diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:50:00 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:50:00 +0000 |
commit | 333f7ecfa3e040191c66b2b92f6c117ca2cbac1d (patch) | |
tree | 178a8f140927896970f47930dae9213161268f10 /man/fr/man5/login.defs.5 | |
parent | Initial commit. (diff) | |
download | shadow-upstream.tar.xz shadow-upstream.zip |
Adding upstream version 1:4.8.1.upstream/1%4.8.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | man/fr/man5/login.defs.5 | 854 |
1 files changed, 854 insertions, 0 deletions
diff --git a/man/fr/man5/login.defs.5 b/man/fr/man5/login.defs.5 new file mode 100644 index 0000000..d1f923b --- /dev/null +++ b/man/fr/man5/login.defs.5 @@ -0,0 +1,854 @@ +'\" t +.\" Title: login.defs +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 23/01/2020 +.\" Manual: Formats et conversions de fichiers +.\" Source: shadow-utils 4.8.1 +.\" Language: French +.\" +.TH "LOGIN\&.DEFS" "5" "23/01/2020" "shadow\-utils 4\&.8\&.1" "Formats et conversions de fich" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NOM" +login.defs \- configuration de la suite des mots de passe cach\('es \(Fo\ \&shadow password\ \&\(Fc +.SH "DESCRIPTION" +.PP +The +/etc/login\&.defs +file defines the site\-specific configuration for the shadow password suite\&. This file is required\&. Absence of this file will not prevent system operation, but will probably result in undesirable operation\&. +.PP +Ce fichier est un fichier texte, dont chaque ligne d\('ecrit un param\(`etre de configuration\&. Les lignes consistent en un nom et une valeur, s\('epar\('es par une espace\&. Les lignes blanches et les lignes de commentaires sont ignor\('ees\&. Les commentaires commencent par un caract\(`ere \(Fo\ \&#\ \&\(Fc, qui doit \(^etre le premier caract\(`ere non blanc de la ligne\&. +.PP +Parameter values may be of four types: strings, booleans, numbers, and long numbers\&. A string is comprised of any printable characters\&. A boolean should be either the value +\fIyes\fR +or +\fIno\fR\&. An undefined boolean parameter or one with a value other than these will be given a +\fIno\fR +value\&. Numbers (both regular and long) may be either decimal values, octal values (precede the value with +\fI0\fR) or hexadecimal values (precede the value with +\fI0x\fR)\&. The maximum value of the regular and long numeric parameters is machine\-dependent\&. +.PP +Les param\(`etres de configuration suivants sont fournis\ \&: +.PP +\fBCHFN_AUTH\fR (boolean) +.RS 4 +If +\fIyes\fR, the +\fBchfn\fR +program will require authentication before making any changes, unless run by the superuser\&. +.RE +.PP +\fBCHFN_RESTRICT\fR (string) +.RS 4 +This parameter specifies which values in the +\fIgecos\fR +field of the +/etc/passwd +file may be changed by regular users using the +\fBchfn\fR +program\&. It can be any combination of letters +\fIf\fR, +\fIr\fR, +\fIw\fR, +\fIh\fR, for Full name, Room number, Work phone, and Home phone, respectively\&. For backward compatibility, +\fIyes\fR +is equivalent to +\fIrwh\fR +and +\fIno\fR +is equivalent to +\fIfrwh\fR\&. If not specified, only the superuser can make any changes\&. The most restrictive setting is better