<option>SHA_CRYPT_MAX_ROUNDS</option> (number)"
2393 #: passwd.1.xml:33(para) newusers.8.xml:33(para) login.defs.5.xml:33(para) gpasswd.1.xml:33(para) chpasswd.8.xml:33(para) chgpasswd.8.xml:33(para)
2394 msgid "When <option>ENCRYPT_METHOD</option> is set to <replaceable>SHA256</replaceable> or <replaceable>SHA512</replaceable>, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)."
2397 #: passwd.1.xml:40(para) newusers.8.xml:40(para) login.defs.5.xml:40(para) gpasswd.1.xml:40(para) chpasswd.8.xml:40(para) chgpasswd.8.xml:40(para)
2398 msgid "With a lot of rounds, it is more difficult to brute forcing the password. But note also that more CPU resources will be needed to authenticate users."
2401 #: passwd.1.xml:45(para) newusers.8.xml:45(para) login.defs.5.xml:45(para) gpasswd.1.xml:45(para) chpasswd.8.xml:45(para) chgpasswd.8.xml:45(para)
2402 msgid "If not specified, the libc will choose the default number of rounds (5000)."
2405 #: passwd.1.xml:49(para) newusers.8.xml:49(para) login.defs.5.xml:49(para) gpasswd.1.xml:49(para) chpasswd.8.xml:49(para) chgpasswd.8.xml:49(para)
2406 msgid "The values must be inside the 1000-999999999 range."
2409 #: passwd.1.xml:52(para) newusers.8.xml:52(para) login.defs.5.xml:52(para) gpasswd.1.xml:52(para) chpasswd.8.xml:52(para) chgpasswd.8.xml:52(para)
2410 msgid "If only one of the <option>SHA_CRYPT_MIN_ROUNDS</option> or <option>SHA_CRYPT_MAX_ROUNDS</option> values is set, then this value will be used."
2413 #: passwd.1.xml:57(para) newusers.8.xml:57(para) login.defs.5.xml:57(para) gpasswd.1.xml:57(para) chpasswd.8.xml:57(para) chgpasswd.8.xml:57(para)
2414 msgid "If <option>SHA_CRYPT_MIN_ROUNDS</option> > <option>SHA_CRYPT_MAX_ROUNDS</option>, the highest value will be used."
2417 #: passwd.1.xml:395(filename)
2418 msgid "/etc/pam.d/passwd"
2421 #: passwd.1.xml:397(para)
2422 msgid "PAM configuration for <command>passwd</command>."
2425 #: passwd.1.xml:417(para) chage.1.xml:241(para)
2426 msgid "permission denied"
2429 #: passwd.1.xml:423(para)
2430 msgid "invalid combination of options"
2433 #: passwd.1.xml:429(para)
2434 msgid "unexpected failure, nothing done"
2437 #: passwd.1.xml:435(para)
2438 msgid "unexpected failure, <filename>passwd</filename> file missing"
2441 #: passwd.1.xml:441(para)
2442 msgid "<filename>passwd</filename> file busy, try again"
2445 #: passwd.1.xml:405(para)
2446 msgid "The <command>passwd</command> command exits with the following values: <placeholder-1/>"
2449 #: passwd.1.xml:456(para)
2450 msgid "<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <phrase condition=\"no_pam\"><citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, </phrase><citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
2453 #: nologin.8.xml:34(refentrytitle) nologin.8.xml:39(refname) nologin.8.xml:45(command)
2457 #: nologin.8.xml:40(refpurpose)
2458 msgid "politely refuse a login"
2461 #: nologin.8.xml:51(para)
2462 msgid "The <command>nologin</command> command displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled."
2465 #: nologin.8.xml:56(para)
2466 msgid "To disable all logins, investigate <citerefentry><refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
2469 #: nologin.8.xml:65(para)
2470 msgid "<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
2473 #: nologin.8.xml:76(title)
2477 #: nologin.8.xml:77(para)
2478 msgid "The <command>nologin</command> command appearred in BSD 4.4."
2481 #: newusers.8.xml:50(refentrytitle) newusers.8.xml:55(refname) newusers.8.xml:61(command) login.defs.5.xml:353(term)
2485 #: newusers.8.xml:56(refpurpose)
2486 msgid "update and create new users in batch"
2489 #: newusers.8.xml:64(replaceable)
2493 #: newusers.8.xml:71(para)
2494 msgid "The <command>newusers</command> command reads a file of user name and clear-text password pairs and uses this information to update a group of existing users or to create new users. Each line is in the same format as the standard password file (see <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>) with the exceptions explained below:"
2497 #: newusers.8.xml:79(para)
2498 msgid "pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell"
2501 #: newusers.8.xml:84(emphasis)
2505 #: newusers.8.xml:87(para)
2506 msgid "This is the name of the user."
2509 #: newusers.8.xml:90(para)
2510 msgid "It can be the name of a new user or the name of an existing user (or an user created before by <command>newusers</command>). In case of an existing user, the user's information will be changed, otherwise a new user will be created."
2513 #: newusers.8.xml:101(emphasis)
2517 #: newusers.8.xml:104(para)
2518 msgid "This field will be encrypted and used as the new value of the encrypted password."
2521 #: newusers.8.xml:112(emphasis)
2525 #: newusers.8.xml:115(para)
2526 msgid "This field is used to define the UID of the user."
2529 #: newusers.8.xml:118(para)
2530 msgid "If the field is empty, an new (unused) UID will be defined automatically by <command>newusers</command>."
2533 #: newusers.8.xml:122(para)
2534 msgid "If this field contains a number, this number will be used as the UID."
2537 #: newusers.8.xml:126(para)
2538 msgid "If this field contains the name of an existing user (or the name of an user created before by <command>newusers</command>), the UID of the specified user will be used."
2541 #: newusers.8.xml:132(para)
2542 msgid "If the UID of an existing user is changed, the files ownership of the user's file should be fixed manually."
2545 #: newusers.8.xml:140(emphasis)
2549 #: newusers.8.xml:143(para)
2550 msgid "This field is used to define the primary group ID for the user."
2553 #: newusers.8.xml:146(para)
2554 msgid "If this field contains the name of an existing group (or a group created before by <command>newusers</command>), the GID of this group will be used as the primary group ID for the user."
2557 #: newusers.8.xml:152(para)
2558 msgid "If this field is a number, this number will be used as the primary group ID of the user. If no groups exist with this GID, a new group will be created with this GID, and the name of the user."
2561 #: newusers.8.xml:158(para)
2562 msgid "If this field is empty, a new group will be created with the name of the user and a GID will be automatically defined by <command>newusers</command> to be used as the primary group ID for the user and as the GID for the new group."
2565 #: newusers.8.xml:164(para)
2566 msgid "If this field contains the name of a group which does not exist (and was not created earlier wbefore by <command>newusers</command>), a new group will be created with the specified name and a GID will be automatically defined by <command>newusers</command> to be used as the primary group ID for the user and Gs the ID for the new group."
2569 #: newusers.8.xml:176(emphasis)
2573 #: newusers.8.xml:179(para)
2574 msgid "This field is copied in the GECOS field of the user."
2577 #: newusers.8.xml:186(emphasis)
2581 #: newusers.8.xml:189(para)
2582 msgid "This field is used to define the home directory of the user."
2585 #: newusers.8.xml:192(para)
2586 msgid "If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group."
2589 #: newusers.8.xml:197(para)
2590 msgid "If the home directory of an existing user is changed, <command>newusers</command> does not move or copy the content of the old directory to the new location. This should be done manually."
2593 #: newusers.8.xml:207(emphasis)
2597 #: newusers.8.xml:210(para)
2598 msgid "This field defines the shell of the user. No checks are performed on this field."
2601 #: newusers.8.xml:218(para)
2602 msgid "<command>newusers</command> first tries to create or change all the specified users, and then write these changes to the user or group databases. If an error occurs (except in the final writes to the databases), no changes are committed to the databases."
2605 #: newusers.8.xml:224(para)
2606 msgid "During this first pass, users are created with a locked password (and passwords are not changed for the users which are not created). A second pass is used to update the passwords using PAM. Failures to update a password are reported, but will not stop the other password updates."
2609 #: newusers.8.xml:232(para)
2610 msgid "This command is intended to be used in a large system environment where many accounts are updated at a single time."
2613 #: newusers.8.xml:240(para)
2614 msgid "The options which apply to the <command>newusers</command> command are:"
2617 #: newusers.8.xml:245(term) chpasswd.8.xml:116(term) chgpasswd.8.xml:95(term)
2618 msgid "<option>-c</option>, <option>--crypt-method</option>"
2621 #: newusers.8.xml:247(para) chpasswd.8.xml:118(para) chgpasswd.8.xml:97(para)
2622 msgid "Use the specified method to encrypt the passwords."
2625 #: newusers.8.xml:248(para) chpasswd.8.xml:122(para) chgpasswd.8.xml:101(para)
2626 msgid "The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods."
2629 #: newusers.8.xml:270(para)
2630 msgid "System users will be created with no aging information in <filename>/etc/shadow</filename>, and their numeric identifiers are choosen in the <option>SYS_UID_MIN</option>-<option>SYS_UID_MAX</option> range, defined in <filename>login.defs</filename>, instead of <option>UID_MIN</option>-<option>UID_MAX</option> (and their <option>GID</option> counterparts for the creation of groups)."
2633 #: newusers.8.xml:284(term) chpasswd.8.xml:154(term) chgpasswd.8.xml:129(term)
2634 msgid "<option>-s</option>, <option>--sha-rounds</option>"
2637 #: newusers.8.xml:286(para) chpasswd.8.xml:156(para) chgpasswd.8.xml:131(para)
2638 msgid "Use the specified number of rounds to encrypt the passwords."
2641 #: newusers.8.xml:289(para) chpasswd.8.xml:159(para) chgpasswd.8.xml:134(para)
2642 msgid "The value 0 means that the system will choose the default number of rounds for the crypt method (5000)."
2645 #: newusers.8.xml:293(para) chpasswd.8.xml:163(para) chgpasswd.8.xml:138(para)
2646 msgid "A minimal value of 1000 and a maximal value of 999,999,999 will be enforced."
