From 333f7ecfa3e040191c66b2b92f6c117ca2cbac1d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 14:50:00 +0200 Subject: Adding upstream version 1:4.8.1. Signed-off-by: Daniel Baumann --- man/sv/man5/faillog.5 | 64 ++++++++++++ man/sv/man5/gshadow.5 | 101 ++++++++++++++++++ man/sv/man5/limits.5 | 274 +++++++++++++++++++++++++++++++++++++++++++++++++ man/sv/man5/passwd.5 | 193 ++++++++++++++++++++++++++++++++++ man/sv/man5/porttime.5 | 96 +++++++++++++++++ man/sv/man5/suauth.5 | 146 ++++++++++++++++++++++++++ 6 files changed, 874 insertions(+) create mode 100644 man/sv/man5/faillog.5 create mode 100644 man/sv/man5/gshadow.5 create mode 100644 man/sv/man5/limits.5 create mode 100644 man/sv/man5/passwd.5 create mode 100644 man/sv/man5/porttime.5 create mode 100644 man/sv/man5/suauth.5 (limited to 'man/sv/man5') diff --git a/man/sv/man5/faillog.5 b/man/sv/man5/faillog.5 new file mode 100644 index 0000000..ab99282 --- /dev/null +++ b/man/sv/man5/faillog.5 @@ -0,0 +1,64 @@ +'\" t +.\" Title: faillog +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 23-01-2020 +.\" Manual: Filformat och konversioner +.\" Source: shadow-utils 4.8.1 +.\" Language: Swedish +.\" +.TH "FAILLOG" "5" "23-01-2020" "shadow\-utils 4\&.8\&.1" "Filformat och konversioner" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAMN" +faillog \- login failure logging file +.SH "BESKRIVNING" +.PP +/var/log/faillog +maintains a count of login failures and the limits for each account\&. +.PP +The file contains fixed length records, indexed by numerical UID\&. Each record contains the count of login failures since the last successful login; the maximum number of failures before the account is disabled; the line on which the last login failure occurred; the date of the last login failure; and the duration (in seconds) during which the account will be locked after a failure\&. +.PP +Strukturen f\(:or filen \(:ar: +.sp +.if n \{\ +.RS 4 +.\} +.nf +struct faillog { + short fail_cnt; + short fail_max; + char fail_line[12]; + time_t fail_time; + long fail_locktime; +}; +.fi +.if n \{\ +.RE +.\} +.SH "FILER" +.PP +/var/log/faillog +.RS 4 +Failure logging file\&. +.RE +.SH "SE OCKS\(oA" +.PP +\fBfaillog\fR(8) diff --git a/man/sv/man5/gshadow.5 b/man/sv/man5/gshadow.5 new file mode 100644 index 0000000..9cc1d3e --- /dev/null +++ b/man/sv/man5/gshadow.5 @@ -0,0 +1,101 @@ +'\" t +.\" Title: gshadow +.\" Author: Nicolas Fran\(,cois +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 23-01-2020 +.\" Manual: Filformat och konversioner +.\" Source: shadow-utils 4.8.1 +.\" Language: Swedish +.\" +.TH "GSHADOW" "5" "23-01-2020" "shadow\-utils 4\&.8\&.1" "Filformat och konversioner" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAMN" +gshadow \- skuggad gruppfil +.SH "BESKRIVNING" +.PP +/etc/gshadow +contains the shadowed information for group accounts\&. +.PP +Denna fil f\(oar inte vara l\(:asbar av vanliga anv\(:andare om l\(:osenordss\(:akerheten ska uppr\(:atth\(oallas\&. +.PP +Each line of this file contains the following colon\-separated fields: +.PP +\fBgruppnamn\fR +.RS 4 +It must be a valid group name, which exist on the system\&. +.RE +.PP +\fBkrypterat l\(:osenord\fR +.RS 4 +Refer to +\fBcrypt\fR(3) +for details on how this string is interpreted\&. +.sp +If the password field contains some string that is not a valid result of +\fBcrypt\fR(3), for instance ! or *, users will not be able to use a unix password to access the group (but group members do not need the password)\&. +.sp +The password is used when a user who is not a member of the group wants to gain the permissions of this group (see +\fBnewgrp\fR(1))\&. +.sp +This field may be empty, in which case only the group members can gain the group permissions\&. +.sp +A password field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the password field before the password was locked\&. +.sp +This password supersedes any password specified in +/etc/group\&. +.RE +.PP +\fBadministrators\fR +.RS 4 +It must be a comma\-separated list of user names\&. +.sp +Administrators can change the password or the members of the group\&. +.sp +Administrators also have the same permissions as the members (see below)\&. +.RE +.PP +\fBmembers\fR +.RS 4 +It must be a comma\-separated list of user names\&. +.sp +Members can access the group without being prompted for a password\&. +.sp +You should use the same list of users as in +/etc/group\&. +.RE +.SH "FILER" +.PP +/etc/group +.RS 4 +Gruppkontoinformation\&. +.RE +.PP +/etc/gshadow +.RS 4 +S\(:aker gruppkontoinformation\&. +.RE +.SH "SE OCKS\(oA" +.PP +\fBgpasswd\fR(5), +\fBgroup\fR(5), +\fBgrpck\fR(8), +\fBgrpconv\fR(8), +\fBnewgrp\fR(1)\&. diff --git a/man/sv/man5/limits.5 b/man/sv/man5/limits.5 new file mode 100644 index 0000000..ac1e386 --- /dev/null +++ b/man/sv/man5/limits.5 @@ -0,0 +1,274 @@ +'\" t +.