achieved by not installing +\fBchfn\fR +SUID\&. +.RE +.PP +\fBCHSH_AUTH\fR (boolean) +.RS 4 +If +\fIyes\fR, the +\fBchsh\fR +program will require authentication before making any changes, unless run by the superuser\&. +.RE +.PP +\fBCONSOLE\fR (string) +.RS 4 +Si d\('efinie, soit un chemin complet du fichier contenant les noms de p\('eriph\('eriques (un par ligne), soit une liste de noms du p\('eriph\('erique d\('elimit\('ee par des \(Fo\ \&:\ \&\(Fc\&. Les connexions d\*(Aqun administrateur ne seront autoris\('ees que depuis ces p\('eriph\('eriques\&. +.sp +S\*(Aqil n\*(Aqest pas d\('efini, root pourra se connecter depuis n\*(Aqimporte quel p\('eriph\('erique\&. +.sp +Le p\('eriph\('erique doit \(^etre pr\('ecis\('e sans le pr\('efixe /dev/\&. +.RE +.PP +\fBCONSOLE_GROUPS\fR (string) +.RS 4 +List of groups to add to the user\*(Aqs supplementary groups set when logging in on the console (as determined by the CONSOLE setting)\&. Default is none\&. + +Use with caution \- it is possible for users to gain permanent access to these groups, even when not logged in on the console\&. +.RE +.PP +\fBCREATE_HOME\fR (boolean) +.RS 4 +Indiquer si un r\('epertoire personnel doit \(^etre cr\('e\('e par d\('efaut pour les nouveaux utilisateurs\&. +.sp +Ce r\('eglage ne s\*(Aqapplique pas pour les utilisateurs syst\(`eme, et peut \(^etre annul\('e sur la ligne de commande\&. +.RE +.PP +\fBDEFAULT_HOME\fR (boolean) +.RS 4 +Indiquer si la connexion est permise si on ne peut pas acc\('eder au r\('epertoire personnel\&. Le r\('eglage par d\('efaut est \(Fo\ \&no\ \&\(Fc\&. +.sp +If set to +\fIyes\fR, the user will login in the root (/) directory if it is not possible to cd to her home directory\&. +.RE +.PP +\fBENCRYPT_METHOD\fR (string) +.RS 4 +D\('efinir les algorithmes de chiffrement par d\('efaut du syst\(`eme pour coder les mots de passes (si aucun algorithme n\*(Aqa \('et\('e indiqu\('e sur la ligne de commandes)\&. +.sp +It can take one of these values: +\fIDES\fR +(default), +\fIMD5\fR, \fISHA256\fR, \fISHA512\fR\&. +.sp +Note: this parameter overrides the +\fBMD5_CRYPT_ENAB\fR +variable\&. +.RE +.PP +\fBENV_HZ\fR (string) +.RS 4 +If set, it will be used to define the HZ environment variable when a user login\&. The value must be preceded by +\fIHZ=\fR\&. A common value on Linux is +\fIHZ=100\fR\&. +.RE +.PP +\fBENV_PATH\fR (string) +.RS 4 +If set, it will be used to define the PATH environment variable when a regular user login\&. The value is a colon separated list of paths (for example +\fI/bin:/usr/bin\fR) and can be preceded by +\fIPATH=\fR\&. The default value is +\fIPATH=/bin:/usr/bin\fR\&. +.RE +.PP +\fBENV_SUPATH\fR (string) +.RS 4 +If set, it will be used to define the PATH environment variable when the superuser login\&. The value is a colon separated list of paths (for example +\fI/sbin:/bin:/usr/sbin:/usr/bin\fR) and can be preceded by +\fIPATH=\fR\&. The default value is +\fIPATH=/sbin:/bin:/usr/sbin:/usr/bin\fR\&. +.RE +.PP +\fBENV_TZ\fR (string) +.RS 4 +If set, it will be used to define the TZ environment variable when a user login\&. The value can be the name of a timezone preceded by +\fITZ=\fR +(for example +\fITZ=CST6CDT\fR), or the