From 333f7ecfa3e040191c66b2b92f6c117ca2cbac1d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 14:50:00 +0200 Subject: Adding upstream version 1:4.8.1. Signed-off-by: Daniel Baumann --- man/zh_CN/man5/faillog.5 | 64 ++++ man/zh_CN/man5/gshadow.5 | 101 +++++ man/zh_CN/man5/limits.5 | 274 ++++++++++++++ man/zh_CN/man5/login.access.5 | 67 ++++ man/zh_CN/man5/login.defs.5 | 854 ++++++++++++++++++++++++++++++++++++++++++ man/zh_CN/man5/passwd.5 | 193 ++++++++++ man/zh_CN/man5/porttime.5 | 96 +++++ man/zh_CN/man5/shadow.5 | 148 ++++++++ man/zh_CN/man5/suauth.5 | 146 ++++++++ 9 files changed, 1943 insertions(+) create mode 100644 man/zh_CN/man5/faillog.5 create mode 100644 man/zh_CN/man5/gshadow.5 create mode 100644 man/zh_CN/man5/limits.5 create mode 100644 man/zh_CN/man5/login.access.5 create mode 100644 man/zh_CN/man5/login.defs.5 create mode 100644 man/zh_CN/man5/passwd.5 create mode 100644 man/zh_CN/man5/porttime.5 create mode 100644 man/zh_CN/man5/shadow.5 create mode 100644 man/zh_CN/man5/suauth.5 (limited to 'man/zh_CN/man5') diff --git a/man/zh_CN/man5/faillog.5 b/man/zh_CN/man5/faillog.5 new file mode 100644 index 0000000..39a982f --- /dev/null +++ b/man/zh_CN/man5/faillog.5 @@ -0,0 +1,64 @@ +'\" t +.\" Title: faillog +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 2020-01-23 +.\" Manual: 文件格式和转化 +.\" Source: shadow-utils 4.8.1 +.\" Language: Chinese Simplified +.\" +.TH "FAILLOG" "5" "2020-01-23" "shadow\-utils 4\&.8\&.1" "文件格式和转化" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "名称" +faillog \- 登录失败的日志文件 +.SH "描述" +.PP +/var/log/faillog +maintains a count of login failures and the limits for each account\&. +.PP +The file contains fixed length records, indexed by numerical UID\&. Each record contains the count of login failures since the last successful login; the maximum number of failures before the account is disabled; the line on which the last login failure occurred; the date of the last login failure; and the duration (in seconds) during which the account will be locked after a failure\&. +.PP +文件的结构是: +.sp +.if n \{\ +.RS 4 +.\} +.nf +struct faillog { + short fail_cnt; + short fail_max; + char fail_line[12]; + time_t fail_time; + long fail_locktime; +}; +.fi +.if n \{\ +.RE +.\} +.SH "文件" +.PP +/var/log/faillog +.RS 4 +Failure logging file\&. +.RE +.SH "参见" +.PP +\fBfaillog\fR(8) diff --git a/man/zh_CN/man5/gshadow.5 b/man/zh_CN/man5/gshadow.5 new file mode 100644 index 0000000..ac163c8 --- /dev/null +++ b/man/zh_CN/man5/gshadow.5 @@ -0,0 +1,101 @@ +'\" t +.\" Title: gshadow +.\" Author: Nicolas Fran\(,cois +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 2020-01-23 +.\" Manual: 文件格式和转化 +.\" Source: shadow-utils 4.8.1 +.\" Language: Chinese Simplified +.\" +.TH "GSHADOW" "5" "2020-01-23" "shadow\-utils 4\&.8\&.1" "文件格式和转化" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "名称" +gshadow \- 影子化了的组文件 +.SH "描述" +.PP +/etc/gshadow +contains the shadowed information for group accounts\&. +.PP +如果没有维护好密码安全,此文件绝对不能让普通用户可读。 +.PP +此文件的每行包含逗号分隔的如下字段: +.PP +\fB组名\fR +.RS 4 +必须是系统中已经存在的有效组。 +.RE +.PP +\fB加密了的密码\fR +.RS 4 +Refer to +\fBcrypt\fR(3) +for details on how this string is interpreted\&. +.sp +If the password field contains some string that is not a valid result of +\fBcrypt\fR(3), for instance ! or *, users will not be able to use a unix password to access the group (but group members do not need the password)\&. +.sp +The password is used when a user who is not a member of the group wants to gain the permissions of this group (see +\fBnewgrp\fR(1))\&. +.sp +此字段可以为空,此时,只有组成员可以获取组权限。 +.sp +A password field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the password field before the password was locked\&. +.sp +This password supersedes any password specified in +/etc/group\&. +.RE +.PP +\fB管理员\fR +.RS 4 +必须是一个逗号分隔的用户名列表。 +.sp +管理员可以更改组密码和成员。 +.sp +管理员也有成员一样的权限(请看下边)。 +.RE +.PP +\fB成员\fR +.RS 4 +必须是一个逗号分隔的用户名列表。 +.sp +成员可以免密码访问组。 +.sp +You should use the same list of users as in +/etc/group\&. +.RE +.SH "文件" +.PP +/etc/group +.RS 4 +组账户信息。 +.RE +.PP +/etc/gshadow +.RS 4 +安全组账户信息。 +.RE +.SH "参见" +.PP +\fBgpasswd\fR(5), +\fBgroup\fR(5), +\fBgrpck\fR(8), +\fBgrpconv\fR(8), +\fBnewgrp\fR(1)\&. diff --git a/man/zh_CN/man5/limits.5 b/man/zh_CN/man5/limits.5 new file mode 100644 index 0000000..1328a85 --- /dev/null +++ b/man/zh_CN/man5/limits.5 @@ -0,0 +1,274 @@ +'\" t +.\" Title: limits +.\" Author: Luca Berra +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 2020-01-23 +.\" Manual: 文件格式和转化 +.\" Source: shadow-utils 4.8.1 +.\" Language: Chinese Simplified +.