\" Title: limits +.\" Author: Luca Berra +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 23-01-2020 +.\" Manual: Filformat och konversioner +.\" Source: shadow-utils 4.8.1 +.\" Language: Swedish +.\" +.TH "LIMITS" "5" "23-01-2020" "shadow\-utils 4\&.8\&.1" "Filformat och konversioner" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAMN" +limits \- definition av resursbegr\(:ansningar +.SH "BESKRIVNING" +.PP +The +\fIlimits\fR +file (/etc/limits +by default or LIMITS_FILE defined +config\&.h) describes the resource limits you wish to impose\&. It should be owned by root and readable by root account only\&. +.PP +By default no quota is imposed on \*(Aqroot\*(Aq\&. In fact, there is no way to impose limits via this procedure to root\-equiv accounts (accounts with UID 0)\&. +.PP +Varje rad beskriver en begr\(:ansning f\(:or anv\(:andaren i formatet: +.PP +\fIuser LIMITS_STRING\fR +.PP +or in the form: +.PP +\fI@group LIMITS_STRING\fR +.PP +The +\fILIMITS_STRING\fR +is a string of a concatenated list of resource limits\&. Each limit consists of a letter identifier followed by a numerical limit\&. +.PP +De giltiga identifierarna \(:ar: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +A: maximal adressrymd (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +C: max core file size (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +D: maximal datastorlek (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +F: maximum file size (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +K: file creation mask, set by +\fBumask\fR(2)\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +I: max nice value (0\&.\&.39 which translates to 20\&.\&.\-19) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +L: maximalt antal inloggningar f\(:or denna anv\(:andare +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +M: max locked\-in\-memory address space (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +N: maximalt antal \(:oppna filer +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +O: max real time priority +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +P: process priority, set by +\fBsetpriority\fR(2)\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +R: max resident set size (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +S: maximal stackstorlek (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +T: maximal processortid (MIN) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +U: maximalt antal processer +.RE +.PP +For example, +\fIL2D2048N5\fR +is a valid +\fILIMITS_STRING\fR\&. For reading convenience, the following entries are equivalent: +.sp +.if n \{\ +.RS 4 +.\} +.nf + username L2D2048N5 + username L2 D2048 N5 + +.fi +.if n \{\ +.RE +.\} +.PP +Be aware that after +\fIusername\fR +the rest of the line is considered a limit string, thus comments are not allowed\&. An invalid limits string will be rejected (not considered) by the +\fBlogin\fR +program\&. +.PP +The default entry is denoted by username "\fI*\fR"\&. If you have multiple +\fIdefault\fR +entries in your +\fILIMITS_FILE\fR, then the last one will be used as the default entry\&. +.PP +The limits specified in the form "\fI@group\fR" apply to the members of the specified +\fIgroup\fR\&. +.PP +If more than one line with limits for a user exist, only the first line for this user will be considered\&. +.PP +If no lines are specified for a user, the last +\fI@group\fR +line matching a group whose the user is a member of will be considered, or the last line with default limits if no groups contain the user\&. +.PP +To completely disable limits for a user, a single dash "\fI\-\fR" will do\&. +.PP +To disable a limit for a user, a single dash "\fI\-\fR" can be used instead of the numerical value for this limit\&. +.PP +Also, please note that all limit settings are set PER LOGIN\&. They are not global, nor are they permanent\&. Perhaps global limits will come, but for now this will have to do ;) +.SH "FILER" +.PP +/etc/limits +.RS 4 +.RE +.SH "SE OCKS\(oA" +.PP +\fBlogin\fR(1), +\fBsetpriority\fR(2), +\fBsetrlimit\fR(2)\&. diff --git a/man/sv/man5/passwd.5 b/man/sv/man5/passwd.5 new file mode 100644 index 0000000..18efaab --- /dev/null +++ b/man/sv/man5/passwd.5 @@ -0,0 +1,193 @@ +'\" t +.