full path to the file containing the timezone specification (for example +/etc/tzname)\&. +.sp +If a full path is specified but the file does not exist or cannot be read, the default is to use +\fITZ=CST6CDT\fR\&. +.RE +.PP +\fBENVIRON_FILE\fR (string) +.RS 4 +Si ce fichier existe et est lisible, l\*(Aqenvironnement de connexion sera lu \(`a\ \& partir de lui\&. Chaque ligne doit \(^etre sous la forme nom=valeur\&. +.sp +Les lignes commen\(,cant par un \(Fo\ \&#\ \&\(Fc sont consid\('er\('ees comme des commentaires, et sont ignor\('ees\&. +.RE +.PP +\fBERASECHAR\fR (number) +.RS 4 +Terminal ERASE character (\fI010\fR += backspace, +\fI0177\fR += DEL)\&. +.sp +La valeur peut \(^etre pr\('efix\('ee par \(Fo\ \&0\ \&\(Fc pour une valeur octale, ou \(Fo\ \&0x\ \&\(Fc pour une valeur hexad\('ecimale\&. +.RE +.PP +\fBFAIL_DELAY\fR (number) +.RS 4 +Le d\('elai en secondes avant qu\*(Aqun nouvel essai soit permis apr\(`es un \('echec de connexion\&. +.RE +.PP +\fBFAILLOG_ENAB\fR (boolean) +.RS 4 +Enable logging and display of +/var/log/faillog +login failure info\&. +.RE +.PP +\fBFAKE_SHELL\fR (string) +.RS 4 +If set, +\fBlogin\fR +will execute this shell instead of the users\*(Aq shell specified in +/etc/passwd\&. +.RE +.PP +\fBFTMP_FILE\fR (string) +.RS 4 +Si d\('efinie, les \('echecs de connexion seront enregistr\('es dans le fichier sous le format utmp +.RE +.PP +\fBGID_MAX\fR (number), \fBGID_MIN\fR (number) +.RS 4 +Range of group IDs used for the creation of regular groups by +\fBuseradd\fR, +\fBgroupadd\fR, or +\fBnewusers\fR\&. +.sp +The default value for +\fBGID_MIN\fR +(resp\&. +\fBGID_MAX\fR) is 1000 (resp\&. 60000)\&. +.RE +.PP +\fBHOME_MODE\fR (number) +.RS 4 +The mode for new home directories\&. If not specified, the +\fBUMASK\fR +is used to create the mode\&. +.sp +\fBuseradd\fR +and +\fBnewusers\fR +use this to set the mode of the home directory they create\&. +.RE +.PP +\fBHUSHLOGIN_FILE\fR (string) +.RS 4 +Si d\('efinie, le fichier peut d\('esactiver tous les affichages habituels durant la s\('equence de connexion\&. Si un nom de chemin complet est sp\('ecifi\('e, alors le mode taiseux sera activ\('e si le nom ou l\*(Aqinterpr\('eteur de commandes de l\*(Aqutilisateur sont trouv\('es dans le fichier\&. Si ce n\*(Aqest pas un nom de chemin complet, alors le mode taiseux sera activ\('e si le fichier existe dans le r\('epertoire personnel de l\*(Aqutilisateur\&. +.RE +.PP +\fBISSUE_FILE\fR (string) +.RS 4 +Si d\('efinie, le fichier sera affich\('e avant chaque invite de connexion\&. +.RE +.PP +\fBKILLCHAR\fR (number) +.RS 4 +Terminal KILL character (\fI025\fR += CTRL/U)\&. +.sp +La valeur peut \(^etre pr\('efix\('ee par \(Fo\ \&0\ \&\(Fc pour une valeur octale, ou \(Fo\ \&0x\ \&\(Fc pour une valeur hexad\('ecimale\&. +.RE +.PP +\fBLASTLOG_ENAB\fR (boolean) +.RS 4 +Activer la journalisation et l\*(Aqaffichage des informations de derni\(`ere connexion de /var/log/lastlog\&. +.RE +.PP +\fBLASTLOG_UID_MAX\fR (number) +.RS 4 +Highest user ID number for which the lastlog entries should be updated\&. As higher user IDs are usually tracked by remote user identity and authentication services there is no need to create a huge sparse lastlog