2649 #: newusers.8.xml:297(para) chpasswd.8.xml:167(para) chgpasswd.8.xml:142(para)
2650 msgid "You can only use this option with the SHA256 or SHA512 crypt method."
2653 #: newusers.8.xml:301(para) chpasswd.8.xml:171(para) chgpasswd.8.xml:146(para)
2654 msgid "By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in <filename>/etc/login.defs</filename>."
2657 #: newusers.8.xml:313(para)
2658 msgid "The input file must be protected since it contains unencrypted passwords."
2661 #: newusers.8.xml:317(para) chpasswd.8.xml:187(para) chgpasswd.8.xml:162(para)
2662 msgid "You should make sure the passwords and the encryption method respect the system's password policy."
2665 #: newusers.8.xml:390(filename)
2666 msgid "/etc/pam.d/newusers"
2669 #: newusers.8.xml:392(para)
2670 msgid "PAM configuration for <command>newusers</command>."
2673 #: newusers.8.xml:400(para)
2674 msgid "<citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
2677 #: newgrp.1.xml:38(refentrytitle) newgrp.1.xml:43(refname) newgrp.1.xml:49(command)
2681 #: newgrp.1.xml:44(refpurpose)
2682 msgid "log in to a new group"
2685 #: newgrp.1.xml:50(replaceable) grpck.8.xml:51(replaceable) grpck.8.xml:60(replaceable) groupdel.8.xml:51(replaceable) groupadd.8.xml:57(replaceable) gpasswd.1.xml:66(replaceable)
2689 #: newgrp.1.xml:56(para)
2690 msgid "The <command>newgrp</command> command is used to change the current group ID during a login session. If the optional <option>-</option> flag is given, the user's environment will be reinitialized as though the user had logged in, otherwise the current environment, including current working directory, remains unchanged."
2693 #: newgrp.1.xml:64(para)
2694 msgid "<command>newgrp</command> changes the current real group ID to the named group, or to the default group listed in <filename>/etc/passwd</filename> if no group name is given. <command>newgrp</command> also tries to add the group to the user groupset. If not root, the user will be prompted for a password if she does not have a password (in <filename>/etc/shadow</filename> if this user has an entry in the shadowed password file, or in <filename>/etc/passwd</filename> otherwise) and the group does, or if the user is not listed as a member and the group has a password. The user will be denied access if the group password is empty and the user is not listed as a member."
2697 #: newgrp.1.xml:78(para)
2698 msgid "If there is an entry for this group in <filename>/etc/gshadow</filename>, then the list of members and the password of this group will be taken from this file, otherwise, the entry in <filename>/etc/group</filename> is considered."
2701 #: newgrp.1.xml:130(para)
2702 msgid "<citerefentry><refentrytitle>id</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>sg</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</manvolnum></citerefentry><phrase condition=\"gshadow\">, <citerefentry condition=\"gshadow\"><refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum></citerefentry></phrase>."
2705 #: logoutd.8.xml:34(refentrytitle) logoutd.8.xml:39(refname) logoutd.8.xml:45(command)
2709 #: logoutd.8.xml:40(refpurpose)
2710 msgid "Enforce login time restrictions"
2713 #: logoutd.8.xml:51(para)
2714 msgid "<command>logoutd</command> enforces the login time and port restrictions specified in <filename>/etc/porttime</filename>. <command>logoutd</command> should be started from <filename>/etc/rc</filename>. The <filename>/var/run/utmp</filename> file is scanned periodically and each user name is checked to see if the named user is permitted on the named port at the current time. Any login session which is violating the restrictions in <filename>/etc/porttime</filename> is terminated."
2717 #: logoutd.8.xml:73(filename) login.1.xml:319(filename)
2718 msgid "/var/run/utmp"
2721 #: logoutd.8.xml:75(para) login.1.xml:321(para)
2722 msgid "List of current login sessions."
2725 #: login.defs.5.xml:97(refentrytitle) login.defs.5.xml:102(refname)
2729 #: login.defs.5.xml:103(refpurpose)
2730 msgid "shadow password suite configuration"
2733 #: login.defs.5.xml:108(para)
2734 msgid "The <filename>/etc/login.defs</filename> file defines the site-specific configuration for the shadow password suite. This file is required. Absence of this file will not prevent system operation, but will probably result in undesirable operation."
2737 #: login.defs.5.xml:115(para)
2738 msgid "This file is a readable text file, each line of the file describing one configuration parameter. The lines consist of a configuration name and value, separated by whitespace. Blank lines and comment lines are ignored. Comments are introduced with a \"#\" pound sign and the pound sign must be the first non-white character of the line."
2741 #: login.defs.5.xml:123(para)
2742 msgid "Parameter values may be of four types: strings, booleans, numbers, and long numbers. A string is comprised of any printable characters. A boolean should be either the value <replaceable>yes</replaceable> or <replaceable>no</replaceable>. An undefined boolean parameter or one with a value other than these will be given a <replaceable>no</replaceable> value. Numbers (both regular and long) may be either decimal values, octal values (precede the value with <replaceable>0</replaceable>) or hexadecimal values (precede the value with <replaceable>0x</replaceable>). The maximum value of the regular and long numeric parameters is machine-dependent."
2745 #: login.defs.5.xml:138(para)
2746 msgid "The following configuration items are provided:"
2749 #: login.defs.5.xml:32(term) chfn.1.xml:32(term)
2750 msgid "<option>CHFN_AUTH</option> (boolean)"
2753 #: login.defs.5.xml:34(para) chfn.1.xml:34(para)
2754 msgid "If <replaceable>yes</replaceable>, the <command>chfn</command> program will require authentication before making any changes, unless run by the superuser."
2757 #: login.defs.5.xml:32(term) chfn.1.xml:32(term)
2758 msgid "<option>CHFN_RESTRICT</option> (string)"
2761 #: login.defs.5.xml:34(para) chfn.1.xml:34(para)
2762 msgid "This parameter specifies which values in the <emphasis remap=\"I\">gecos</emphasis> field of the <filename>/etc/passwd</filename> file may be changed by regular users using the <command>chfn</command> program. It can be any combination of letters <replaceable>f</replaceable>, <replaceable>r</replaceable>, <replaceable>w</replaceable>, <replaceable>h</replaceable>, for Full name, Room number, Work phone, and Home phone, respectively. For backward compatibility, <replaceable>yes</replaceable> is equivalent to <replaceable>rwh</replaceable> and <replaceable>no</replaceable> is equivalent to <replaceable>frwh</replaceable>. If not specified, only the superuser can make any changes. The most restrictive setting is better achieved by not installing <command>chfn</command> SUID."
2765 #: login.defs.5.xml:32(term) chsh.1.xml:32(term)
2766 msgid "<option>CHSH_AUTH</option> (boolean)"
2769 #: login.defs.5.xml:34(para) chsh.1.xml:34(para)
2770 msgid "If <replaceable>yes</replaceable>, the <command>chsh</command> program will require authentication before making any changes, unless run by the superuser."
2773 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2774 msgid "<option>ERASECHAR</option> (number)"
2777 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2778 msgid "Terminal ERASE character (<replaceable>010</replaceable> = backspace, <replaceable>0177</replaceable> = DEL)."
2781 #: login.defs.5.xml:38(para) login.defs.5.xml:37(para) login.1.xml:38(para) login.1.xml:37(para)
2782 msgid "The value can be prefixed \"0\" for an octal value, or \"0x\" for an hexadecimal value."
2785 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2786 msgid "<option>FAIL_DELAY</option> (number)"
2789 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2790 msgid "Delay in seconds before being allowed another attempt after a login failure."
2793 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2794 msgid "<option>FAILLOG_ENAB</option> (boolean)"
2797 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2798 msgid "Enable logging and display of <filename>/var/log/faillog</filename> login failure info."
2801 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2802 msgid "<option>FAKE_SHELL</option> (string)"
2805 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2806 msgid "If set, <command>login</command> will execute this shell instead of the users' shell specified in <filename>/etc/passwd</filename>."
2809 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2810 msgid "<option>FTMP_FILE</option> (string)"
2813 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2814 msgid "If defined, login failures will be logged in this file in a utmp format."
2817 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2818 msgid "<option>HUSHLOGIN_FILE</option> (string)"
2821 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2822 msgid "If defined, this file can inhibit all the usual chatter during the login sequence. If a full pathname is specified, then hushed mode will be enabled if the user's name or shell are found in the file. If not a full pathname, then hushed mode will be enabled if the file exists in the user's home directory."
2825 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2826 msgid "<option>ISSUE_FILE</option> (string)"
2829 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2830 msgid "If defined, this file will be displayed before each login prompt."
2833 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2834 msgid "<option>KILLCHAR</option> (number)"
2837 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2838 msgid "Terminal KILL character (<replaceable>025</replaceable> = CTRL/U)."
2841 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2842 msgid "<option>LASTLOG_ENAB</option> (boolean)"
2845 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2846 msgid "Enable logging and display of /var/log/lastlog login time info."
2849 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2850 msgid "<option>LOG_OK_LOGINS</option> (boolean)"
2853 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2854 msgid "Enable logging of successful logins."
2857 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2858 msgid "<option>LOG_UNKFAIL_ENAB</option> (boolean)"
2861 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2862 msgid "Enable display of unknown usernames when login failures are recorded."
2865 #: login.defs.5.xml:38(para) login.1.xml:38(para)
2866 msgid "Note: logging unknown usernames may be a security issue if an user enter her password instead of her login name."
2869 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2870 msgid "<option>LOGIN_RETRIES</option> (number)"
2873 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2874 msgid "Maximum number of login retries in case of bad password."
2877 #: login.defs.5.xml:37(para) login.1.xml:37(para)
2878 msgid "This will most likely be overriden by PAM, since the default pam_unix module has it's own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES."
2881 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2882 msgid "<option>LOGIN_TIMEOUT</option> (number)"
2885 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2886 msgid "Max time in seconds for login."