\" +.TH "LIMITS" "5" "2020-01-23" "shadow\-utils 4\&.8\&.1" "文件格式和转化" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "名称" +limits \- 资源限制描述 +.SH "描述" +.PP +The +\fIlimits\fR +file (/etc/limits +by default or LIMITS_FILE defined +config\&.h) describes the resource limits you wish to impose\&. It should be owned by root and readable by root account only\&. +.PP +By default no quota is imposed on \*(Aqroot\*(Aq\&. In fact, there is no way to impose limits via this procedure to root\-equiv accounts (accounts with UID 0)\&. +.PP +每行以如下格式对一个用户描述限制: +.PP +\fIuser LIMITS_STRING\fR +.PP +或如下格式: +.PP +\fI@group LIMITS_STRING\fR +.PP +The +\fILIMITS_STRING\fR +is a string of a concatenated list of resource limits\&. Each limit consists of a letter identifier followed by a numerical limit\&. +.PP +可用的指示符有: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +A:最大地址空间 (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +C:最大转储文件大小 (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +D:最大数据大小 (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +F: maximum file size (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +K: file creation mask, set by +\fBumask\fR(2)\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +I:最高 nice 级别,(0\&.\&.\&.39 对应 20\&.\&.\&.\-19) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +L:此用户的最大登录数 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +M: max locked\-in\-memory address space (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +N:最大的文件打开数 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +O:最大实时优先级 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +P: process priority, set by +\fBsetpriority\fR(2)\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +R: max resident set size (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +S:最大栈尺寸 (KB) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +T:最大 CPU 时间 (分钟) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +U:最大处理器数目 +.RE +.PP +For example, +\fIL2D2048N5\fR +is a valid +\fILIMITS_STRING\fR\&. For reading convenience, the following entries are equivalent: +.sp +.if n \{\ +.RS 4 +.\} +.nf + username L2D2048N5 + username L2 D2048 N5 + +.fi +.if n \{\ +.RE +.\} +.PP +Be aware that after +\fIusername\fR +the rest of the line is considered a limit string, thus comments are not allowed\&. An invalid limits string will be rejected (not considered) by the +\fBlogin\fR +program\&. +.PP +The default entry is denoted by username "\fI*\fR"\&. If you have multiple +\fIdefault\fR +entries in your +\fILIMITS_FILE\fR, then the last one will be used as the default entry\&. +.PP +The limits specified in the form "\fI@group\fR" apply to the members of the specified +\fIgroup\fR\&. +.PP +If more than one line with limits for a user exist, only the first line for this user will be considered\&. +.PP +If no lines are specified for a user, the last +\fI@group\fR +line matching a group whose the user is a member of will be considered, or the last line with default limits if no groups contain the user\&. +.PP +To completely disable limits for a user, a single dash "\fI\-\fR" will do\&. +.PP +To disable a limit for a user, a single dash "\fI\-\fR" can be used instead of the numerical value for this limit\&. +.PP +Also, please note that all limit settings are set PER LOGIN\&. They are not global, nor are they permanent\&. Perhaps global limits will come, but for now this will have to do ;) +.SH "文件" +.PP +/etc/limits +.RS 4 +.RE +.SH "参见" +.PP +\fBlogin\fR(1), +\fBsetpriority\fR(2), +\fBsetrlimit\fR(2)\&. diff --git a/man/zh_CN/man5/login.access.5 b/man/zh_CN/man5/login.access.5 new file mode 100644 index 0000000..1e91af4 --- /dev/null +++ b/man/zh_CN/man5/login.access.5 @@ -0,0 +1,67 @@ +'\" t +.\" Title: login.access +.\" Author: Marek Micha\(/lkiewicz +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 2020-01-23 +.\" Manual: 文件格式和转化 +.\" Source: shadow-utils 4.8.1 +.\" Language: Chinese Simplified +.\" +.TH "LOGIN\&.ACCESS" "5" "2020-01-23" "shadow\-utils 4\&.8\&.1" "文件格式和转化" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "名称" +login.access \- 登录访问控制表 +.SH "描述" +.PP +The +\fIlogin\&.access\fR +file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused\&. +.PP +When someone logs in, the +\fIlogin\&.access\fR +is scanned for the first entry that matches the (user, host) combination, or, in case of non\-networked logins, the first entry that matches the (user, tty) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&. +.PP +登录访问控制表的每一行有\(lq:\(rq分隔的三个字段: +.PP +\fIpermission\fR:\fIusers\fR:\fIorigins\fR +.PP +The first field should be a "\fI+\fR" (access granted) or "\fI\-\fR" (access denied) character\&. The second field should be a list of one or more login names, group names, or +\fIALL\fR +(always matches)\&. The third field should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."), +\fIALL\fR +(always matches) or +\fILOCAL\fR +(matches any string that does not contain a "\&." character)\&. If you run NIS you can use @netgroupname in host or user patterns\&. +.PP +The +\fIEXCEPT\fR +operator makes it possible to write very compact rules\&. +.PP +The group file is searched only when a name does not match that of the logged\-in user\&. Only groups are matched in which users are explicitly listed: the program does not look at a user\*(Aqs primary group id value\&. +.SH "文件" +.PP +/etc/login\&.defs +.RS 4 +Shadow 密码套件配置。 +.RE +.SH "参见" +.PP +\fBlogin\fR(1)\&. diff --git a/man/zh_CN/man5/login.defs.5 b/man/zh_CN/man5/login.defs.5 new file mode 100644 index 0000000..6267e1f --- /dev/null +++ b/man/zh_CN/man5/login.defs.5 @@ -0,0 +1,854 @@ +'\" t +.\" Title: login.defs +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 2020-01-23 +.\" Manual: 文件格式和转化 +.\" Source: shadow-utils 4.8.1 +.\" Language: Chinese Simplified +.\" +.TH "LOGIN\&.DEFS" "5" "2020-01-23" "shadow\-utils 4\&.8\&.1" "文件格式和转化" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "名称" +login.defs \- 影子密码套件配置 +.SH "描述" +.PP +The +/etc/login\&.defs +file defines the site\-specific configuration for the shadow password suite\&. This file is required\&. Absence of this file will not prevent system operation, but will probably result in undesirable operation\&. +.PP +This file is a readable text file, each line of the file describing one configuration parameter\&. The lines consist of a configuration name and value, separated by whitespace\&. Blank lines and comment lines are ignored\&. Comments are introduced with a "#" pound sign and the pound sign must be the first non\-white character of the line\&. +.PP +Parameter values may be of four types: strings, booleans, numbers, and long numbers\&. A string is comprised of any printable characters\&. A boolean should be either the value +\fIyes\fR +or +\fIno\fR\&. An undefined boolean parameter or one with a value other than these will be given a +\fIno\fR +value\&. Numbers (both regular and long) may be either decimal values, octal values (precede the value with +\fI0\fR) or hexadecimal values (precede the value with +\fI0x\fR)\&. The maximum value of the regular and long numeric parameters is machine\-dependent\&. +.PP +提供如下配置项: +.PP +\fBCHFN_AUTH\fR (boolean) +.RS 4 +If +\fIyes\fR, the +\fBchfn\fR +program will require authentication before making any changes, unless run by the superuser\&. +.RE +.PP +\fBCHFN_RESTRICT\fR (string) +.RS 4 +This parameter specifies which values in the +\fIgecos\fR +field of the +/etc/passwd +file may be changed by regular users using the +\fBchfn\fR +program\&. It can be any combination of letters +\fIf\fR, +\fIr\fR, +\fIw\fR, +\fIh\fR, for Full name, Room number, Work phone, and Home phone, respectively\&. For backward compatibility, +\fIyes\fR +is equivalent to +\fIrwh\fR +and +\fIno\fR +is equivalent to +\fIfrwh\fR\&. If not specified, only the superuser can make any changes\&. The most restrictive setting is better achieved by not installing +\fBchfn\fR +SUID\&. +.RE +.PP +\fBCHSH_AUTH\fR (boolean) +.RS 4 +If +\fIyes\fR, the +\fBchsh\fR +program will require authentication before making any changes, unless run by the superuser\&. +.RE +.PP +\fBCONSOLE\fR (string) +.RS 4 +如果定义了,或者是包含设备名(没行一个)的文件的完整路径名,或者是\(lq:\(rq分隔的设备名列表。将只会在这写设备上允许 root 登录。 +.sp +如果没有定义,可以在任何设备上使用 root。 +.sp +指定的设备时不带 /dev/ 前缀。 +.RE +.PP +\fBCONSOLE_GROUPS\fR (string) +.RS 4 +List of groups to add to the user\*(Aqs supplementary groups set when logging in on the console (as determined by the CONSOLE setting)\&. Default is none\&. + +Use with caution \- it is possible for users to gain permanent access to these groups, even when not logged in on the console\&. +.RE +.PP +\fBCREATE_HOME\fR (boolean) +.RS 4 +指示是否应该为新用户默认创建主目录。 +.sp +此设置并不应用到系统用户,并且可以使用命令行覆盖。 +.RE +.PP +\fBDEFAULT_HOME\fR (boolean) +.RS 4 +如果不能 cd 到主目录时,说明是否允许登录。默认是否。 +.sp +If set to +\fIyes\fR, the user will login in the root (/) directory if it is not possible to cd to her home directory\&. +.RE +.PP +\fBENCRYPT_METHOD\fR (string) +.RS 4 +这定义了系统加密密码的默认算法(如果没有在命令行上指定算法)。 +.sp +It can take one of these values: +\fIDES\fR +(default), +\fIMD5\fR, \fISHA256\fR, \fISHA512\fR\&. +.sp +Note: this parameter overrides the +\fBMD5_CRYPT_ENAB\fR +variable\&. +.RE +.PP +\fBENV_HZ\fR (string) +.RS 4 +If set, it will be used to define the HZ environment variable when a user login\&. The value must be preceded by +\fIHZ=\fR\&. A common value on Linux is +\fIHZ=100\fR\&. +.RE +.PP +\fBENV_PATH\fR (string) +.RS 4 +If set, it will be used to define the PATH environment variable when a regular user login\&. The value is a colon separated list of paths (for example +\fI/bin:/usr/bin\fR) and can be preceded by +\fIPATH=\fR\&. The default value is +\fIPATH=/bin:/usr/bin\fR\&. +.RE +.PP +\fBENV_SUPATH\fR (string) +.RS 4 +If set, it will be used to define the PATH environment variable when the superuser login\&. The value is a colon separated list of paths (for example +\fI/sbin:/bin:/usr/sbin:/usr/bin\fR) and can be preceded by +\fIPATH=\fR\&. The default value is +\fIPATH=/sbin:/bin:/usr/sbin:/usr/bin\fR\&. +.RE +.PP +\fBENV_TZ\fR (string) +.RS 4 +If set, it will be used to define the TZ environment variable when a user login\&. The value can be the name of a timezone preceded by +\fITZ=\fR +(for example +\fITZ=CST6CDT\fR), or the full path to the file containing the timezone specification (for example +/etc/tzname)\&. +.sp +If a full path is specified but the file does not exist or cannot be read, the default is to use +\fITZ=CST6CDT\fR\&. +.RE +.PP +\fBENVIRON_FILE\fR (string) +.RS 4 +如果此文件存在,并且可读,将会从中读取登录环境。