file for them\&. +.sp +No +\fBLASTLOG_UID_MAX\fR +option present in the configuration means that there is no user ID limit for writing lastlog entries\&. +.RE +.PP +\fBLOG_OK_LOGINS\fR (boolean) +.RS 4 +Activer la journalisation des connexions r\('eussies\&. +.RE +.PP +\fBLOG_UNKFAIL_ENAB\fR (boolean) +.RS 4 +Activer l\*(Aqaffichage des noms d\*(Aqutilisateurs inconnus quand les \('echecs de connexions sont enregistr\('es\&. +.sp +Remarque\ \&: la journalisation des noms d\*(Aqutilisateurs inconnus peut \(^etre un probl\(`eme de s\('ecurit\('e si un utilisateur entre son mot de passe au lieu de son nom d\*(Aqutilisateur\&. +.RE +.PP +\fBLOGIN_RETRIES\fR (number) +.RS 4 +Le nombre maximum de tentatives de connexion en cas de mauvais mot de passe\&. +.RE +.PP +\fBLOGIN_STRING\fR (string) +.RS 4 +La cha\(^ine de caract\(`eres utilis\('ee pour l\*(Aqinvite de mot de passe\&. La valeur par d\('efaut est d\*(Aqutiliser "Password: " (\(Fo\ \&mot de passe\ \&:\ \&\(Fc), ou une traduction de cette cha\(^ine\&. Si vous d\('efinissez cette variable, l\*(Aqinvite ne sera pas traduite\&. +.sp +If the string contains +\fI%s\fR, this will be replaced by the user\*(Aqs name\&. +.RE +.PP +\fBLOGIN_TIMEOUT\fR (number) +.RS 4 +Le temps maximum en secondes pour la connexion\&. +.RE +.PP +\fBMAIL_CHECK_ENAB\fR (boolean) +.RS 4 +Activer le contr\(^ole et l\*(Aqaffichage du statut de la bo\(^ite aux lettres durant la connexion\&. +.sp +Vous devriez le d\('esactiver si les fichiers de d\('emarrage de l\*(Aqinterpr\('eteur de commandes v\('erifient d\('ej\(`a la pr\('esence de courriers (\(Fo\ \&mail \-e\ \&\(Fc ou \('equivalent)\&. +.RE +.PP +\fBMAIL_DIR\fR (string) +.RS 4 +R\('epertoire d\*(Aqattente des courriels (\(Fo\ \&mail spool directory\ \&\(Fc)\&. Ce param\(`etre est n\('ecessaire pour manipuler les bo\(^ites \(`a lettres lorsque le compte d\*(Aqun utilisateur est modifi\('e ou supprim\('e\&. S\*(Aqil n\*(Aqest pas sp\('ecifi\('e, une valeur par d\('efaut d\('efinie \(`a la compilation est utilis\('ee\&. +.RE +.PP +\fBMAIL_FILE\fR (string) +.RS 4 +D\('efinir l\*(Aqemplacement des bo\(^ites aux lettres des utilisateurs relativement \(`a leur r\('epertoire personnel\&. +.RE +.PP +The +\fBMAIL_DIR\fR +and +\fBMAIL_FILE\fR +variables are used by +\fBuseradd\fR, +\fBusermod\fR, and +\fBuserdel\fR +to create, move, or delete the user\*(Aqs mail spool\&. +.PP +If +\fBMAIL_CHECK_ENAB\fR +is set to +\fIyes\fR, they are also used to define the +\fBMAIL\fR +environment variable\&. +.PP +\fBMAX_MEMBERS_PER_GROUP\fR (number) +.RS 4 +Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in +/etc/group +(with the same name, same password, and same GID)\&. +.sp +La valeur par d\('efaut est 0, ce qui signifie qu\*(Aqil n\*(Aqy a pas de limites pour le nombre de membres dans un groupe\&. +.sp +Cette fonctionnalit\('e (groupe d\('ecoup\('e) permet de limiter la longueur des lignes dans le fichier de groupes\&. Ceci est utile pour s\*(Aqassurer que les lignes pour les groupes NIS ne sont pas plus grandes que 1024 caract\(`eres\&. +.sp +Si vous avez besoin de configurer cette limite, vous pouvez utiliser 25\&. +.sp +Remarque\ \&: les groupes d\('ecoup\('es ne sont