diff options
Diffstat (limited to 'man/chgpasswd.8.xml')
-rw-r--r-- | man/chgpasswd.8.xml | 250 |
1 files changed, 250 insertions, 0 deletions
diff --git a/man/chgpasswd.8.xml b/man/chgpasswd.8.xml new file mode 100644 index 0000000..cd61687 --- /dev/null +++ b/man/chgpasswd.8.xml @@ -0,0 +1,250 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright (c) 2006 , Tomasz Kłoczko + Copyright (c) 2007 - 2011, Nicolas François + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the copyright holders or contributors may not be used to + endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml"> +<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml"> +<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml"> +<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml"> +<!-- SHADOW-CONFIG-HERE --> +]> + +<refentry id='chgpasswd.8'> + <!-- $Id$ --> + <refentryinfo> + <author> + <firstname>Thomas</firstname> + <surname>Kłoczko</surname> + <email>kloczek@pld.org.pl</email> + <contrib>Creation, 2006</contrib> + </author> + <author> + <firstname>Nicolas</firstname> + <surname>François</surname> + <email>nicolas.francois@centraliens.net</email> + <contrib>shadow-utils maintainer, 2007 - now</contrib> + </author> + </refentryinfo> + <refmeta> + <refentrytitle>chgpasswd</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo> + <refmiscinfo class="source">shadow-utils</refmiscinfo> + <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo> + </refmeta> + <refnamediv id='name'> + <refname>chgpasswd</refname> + <refpurpose>update group passwords in batch mode</refpurpose> + </refnamediv> + + <refsynopsisdiv id='synopsis'> + <cmdsynopsis> + <command>chgpasswd</command> + <arg choice='opt'> + <replaceable>options</replaceable> + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1 id='description'> + <title>DESCRIPTION</title> + <para> + The <command>chgpasswd</command> command reads a list of group name + and password pairs from standard input and uses this information to + update a set of existing groups. Each line is of the format: + </para> + <para> + <emphasis remap='I'>group_name</emphasis>:<emphasis + remap='I'>password</emphasis> + </para> + <para> + By default the supplied password must be in clear-text, and is + encrypted by <command>chgpasswd</command>. + </para> + <para> + The default encryption algorithm can be defined for the system with + the <option>ENCRYPT_METHOD</option> variable of <filename>/etc/login.defs</filename>, + and can be overwritten with the <option>-e</option>, + <option>-m</option>, or <option>-c</option> options. + </para> + <para> + This command is intended to be used in a large system environment + where many accounts are created at a single time. + </para> + </refsect1> + + <refsect1 id='options'> + <title>OPTIONS</title> + <para> + The options which apply to the <command>chgpasswd</command> command + are: + </para> + <variablelist remap='IP'> + <varlistentry> + <term><option>-c</option>, <option>--crypt-method</option></term> + <listitem> + <para>Use the specified method to encrypt the passwords.</para> + <para condition="no_sha_crypt"> + The available methods are DES, MD5, and NONE. + </para> + <para condition="sha_crypt"> + The available methods are DES, MD5, NONE, and SHA256 or SHA512 + if your libc support these methods. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>-e</option>, <option>--encrypted</option></term> + <listitem> + <para>Supplied passwords are in encrypted form.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>-h</option>, <option>--help</option></term> + <listitem> + <para>Display help message and exit.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>-m</option>, <option>--md5</option></term> + <listitem> + <para> + Use MD5 encryption instead of DES when the supplied passwords are + not encrypted. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>-R</option>, <option>--root</option> <replaceable>CHROOT_DIR</replaceable> + </term> + <listitem> + <para> + Apply changes in the <replaceable>CHROOT_DIR</replaceable> + directory and use the configuration files from the + <replaceable>CHROOT_DIR</replaceable> directory. + </para> + </listitem> + </varlistentry> + <varlistentry condition="sha_crypt"> + <term><option>-s</option>, <option>--sha-rounds</option></term> + <listitem> + <para> + Use the specified number of rounds to encrypt the passwords. + </para> + <para> + The value 0 means that the system will choose the default + number of rounds for the crypt method (5000). + </para> + <para> + A minimal value of 1000 and a maximal value of 999,999,999 + will be enforced. + </para> + <para> + You can only use this option with the SHA256 or SHA512 + crypt method. + </para> + <para> + By default, the number of rounds is defined by the + SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in + <filename>/etc/login.defs</filename>. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='caveats'> + <title>CAVEATS</title> + <para> + Remember to set permissions or umask to prevent readability of + unencrypted files by other users. + </para> + <para> + You should make sure the passwords and the encryption method respect + the system's password policy. + </para> + </refsect1> + + <refsect1 id='configuration'> + <title>CONFIGURATION</title> + <para> + The following configuration variables in + <filename>/etc/login.defs</filename> change the behavior of this + tool: + </para> + <variablelist> + &ENCRYPT_METHOD; + &MAX_MEMBERS_PER_GROUP; + &MD5_CRYPT_ENAB; + &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS--> + </variablelist> + </refsect1> + + <refsect1 id='files'> + <title>FILES</title> + <variablelist> + <varlistentry> + <term><filename>/etc/group</filename></term> + <listitem> + <para>Group account information.</para> + </listitem> + </varlistentry> + <varlistentry condition="gshadow"> + <term><filename>/etc/gshadow</filename></term> + <listitem> + <para>Secure group account information.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><filename>/etc/login.defs</filename></term> + <listitem> + <para>Shadow password suite configuration.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>gpasswd</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>. + </para> + </refsect1> +</refentry> |