2889 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2890 msgid "<option>MOTD_FILE</option> (string)"
2893 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2894 msgid "If defined, \":\" delimited list of \"message of the day\" files to be displayed upon login."
2897 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2898 msgid "<option>NOLOGINS_FILE</option> (string)"
2901 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2902 msgid "If defined, name of file whose presence will inhibit non-root logins. The contents of this file should be a message indicating why logins are inhibited."
2905 #: login.defs.5.xml:181(para)
2906 msgid "<option>PASS_MAX_DAYS</option>, <option>PASS_MIN_DAYS</option> and <option>PASS_WARN_AGE</option> are only used at the time of account creation. Any changes to these settings won't affect existing accounts."
2909 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2910 msgid "<option>PORTTIME_CHECKS_ENAB</option> (boolean)"
2913 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2914 msgid "Enable checking of time restrictions specified in /etc/porttime."
2917 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2918 msgid "<option>TTYGROUP</option> (string)"
2921 #: login.defs.5.xml:33(term) login.1.xml:33(term)
2922 msgid "<option>TTYPERM</option> (string)"
2925 #: login.defs.5.xml:35(para) login.1.xml:35(para)
2926 msgid "The terminal permissions: the login tty will be owned by the <option>TTYGROUP</option> group, and the permissions will be set to <option>TTYPERM</option>."
2929 #: login.defs.5.xml:40(para) login.1.xml:40(para)
2930 msgid "By default, the ownership of the terminal is set to the user's primary group and the permissions are set to <replaceable>0600</replaceable>."
2933 #: login.defs.5.xml:45(para) login.1.xml:45(para)
2934 msgid "<option>TTYGROUP</option> can be either the name of a group or a numeric group identifier."
2937 #: login.defs.5.xml:49(para) login.1.xml:49(para)
2938 msgid "If you have a <command>write</command> program which is \"setgid\" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600."
2941 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2942 msgid "<option>TTYTYPE_FILE</option> (string)"
2945 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2946 msgid "If defined, file which maps tty line to TERM environment parameter. Each line of the file is in a format something like \"vt100 tty01\"."
2949 #: login.defs.5.xml:32(term) login.1.xml:32(term)
2950 msgid "<option>ULIMIT</option> (number)"
2953 #: login.defs.5.xml:34(para) login.1.xml:34(para)
2954 msgid "Default <command>ulimit</command> value."
2957 #: login.defs.5.xml:209(title)
2958 msgid "CROSS REFERENCES"
2961 #: login.defs.5.xml:210(para)
2962 msgid "The following cross references show which programs in the shadow password suite use which parameters."
2965 #: login.defs.5.xml:218(term) chfn.1.xml:41(refentrytitle) chfn.1.xml:46(refname) chfn.1.xml:52(command)
2969 #: login.defs.5.xml:220(para)
2970 msgid "<phrase condition=\"no_pam\">CHFN_AUTH</phrase> CHFN_RESTRICT <phrase condition=\"no_pam\">LOGIN_STRING</phrase>"
2973 #: login.defs.5.xml:228(term) chgpasswd.8.xml:42(refentrytitle) chgpasswd.8.xml:47(refname) chgpasswd.8.xml:53(command)
2977 #: login.defs.5.xml:230(para) login.defs.5.xml:260(para)
2978 msgid "ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB <phrase condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
2981 #: login.defs.5.xml:238(term) chpasswd.8.xml:41(refentrytitle) chpasswd.8.xml:46(refname) chpasswd.8.xml:52(command)
2985 #: login.defs.5.xml:240(para)
2986 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB <phrase condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
2989 #: login.defs.5.xml:248(term) chsh.1.xml:40(refentrytitle) chsh.1.xml:45(refname) chsh.1.xml:51(command)
2993 #: login.defs.5.xml:250(para)
2994 msgid "CHSH_AUTH LOGIN_STRING"
2997 #: login.defs.5.xml:258(term) gpasswd.1.xml:42(refentrytitle) gpasswd.1.xml:47(refname) gpasswd.1.xml:61(command)
3001 #: login.defs.5.xml:268(term) groupadd.8.xml:41(refentrytitle) groupadd.8.xml:46(refname) groupadd.8.xml:52(command)
3005 #: login.defs.5.xml:270(para)
3006 msgid "GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN"
3009 #: login.defs.5.xml:277(term) groupdel.8.xml:38(refentrytitle) groupdel.8.xml:43(refname) groupdel.8.xml:49(command)
3013 #: login.defs.5.xml:279(para) login.defs.5.xml:285(para) login.defs.5.xml:291(para) login.defs.5.xml:298(para) login.defs.5.xml:304(para) login.defs.5.xml:310(para)
3014 msgid "MAX_MEMBERS_PER_GROUP"
3017 #: login.defs.5.xml:283(term) groupmems.8.xml:38(refentrytitle) groupmems.8.xml:43(refname) groupmems.8.xml:49(command)
3021 #: login.defs.5.xml:289(term) groupmod.8.xml:38(refentrytitle) groupmod.8.xml:43(refname) groupmod.8.xml:49(command)
3025 #: login.defs.5.xml:296(term) grpck.8.xml:38(refentrytitle) grpck.8.xml:43(refname) grpck.8.xml:49(command) grpck.8.xml:58(command)
3029 #: login.defs.5.xml:316(term) login.1.xml:70(refentrytitle) login.1.xml:75(refname) login.1.xml:81(command) login.1.xml:89(command) login.1.xml:96(command)
3033 #: login.defs.5.xml:318(para)
3034 msgid "<phrase condition=\"no_pam\">CONSOLE</phrase> CONSOLE_GROUPS DEFAULT_HOME <phrase condition=\"no_pam\">ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE</phrase> ERASECHAR FAIL_DELAY <phrase condition=\"no_pam\">FAILLOG_ENAB</phrase> FAKE_SHELL <phrase condition=\"no_pam\">FTMP_FILE</phrase> HUSHLOGIN_FILE <phrase condition=\"no_pam\">ISSUE_FILE</phrase> KILLCHAR <phrase condition=\"no_pam\">LASTLOG_ENAB</phrase> LOGIN_RETRIES <phrase condition=\"no_pam\">LOGIN_STRING</phrase> LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB <phrase condition=\"no_pam\">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB</phrase> TTYGROUP TTYPERM TTYTYPE_FILE <phrase condition=\"no_pam\">ULIMIT UMASK</phrase> USERGROUPS_ENAB"
3037 #: login.defs.5.xml:345(term)
3041 #: login.defs.5.xml:347(para)
3042 msgid "SYSLOG_SG_ENAB"
3045 #: login.defs.5.xml:355(para)
3046 msgid "ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase> SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
3049 #: login.defs.5.xml:371(para)
3050 msgid "ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN <phrase condition=\"sha_crypt\">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase>"
3053 #: login.defs.5.xml:382(para) login.defs.5.xml:390(para)
3054 msgid "PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE"
3057 #: login.defs.5.xml:397(para)
3058 msgid "<phrase condition=\"no_pam\">CONSOLE</phrase> CONSOLE_GROUPS DEFAULT_HOME <phrase condition=\"no_pam\">ENV_HZ ENVIRON_FILE</phrase> ENV_PATH ENV_SUPATH <phrase condition=\"no_pam\">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase> SULOG_FILE SU_NAME <phrase condition=\"no_pam\">SU_WHEEL_ONLY</phrase> SYSLOG_SU_ENAB <phrase condition=\"no_pam\">USERGROUPS_ENAB</phrase>"
3061 #: login.defs.5.xml:412(term)
3065 #: login.defs.5.xml:414(para)
3066 msgid "ENV_HZ <phrase condition=\"no_pam\">ENV_TZ</phrase>"
3069 #: login.defs.5.xml:423(para)
3070 msgid "CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK"
3073 #: login.defs.5.xml:436(para)
3074 msgid "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB"
3077 #: login.defs.5.xml:445(para)
3078 msgid "MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP"
3081 #: login.defs.5.xml:456(para)
3082 msgid "Much of the functionality that used to be provided by the shadow password suite is now handled by PAM. Thus, <filename>/etc/login.defs</filename> is no longer used by <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, or less used by <citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, and <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>. Please refer to the corresponding PAM configuration files instead."
3085 #: login.defs.5.xml:472(para)
3086 msgid "<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
3089 #: login.access.5.xml:35(refentrytitle) login.access.5.xml:40(refname)
3090 msgid "login.access"
3093 #: login.access.5.xml:41(refpurpose)
3094 msgid "login access control table"
3097 #: login.access.5.xml:46(para)
3098 msgid "The <emphasis remap=\"I\">login.access</emphasis> file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused."
3101 #: login.access.5.xml:52(para)
3102 msgid "When someone logs in, the <emphasis remap=\"I\">login.access</emphasis> is scanned for the first entry that matches the (user, host) combination, or, in case of non-networked logins, the first entry that matches the (user, tty) combination. The permissions field of that table entry determines whether the login will be accepted or refused."
3105 #: login.access.5.xml:60(para)
3106 msgid "Each line of the login access control table has three fields separated by a \":\" character:"
3109 #: login.access.5.xml:65(para)
3110 msgid "<emphasis remap=\"I\">permission</emphasis>:<emphasis remap=\"I\">users</emphasis>:<emphasis remap=\"I\">origins</emphasis>"
3113 #: login.access.5.xml:69(para)
3114 msgid "The first field should be a \"<emphasis>+</emphasis>\" (access granted) or \"<emphasis>-</emphasis>\" (access denied) character. The second field should be a list of one or more login names, group names, or <emphasis>ALL</emphasis> (always matches). The third field should be a list of one or more tty names (for non-networked logins), host names, domain names (begin with \"<literal>.</literal>\"), host addresses, internet network numbers (end with \"<literal>.</literal>\"), <emphasis>ALL</emphasis> (always matches) or <emphasis>LOCAL</emphasis> (matches any string that does not contain a \"<literal>.</literal>\" character). If you run NIS you can use @netgroupname in host or user patterns."
3117 #: login.access.5.xml:83(para)
3118 msgid "The <emphasis>EXCEPT</emphasis> operator makes it possible to write very compact rules."