所有行都必须是 name=value 的格式。 +.sp +以 # 开头的行将视为注释,并被忽略。 +.RE +.PP +\fBERASECHAR\fR (number) +.RS 4 +Terminal ERASE character (\fI010\fR += backspace, +\fI0177\fR += DEL)\&. +.sp +此值可以使用前缀\(lq0\(rq表示八进制,\(lq0x\(rq表示十六进制。 +.RE +.PP +\fBFAIL_DELAY\fR (number) +.RS 4 +登录失败后,等待多少秒才再允许登录。 +.RE +.PP +\fBFAILLOG_ENAB\fR (boolean) +.RS 4 +Enable logging and display of +/var/log/faillog +login failure info\&. +.RE +.PP +\fBFAKE_SHELL\fR (string) +.RS 4 +If set, +\fBlogin\fR +will execute this shell instead of the users\*(Aq shell specified in +/etc/passwd\&. +.RE +.PP +\fBFTMP_FILE\fR (string) +.RS 4 +如果定义,登录失败会以 utmp 格式记录在此文件中。 +.RE +.PP +\fBGID_MAX\fR (number), \fBGID_MIN\fR (number) +.RS 4 +Range of group IDs used for the creation of regular groups by +\fBuseradd\fR, +\fBgroupadd\fR, or +\fBnewusers\fR\&. +.sp +The default value for +\fBGID_MIN\fR +(resp\&. +\fBGID_MAX\fR) is 1000 (resp\&. 60000)\&. +.RE +.PP +\fBHOME_MODE\fR (number) +.RS 4 +The mode for new home directories\&. If not specified, the +\fBUMASK\fR +is used to create the mode\&. +.sp +\fBuseradd\fR +and +\fBnewusers\fR +use this to set the mode of the home directory they create\&. +.RE +.PP +\fBHUSHLOGIN_FILE\fR (string) +.RS 4 +If defined, this file can inhibit all the usual chatter during the login sequence\&. If a full pathname is specified, then hushed mode will be enabled if the user\*(Aqs name or shell are found in the file\&. If not a full pathname, then hushed mode will be enabled if the file exists in the user\*(Aqs home directory\&. +.RE +.PP +\fBISSUE_FILE\fR (string) +.RS 4 +如果定义了,此文件将在每次的登录提示之前现实。 +.RE +.PP +\fBKILLCHAR\fR (number) +.RS 4 +Terminal KILL character (\fI025\fR += CTRL/U)\&. +.sp +此值可以使用前缀\(lq0\(rq表示八进制,\(lq0x\(rq表示十六进制。 +.RE +.PP +\fBLASTLOG_ENAB\fR (boolean) +.RS 4 +允许记录和显示 /var/log/lastlog 登录时间信息。 +.RE +.PP +\fBLASTLOG_UID_MAX\fR (number) +.RS 4 +Highest user ID number for which the lastlog entries should be updated\&. As higher user IDs are usually tracked by remote user identity and authentication services there is no need to create a huge sparse lastlog file for them\&. +.sp +No +\fBLASTLOG_UID_MAX\fR +option present in the configuration means that there is no user ID limit for writing lastlog entries\&. +.RE +.PP +\fBLOG_OK_LOGINS\fR (boolean) +.RS 4 +允许记录成功登录。 +.RE +.PP +\fBLOG_UNKFAIL_ENAB\fR (boolean) +.RS 4 +在记录到登录失败时,允许记录未知用户名。 +.sp +注意:如果用户不小心将密码输入到了登录名中,记录未知用户名可能是一个安全隐患。 +.RE +.PP +\fBLOGIN_RETRIES\fR (number) +.RS 4 +密码错误时,重试的最大次数。 +.RE +.PP +\fBLOGIN_STRING\fR (string) +.RS 4 +此字符串用于提示输入密码。默认是 "Password: ",或者翻译了的结果(汉语中翻译为了\(lq密码:\(rq)。如果设置了此变量,提示不会被翻译。 +.sp +If the string contains +\fI%s\fR, this will be replaced by the user\*(Aqs name\&. +.RE +.PP +\fBLOGIN_TIMEOUT\fR (number) +.RS 4 +最大登录时间(以秒为单位)。 +.RE +.PP +\fBMAIL_CHECK_ENAB\fR (boolean) +.RS 4 +启用登录时检查和现实邮箱状态。 +.sp +如果 shell 的启动文件已经检查了邮件("mailx \-e" 或者其它同功能的工具),您应该禁用它。 +.RE +.PP +\fBMAIL_DIR\fR (string) +.RS 4 +邮箱目录。修改或删除用户账户时需要处理邮箱,如果没有指定,将使用编译时指定的默认值。 +.RE +.PP +\fBMAIL_FILE\fR (string) +.RS 4 +定义用户邮箱文件的位置(相对于主目录)。 +.RE +.PP +The +\fBMAIL_DIR\fR +and +\fBMAIL_FILE\fR +variables are used by +\fBuseradd\fR, +\fBusermod\fR, and +\fBuserdel\fR +to create, move, or delete the user\*(Aqs mail spool\&. +.PP +If +\fBMAIL_CHECK_ENAB\fR +is set to +\fIyes\fR, they are also used to define the +\fBMAIL\fR +environment variable\&. +.PP +\fBMAX_MEMBERS_PER_GROUP\fR (number) +.RS 4 +Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in +/etc/group +(with the same name, same password, and same GID)\&. +.sp +默认值是 0,意味着组中的成员数没有限制。 +.sp +此功能(分割组)允许限制组文件中的行长度。这对于确保 NIS 组的行比长于 1024 字符。 +.sp +如果要强制这个限制,可以使用 25。 +.sp +注意:分割组可能不受所有工具的支持(甚至在 Shadow 工具集中)。您不应该使用这个变量,除非真的需要。 +.RE +.PP +\fBMD5_CRYPT_ENAB\fR (boolean) +.RS 4 +Indicate if passwords must be encrypted using the MD5\-based algorithm\&. If set to +\fIyes\fR, new passwords will be encrypted using the MD5\-based algorithm compatible with the one used by recent releases of FreeBSD\&. It supports passwords of unlimited length and longer salt strings\&. Set to +\fIno\fR +if you need to copy encrypted passwords to other systems which don\*(Aqt understand the new algorithm\&. Default is +\fIno\fR\&. +.sp +This variable is superseded by the +\fBENCRYPT_METHOD\fR +variable or by any command line option used to configure the encryption algorithm\&. +.sp +This variable is deprecated\&. You should use +\fBENCRYPT_METHOD\fR\&. +.RE +.PP +\fBMOTD_FILE\fR (string) +.RS 4 +If defined, ":" delimited list of "message of the day" files to be displayed upon login\&. +.RE +.PP +\fBNOLOGINS_FILE\fR (string) +.RS 4 +If defined, name of file whose presence will inhibit non\-root logins\&. The contents of this file should be a message indicating why logins are inhibited\&. +.RE +.PP +\fBOBSCURE_CHECKS_ENAB\fR (boolean) +.RS 4 +对密码更改启用附加检查。 +.RE +.PP +\fBPASS_ALWAYS_WARN\fR (boolean) +.RS 4 +如果是 root,警告弱密码,但是仍然允许使用。 +.RE +.PP +\fBPASS_CHANGE_TRIES\fR (number) +.RS 4 +可以尝试更改密码的最大次数(太容易)。 +.RE +.PP +\fBPASS_MAX_DAYS\fR (number) +.RS 4 +一个密码可以使用的最大天数。如果密码比这旧,将会强迫更改密码。如果不指定,就假定为 \-1,这会禁用这个限制。 +.RE +.PP +\fBPASS_MIN_DAYS\fR (number) +.RS 4 +两次更改密码时间的最小间隔。将会拒绝任何早于此的更改密码的尝试。如果不指定,假定为 \-1,将会禁用这个限制。 +.RE +.PP +\fBPASS_WARN_AGE\fR (number) +.RS 4 +密码过期之前给出警告的天数。0 表示只有只在过期的当天警告,负值表示不警告。如果没有指定,不会给警告。 +.RE +.PP +\fBPASS_MAX_DAYS\fR, +\fBPASS_MIN_DAYS\fR +and +\fBPASS_WARN_AGE\fR +are only used at the time of account creation\&. Any changes to these settings won\*(Aqt affect existing accounts\&. +.PP +\fBPASS_MAX_LEN\fR (number), \fBPASS_MIN_LEN\fR (number) +.RS 4 +Number of significant characters in the password for crypt()\&. +\fBPASS_MAX_LEN\fR +is 8 by default\&. Don\*(Aqt change unless your crypt() is better\&. This is ignored if +\fBMD5_CRYPT_ENAB\fR +set to +\fIyes\fR\&. +.RE +.PP +\fBPORTTIME_CHECKS_ENAB\fR (boolean) +.RS 4 +Enable checking of time restrictions specified in +/etc/porttime\&. +.RE +.PP +\fBQUOTAS_ENAB\fR (boolean) +.RS 4 +Enable setting of resource limits from +/etc/limits +and ulimit, umask, and niceness from the user\*(Aqs passwd gecos field\&. +.RE +.PP +\fBSHA_CRYPT_MIN_ROUNDS\fR (number), \fBSHA_CRYPT_MAX_ROUNDS\fR (number) +.RS 4 +When +\fBENCRYPT_METHOD\fR +is set to +\fISHA256\fR +or +\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&. +.sp +使用很多轮转,会让暴力破解更加困难。但是需要注意,认证用户时也会需要更多的 CPU 资源。 +.sp +如果没有指定,libc 会选择默认的轮转数(5000)。 +.sp +值必须在 1000 \- 999,999,999 之间。 +.sp +If only one of the +\fBSHA_CRYPT_MIN_ROUNDS\fR +or +\fBSHA_CRYPT_MAX_ROUNDS\fR +values is set, then this value will be used\&. +.sp +If +\fBSHA_CRYPT_MIN_ROUNDS\fR +> +\fBSHA_CRYPT_MAX_ROUNDS\fR, the highest value will be used\&. +.RE +.PP +\fBSULOG_FILE\fR (string) +.RS 4 +如果定义了,所有的 su 活动都会记录到此文件。 +.RE +.PP +\fBSU_NAME\fR (string) +.RS 4 +如果定义了,就是运行\(lqsu \-\(rq时显示的命令名称。例如,如果定义为\(lqsu\(rq,那么\(lqps\(rq会显示此命令为\(lq\-su\(rq。如果没有定义,\(lqps\(rq将会显示实际执行的 shell,例如类似于\(lq\-sh\(rq。 +.RE +.PP +\fBSU_WHEEL_ONLY\fR (boolean) +.RS 4 +If +\fIyes\fR, the user must be listed as a member of the first gid 0 group in +/etc/group +(called +\fIroot\fR +on most Linux systems) to be able to +\fBsu\fR +to uid 0 accounts\&. If the group doesn\*(Aqt exist or is empty, no one will be able to +\fBsu\fR +to uid 0\&. +.RE +.PP +\fBSUB_GID_MIN\fR (number), \fBSUB_GID_MAX\fR (number), \fBSUB_GID_COUNT\fR (number) +.RS 4 +If +/etc/subuid +exists, the commands +\fBuseradd\fR +and +\fBnewusers\fR +(unless the user already have subordinate group IDs) allocate +\fBSUB_GID_COUNT\fR +unused group IDs from the range +\fBSUB_GID_MIN\fR +to +\fBSUB_GID_MAX\fR +for each new user\&. +.sp +The default values for +\fBSUB_GID_MIN\fR, +\fBSUB_GID_MAX\fR, +\fBSUB_GID_COUNT\fR +are respectively 100000, 600100000 and 65536\&. +.RE +.PP +\fBSUB_UID_MIN\fR (number), \fBSUB_UID_MAX\fR (number), \fBSUB_UID_COUNT\fR (number) +.RS 4 +If +/etc/subuid +exists, the commands +\fBuseradd\fR +and +\fBnewusers\fR +(unless the user already have subordinate user IDs) allocate +\fBSUB_UID_COUNT\fR +unused user IDs from the range +\fBSUB_UID_MIN\fR +to +\fBSUB_UID_MAX\fR +for each new user\&. +.sp +The default values for +\fBSUB_UID_MIN\fR, +\fBSUB_UID_MAX\fR, +\fBSUB_UID_COUNT\fR +are respectively 100000, 600100000 and 65536\&. +.RE +.PP +\fBSYS_GID_MAX\fR (number), \fBSYS_GID_MIN\fR (number) +.RS 4 +Range of group IDs used for the creation of system groups by +\fBuseradd\fR, +\fBgroupadd\fR, or +\fBnewusers\fR\&. +.sp +The default value for +\fBSYS_GID_MIN\fR +(resp\&. +\fBSYS_GID_MAX\fR) is 101 (resp\&. +\fBGID_MIN\fR\-1)\&. +.RE +.PP +\fBSYS_UID_MAX\fR (number), \fBSYS_UID_MIN\fR (number) +.RS 4 +Range of user IDs used for the creation of system users by +\fBuseradd\fR +or +\fBnewusers\fR\&. +.sp +The default value for +\fBSYS_UID_MIN\fR +(resp\&. +\fBSYS_UID_MAX\fR) is 101 (resp\&. +\fBUID_MIN\fR\-1)\&. +.RE +.PP +\fBSYSLOG_SG_ENAB\fR (boolean) +.RS 4 +Enable "syslog" logging of +\fBsg\fR +activity\&. +.RE +.PP +\fBSYSLOG_SU_ENAB\fR (boolean) +.RS 4 +Enable "syslog" logging of +\fBsu\fR +activity \- in addition to sulog file logging\&. +.RE +.PP +\fBTTYGROUP\fR (string), \fBTTYPERM\fR (string) +.RS 4 +The terminal permissions: the login tty will be owned by the +\fBTTYGROUP\fR +group, and the permissions will be set to +\fBTTYPERM\fR\&. +.sp +By default, the ownership of the terminal is set to the user\*(Aqs primary group and the permissions are set to +\fI0600\fR\&. +.sp +\fBTTYGROUP\fR +can be either the name of a group or a numeric group identifier\&. +.sp +If you have a +\fBwrite\fR +program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620\&. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600\&. +.RE +.PP +\fBTTYTYPE_FILE\fR (string) +.RS 4 +If defined, file which maps tty line to TERM environment parameter\&. Each line of the file is in a format something like "vt100 tty01"\&. +.RE +.PP +\fBUID_MAX\fR (number), \fBUID_MIN\fR (number) +.RS 4 +Range of user IDs used for the creation of regular users by +\fBuseradd\fR +or +\fBnewusers\fR\&. +.sp +The default value for +\fBUID_MIN\fR +(resp\&. +\fBUID_MAX\fR) is 1000 (resp\&. 60000)\&. +.RE +.PP +\fBULIMIT\fR (number) +.RS 4 +Default +\fBulimit\fR +value\&. +.RE +.PP +\fBUMASK\fR (number) +.RS 4 +文件模式创建掩码初始化为此值。如果没有指定,掩码初始化为 022。 +.sp +\fBuseradd\fR +and +\fBnewusers\fR +use this mask to set the mode of the home directory they create if +\fBHOME_MODE\fR +is not set\&. +.sp +It is also used by +\fBlogin\fR +to define users\*(Aq initial umask\&. Note that this mask can be overridden by the user\*(Aqs GECOS line (if +\fBQUOTAS_ENAB\fR +is set) or by the specification of a limit with the +\fIK\fR +identifier in +\fBlimits\fR(5)\&. +.RE +.PP +\fBUSERDEL_CMD\fR (string) +.RS 4 +如果定义了,这是删除账户时执行的命令。它应该移除所有属于此用户的的 at/cron/print 等作业(作为第一个参数传递)。 +.sp +这个脚本的返回值并不被带到账户中去。 +.sp +Here is an example script, which removes the user\*(Aqs cron, at and print jobs: +.sp +.if n \{\ +.RS 4 +.\} +.nf +#! /bin/sh + +# Check for the required argument\&. +if [ $# != 1 ]; then + echo "Usage: $0 username" + exit 1 +fi + +# Remove cron jobs\&. +crontab \-r \-u $1 + +# Remove at jobs\&. +# Note that it will remove any jobs owned by the same UID, +# even if it was shared by a different username\&. +AT_SPOOL_DIR=/var/spool/cron/atjobs +find $AT_SPOOL_DIR \-name "[^\&.]*" \-type f \-user $1 \-delete \e; + +# Remove print jobs\&. +lprm $1 + +# All done\&. +exit 0 + +.fi +.if n \{\ +.RE +.\} +.sp +.RE +.PP +\fBUSERGROUPS_ENAB\fR (boolean) +.RS 4 +如果 uid 和 gid 相同,用户名和主用户名也相同,使非 root 组的组掩码位和属主位相同 (如:022 \-> 002, 077 \-> 007)。 +.sp +If set to +\fIyes\fR, +\fBuserdel\fR +will remove the user\*(Aqs group if it contains no more members, and +\fBuseradd\fR +will create by default a group with the name of the user\&. +.RE +.SH "交叉引用" +.PP +如下交叉引用显示影子密码套件哪个程序使用哪个参数。 +.PP +chfn +.RS 4 +CHFN_AUTH +CHFN_RESTRICT +LOGIN_STRING +.RE +.PP +chgpasswd +.RS 4 +ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +.RE +.PP +chpasswd +.RS 4 +ENCRYPT_METHOD MD5_CRYPT_ENAB +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +.RE +.PP +chsh +.RS 4 +CHSH_AUTH LOGIN_STRING +.RE +.PP +gpasswd +.RS 4 +ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +.RE +.PP +groupadd +.RS 4 +GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP SYS_GID_MAX SYS_GID_MIN +.RE +.PP +groupdel +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +groupmems +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +groupmod +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +grpck +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +grpconv +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +grpunconv +.RS 4 +MAX_MEMBERS_PER_GROUP +.RE +.PP +lastlog +.RS 4 +LASTLOG_UID_MAX +.RE +.PP +login +.RS 4 +CONSOLE +CONSOLE_GROUPS DEFAULT_HOME +ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE +ERASECHAR FAIL_DELAY +FAILLOG_ENAB +FAKE_SHELL +FTMP_FILE +HUSHLOGIN_FILE +ISSUE_FILE +KILLCHAR +LASTLOG_ENAB LASTLOG_UID_MAX +LOGIN_RETRIES +LOGIN_STRING +LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB +MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB +TTYGROUP TTYPERM TTYTYPE_FILE +ULIMIT UMASK +USERGROUPS_ENAB +.RE +.PP +newgrp / sg +.RS 4 +SYSLOG_SG_ENAB +.RE +.PP +newusers +.RS 4 +ENCRYPT_METHOD GID_MAX GID_MIN MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK +.RE +.PP +passwd +.RS 4 +ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN +SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS +.RE +.PP +pwck +.RS 4 +PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE +.RE +.PP +pwconv +.RS 4 +PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE +.RE +.PP +su +.RS 4 +CONSOLE +CONSOLE_GROUPS DEFAULT_HOME +ENV_HZ ENVIRON_FILE +ENV_PATH ENV_SUPATH +ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB +SULOG_FILE SU_NAME +SU_WHEEL_ONLY +SYSLOG_SU_ENAB +USERGROUPS_ENAB +.RE +.PP +sulogin +.RS 4 +ENV_HZ +ENV_TZ +.RE +.PP +useradd +.RS 4 +CREATE_HOME GID_MAX GID_MIN HOME_MODE LASTLOG_UID_MAX MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK +.RE +.PP +userdel +.RS 4 +MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP USERDEL_CMD USERGROUPS_ENAB +.RE +.PP +usermod +.RS 4 +LASTLOG_UID_MAX MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP +.RE +.SH "参见" +.PP +\fBlogin\fR(1), +\fBpasswd\fR(1), +\fBsu\fR(1), +\fBpasswd\fR(5), +\fBshadow\fR(5), +\fBpam\fR(8)\&. diff --git a/man/zh_CN/man5/passwd.5 b/man/zh_CN/man5/passwd.5 new file mode 100644 index 0000000..6bd853b --- /dev/null +++ b/man/zh_CN/man5/passwd.5 @@ -0,0 +1,193 @@ +'\" t +.