peut\-\(^etre pas pris en charge par tous les outils (m\(^eme dans la suite d\*(Aqoutils Shadow)\&. Vous ne devriez pas utiliser cette variable, sauf si vous en avez vraiment besoin\&. +.RE +.PP +\fBMD5_CRYPT_ENAB\fR (boolean) +.RS 4 +Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to +\fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to +\fIno\fR +if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is +\fIno\fR\&. +.sp +This variable is superseded by the +\fBENCRYPT_METHOD\fR +variable or by any command line option used to configure the encryption algorithm\&. +.sp +This variable is deprecated\&. You should use +\fBENCRYPT_METHOD\fR\&. +.RE +.PP +\fBMOTD_FILE\fR (string) +.RS 4 +Si d\('efinie, liste d\('elimit\('ee par des \(Fo\ \&:\ \&\(Fc de fichiers de \(Fo\ \&message du jour\ \&\(Fc \(`a afficher lors de la connexion\&. +.RE +.PP +\fBNOLOGINS_FILE\fR (string) +.RS 4 +Si d\('efinie, nom de fichier dont la pr\('esence emp\(^echera les connexions de quelqu\*(Aqun d\*(Aqautre que le superutilisateur\&. Le contenu de ces fichiers doit \(^etre un message indiquant pourquoi les connexions sont d\('esactiv\('ees\&. +.RE +.PP +\fBOBSCURE_CHECKS_ENAB\fR (boolean) +.RS 4 +Activer des v\('erifications suppl\('ementaires lors des changements de mot de passe\&. +.RE +.PP +\fBPASS_ALWAYS_WARN\fR (boolean) +.RS 4 +Avertir en cas de mots de passe faibles (mais les accepte quand m\(^eme) si vous \(^etes superutilisateur\&. +.RE +.PP +\fBPASS_CHANGE_TRIES\fR (number) +.RS 4 +Nombre maximum d\*(Aqessais pour changer de mot de passe si refus\('e (trop facile)\&. +.RE +.PP +\fBPASS_MAX_DAYS\fR (number) +.RS 4 +Nombre maximum de jours de validit\('e d\*(Aqun mot de passe\&. Apr\(`es cette dur\('ee, une modification du mot de passe est obligatoire\&. S\*(Aqil n\*(Aqest pas pr\('ecis\('e, la valeur de \-1 est utilis\('ee (ce qui enl\(`eve toute restriction)\&. +.RE +.PP +\fBPASS_MIN_DAYS\fR (number) +.RS 4 +Nombre minimum de jours autoris\('e avant la modification d\*(Aqun mot de passe\&. Toute tentative de modification du mot de passe avant cette dur\('ee est rejet\('ee\&. S\*(Aqil n\*(Aqest pas pr\('ecis\('e, la valeur de \-1 est utilis\('ee (ce qui enl\(`eve toute restriction)\&. +.RE +.PP +\fBPASS_WARN_AGE\fR (number) +.RS 4 +Nombre de jours durant lesquels l\*(Aqutilisateur recevra un avertissement avant que son mot de passe n\*(Aqarrive en fin de validit\('e\&. Une valeur n\('egative signifie qu\*(Aqaucun avertissement n\*(Aqest donn\('e\&. S\*(Aqil n\*(Aqest pas pr\('ecis\('e, aucun avertissement n\*(Aqest donn\('e\&. +.RE +.PP +\fBPASS_MAX_DAYS\fR, +\fBPASS_MIN_DAYS\fR +and +\fBPASS_WARN_AGE\fR +are only used at the time of account creation\&. Any changes to these settings won\*(Aqt affect existing accounts\&. +.PP +\fBPASS_MAX_LEN\fR (number), \fBPASS_MIN_LEN\fR (number) +.RS 4 +Number of significant characters in the password for crypt()\&. +\fBPASS_MAX_LEN\fR +is 8 by default\&. Don\*(Aqt change unless your crypt() is better\&. This is ignored if +\fBMD5_CRYPT_ENAB\fR +set to +\fIyes\fR\&. +.RE +.PP +\fBPORTTIME_CHECKS_ENAB\fR (boolean) +.RS 4 +Enable checking of time restrictions specified in +/etc/porttime\&. +.RE +.PP +\fBQUOTAS_ENAB\fR (boolean) +.RS 4 +Enable setting of resource limits from +/etc/limits +and ulimit, umask, and niceness from the user\*(Aqs passwd gecos field\&. +.RE +.PP +\fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number) +.RS 4 +When +\fBENCRYPT_METHOD\fR +is set to +\fISHA256\fR +or +\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&. +.sp +Avec beaucoup de rounds, il est plus difficile de trouver le mot de passe avec une attaque par force brute\&. Veuillez remarquer que plus de ressources processeur seront n\('ecessaires pour authentifier les utilisateurs\&. +.sp +Si non pr\('ecis\('ee, la libc utilisera le nombre de rounds par d\('efaut (5000)\&. +.sp +Les valeurs doivent \(^etre comprises dans l\*(Aqintervalle 1\ \&000\ \&\-\ \&999\ \&999\ \&999\&. +.sp +If only one of the +\fBSHA_CRYPT_MIN_ROUNDS\fR +or +\fBSHA_CRYPT_MAX_ROUNDS\fR +values is set, then this value will be used\&. +.sp +If +\fBSHA_CRYPT_MIN_ROUNDS\fR +> +\fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&. +.RE +.PP +\fBSULOG_FILE\fR (string) +.RS 4 +Si d\('efinie, les activit\('es de su seront enregistr\('ees dans le fichier\&. +.RE +.PP +\fBSU_NAME\fR (string) +.RS 4 +Si d\('efinie, le nom de la commande \(`a afficher lorsque \(Fo\ \&su \-\ \&\(Fc est ex\('ecut\('ee\&. Par exemple, si elle est d\('efinie \(`a \(Fo\ \&su\ \&\(Fc alors un \(Fo\ \&ps\ \&\(Fc affichera la commande comme \(Fo\ \&\-su\ \&\(Fc\&. Si non d\('efinie, alors \(Fo\ \&ps\ \&\(Fc affichera le nom du shell qui sera en fait ex\('ecut\('e, par exemple quelque chose comme \(Fo\ \&\-sh\ \&\(Fc\&. +.RE +.PP +\fBSU_WHEEL_ONLY\fR (boolean) +.RS 4 +If +\fIyes\fR, the user must be listed as a member of the first gid 0 group in +/etc/group +(called +\fIroot\fR +on most Linux systems) to be able to +\fBsu\fR +to uid 0 accounts\&. If the group doesn\*(Aqt exist or is empty, no one will be able to +\fBsu\fR +to uid 0\&. +.RE +.PP +\fBSUB_GID_MIN\fR (number), \fBSUB_GID_MAX\fR (number), \fBSUB_GID_COUNT\fR (number) +.RS 4 +If +/etc/subuid +exists, the commands +\fBuseradd\fR +and +\fBnewusers\fR +(unless the user already have subordinate group IDs) allocate +\fBSUB_GID_COUNT\fR +unused group IDs from the range +\fBSUB_GID_MIN\fR +to +\fBSUB_GID_MAX\fR +for each new user\&. +.sp +The default values for +\fBSUB_GID_MIN\fR, +\fBSUB_GID_MAX\fR, +\fBSUB_GID_COUNT\fR +are respectively 100000, 600100000 and 65536\&. +.RE +.PP +\fBSUB_UID_MIN\fR (number), \fBSUB_UID_MAX\fR (number), \fBSUB_UID_COUNT\fR (number) +.RS 4 +If +/etc/subuid +exists, the commands +\fBuseradd\fR +and +\fBnewusers\fR +(unless the user already have subordinate user IDs) allocate +\fBSUB_UID_COUNT\fR +unused user IDs from the range +\fBSUB_UID_MIN\fR +to +\fBSUB_UID_MAX\fR +for each new user\&. +.sp +The default values for +\fBSUB_UID_MIN\fR, +\fBSUB_UID_MAX\fR, +\fBSUB_UID_COUNT\fR +are respectively 100000, 600100000 and 65536\&. +.RE +.PP +\fBSYS_GID_MAX\fR (number), \fBSYS_GID_MIN\fR (number) +.RS 4 +Range of group IDs used for the creation of system groups by +\fBuseradd\fR, +\fBgroupadd\fR, or +\fBnewusers\fR\&. +.sp +The default value for +\fBSYS_GID_MIN\fR +(resp\&. +\fBSYS_GID_MAX\fR) is 101 (resp\&. +\fBGID_MIN\fR\-1)\&. +.RE +.PP +\fBSYS_UID_MAX\fR (number), \fBSYS_UID_MIN\fR (number) +.RS 4 +Range of user IDs used for the creation of system users by +\fBuseradd\fR +or +\fBnewusers\fR\&. +.sp +The default value for +\fBSYS_UID_MIN\fR +(resp\&. +\fBSYS_UID_MAX\fR) is 101 (resp\&. +\fBUID_MIN\fR\-1)\&. +.RE +.PP +\fBSYSLOG_SG_ENAB\fR (boolean) +.RS 4 +Enable "syslog" logging of +\fBsg\fR +activity\&. +.RE +.PP +\fBSYSLOG_SU_ENAB\fR (boolean) +.RS 4 +Enable "syslog" logging of +\fBsu\fR +activity \- in addition to sulog file logging\&. +.RE +.PP +\fBTTYGROUP\fR (string), \fBTTYPERM\fR (string) +.RS 4 +The terminal permissions: the login tty will be owned by the +\fBTTYGROUP\fR +group, and the permissions will be set to +\fBTTYPERM\fR\&. +.sp +By default, the ownership of the terminal is set to the user\*(Aqs primary group and the permissions are set to +\fI0600\fR\&. +.sp +\fBTTYGROUP\fR +can be either the name of a group or a numeric group identifier\&. +.sp +If you have a +\fBwrite\fR +program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620\&. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600\&. +.RE +.PP +\fBTTYTYPE_FILE\fR (string) +.RS 4 +Si d\('efinie, fichier qui lie les lignes de tty \(`a la variable d\*(Aqenvironnement TERM\&. Chaque ligne du fichier est dans un format ressemblant \(`a \(Fo\ \&vt100 tty01\ \&\(Fc\&. +.RE +.PP +\fBUID_MAX\fR (number), \fBUID_MIN\fR (number) +.RS 4 +Range of user IDs used for the creation of regular users by +\fBuseradd\fR +or +\fBnewusers\fR\&. +.sp +The default value for +\fBUID_MIN\fR +(resp\&. +\fBUID_MAX\fR) is 1000 (resp\&. 60000)\&. +.RE +.PP +\fBULIMIT\fR (number) +.RS 4 +Default +\fBulimit\fR +value\&. +.RE +.PP +\fBUMASK\fR (number) +.RS 4 +Valeur d\*(Aqinitialisation du masque de permissions\&. S\*(Aqil n\*(Aqest pas pr\('ecis\('e, le masque des permissions sera initialis\('e \(`a 022\&. +.sp +\fBuseradd\fR +and +\fBnewusers\fR +use this mask to set the mode of the home directory they create if +\fBHOME_MODE\fR +is not set\&. +.sp +It is also used by +\fBlogin\fR +to define users\*(Aq initial umask\&. Note that this mask can be overridden by the user\*(Aqs GECOS line (if +\fBQUOTAS_ENAB\fR +is set) or by the specification of a limit with the +\fIK\fR +identifier in +\fBlimits\fR(5)\&. +.RE +.PP +\fBUSERDEL_CMD\fR (string) +.RS 4 +Si d\('efinie, la commande est ex\('ecut\('ee lors de la suppression d\*(Aqun utilisateur\&. Elle pourra supprimer toutes les t\(^aches p\('eriodiques cron ou at, tous les travaux d\*(Aqimpression, etc\&. de l\*(Aqutilisateur (qui sera fourni comme premier param\(`etre)\&. +.sp +Le code de retour du script n\*(Aqest pas pris en compte\&. +.sp +Here is an example script, which removes the user\*(Aqs cron, at and print jobs: +.sp +.if n \{\ +.RS 4 +.\} +.nf +#! /bin/sh + +# Check for the required argument\&. +if [ $# != 1 ]; then + echo "Usage: $0 username" + exit 1 +fi + +# Remove cron jobs\&. +crontab \-r \-u $1 + +# Remove at jobs\&. +# Note that it will remove any jobs owned by the same UID, +# even if it was shared by a different username\&. +AT_SPOOL_DIR=/var/spool/cron/atjobs +find $AT_SPOOL_DIR \-name "[^\&.]