3121 #: login.access.5.xml:88(para)
3122 msgid "The group file is searched only when a name does not match that of the logged-in user. Only groups are matched in which users are explicitly listed: the program does not look at a user's primary group id value."
3125 #: login.1.xml:76(refpurpose)
3126 msgid "begin session on the system"
3129 #: login.1.xml:82(arg) login.1.xml:90(arg) login.1.xml:97(arg) login.1.xml:214(option) groupmems.8.xml:54(arg)
3133 #: login.1.xml:83(replaceable) login.1.xml:91(replaceable) login.1.xml:98(replaceable)
3137 #: login.1.xml:83(arg) login.1.xml:91(arg) chfn.1.xml:56(arg)
3138 msgid "-h <placeholder-1/>"
3141 #: login.1.xml:86(replaceable)
3145 #: login.1.xml:92(arg) login.1.xml:192(option) expiry.1.xml:54(arg)
3149 #: login.1.xml:98(arg) chfn.1.xml:54(arg)
3150 msgid "-r <placeholder-1/>"
3153 #: login.1.xml:104(para)
3154 msgid "The <command>login</command> program is used to establish a new session with the system. It is normally invoked automatically by responding to the <emphasis remap=\"I\">login:</emphasis> prompt on the user's terminal. <command>login</command> may be special to the shell and may not be invoked as a sub-process. When called from a shell, <command>login</command> should be executed as <emphasis remap=\"B\">exec login</emphasis> which will cause the user to exit from the current shell (and thus will prevent the new logged in user to return to the session of the caller). Attempting to execute <command>login</command> from any shell but the login shell will produce an error message."
3157 #: login.1.xml:118(para)
3158 msgid "The user is then prompted for a password, where appropriate. Echoing is disabled to prevent revealing the password. Only a small number of password failures are permitted before <command>login</command> exits and the communications link is severed."
3161 #: login.1.xml:125(para)
3162 msgid "If password aging has been enabled for your account, you may be prompted for a new password before proceeding. You will be forced to provide your old password and the new password before continuing. Please refer to <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more information."
3165 #: login.1.xml:134(para)
3166 msgid "After a successful login, you will be informed of any system messages and the presence of mail. You may turn off the printing of the system message file, <filename>/etc/motd</filename>, by creating a zero-length file <filename>.hushlogin</filename> in your login directory. The mail message will be one of \"<emphasis>You have new mail.</emphasis>\", \"<emphasis>You have mail.</emphasis>\", or \"<emphasis>No Mail.</emphasis>\" according to the condition of your mailbox."
3169 #: login.1.xml:145(para)
3170 msgid "Your user and group ID will be set according to their values in the <filename>/etc/passwd</filename> file. The value for <envar>$HOME</envar>, <envar>$SHELL</envar>, <envar>$PATH</envar>, <envar>$LOGNAME</envar>, and <envar>$MAIL</envar> are set according to the appropriate fields in the password entry. Ulimit, umask and nice values may also be set according to entries in the GECOS field."
3173 #: login.1.xml:154(para)
3174 msgid "On some installations, the environmental variable <envar>$TERM</envar> will be initialized to the terminal type on your tty line, as specified in <filename>/etc/ttytype</filename>."
3177 #: login.1.xml:160(para)
3178 msgid "An initialization script for your command interpreter may also be executed. Please see the appropriate manual section for more information on this function."
3181 #: login.1.xml:172(para) login.1.xml:248(para)
3182 msgid "The <command>login</command> program is NOT responsible for removing users from the utmp file. It is the responsibility of <citerefentry><refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>init</refentrytitle><manvolnum>8</manvolnum></citerefentry> to clean up apparent ownership of a terminal session. If you use <command>login</command> from the shell prompt without <command>exec</command>, the user you use will continue to appear to be logged in even after you log out of the \"subsession\"."
3185 #: login.1.xml:195(para)
3186 msgid "Do not perform authentication, user is preauthenticated."
3189 #: login.1.xml:198(para)
3190 msgid "Note: In that case, <replaceable>username</replaceable> is mandatory."
3193 #: login.1.xml:206(option)
3197 #: login.1.xml:209(para)
3198 msgid "Name of the remote host for this login."
3201 #: login.1.xml:217(para)
3202 msgid "Preserve environment."
3205 #: login.1.xml:225(para)
3206 msgid "Perform autologin protocol for rlogin."
3209 #: login.1.xml:230(para)
3210 msgid "The <option>-r</option>, <option>-h</option> and <option>-f</option> options are only used when <command>login</command> is invoked by root."
3213 #: login.1.xml:239(para)
3214 msgid "This version of <command>login</command> has many compilation options, only some of which may be in use at any particular site."
3217 #: login.1.xml:244(para)
3218 msgid "The location of files is subject to differences in system configuration."
3221 #: login.1.xml:260(para)
3222 msgid "As with any program, <command>login</command>'s appearance can be faked. If non-trusted users have physical access to a machine, an attacker could use this to obtain the password of the next person coming to sit in front of the machine. Under Linux, the SAK mechanism can be used by users to initiate a trusted path and prevent this kind of attack."
3225 #: login.1.xml:325(filename)
3226 msgid "/var/log/wtmp"
3229 #: login.1.xml:327(para)
3230 msgid "List of previous login sessions."
3233 #: login.1.xml:343(filename)
3237 #: login.1.xml:345(para)
3238 msgid "System message of the day file."
3241 #: login.1.xml:349(filename)
3242 msgid "/etc/nologin"
3245 #: login.1.xml:351(para)
3246 msgid "Prevent non-root users from logging in."
3249 #: login.1.xml:355(filename)
3250 msgid "/etc/ttytype"
3253 #: login.1.xml:357(para)
3254 msgid "List of terminal types."
3257 #: login.1.xml:361(filename)
3258 msgid "$HOME/.hushlogin"
3261 #: login.1.xml:363(para)
3262 msgid "Suppress printing of system messages."
3265 #: login.1.xml:377(para)
3266 msgid "<citerefentry><refentrytitle>mail</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>nologin</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>securetty</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
3269 #: limits.5.xml:35(refentrytitle) limits.5.xml:40(refname)
3273 #: limits.5.xml:41(refpurpose)
3274 msgid "resource limits definition"
3277 #: limits.5.xml:47(para)
3278 msgid "The <emphasis remap=\"I\">limits</emphasis> file (<filename>/etc/limits</filename> by default or LIMITS_FILE defined <filename>config.h</filename>) describes the resource limits you wish to impose. It should be owned by root and readable by root account only."
3281 #: limits.5.xml:55(para)
3282 msgid "By default no quota is imposed on 'root'. In fact, there is no way to impose limits via this procedure to root-equiv accounts (accounts with UID 0)."
3285 #: limits.5.xml:61(para)
3286 msgid "Each line describes a limit for a user in the form:"
3289 #: limits.5.xml:64(emphasis)
3290 msgid "user LIMITS_STRING"
3293 #: limits.5.xml:67(para)
3294 msgid "The <emphasis>LIMITS_STRING</emphasis> is a string of a concatenated list of resource limits. Each limit consists of a letter identifier followed by a numerical limit."
3297 #: limits.5.xml:73(para)
3298 msgid "The valid identifiers are:"
3301 #: limits.5.xml:76(para)
3302 msgid "A: max address space (KB)"
3305 #: limits.5.xml:77(para)
3306 msgid "C: max core file size (KB)"
3309 #: limits.5.xml:78(para)
3310 msgid "D: max data size (KB)"
3313 #: limits.5.xml:79(para)
3314 msgid "F: maximum filesize (KB)"
3317 #: limits.5.xml:80(para)
3318 msgid "M: max locked-in-memory address space (KB)"
3321 #: limits.5.xml:81(para)
3322 msgid "N: max number of open files"
3325 #: limits.5.xml:82(para)
3326 msgid "R: max resident set size (KB)"
3329 #: limits.5.xml:83(para)
3330 msgid "S: max stack size (KB)"
3333 #: limits.5.xml:84(para)
3334 msgid "T: max CPU time (MIN)"
3337 #: limits.5.xml:85(para)
3338 msgid "U: max number of processes"
3341 #: limits.5.xml:86(para)
3342 msgid "K: file creation mask, set by <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>."
3345 #: limits.5.xml:91(para)
3346 msgid "L: max number of logins for this user"
3349 #: limits.5.xml:92(para)
3350 msgid "P: process priority, set by <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>."
3353 #: limits.5.xml:97(para)
3354 msgid "I: max nice value (0..39 which translates to 20..-19)"
3357 #: limits.5.xml:99(para)
3358 msgid "O: max real time priority"
3361 #: limits.5.xml:102(para)
3362 msgid "For example, <emphasis remap=\"I\">L2D2048N5</emphasis> is a valid <emphasis>LIMITS_STRING</emphasis>. For reading convenience, the following entries are equivalent:"
3365 #: limits.5.xml:108(programlisting)
3367 msgid "\n username L2D2048N5\n username L2 D2048 N5\n "
3370 #: limits.5.xml:113(para)
3371 msgid "Be aware that after <emphasis remap=\"I\">username</emphasis> the rest of the line is considered a limit string, thus comments are not allowed. A invalid limits string will be rejected (not considered) by the <command>login</command> program."
3374 #: limits.5.xml:120(para)
3375 msgid "The default entry is denoted by username \"<emphasis>*</emphasis>\". If you have multiple <emphasis remap=\"I\">default</emphasis> entries in your <emphasis>LIMITS_FILE</emphasis>, then the last one will be used as the default entry."
3378 #: limits.5.xml:127(para)
3379 msgid "To completely disable limits for a user, a single dash \"<emphasis>-</emphasis>\" will do."
3382 #: limits.5.xml:132(para)
3383 msgid "Also, please note that all limit settings are set PER LOGIN. They are not global, nor are they permanent. Perhaps global limits will come, but for now this will have to do ;)"
3386 #: limits.5.xml:143(filename)
3390 #: limits.5.xml:151(para)
3391 msgid "<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>."