\" Title: passwd +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 2020-01-23 +.\" Manual: 文件格式和转化 +.\" Source: shadow-utils 4.8.1 +.\" Language: Chinese Simplified +.\" +.TH "PASSWD" "5" "2020-01-23" "shadow\-utils 4\&.8\&.1" "文件格式和转化" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "名称" +passwd \- 密码文件 +.SH "描述" +.PP +/etc/passwd +contains one line for each user account, with seven fields delimited by colons (\(lq:\(rq)\&. These fields are: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +登录名 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +可选的加密后的密码 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +数字用户 ID +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +数字组 ID +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +用户名和注释字段 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +用户主目录 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +可选的用户命令解释器 +.RE +.PP +If the +\fIpassword\fR +field is a lower\-case +\(lqx\(rq, then the encrypted password is actually stored in the +\fBshadow\fR(5) +file instead; there +\fImust\fR +be a corresponding line in the +/etc/shadow +file, or else the user account is invalid\&. +.PP +The encrypted +\fIpassword\fR +field may be empty, in which case no password is required to authenticate as the specified login name\&. However, some applications which read the +/etc/passwd +file may decide not to permit +\fIany\fR +access at all if the +\fIpassword\fR +field is blank\&. +.PP +A +\fIpassword\fR +field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the +\fIpassword\fR +field before the password was locked\&. +.PP +Refer to +\fBcrypt\fR(3) +for details on how this string is interpreted\&. +.PP +If the password field contains some string that is not a valid result of +\fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&. +.PP +The comment field is used by various system utilities, such as +\fBfinger\fR(1)\&. +.PP +The home directory field provides the name of the initial working directory\&. The +\fBlogin\fR +program uses this information to set the value of the +\fB$HOME\fR +environmental variable\&. +.PP +The command interpreter field provides the name of the user\*(Aqs command language interpreter, or the name of the initial program to execute\&. The +\fBlogin\fR +program uses this information to set the value of the +\fB$SHELL\fR +environmental variable\&. If this field is empty, it defaults to the value +/bin/sh\&. +.SH "文件" +.PP +/etc/passwd +.RS 4 +用户账户信息。 +.RE +.PP +/etc/shadow +.RS 4 +可选的加密后的密码文件 +.RE +.PP +/etc/passwd\- +.RS 4 +/etc/passwd 的备份文件。 +.sp +注意,此文件由 shadow 工具集使用,而不是所有的用户和密码管理工具都会使用。 +.RE +.SH "参见" +.PP +\fBcrypt\fR(3), +\fBgetent\fR(1), +\fBgetpwnam\fR(3), +\fBlogin\fR(1), +\fBpasswd\fR(1), +\fBpwck\fR(8), +\fBpwconv\fR(8), +\fBpwunconv\fR(8), +\fBshadow\fR(5), +\fBsu\fR(1), +\fBsulogin\fR(8)\&. diff --git a/man/zh_CN/man5/porttime.5 b/man/zh_CN/man5/porttime.5 new file mode 100644 index 0000000..3fcc951 --- /dev/null +++ b/man/zh_CN/man5/porttime.5 @@ -0,0 +1,96 @@ +'\" t +.\" Title: porttime +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 2020-01-23 +.\" Manual: 文件格式和转化 +.\" Source: shadow-utils 4.8.1 +.\" Language: Chinese Simplified +.\" +.TH "PORTTIME" "5" "2020-01-23" "shadow\-utils 4\&.8\&.1" "文件格式和转化" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "名称" +porttime \- 端口访问时间文件 +.SH "描述" +.PP +\fIporttime\fR +contains a list of tty devices, user names, and permitted login times\&. +.PP +每项包含三个由冒号分隔的字段。第一个字段是逗号分隔的 tty 设备列表,或者星号表示匹配所有终端。第二个字段是逗号分隔的用户名列表,或者星号表示匹配所有用户名。第三个字段是逗号分隔的访问许可时间。 +.PP +Each access time entry consists of zero or more days of the week, abbreviated +\fISu\fR, +\fIMo\fR, +\fITu\fR, +\fIWe\fR, +\fITh\fR, +\fIFr\fR, and +\fISa\fR, followed by a pair of times separated by a hyphen\&. The abbreviation +\fIWk\fR +may be used to represent Monday thru Friday, and +\fIAl\fR +may be used to indicate every day\&. If no days are given, +\fIAl\fR +is assumed\&. +.SH "示例" +.PP +The following entry allows access to user +\fBjfh\fR +on every port during weekdays from 9am to 5pm\&. +.PP +*:jfh:Wk0900\-1700 +.PP +The following entries allow access only to the users +\fIroot\fR +and +\fIoper\fR +on +/dev/console +at any time\&. This illustrates how the +/etc/porttime +file is an ordered list of access times\&. Any other user would match the second entry which does not permit access at any time\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf + console:root,oper:Al0000\-2400 + console:*: + +.fi +.if n \{\ +.RE +.