horok/shadow
1
0
Fork 0
Code Activity
shadow/man/man8/pwconv.8
Daniel Baumann 09a180ea01
Adding upstream version 1:4.17.4. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-22 05:06:56 +02:00

193 lines
5.7 KiB
Groff
Raw Permalink Blame History

'\" t
.\" Title: pwconv
.\" Author: Marek Michałkiewicz
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date: 03/19/2025
.\" Manual: System Management Commands
.\" Source: shadow-utils 4.17.4
.\" Language: English
.\"
.TH "PWCONV" "8" "03/19/2025" "shadow\-utils 4\&.17\&.4" "System Management Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pwconv, pwunconv, grpconv, grpunconv \- convert to and from shadow passwords and groups
.SH "SYNOPSIS"
.HP \w'\fBpwconv\fR\ 'u
\fBpwconv\fR [\fIoptions\fR]
.HP \w'\fBpwunconv\fR\ 'u
\fBpwunconv\fR [\fIoptions\fR]
.HP \w'\fBgrpconv\fR\ 'u
\fBgrpconv\fR [\fIoptions\fR]
.HP \w'\fBgrpunconv\fR\ 'u
\fBgrpunconv\fR [\fIoptions\fR]
.SH "DESCRIPTION"
.PP
The
\fBpwconv\fR
command creates
\fIshadow\fR
from
\fIpasswd\fR
and an optionally existing
\fIshadow\fR\&.
.PP
The
\fBpwunconv\fR
command creates
\fIpasswd\fR
from
\fIpasswd\fR
and
\fIshadow\fR
and then removes
\fIshadow\fR\&.
.PP
The
\fBgrpconv\fR
command creates
\fIgshadow\fR
from
\fIgroup\fR
and an optionally existing
\fIgshadow\fR\&.
.PP
The
\fBgrpunconv\fR
command creates
\fIgroup\fR
from
\fIgroup\fR
and
\fIgshadow\fR
and then removes
\fIgshadow\fR\&.
.PP
These four programs all operate on the normal and shadow password and group files:
/etc/passwd,
/etc/group,
/etc/shadow, and
/etc/gshadow\&.
.PP
Each program acquires the necessary locks before conversion\&.
\fBpwconv\fR
and
\fBgrpconv\fR
are similar\&. First, entries in the shadowed file which don\*(Aqt exist in the main file are removed\&. Then, shadowed entries which don\*(Aqt have `x\*(Aq as the password in the main file are updated\&. Any missing shadowed entries are added\&. Finally, passwords in the main file are replaced with `x\*(Aq\&. These programs can be used for initial conversion as well to update the shadowed file if the main file is edited by hand\&.
.PP
\fBpwconv\fR
will use the values of
\fIPASS_MIN_DAYS\fR,
\fIPASS_MAX_DAYS\fR, and
\fIPASS_WARN_AGE\fR
from
/etc/login\&.defs
when adding new entries to
/etc/shadow\&.
.PP
Likewise
\fBpwunconv\fR
and
\fBgrpunconv\fR
are similar\&. Passwords in the main file are updated from the shadowed file\&. Entries which exist in the main file but not in the shadowed file are left alone\&. Finally, the shadowed file is removed\&. Some password aging information is lost by
\fBpwunconv\fR\&. It will convert what it can\&.
.SH "OPTIONS"
.PP
The options which apply to the
\fBpwconv\fR,
\fBpwunconv\fR,
\fBgrpconv\fR, and
\fBgrpunconv\fR
commands are:
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
Display help message and exit\&.
.RE
.PP
\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
.RS 4
Apply changes in the
\fICHROOT_DIR\fR
directory and use the configuration files from the
\fICHROOT_DIR\fR
directory\&. Only absolute paths are supported\&.
.RE
.SH "BUGS"
.PP
Errors in the password or group files (such as invalid or duplicate entries) may cause these programs to loop forever or fail in other strange ways\&. Please run
\fBpwck\fR
and
\fBgrpck\fR
to correct any such errors before converting to or from shadow passwords or groups\&.
.SH "CONFIGURATION"
.PP
The following configuration variable in
/etc/login\&.defs
changes the behavior of
\fBgrpconv\fR
and
\fBgrpunconv\fR:
.PP
\fBMAX_MEMBERS_PER_GROUP\fR (number)
.RS 4
Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
/etc/group
(with the same name, same password, and same GID)\&.
.sp
The default value is 0, meaning that there are no limits in the number of members in a group\&.
.sp
This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
.sp
If you need to enforce such limit, you can use 25\&.
.sp
Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
.RE
.PP
The following configuration variables in
/etc/login\&.defs
change the behavior of
\fBpwconv\fR:
.PP
\fBPASS_MAX_DAYS\fR (number)
.RS 4
The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&.
.RE
.PP
\fBPASS_MIN_DAYS\fR (number)
.RS 4
The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, 0 will be assumed (which disables the restriction)\&.
.RE
.PP
\fBPASS_WARN_AGE\fR (number)
.RS 4
The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a value of \-1 means no warning is given\&. If not specified, no warning will be provided\&.
.RE
.SH "FILES"
.PP
/etc/login\&.defs
.RS 4
Shadow password suite configuration\&.
.RE
.SH "SEE ALSO"
.PP
\fBgrpck\fR(8),
\fBlogin.defs\fR(5),
\fBpwck\fR(8)\&.
View git blame Copy permalink