3394 #: lastlog.8.xml:35(refentrytitle) lastlog.8.xml:40(refname) lastlog.8.xml:46(command)
3398 #: lastlog.8.xml:41(refpurpose)
3399 msgid "reports the most recent login of all users or of a given user"
3402 #: lastlog.8.xml:55(para)
3403 msgid "<command>lastlog</command> formats and prints the contents of the last login log <filename>/var/log/lastlog</filename> file. The <emphasis>login-name</emphasis>, <emphasis>port</emphasis>, and <emphasis>last login time</emphasis> will be printed. The default (no flags) causes lastlog entries to be printed, sorted by their order in <filename>/etc/passwd</filename>."
3406 #: lastlog.8.xml:67(para)
3407 msgid "The options which apply to the <command>lastlog</command> command are:"
3410 #: lastlog.8.xml:72(term)
3411 msgid "<option>-b</option>, <option>--before</option><replaceable>DAYS</replaceable>"
3414 #: lastlog.8.xml:76(para)
3415 msgid "Print only lastlog records older than <emphasis remap=\"I\">DAYS</emphasis>."
3418 #: lastlog.8.xml:90(term) faillog.8.xml:140(term)
3419 msgid "<option>-t</option>, <option>--time</option><replaceable>DAYS</replaceable>"
3422 #: lastlog.8.xml:95(para)
3423 msgid "Print the lastlog records more recent than <emphasis remap=\"I\">DAYS</emphasis>."
3426 #: lastlog.8.xml:102(term) faillog.8.xml:151(term)
3427 msgid "<option>-u</option>, <option>--user</option><replaceable>LOGIN</replaceable>|<replaceable>RANGE</replaceable>"
3430 #: lastlog.8.xml:107(para)
3431 msgid "Print the lastlog record of the specified user(s)."
3434 #: lastlog.8.xml:110(para) faillog.8.xml:161(para)
3435 msgid "The users can be specified by a login name, a numerical user ID, or a <replaceable>RANGE</replaceable> of users. This <replaceable>RANGE</replaceable> of users can be specified with a min and max values (<replaceable>UID_MIN-UID_MAX</replaceable>), a max value (<replaceable>-UID_MAX</replaceable>), or a min value (<replaceable>UID_MIN-</replaceable>)."
3438 #: lastlog.8.xml:122(para)
3439 msgid "If the user has never logged in the message <emphasis>** Never logged in**</emphasis> will be displayed instead of the port and time."
3442 #: lastlog.8.xml:127(para)
3443 msgid "Only the entries for the current users of the system will be displayed. Other entries may exist for users that were deleted previously."
3446 #: lastlog.8.xml:135(title) groups.1.xml:65(title) chsh.1.xml:106(title) chage.1.xml:193(title)
3450 #: lastlog.8.xml:136(para)
3451 msgid "The <filename>lastlog</filename> file is a database which contains info on the last login of each user. You should not rotate it. It is a sparse file, so its size on the disk is usually much smaller than the one shown by \"<command>ls -l</command>\" (which can indicate a really big file if you have in <filename>passwd</filename> users with a high UID). You can display its real size with \"<command>ls -s</command>\"."
3454 #: lastlog.8.xml:150(filename)
3455 msgid "/var/log/lastlog"
3458 #: lastlog.8.xml:152(para)
3459 msgid "Database times of previous user logins."
3462 #: lastlog.8.xml:160(para)
3463 msgid "Large gaps in UID numbers will cause the lastlog program to run longer with no output to the screen (i.e. if in lastlog database there is no entries for users with UID between 170 and 800 lastlog will appear to hang as it processes entries with UIDs 171-799)."
3466 #: gshadow.5.xml:33(refentrytitle) gshadow.5.xml:38(refname)
3470 #: gshadow.5.xml:39(refpurpose)
3471 msgid "shadowed group file"
3474 #: gshadow.5.xml:44(para)
3475 msgid "<filename>/etc/gshadow</filename> contains the shadowed information for group accounts."
3478 #: gshadow.5.xml:54(para)
3479 msgid "Each line of this file contains the following colon-separated fields:"
3482 #: gshadow.5.xml:60(emphasis)
3486 #: gshadow.5.xml:62(para)
3487 msgid "It must be a valid group name, which exist on the system."
3490 #: gshadow.5.xml:75(para)
3491 msgid "If the password field contains some string that is not a valid result of <citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum></citerefentry>, for instance ! or *, users will not be able to use a unix password to access the group (but group members do not need the password)."
3494 #: gshadow.5.xml:82(para)
3495 msgid "The password is used when an user who is not a member of the group wants to gain the permissions of this group (see <citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum></citerefentry>)."
3498 #: gshadow.5.xml:88(para)
3499 msgid "This field may be empty, in which case only the group members can gain the group permissions."
3502 #: gshadow.5.xml:98(para)
3503 msgid "This password supersedes any password specified in <filename>/etc/group</filename>."
3506 #: gshadow.5.xml:106(emphasis)
3507 msgid "administrators"
3510 #: gshadow.5.xml:108(para) gshadow.5.xml:124(para)
3511 msgid "It must be a comma-separated list of user names."
3514 #: gshadow.5.xml:111(para)
3515 msgid "Administrators can change the password or the members of the group."
3518 #: gshadow.5.xml:115(para)
3519 msgid "Administrators also have the same permissions as the members (see below)."
3522 #: gshadow.5.xml:122(emphasis)
3526 #: gshadow.5.xml:127(para)
3527 msgid "Members can access the group without being prompted for a password."
3530 #: gshadow.5.xml:131(para)
3531 msgid "You should use the same list of users as in <filename>/etc/group</filename>."
3534 #: gshadow.5.xml:160(para)
3535 msgid "<citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>grpconv</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum></citerefentry>."
3538 #: grpck.8.xml:44(refpurpose)
3539 msgid "verify integrity of group files"
3542 #: grpck.8.xml:70(para)
3543 msgid "The <command>grpck</command> command verifies the integrity of the groups information. It checks that all entries in <filename>/etc/group</filename><phrase condition=\"gshadow\">and <filename>/etc/gshadow</filename></phrase> have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors."
3546 #: grpck.8.xml:87(para)
3547 msgid "a unique and valid group name"
3550 #: grpck.8.xml:90(para)
3551 msgid "a valid group identifier <phrase condition=\"gshadow\"> (<filename>/etc/group</filename> only)</phrase>"
3554 #: grpck.8.xml:97(para)
3555 msgid "a valid list of members <phrase condition=\"gshadow\"> and administrators</phrase>"
3558 #: grpck.8.xml:103(para)
3559 msgid "a corresponding entry in the <filename>/etc/gshadow</filename> file (respectively <filename>/etc/group</filename> for the <filename>gshadow</filename> checks)"
3562 #: grpck.8.xml:111(para)
3563 msgid "The checks for correct number of fields and unique group name are fatal. If an entry has the wrong number of fields, the user will be prompted to delete the entire line. If the user does not answer affirmatively, all further checks are bypassed. An entry with a duplicated group name is prompted for deletion, but the remaining checks will still be made. All other errors are warnings and the user is encouraged to run the <command>groupmod</command> command to correct the error."
3566 #: grpck.8.xml:122(para)
3567 msgid "The commands which operate on the <filename>/etc/group</filename><phrase condition=\"no_gshadow\">file</phrase><phrase condition=\"gshadow\">and <filename>/etc/gshadow</filename> files</phrase> are not able to alter corrupted or duplicated entries. <command>grpck</command> should be used in those circumstances to remove the offending entries."
3570 #: grpck.8.xml:134(para)
3571 msgid "The options which apply to the <command>grpck</command> command are:"
3574 #: grpck.8.xml:141(para)
3575 msgid "Execute the <command>grpck</command> command in read-only mode. This causes all questions regarding changes to be answered <emphasis>no</emphasis> without user intervention."
3578 #: grpck.8.xml:151(para)
3579 msgid "Sort entries in <filename>/etc/group</filename><phrase condition=\"gshadow\">and <filename>/etc/gshadow</filename></phrase> by GID."
3582 #: grpck.8.xml:160(para)
3583 msgid "By default, <command>grpck</command> operates on <filename>/etc/group</filename><phrase condition=\"gshadow\"> and <filename>/etc/gshadow</filename></phrase>. The user may select alternate files with the <emphasis remap=\"I\">group</emphasis><phrase condition=\"no_gshadow\">parameter.</phrase><phrase condition=\"gshadow\">and <emphasis remap=\"I\">shadow</emphasis> parameters.</phrase>"
3586 #: grpck.8.xml:228(para)
3587 msgid "one or more bad group entries"
3590 #: grpck.8.xml:234(para)
3591 msgid "can't open group files"
3594 #: grpck.8.xml:240(para)
3595 msgid "can't lock group files"
3598 #: grpck.8.xml:246(para)
3599 msgid "can't update group files"
3602 #: grpck.8.xml:210(para)
3603 msgid "The <command>grpck</command> command exits with the following values: <placeholder-1/>"
3606 #: grpck.8.xml:255(para)
3607 msgid "<citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <phrase condition=\"gshadow\"><citerefentry><refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>, </citerefentry>, </phrase><citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>pwck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
3610 #: groups.1.xml:34(refentrytitle) groups.1.xml:39(refname) groups.1.xml:45(command)
3614 #: groups.1.xml:40(refpurpose)
3615 msgid "display current group names"
3618 #: groups.1.xml:47(replaceable) chfn.1.xml:58(replaceable)
3622 #: groups.1.xml:54(para)
3623 msgid "The <command>groups</command> command displays the current group names or ID values. If the value does not have a corresponding entry in <filename>/etc/group</filename>, the value will be displayed as the numerical group value. The optional <emphasis remap=\"I\">user</emphasis> parameter will display the groups for the named <emphasis remap=\"I\">user</emphasis>."
3626 #: groups.1.xml:66(para)
3627 msgid "Systems which do not support concurrent group sets will have the information from <filename>/etc/group</filename> reported. The user must use <command>newgrp</command> or <command>sg</command> to change their current real and effective group ID."
3630 #: groups.1.xml:88(para)
3631 msgid "<citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>getgid</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry><refentrytitle>getgroups</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry><refentrytitle>getuid</refentrytitle><manvolnum>2</manvolnum></citerefentry>."