*" \-type f \-user $1 \-delete \e; + +# Remove print jobs\&. +lprm $1 + +# All done\&. +exit 0 + +.fi +.if n \{\ +.RE +.\} +.sp +.RE +.PP +\fBUSERGROUPS_ENAB\fR (boolean) +.RS 4 +Activer la mise en place de bits de masque de groupe (\(Fo\ \&umask group bits\ \&\(Fc) identiques \(`a ceux du propri\('etaire (exemple\ \&: 022 \-> 002, 077 \-> 007) pour les utilisateurs non privil\('egi\('es, si l\*(AqUID est identique au GID et que l\*(Aqidentifiant de connexion est identique au groupe principal\&. +.sp +If set to +\fIyes\fR, +\fBuserdel\fR +will remove the user\*(Aqs group if it contains no more members, and +\fBuseradd\fR +will create by default a group with the name of the user\&. +.RE +.SH "R\('EF\('ERENCES CROIS\('EES" +.PP +Les r\('ef\('erences crois\('ees ci\-dessous montrent quels sont les param\(`etres utilis\('es par les diff\('erents programmes de la suite shadow password\&. +.PP +chfn +.RS 4 +CHFN_AUTH +CHFN_RESTRICT +LOGIN_STRING +.RE +.PP +chgpasswd +.RS 4 +ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +.RE +.PP +chpasswd +.RS 4 +ENCRYPT_METHOD MD5_CRYPT_ENAB +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +.RE +.PP +chsh +.RS 4 +CHSH_AUTH LOGIN_STRING +.RE +.PP +gpasswd +.RS 4 +ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +.RE +.PP +groupadd +.RS 4 +GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN +.RE +.PP +groupdel +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +groupmems +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +groupmod +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +grpck +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +grpconv +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +grpunconv +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +lastlog +.RS 4 +LASTLOG_UID_MAX +.RE +.PP +login +.RS 4 +CONSOLE +CONSOLE_GROUPS DEFAULT_HOME +ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE +ERASECHAR FAIL_DELAY +FAILLOG_ENAB +FAKE_SHELL +FTMP_FILE +HUSHLOGIN_FILE +ISSUE_FILE +KILLCHAR +LASTLOG_ENAB LASTLOG_UID_MAX +LOGIN_RETRIES +LOGIN_STRING +LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB +MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB +TTYGROUP TTYPERM TTYTYPE_FILE +ULIMIT UMASK +USERGROUPS_ENAB +.RE +.PP +newgrp / sg +.RS 4 +SYSLOG_SG_ENAB +.RE +.PP +newusers +.RS 4 +ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK +.RE +.PP +passwd +.RS 4 +ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +.RE +.PP +pwck +.RS 4 +PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE +.RE +.PP +pwconv +.RS 4 +PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE +.RE +.PP +su +.RS 4 +CONSOLE +CONSOLE_GROUPS DEFAULT_HOME +ENV_HZ ENVIRON_FILE +ENV_PATH ENV_SUPATH +ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB +SULOG_FILE SU_NAME +SU_WHEEL_ONLY +SYSLOG_SU_ENAB +USERGROUPS_ENAB +.RE +.PP +sulogin +.RS 4 +ENV_HZ +ENV_TZ +.RE +.PP +useradd +.RS 4 +CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK +.RE +.PP +userdel +.RS 4 +MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB +.RE +.PP +usermod +.RS 4 +LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP +.RE +.SH "VOIR AUSSI" +.PP +\fBlogin\fR(1), +\fBpasswd\fR(1), +\fBsu\fR(1), +\fBpasswd\fR(5), +\fBshadow\fR(5), +\fBpam\fR(8)\&. |