\" Title: passwd +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 23-01-2020 +.\" Manual: Filformat och konversioner +.\" Source: shadow-utils 4.8.1 +.\" Language: Swedish +.\" +.TH "PASSWD" "5" "23-01-2020" "shadow\-utils 4\&.8\&.1" "Filformat och konversioner" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAMN" +passwd \- l\(:osenordsfilen +.SH "BESKRIVNING" +.PP +/etc/passwd +contains one line for each user account, with seven fields delimited by colons (\(rq:\(rq)\&. These fields are: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +inloggningsnamn +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +valfritt krypterat l\(:osenord +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +numeriskt anv\(:andar\-id +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +numeriskt grupp\-id +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +anv\(:andarnamn eller kommentarsf\(:alt +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +anv\(:andarens hemkatalog +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +optional user command interpreter +.RE +.PP +If the +\fIpassword\fR +field is a lower\-case +\(rqx\(rq, then the encrypted password is actually stored in the +\fBshadow\fR(5) +file instead; there +\fImust\fR +be a corresponding line in the +/etc/shadow +file, or else the user account is invalid\&. +.PP +The encrypted +\fIpassword\fR +field may be empty, in which case no password is required to authenticate as the specified login name\&. However, some applications which read the +/etc/passwd +file may decide not to permit +\fIany\fR +access at all if the +\fIpassword\fR +field is blank\&. +.PP +A +\fIpassword\fR +field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the +\fIpassword\fR +field before the password was locked\&. +.PP +Refer to +\fBcrypt\fR(3) +for details on how this string is interpreted\&. +.PP +If the password field contains some string that is not a valid result of +\fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&. +.PP +The comment field is used by various system utilities, such as +\fBfinger\fR(1)\&. +.PP +The home directory field provides the name of the initial working directory\&. The +\fBlogin\fR +program uses this information to set the value of the +\fB$HOME\fR +environmental variable\&. +.PP +The command interpreter field provides the name of the user\*(Aqs command language interpreter, or the name of the initial program to execute\&. The +\fBlogin\fR +program uses this information to set the value of the +\fB$SHELL\fR +environmental variable\&. If this field is empty, it defaults to the value +/bin/sh\&. +.SH "FILER" +.PP +/etc/passwd +.RS 4 +Anv\(:andarkontoinformation\&. +.RE +.PP +/etc/shadow +.RS 4 +optional encrypted password file +.RE +.PP +/etc/passwd\- +.RS 4 +Backup file for /etc/passwd\&. +.sp +Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools\&. +.RE +.SH "SE OCKS\(oA" +.PP +\fBcrypt\fR(3), +\fBgetent\fR(1), +\fBgetpwnam\fR(3), +\fBlogin\fR(1), +\fBpasswd\fR(1), +\fBpwck\fR(8), +\fBpwconv\fR(8), +\fBpwunconv\fR(8), +\fBshadow\fR(5), +\fBsu\fR(1), +\fBsulogin\fR(8)\&. diff --git a/man/sv/man5/porttime.5 b/man/sv/man5/porttime.5 new file mode 100644 index 0000000..c3a42f1 --- /dev/null +++ b/man/sv/man5/porttime.5 @@ -0,0 +1,96 @@ +'\" t +.\" Title: porttime +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 23-01-2020 +.\" Manual: Filformat och konversioner +.\" Source: shadow-utils 4.8.1 +.\" Language: Swedish +.\" +.TH "PORTTIME" "5" "23-01-2020" "shadow\-utils 4\&.8\&.1" "Filformat och konversioner" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAMN" +porttime \- port access time file +.SH "BESKRIVNING" +.PP +\fIporttime\fR +contains a list of tty devices, user names, and permitted login times\&. +.PP +Each entry consists of three colon separated fields\&. The first field is a comma separated list of tty devices, or an asterisk to indicate that all tty devices are matched by this entry\&. The second field is a comma separated list of user names, or an asterisk to indicated that all user names are matched by this entry\&. The third field is a comma separated list of permitted access times\&. +.PP +Each access time entry consists of zero or more days of the week, abbreviated +\fISu\fR, +\fIMo\fR, +\fITu\fR, +\fIWe\fR, +\fITh\fR, +\fIFr\fR, and +\fISa\fR, followed by a pair of times separated by a hyphen\&. The abbreviation +\fIWk\fR +may be used to represent Monday thru Friday, and +\fIAl\fR +may be used to indicate every day\&. If no days are given, +\fIAl\fR +is assumed\&. +.SH "EXEMPEL" +.PP +The following entry allows access to user +\fBjfh\fR +on every port during weekdays from 9am to 5pm\&. +.PP +*:jfh:Wk0900\-1700 +.PP +The following entries allow access only to the users +\fIroot\fR +and +\fIoper\fR +on +/dev/console +at any time\&. This illustrates how the +/etc/porttime +file is an ordered list of access times\&. Any other user would match the second entry which does not permit access at any time\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf + console:root,oper:Al0000\-2400 + console:*: + +.fi +.if n \{\ +.RE +.