diff options
Diffstat (limited to 'man/shadow.5.xml')
-rw-r--r-- | man/shadow.5.xml | 314 |
1 files changed, 314 insertions, 0 deletions
diff --git a/man/shadow.5.xml b/man/shadow.5.xml new file mode 100644 index 0000000..79ae27a --- /dev/null +++ b/man/shadow.5.xml @@ -0,0 +1,314 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright (c) 1989 - 1990, Julianne Frances Haugh + Copyright (c) 2007 - 2009, Nicolas François + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the copyright holders or contributors may not be used to + endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!-- SHADOW-CONFIG-HERE --> +]> +<refentry id='shadow.5'> + <!-- $Id$ --> + <refentryinfo> + <author> + <firstname>Julianne Frances</firstname> + <surname>Haugh</surname> + <contrib>Creation, 1989</contrib> + </author> + <author> + <firstname>Thomas</firstname> + <surname>Kłoczko</surname> + <email>kloczek@pld.org.pl</email> + <contrib>shadow-utils maintainer, 2000 - 2007</contrib> + </author> + <author> + <firstname>Nicolas</firstname> + <surname>François</surname> + <email>nicolas.francois@centraliens.net</email> + <contrib>shadow-utils maintainer, 2007 - now</contrib> + </author> + </refentryinfo> + <refmeta> + <refentrytitle>shadow</refentrytitle> + <manvolnum>5</manvolnum> + <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo> + <refmiscinfo class="source">shadow-utils</refmiscinfo> + <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo> + </refmeta> + <refnamediv id='name'> + <refname>shadow</refname> + <refpurpose>shadowed password file</refpurpose> + </refnamediv> + + <refsect1 id='description'> + <title>DESCRIPTION</title> + <para> + <filename>shadow</filename> is a file which contains the password + information for the system's accounts and optional aging + information. + </para> + + <para> + This file must not be readable by regular users if password security + is to be maintained. + </para> + + <para> + Each line of this file contains 9 fields, separated by colons + (<quote>:</quote>), in the following order: + </para> + + <variablelist> + <varlistentry> + <term><emphasis role="bold">login name</emphasis></term> + <listitem> + <para> + It must be a valid account name, which exist on the system. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><emphasis role="bold">encrypted password</emphasis></term> + <listitem> + <para> + This field may be empty, in which case no passwords are + required to authenticate as the specified login name. + However, some applications which read the + <filename>/etc/shadow</filename> file may decide not to permit + any access at all if the password field is empty. + </para> + <para> + A password field which starts with an exclamation mark means + that the password is locked. The remaining characters on the + line represent the password field before the password was + locked. + </para> + <para> + Refer to <citerefentry><refentrytitle>crypt</refentrytitle> + <manvolnum>3</manvolnum></citerefentry> for details on how + this string is interpreted. + </para> + <para> + If the password field contains some string that is not a valid + result of <citerefentry><refentrytitle>crypt</refentrytitle> + <manvolnum>3</manvolnum></citerefentry>, for instance ! or *, + the user will not be able to use a unix password to log in + (but the user may log in the system by other means). + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <emphasis role="bold">date of last password change</emphasis> + </term> + <listitem> + <para> + The date of the last password change, expressed as the number + of days since Jan 1, 1970. + </para> + <para> + The value 0 has a special meaning, which is that the user + should change her password the next time she will log in the + system. + </para> + <para> + An empty field means that password aging features are + disabled. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><emphasis role="bold">minimum password age</emphasis></term> + <listitem> + <para> + The minimum password age is the number of days the user will + have to wait before she will be allowed to change her password + again. + </para> + <para> + An empty field and value 0 mean that there are no minimum + password age. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><emphasis role="bold">maximum password age</emphasis></term> + <listitem> + <para> + The maximum password age is the number of days after which the + user will have to change her password. + </para> + <para> + After this number of days is elapsed, the password may still + be valid. The user should be asked to change her password the + next time she will log in. + </para> + <para> + An empty field means that there are no maximum password age, + no password warning period, and no password inactivity period + (see below). + </para> + <para> + If the maximum password age is lower than the minimum password + age, the user cannot change her password. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <emphasis role="bold">password warning period</emphasis> + </term> + <listitem> + <para> + The number of days before a password is going to expire (see + the maximum password age above) during which the user should + be warned. + </para> + <para> + An empty field and value 0 mean that there are no password + warning period. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <emphasis role="bold">password inactivity period</emphasis> + </term> + <listitem> + <para> + The number of days after a password has expired (see the + maximum password age above) during which the password should + still be accepted (and the user should update her password + during the next login). + </para> + <para> + After expiration of the password and this expiration period is + elapsed, no login is possible using the current user's + password. The user should contact her administrator. + </para> + <para> + An empty field means that there are no enforcement of an + inactivity period. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <emphasis role="bold">account expiration date</emphasis> + </term> + <listitem> + <para> + The date of expiration of the account, expressed as the number + of days since Jan 1, 1970. + </para> + <para> + Note that an account expiration differs from a password + expiration. In case of an account expiration, the user shall + not be allowed to login. In case of a password expiration, + the user is not allowed to login using her password. + </para> + <para> + An empty field means that the account will never expire. + </para> + <para> + The value 0 should not be used as it is interpreted as either + an account with no expiration, or as an expiration on Jan 1, + 1970. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><emphasis role="bold">reserved field</emphasis></term> + <listitem> + <para>This field is reserved for future use.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='files'> + <title>FILES</title> + <variablelist> + <varlistentry> + <term><filename>/etc/passwd</filename></term> + <listitem> + <para>User account information.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><filename>/etc/shadow</filename></term> + <listitem> + <para>Secure user account information.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><filename>/etc/shadow-</filename></term> + <listitem> + <para>Backup file for /etc/shadow.</para> + <para> + Note that this file is used by the tools of the shadow + toolsuite, but not by all user and password management tools. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>chage</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pwck</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pwconv</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pwunconv</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>sulogin</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>. + </para> + </refsect1> +</refentry> |