3634 #: groupmod.8.xml:44(refpurpose)
3635 msgid "modify a group definition on the system"
3638 #: groupmod.8.xml:53(replaceable)
3642 #: groupmod.8.xml:59(para)
3643 msgid "The <command>groupmod</command> command modifies the definition of the specified <replaceable>GROUP</replaceable> by modifying the appropriate entry in the group database."
3646 #: groupmod.8.xml:68(para)
3647 msgid "The options which apply to the <command>groupmod</command> command are:"
3650 #: groupmod.8.xml:74(term) groupadd.8.xml:93(term)
3651 msgid "<option>-g</option>, <option>--gid</option><replaceable>GID</replaceable>"
3654 #: groupmod.8.xml:78(para)
3655 msgid "The group ID of the given <replaceable>GROUP</replaceable> will be changed to <replaceable>GID</replaceable>."
3658 #: groupmod.8.xml:82(para)
3659 msgid "The value of <replaceable>GID</replaceable> must be a non-negative decimal integer. This value must be unique, unless the <option>-o</option> option is used. Values between 0 and 999 are typically reserved for system groups."
3662 #: groupmod.8.xml:89(para)
3663 msgid "Any files that have the old group ID and must continue to belong to <replaceable>GROUP</replaceable>, must have their group ID changed manually."
3666 #: groupmod.8.xml:104(term)
3667 msgid "<option>-n</option>, <option>--new-name</option><replaceable>NEW_GROUP</replaceable>"
3670 #: groupmod.8.xml:109(para)
3671 msgid "The name of the group will be changed from <replaceable>GROUP</replaceable> to <replaceable>NEW_GROUP</replaceable> name."
3674 #: groupmod.8.xml:120(para)
3675 msgid "When used with the <option>-g</option> option, allow to change the group <replaceable>GID</replaceable> to a non-unique value."
3678 #: groupmod.8.xml:219(para)
3679 msgid "group name already in use"
3682 #: groupmod.8.xml:183(para)
3683 msgid "The <command>groupmod</command> command exits with the following values: <placeholder-1/>"
3686 #: groupmod.8.xml:234(para)
3687 msgid "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
3690 #: groupmems.8.xml:44(refpurpose)
3691 msgid "administer members of a user's primary group"
3694 #: groupmems.8.xml:51(replaceable) groupmems.8.xml:52(replaceable)
3698 #: groupmems.8.xml:51(arg)
3699 msgid "-a <placeholder-1/>"
3702 #: groupmems.8.xml:52(arg)
3703 msgid "-d <placeholder-1/>"
3706 #: groupmems.8.xml:53(replaceable)
3710 #: groupmems.8.xml:53(arg)
3711 msgid "-g <placeholder-1/>"
3714 #: groupmems.8.xml:54(arg)
3718 #: groupmems.8.xml:61(para)
3719 msgid "The <command>groupmems</command> command allows a user to administer his/her own group membership list without the requirement of superuser privileges. The <command>groupmems</command> utility is for systems that configure its users to be in their own name sake primary group (i.e., guest / guest)."
3722 #: groupmems.8.xml:69(para)
3723 msgid "Only the superuser, as administrator, can use <command>groupmems</command> to alter the memberships of other groups."
3726 #: groupmems.8.xml:76(para)
3727 msgid "The options which apply to the <command>groupmems</command> command are:"
3730 #: groupmems.8.xml:82(term)
3731 msgid "<option>-a</option>, <option>--add</option><replaceable>user_name</replaceable>"
3734 #: groupmems.8.xml:84(para)
3735 msgid "Add an user to the group membership list."
3738 #: groupmems.8.xml:85(para) groupmems.8.xml:101(para) groupmems.8.xml:126(para)
3739 msgid "If the <filename>/etc/gshadow</filename> file exist, and the group has no entry in the <filename>/etc/gshadow</filename> file, a new entry will be created."
3742 #: groupmems.8.xml:93(term)
3743 msgid "<option>-d</option>, <option>--delete</option><replaceable>user_name</replaceable>"
3746 #: groupmems.8.xml:95(para)
3747 msgid "Delete a user from the group membership list."
3750 #: groupmems.8.xml:96(para)
3751 msgid "If the <filename>/etc/gshadow</filename> file exist, the user will be removed from the list of members and administrators of the group."
3754 #: groupmems.8.xml:109(term)
3755 msgid "<option>-g</option>, <option>--group</option><replaceable>group_name</replaceable>"
3758 #: groupmems.8.xml:111(para)
3759 msgid "The superuser can specify which group membership list to modify."
3762 #: groupmems.8.xml:117(term) chage.1.xml:128(term)
3763 msgid "<option>-l</option>, <option>--list</option>"
3766 #: groupmems.8.xml:119(para)
3767 msgid "List the group membership list."
3770 #: groupmems.8.xml:123(term)
3771 msgid "<option>-p</option>, <option>--purge</option>"
3774 #: groupmems.8.xml:125(para)
3775 msgid "Purge all users from the group membership list."
3778 #: groupmems.8.xml:137(title)
3782 #: groupmems.8.xml:138(para)
3783 msgid "The <command>groupmems</command> executable should be in mode <literal>2770</literal> as user <emphasis>root</emphasis> and in group <emphasis>groups</emphasis>. The system administrator can add users to group <emphasis>groups</emphasis> to allow or disallow them using the <command>groupmems</command> utility to manage their own group membership list."
3786 #: groupmems.8.xml:147(programlisting)
3788 msgid "\n\t$ groupadd -r groups\n\t$ chmod 2770 groupmems\n\t$ chown root.groups groupmems\n\t$ groupmems -g groups -a gk4\n "
3791 #: groupmems.8.xml:179(para)
3792 msgid "secure group account information"
3795 #: groupmems.8.xml:187(para)
3796 msgid "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
3799 #: groupdel.8.xml:44(refpurpose)
3800 msgid "delete a group"
3803 #: groupdel.8.xml:58(para)
3804 msgid "The <command>groupdel</command> command modifies the system account files, deleting all entries that refer to <emphasis remap=\"I\">group</emphasis>. The named group must exist."
3807 #: groupdel.8.xml:66(para)
3808 msgid "You may not remove the primary group of any existing user. You must remove the user before you remove the group."
3811 #: groupdel.8.xml:70(para)
3812 msgid "You should manually check all file systems to ensure that no files remain owned by this group."
3815 #: groupdel.8.xml:132(para)
3816 msgid "can't remove user's primary group"
3819 #: groupdel.8.xml:108(para)
3820 msgid "The <command>groupdel</command> command exits with the following values: <placeholder-1/>"
3823 #: groupdel.8.xml:147(para)
3824 msgid "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum></citerefentry>"
3827 #: groupadd.8.xml:47(refpurpose)
3828 msgid "create a new group"
3831 #: groupadd.8.xml:64(para)
3832 msgid "The <command>groupadd</command> command creates a new group account using the values specified on the command line plus the default values from the system. The new group will be entered into the system files as needed."
3835 #: groupadd.8.xml:73(para)
3836 msgid "The options which apply to the <command>groupadd</command> command are:"
3839 #: groupadd.8.xml:83(para)
3840 msgid "This option causes the command to simply exit with success status if the specified group already exists. When used with <option>-g</option>, and the specified GID already exists, another (unique) GID is chosen (i.e. <option>-g</option> is turned off)."
3843 #: groupadd.8.xml:97(para)
3844 msgid "The numerical value of the group's ID. This value must be unique, unless the <option>-o</option> option is used. The value must be non-negative. The default is to use the smallest ID value greater than 999 and greater than every other group. Values between 0 and 999 are typically reserved for system accounts."
3847 #: groupadd.8.xml:117(para)
3848 msgid "Overrides <filename>/etc/login.defs</filename> defaults (GID_MIN, GID_MAX and others). Multiple <option>-K</option> options can be specified."
3851 #: groupadd.8.xml:122(para)
3852 msgid "Example: <option>-K </option><replaceable>GID_MIN</replaceable>=<replaceable>100</replaceable><option>-K </option><replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable>"
3855 #: groupadd.8.xml:126(para)
3856 msgid "Note: <option>-K </option><replaceable>GID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable> doesn't work yet."
3859 #: groupadd.8.xml:138(para)
3860 msgid "This option permits to add a group with a non-unique GID."
3863 #: groupadd.8.xml:170(para)
3864 msgid "Create a system group."
3867 #: groupadd.8.xml:173(para)
3868 msgid "The numeric identifiers of new system groups are choosen in the <option>SYS_GID_MIN</option>-<option>SYS_GID_MAX</option> range, defined in <filename>login.defs</filename>, instead of <option>GID_MIN</option>-<option>GID_MAX</option>."
3871 #: groupadd.8.xml:224(para)
3872 msgid "Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes. They can end with a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?"
3875 #: groupadd.8.xml:230(para)
3876 msgid "Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long."
3879 #: groupadd.8.xml:233(para)
3880 msgid "You may not add a NIS or LDAP group. This must be performed on the corresponding server."
3883 #: groupadd.8.xml:237(para)
3884 msgid "If the groupname already exists in an external group database such as NIS or LDAP, <command>groupadd</command> will deny the group creation request."
3887 #: groupadd.8.xml:270(para)
3888 msgid "GID not unique (when <option>-o</option> not used)"
3891 #: groupadd.8.xml:276(para)
3892 msgid "group name not unique"
3895 #: groupadd.8.xml:246(para)
3896 msgid "The <command>groupadd</command> command exits with the following values: <placeholder-1/>"
3899 #: groupadd.8.xml:291(para)
3900 msgid "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
3903 #: gpasswd.1.xml:49(phrase)
3904 msgid "administer <placeholder-1/>"
3907 #: gpasswd.1.xml:52(phrase)
3908 msgid "administer <placeholder-1/> and <placeholder-2/>"
3911 #: gpasswd.1.xml:63(replaceable)
3915 #: gpasswd.1.xml:73(para)
3916 msgid "The <command>gpasswd</command> command is used to administer <filename>/etc/group</filename><phrase condition=\"gshadow\">, and <filename>/etc/gshadow</filename></phrase>. Every group can have <phrase condition=\"gshadow\">administrators,</phrase> members and a password."