\} +.PP +The following entry allows access for the user +\fIgames\fR +on any port during non\-working hours\&. +.PP +*:games:Wk1700\-0900,SaSu0000\-2400 +.SH "FILER" +.PP +/etc/porttime +.RS 4 +Fil som inneh\(oaller port\(oatkomst +.RE +.SH "SE OCKS\(oA" +.PP +\fBlogin\fR(1)\&. diff --git a/man/sv/man5/suauth.5 b/man/sv/man5/suauth.5 new file mode 100644 index 0000000..e6e630b --- /dev/null +++ b/man/sv/man5/suauth.5 @@ -0,0 +1,146 @@ +'\" t +.\" Title: suauth +.\" Author: Marek Micha\(/lkiewicz +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 23-01-2020 +.\" Manual: Filformat och konversioner +.\" Source: shadow-utils 4.8.1 +.\" Language: Swedish +.\" +.TH "SUAUTH" "5" "23-01-2020" "shadow\-utils 4\&.8\&.1" "Filformat och konversioner" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAMN" +suauth \- detaljerad kontrollfil f\(:or su +.SH "SYNOPSIS" +.HP \w'\fB/etc/suauth\fR\ 'u +\fB/etc/suauth\fR +.SH "BESKRIVNING" +.PP +The file +/etc/suauth +is referenced whenever the su command is called\&. It can change the behaviour of the su command, based upon: +.sp +.if n \{\ +.RS 4 +.\} +.nf + 1) the user su is targeting + +.fi +.if n \{\ +.RE +.\} +.PP +2) the user executing the su command (or any groups he might be a member of) +.PP +Filen \(:ar i f\(:oljande format, med de rader som inleds med # behandlas som kommentarsrader och ignoreras; +.sp +.if n \{\ +.RS 4 +.\} +.nf + to\-id:from\-id:ACTION + +.fi +.if n \{\ +.RE +.\} +.PP +Where to\-id is either the word +\fIALL\fR, a list of usernames delimited by "," or the words +\fIALL EXCEPT\fR +followed by a list of usernames delimited by ","\&. +.PP +from\-id is formatted the same as to\-id except the extra word +\fIGROUP\fR +is recognized\&. +\fIALL EXCEPT GROUP\fR +is perfectly valid too\&. Following +\fIGROUP\fR +appears one or more group names, delimited by ","\&. It is not sufficient to have primary group id of the relevant group, an entry in +\fB/etc/group\fR(5) +is necessary\&. +.PP +\(oAtg\(:arden kan endast vara en av f\(:oljande f\(:or n\(:arvarande st\(:odda flaggor\&. +.PP +\fIDENY\fR +.RS 4 +F\(:ors\(:oket att anv\(:anda su stoppades f\(:ore ett l\(:osenord har efterfr\(oagats\&. +.RE +.PP +\fINOPASS\fR +.RS 4 +F\(:ors\(:oket att anv\(:anda su lyckades helt automatiskt; inget l\(:osenord har efterfr\(oagats\&. +.RE +.PP +\fIOWNPASS\fR +.RS 4 +F\(:or att su\-kommandot ska lyckas m\(oaste anv\(:andaren mata in sitt egna l\(:osenord\&. De blir fr\(oagade att g\(:ora detta\&. +.RE +.PP +Note there are three separate fields delimited by a colon\&. No whitespace must surround this colon\&. Also note that the file is examined sequentially line by line, and the first applicable rule is used without examining the file further\&. This makes it possible for a system administrator to exercise as fine control as he or she wishes\&. +.SH "EXEMPEL" +.sp +.if n \{\ +.RS 4 +.\} +.nf + # sample /etc/suauth file + # + # A couple of privileged usernames may + # su to root with their own password\&. + # + root:chris,birddog:OWNPASS + # + # Anyone else may not su to root unless in + # group wheel\&. This is how BSD does things\&. + # + root:ALL EXCEPT GROUP wheel:DENY + # + # Perhaps terry and birddog are accounts + # owned by the same person\&. + # Access can be arranged between them + # with no password\&. + # + terry:birddog:NOPASS + birddog:terry:NOPASS + # + +.fi +.if n \{\ +.RE +.\} +.SH "FILER" +.PP +/etc/suauth +.RS 4 +.RE +.SH "FEL" +.PP +There could be plenty lurking\&. The file parser is particularly unforgiving about syntax errors, expecting no spurious whitespace (apart from beginning and end of lines), and a specific token delimiting different things\&. +.SH "DIAGNOSTIK" +.PP +An error parsing the file is reported using +\fBsyslogd\fR(8) +as level ERR on facility AUTH\&. +.SH "SE OCKS\(oA" +.PP +\fBsu\fR(1)\&. -- cgit v1.2.3