3919 #: gpasswd.1.xml:81(para)
3920 msgid "System administrators can use the <option>-A</option> option to define group administrator(s) and the <option>-M</option> option to define members. They have all rights of group administrators and members."
3923 #: gpasswd.1.xml:86(para)
3924 msgid "<command>gpasswd</command> called by <phrase condition=\"gshadow\">a group administrator</phrase><phrase condition=\"no_gshadow\">a system administrator</phrase> with a group name only prompts for the new password of the <replaceable>group</replaceable>."
3927 #: gpasswd.1.xml:93(para)
3928 msgid "If a password is set the members can still use <citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum></citerefentry> without a password, and non-members must supply the password."
3931 #: gpasswd.1.xml:101(title)
3932 msgid "Notes about group passwords"
3935 #: gpasswd.1.xml:102(para)
3936 msgid "Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users."
3939 #: gpasswd.1.xml:113(para)
3940 msgid "Except for the <option>-A</option> and <option>-M</option> options, the options cannot be combined."
3943 #: gpasswd.1.xml:117(para)
3944 msgid "The options cannot be combined."
3947 #: gpasswd.1.xml:120(para)
3948 msgid "The options which apply to the <command>gpasswd</command> command are:"
3951 #: gpasswd.1.xml:125(term)
3952 msgid "<option>-a</option>, <option>--add</option><replaceable>user</replaceable>"
3955 #: gpasswd.1.xml:129(para)
3956 msgid "Add the <replaceable>user</replaceable> to the named <replaceable>group</replaceable>."
3959 #: gpasswd.1.xml:138(term)
3960 msgid "<option>-d</option>, <option>--delete</option><replaceable>user</replaceable>"
3963 #: gpasswd.1.xml:142(para)
3964 msgid "Remove the <replaceable>user</replaceable> from the named <replaceable>group</replaceable>."
3967 #: gpasswd.1.xml:151(term)
3968 msgid "<option>-r</option>, <option>--remove-password</option>"
3971 #: gpasswd.1.xml:155(para)
3972 msgid "Remove the password from the named <replaceable>group</replaceable>. Only group members will be allowed to use <command>newgrp</command> to join the named <replaceable>group</replaceable>."
3975 #: gpasswd.1.xml:166(term)
3976 msgid "<option>-R</option>, <option>--restrict</option>"
3979 #: gpasswd.1.xml:170(para)
3980 msgid "Restrict the access to the named <replaceable>group</replaceable>. Only group members will be allowed to use <command>newgrp</command> to join the named <replaceable>group</replaceable>."
3983 #: gpasswd.1.xml:181(term)
3984 msgid "<option>-A</option>, <option>--administrators</option><replaceable>user</replaceable>,..."
3987 #: gpasswd.1.xml:185(para)
3988 msgid "Set the list of administrative users."
3991 #: gpasswd.1.xml:193(term)
3992 msgid "<option>-M</option>, <option>--members</option><replaceable>user</replaceable>,..."
3995 #: gpasswd.1.xml:197(para)
3996 msgid "Set the list of group members."
3999 #: gpasswd.1.xml:207(para)
4000 msgid "This tool only operates on the <filename>/etc/group</filename><phrase condition=\"gshadow\"> and <filename>/etc/gshadow</filename> files.</phrase><phrase condition=\"no_gshadow\">file.</phrase> Thus you cannot change any NIS or LDAP group. This must be performed on the corresponding server."
4003 #: gpasswd.1.xml:252(para)
4004 msgid "<citerefentry><refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>group</refentrytitle><manvolnum>5</manvolnum></citerefentry><phrase condition=\"gshadow\">, <citerefentry><refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum></citerefentry></phrase>."
4007 #: faillog.8.xml:34(refentrytitle) faillog.8.xml:39(refname) faillog.8.xml:45(command) faillog.5.xml:34(refentrytitle) faillog.5.xml:39(refname) faillog.5.xml:86(refentrytitle)
4011 #: faillog.8.xml:40(refpurpose)
4012 msgid "display faillog records or set login failure limits"
4015 #: faillog.8.xml:54(para)
4016 msgid "<command>faillog</command> displays the contents of the failure log database (<filename>/var/log/faillog</filename>). It can also set the failure counters and limits. When <command>faillog</command> is run without arguments, it only displays the faillog records of the users who had a login failure."
4019 #: faillog.8.xml:65(para)
4020 msgid "The options which apply to the <command>faillog</command> command are:"
4023 #: faillog.8.xml:73(para)
4024 msgid "Display (or act on) faillog records for all users having an entry in the <filename>faillog</filename> database."
4027 #: faillog.8.xml:86(term)
4028 msgid "<option>-l</option>, <option>--lock-time</option><replaceable>SEC</replaceable>"
4031 #: faillog.8.xml:91(para)
4032 msgid "Lock account for <replaceable>SEC</replaceable> seconds after failed login."
4035 #: faillog.8.xml:95(para) faillog.8.xml:121(para) faillog.8.xml:133(para)
4036 msgid "Write access to <filename>/var/log/faillog</filename> is required for this option."
4039 #: faillog.8.xml:102(term)
4040 msgid "<option>-m</option>, <option>--maximum</option><replaceable>MAX</replaceable>"
4043 #: faillog.8.xml:107(para)
4044 msgid "Set the maximum number of login failures after the account is disabled to <replaceable>MAX</replaceable>."
4047 #: faillog.8.xml:111(para)
4048 msgid "Selecting a <replaceable>MAX</replaceable> value of 0 has the effect of not placing a limit on the number of failed logins."
4051 #: faillog.8.xml:116(para)
4052 msgid "The maximum failure count should always be 0 for <emphasis>root</emphasis> to prevent a denial of services attack against the system."
4055 #: faillog.8.xml:128(term)
4056 msgid "<option>-r</option>, <option>--reset</option>"
4059 #: faillog.8.xml:130(para)
4060 msgid "Reset the counters of login failures."
4063 #: faillog.8.xml:144(para)
4064 msgid "Display faillog records more recent than <replaceable>DAYS</replaceable>."
4067 #: faillog.8.xml:156(para)
4068 msgid "Display faillog record or maintains failure counters and limits (if used with <option>-l</option>, <option>-m</option> or <option>-r</option> options) only for the specified user(s)."
4071 #: faillog.8.xml:174(para)
4072 msgid "When none of the <option>-l</option>, <option>-m</option>, or <option>-r</option> options are used, <command>faillog</command> displays the faillog record of the specified user(s)."
4075 #: faillog.8.xml:179(para)
4076 msgid "NOTE: in display mode, only the records of users which currently exist in the system are displayed. In the other modes (when the <option>-l</option>, <option>-m</option>, or <option>-r</option> options are used), the records of the user, or the range of users, or all the users that may have an entry in the faillog database will be changed. This is useful to reset records of users that have been deleted or set a policy in advance for a range of users."
4079 #: faillog.8.xml:192(para)
4080 msgid "<command>faillog</command> only prints out users with no successful login since the last failure. To print out a user who has had a successful login since their last failure, you must explicitly request the user with the <option>-u</option> flag, or print out all users with the <option>-a</option> flag."
4083 #: faillog.8.xml:205(filename) faillog.5.xml:74(filename)
4084 msgid "/var/log/faillog"
4087 #: faillog.8.xml:207(para) faillog.5.xml:76(para)
4088 msgid "Failure logging file."
4091 #: faillog.8.xml:215(para)
4092 msgid "<citerefentry><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>faillog</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
4095 #: faillog.5.xml:40(refpurpose)
4096 msgid "login failure logging file"
4099 #: faillog.5.xml:45(para)
4100 msgid "<filename>/var/log/faillog</filename> maintains a count of login failures and the limits for each account."
4103 #: faillog.5.xml:49(para)
4104 msgid "The file contains fixed length records, indexed by numerical UID. Each record contains the count of login failures since the last successful login; the maximum number of failures before the account is disabled; the line on whiche the last login failure occurred; the date of the last login failure; and the duration (in seconds) during which the account will be locked after a failure."
4107 #: faillog.5.xml:59(para)
4108 msgid "The structure of the file is:"
4111 #: faillog.5.xml:60(programlisting)
4113 msgid "\nstruct\tfaillog {\n\tshort fail_cnt;\n\tshort fail_max;\n\tchar fail_line[12];\n\ttime_t fail_time;\n\tlong fail_locktime;\n};"
4116 #: expiry.1.xml:41(refentrytitle) expiry.1.xml:46(refname) expiry.1.xml:52(command)
4120 #: expiry.1.xml:47(refpurpose)
4121 msgid "check and enforce password expiration policy"
4124 #: expiry.1.xml:60(para)
4125 msgid "The <command>expiry</command> command checks (<option>-c</option>) the current password expiration and forces (<option>-f</option>) changes when required. It is callable as a normal user command."
4128 #: expiry.1.xml:87(para) chage.1.xml:262(para)
4129 msgid "<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
4132 #: chsh.1.xml:46(refpurpose)
4133 msgid "change login shell"
4136 #: chsh.1.xml:63(para)
4137 msgid "The <command>chsh</command> command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change the login shell for her own account, the superuser may change the login shell for any account."
4140 #: chsh.1.xml:74(para)
4141 msgid "The options which apply to the <command>chsh</command> command are:"
4144 #: chsh.1.xml:96(para)
4145 msgid "If the <option>-s</option> option is not selected, <command>chsh</command> operates in an interactive fashion, prompting the user with the current login shell. Enter the new value to change the shell, or leave the line blank to use the current one. The current shell is displayed between a pair of <emphasis>[ ]</emphasis> marks."
4148 #: chsh.1.xml:107(para)
4149 msgid "The only restriction placed on the login shell is that the command name must be listed in <filename>/etc/shells</filename>, unless the invoker is the superuser, and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing <filename>/bin/rsh</filename> in <filename>/etc/shells</filename> is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value."
4152 #: chsh.1.xml:142(filename)
4156 #: chsh.1.xml:144(para)
4157 msgid "List of valid login shells."
4160 #: chsh.1.xml:158(para)
4161 msgid "<citerefentry><refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
4164 #: chpasswd.8.xml:47(refpurpose)
4165 msgid "update passwords in batch mode"
4168 #: chpasswd.8.xml:61(para)
4169 msgid "The <command>chpasswd</command> command reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. Each line is of the format:"
4172 #: chpasswd.8.xml:66(para)
4173 msgid "<emphasis remap=\"I\">user_name</emphasis>:<emphasis remap=\"I\">password</emphasis>"
4176 #: chpasswd.8.xml:71(para)
4177 msgid "By default the supplied password must be in clear-text, and is encrypted by <command>chpasswd</command>. Also the password age will be updated, if present."
4180 #: chpasswd.8.xml:76(para) chgpasswd.8.xml:75(para)
4181 msgid "The default encryption algorithm can be defined for the system with the ENCRYPT_METHOD variable of <filename>/etc/login.defs</filename>, and can be overwiten with the <option>-e</option>, <option>-m</option>, or <option>-c</option> options."
4184 #: chpasswd.8.xml:82(para)
4185 msgid "<command>chpasswd</command> first update the password in memory, and then commit all the changes to disk if no errors occured for any users."
4188 #: chpasswd.8.xml:89(para)
4189 msgid "The supplied passwords must be in clear-text."
4192 #: chpasswd.8.xml:92(para)
4193 msgid "PAM is used to update the password in the system database according to the PAM chpasswd configuration."
4196 #: chpasswd.8.xml:96(para)
4197 msgid "When <command>chpasswd</command> fails to update a password, it continues updating the passwords of the next users, and will return an error code on exit."
4200 #: chpasswd.8.xml:102(para) chgpasswd.8.xml:81(para)
4201 msgid "This command is intended to be used in a large system environment where many accounts are created at a single time."
4204 #: chpasswd.8.xml:110(para)
4205 msgid "The options which apply to the <command>chpasswd</command> command are:"
4208 #: chpasswd.8.xml:119(para) chgpasswd.8.xml:98(para)
4209 msgid "The available methods are DES, MD5, and NONE."
4212 #: chpasswd.8.xml:129(term) chgpasswd.8.xml:108(term)
4213 msgid "<option>-e</option>, <option>--encrypted</option>"
4216 #: chpasswd.8.xml:131(para) chgpasswd.8.xml:110(para)
4217 msgid "Supplied passwords are in encrypted form."
4220 #: chpasswd.8.xml:145(term) chgpasswd.8.xml:120(term)
4221 msgid "<option>-m</option>, <option>--md5</option>"
4224 #: chpasswd.8.xml:147(para) chgpasswd.8.xml:122(para)
4225 msgid "Use MD5 encryption instead of DES when the supplied passwords are not encrypted."
4228 #: chpasswd.8.xml:183(para) chgpasswd.8.xml:158(para)
4229 msgid "Remember to set permissions or umask to prevent readability of unencrypted files by other users."
4232 #: chpasswd.8.xml:229(filename)
4233 msgid "/etc/pam.d/chpasswd"
4236 #: chpasswd.8.xml:231(para)
4237 msgid "PAM configuration for <command>chpasswd</command>."
4240 #: chpasswd.8.xml:239(para)
4241 msgid "<citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>newusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <phrase condition=\"no_pam\"><citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, </phrase><citerefentry><refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum></citerefentry>."
4244 #: chgpasswd.8.xml:48(refpurpose)
4245 msgid "update group passwords in batch mode"
4248 #: chgpasswd.8.xml:62(para)
4249 msgid "The <command>chgpasswd</command> command reads a list of group name and password pairs from standard input and uses this information to update a set of existing groups. Each line is of the format:"
4252 #: chgpasswd.8.xml:67(para)
4253 msgid "<emphasis remap=\"I\">group_name</emphasis>:<emphasis remap=\"I\">password</emphasis>"
4256 #: chgpasswd.8.xml:71(para)
4257 msgid "By default the supplied password must be in clear-text, and is encrypted by <command>chgpasswd</command>."
4260 #: chgpasswd.8.xml:89(para)
4261 msgid "The options which apply to the <command>chgpasswd</command> command are:"
4264 #: chgpasswd.8.xml:209(para)
4265 msgid "<citerefentry><refentrytitle>gpasswd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
4268 #: chfn.1.xml:47(refpurpose)
4269 msgid "change real user name and information"
4272 #: chfn.1.xml:53(replaceable)
4276 #: chfn.1.xml:53(arg)
4277 msgid "-f <placeholder-1/>"
4280 #: chfn.1.xml:54(replaceable)
4284 #: chfn.1.xml:55(replaceable)
4288 #: chfn.1.xml:55(arg)
4289 msgid "-w <placeholder-1/>"
4292 #: chfn.1.xml:56(replaceable)
4296 #: chfn.1.xml:57(replaceable)
4300 #: chfn.1.xml:57(arg)
4301 msgid "-o <placeholder-1/>"
4304 #: chfn.1.xml:64(para)
4305 msgid "The <command>chfn</command> command changes user fullname, office number, office extension, and home phone number information for a user's account. This information is typically printed by <citerefentry><refentrytitle>finger</refentrytitle><manvolnum>1</manvolnum></citerefentry> and similar programs. A normal user may only change the fields for her own account, subject to the restrictions in <filename>/etc/login.defs</filename>. (The default configuration is to prevent users from changing their fullname.) The superuser may change any field for any account. Additionally, only the superuser may use the <option>-o</option> option to change the undefined portions of the GECOS field."
4308 #: chfn.1.xml:78(para)
4309 msgid "These fields must not contain any colons. Except for the <emphasis remap=\"I\">other</emphasis> field, they should not contain any comma or equal sign. It is also recommended to avoid non-US-ASCII characters, but this is only enforced for the phone numbers. The <emphasis remap=\"I\">other</emphasis> field is used to store accounting information used by other applications."
4312 #: chfn.1.xml:87(para)
4313 msgid "If none of the options are selected, <command>chfn</command> operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of <emphasis remap=\"B\">[ ]</emphasis> marks. Without options, <command>chfn</command> prompts for the current user account."
4316 #: chfn.1.xml:132(para)
4317 msgid "<citerefentry><refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>."
4320 #: chage.1.xml:34(refentrytitle) chage.1.xml:39(refname) chage.1.xml:44(command)
4324 #: chage.1.xml:40(refpurpose)
4325 msgid "change user password expiry information"
4328 #: chage.1.xml:56(para)
4329 msgid "The <command>chage</command> command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password."
4332 #: chage.1.xml:66(para)
4333 msgid "The options which apply to the <command>chage</command> command are:"
4336 #: chage.1.xml:71(term)
4337 msgid "<option>-d</option>, <option>--lastday</option><replaceable>LAST_DAY</replaceable>"
4340 #: chage.1.xml:75(para)
4341 msgid "Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area)."
4344 #: chage.1.xml:83(term)
4345 msgid "<option>-E</option>, <option>--expiredate</option><replaceable>EXPIRE_DATE</replaceable>"
4348 #: chage.1.xml:87(para)
4349 msgid "Set the date or number of days since January 1, 1970 on which the user's account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again."
4352 #: chage.1.xml:95(para)
4353 msgid "Passing the number <emphasis remap=\"I\">-1</emphasis> as the <replaceable>EXPIRE_DATE</replaceable> will remove an account expiration date."
4356 #: chage.1.xml:109(term)
4357 msgid "<option>-I</option>, <option>--inactive</option><replaceable>INACTIVE</replaceable>"
4360 #: chage.1.xml:113(para)
4361 msgid "Set the number of days of inactivity after a password has expired before the account is locked. The <replaceable>INACTIVE</replaceable> option is the number of days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again."
4364 #: chage.1.xml:120(para)
4365 msgid "Passing the number <emphasis remap=\"I\">-1</emphasis> as the <replaceable>INACTIVE</replaceable> will remove an account's inactivity."
4368 #: chage.1.xml:132(para)
4369 msgid "Show account aging information."
4372 #: chage.1.xml:138(term)
4373 msgid "<option>-m</option>, <option>--mindays</option><replaceable>MIN_DAYS</replaceable>"
4376 #: chage.1.xml:150(term)
4377 msgid "<option>-M</option>, <option>--maxdays</option><replaceable>MAX_DAYS</replaceable>"
4380 #: chage.1.xml:154(para)
4381 msgid "Set the maximum number of days during which a password is valid. When <replaceable>MAX_DAYS</replaceable> plus <replaceable>LAST_DAY</replaceable> is less than the current day, the user will be required to change his/her password before being able to use his/her account. This occurrence can be planned for in advance by use of the <option>-W</option> option, which provides the user with advance warning."
4384 #: chage.1.xml:163(para)
4385 msgid "Passing the number <emphasis remap=\"I\">-1</emphasis> as <replaceable>MAX_DAYS</replaceable> will remove checking a password's validity."
4388 #: chage.1.xml:171(term)
4389 msgid "<option>-W</option>, <option>--warndays</option><replaceable>WARN_DAYS</replaceable>"
4392 #: chage.1.xml:175(para)
4393 msgid "Set the number of days of warning before a password change is required. The <replaceable>WARN_DAYS</replaceable> option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire."
4396 #: chage.1.xml:184(para)
4397 msgid "If none of the options are selected, <command>chage</command> operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of <emphasis>[ ]</emphasis> marks."
4400 #: chage.1.xml:194(para)
4401 msgid "The <command>chage</command> program requires a shadow password file to be available."
4404 #: chage.1.xml:198(para)
4405 msgid "The <command>chage</command> command is restricted to the root user, except for the <option>-l</option> option, which may be used by an unprivileged user to determine when his/her password or account is due to expire."
4408 #: chage.1.xml:251(replaceable)
4412 #: chage.1.xml:253(para)
4413 msgid "can't find the shadow password file"
4416 #: chage.1.xml:229(para)
4417 msgid "The <command>chage</command> command exits with the following values: <placeholder-1/>"
4420 #. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
4421 #: chage.1.xml:0(None)
4422 msgid "translator-credits"