\} +.PP +The following entry allows access for the user +\fIgames\fR +on any port during non\-working hours\&. +.PP +*:games:Wk1700\-0900,SaSu0000\-2400 +.SH "文件" +.PP +/etc/porttime +.RS 4 +包含了端口访问信息的文件。 +.RE +.SH "参见" +.PP +\fBlogin\fR(1)\&. diff --git a/man/zh_CN/man5/shadow.5 b/man/zh_CN/man5/shadow.5 new file mode 100644 index 0000000..4c9fe5c --- /dev/null +++ b/man/zh_CN/man5/shadow.5 @@ -0,0 +1,148 @@ +'\" t +.\" Title: shadow +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 2020-01-23 +.\" Manual: 文件格式和转化 +.\" Source: shadow-utils 4.8.1 +.\" Language: Chinese Simplified +.\" +.TH "SHADOW" "5" "2020-01-23" "shadow\-utils 4\&.8\&.1" "文件格式和转化" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "名称" +shadow \- 影子化了的密码文件 +.SH "描述" +.PP +shadow +is a file which contains the password information for the system\*(Aqs accounts and optional aging information\&. +.PP +如果没有维护好密码安全,此文件绝对不能让普通用户可读。 +.PP +Each line of this file contains 9 fields, separated by colons (\(lq:\(rq), in the following order: +.PP +\fB登录名\fR +.RS 4 +必须是有效的账户名,且已经存在于系统中。 +.RE +.PP +\fB加密了的密码\fR +.RS 4 +This field may be empty, in which case no passwords are required to authenticate as the specified login name\&. However, some applications which read the +/etc/shadow +file may decide not to permit any access at all if the password field is empty\&. +.sp +A password field which starts with an exclamation mark means that the password is locked\&. The remaining characters on the line represent the password field before the password was locked\&. +.sp +Refer to +\fBcrypt\fR(3) +for details on how this string is interpreted\&. +.sp +If the password field contains some string that is not a valid result of +\fBcrypt\fR(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means)\&. +.RE +.PP +\fB最后一次更改密码的日期\fR +.RS 4 +最近一次更改密码的时间,表示从1970年1月1日开始的天数。 +.sp +The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system\&. +.sp +空字段表示密码年龄功能被禁用。 +.RE +.PP +\fB密码的最小年龄\fR +.RS 4 +最小密码年龄是指,用户一次更改密码之后,要等多长时间才再次被允许更改密码。 +.sp +空字段或 0 表示没有最小密码年龄。 +.RE +.PP +\fB最大密码年龄\fR +.RS 4 +最大密码年龄是指,这写天之后,用户必须更改密码。 +.sp +这写天之后,密码仍然可用。用户将会在下次登录的时候被要求更改密码。 +.sp +空字段表示没有最大密码年龄,没有密码警告时间段,没有密码禁用时间段(请看下边)。 +.sp +如果最大密码年龄小于最小密码年龄,用户将会不能更改密码。 +.RE +.PP +\fB密码警告时间段\fR +.RS 4 +密码过期之前,提前警告用户的的天数(请参考上边的密码的最大年龄)。 +.sp +空字段或者 0 表示没有密码警告期。 +.RE +.PP +\fB密码禁用期\fR +.RS 4 +密码过期(查看上边的密码最大年龄)后,仍然接受此密码的天数(在此期间,用户应该在下次登录时修改密码)。 +.sp +密码到期并且过了这个宽限期之后,使用用户的当前的密码将会不能登录。用户需要联系系统管理员。 +.sp +空字段表示没有强制密码过期。 +.RE +.PP +\fB账户过期日期\fR +.RS 4 +账户过期的日期,表示从1970年1月1日开始的天数。 +.sp +Note that an account expiration differs from a password expiration\&. In case of an account expiration, the user shall not be allowed to login\&. In case of a password expiration, the user is not allowed to login using her password\&. +.sp +空字段表示账户永不过期。 +.sp +应该避免使用 0,因为它既能理解成永不过期也能理解成在1970年1月1日过期。 +.RE +.PP +\fB保留字段\fR +.RS 4 +此字段保留作将来使用。 +.RE +.SH "文件" +.PP +/etc/passwd +.RS 4 +用户账户信息。 +.RE +.PP +/etc/shadow +.RS 4 +安全用户账户信息。 +.RE +.PP +/etc/shadow\- +.RS 4 +/etc/shadow 的备份文件。 +.sp +注意,此文件由 shadow 工具集使用,而不是所有的用户和密码管理工具都会使用。 +.RE +.SH "参见" +.PP +\fBchage\fR(1), +\fBlogin\fR(1), +\fBpasswd\fR(1), +\fBpasswd\fR(5), +\fBpwck\fR(8), +\fBpwconv\fR(8), +\fBpwunconv\fR(8), +\fBsu\fR(1), +\fBsulogin\fR(8)\&. diff --git a/man/zh_CN/man5/suauth.5 b/man/zh_CN/man5/suauth.5 new file mode 100644 index 0000000..1a1de53 --- /dev/null +++ b/man/zh_CN/man5/suauth.5 @@ -0,0 +1,146 @@ +'\" t +.\" Title: suauth +.\" Author: Marek Micha\(/lkiewicz +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 2020-01-23 +.\" Manual: 文件格式和转化 +.\" Source: shadow-utils 4.8.1 +.\" Language: Chinese Simplified +.\" +.TH "SUAUTH" "5" "2020-01-23" "shadow\-utils 4\&.8\&.1" "文件格式和转化" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "名称" +suauth \- 详细的 su 控制文件 +.SH "大纲" +.HP \w'\fB/etc/suauth\fR\ 'u +\fB/etc/suauth\fR +.SH "描述" +.PP +The file +/etc/suauth +is referenced whenever the su command is called\&. It can change the behaviour of the su command, based upon: +.sp +.if n \{\ +.RS 4 +.\} +.nf + 1) the user su is targeting + +.fi +.if n \{\ +.RE +.\} +.PP +2) 执行 su 命令的用户 (或者他可能属于的组) +.PP +文件格式为:以 # 开头的行视为注视,并被忽略; +.sp +.if n \{\ +.RS 4 +.\} +.nf + to\-id:from\-id:ACTION + +.fi +.if n \{\ +.RE +.\} +.PP +Where to\-id is either the word +\fIALL\fR, a list of usernames delimited by "," or the words +\fIALL EXCEPT\fR +followed by a list of usernames delimited by ","\&. +.PP +from\-id is formatted the same as to\-id except the extra word +\fIGROUP\fR +is recognized\&. +\fIALL EXCEPT GROUP\fR +is perfectly valid too\&. Following +\fIGROUP\fR +appears one or more group names, delimited by ","\&. It is not sufficient to have primary group id of the relevant group, an entry in +\fB/etc/group\fR(5) +is necessary\&. +.PP +动作只可以使用如下当前支持的选项。 +.PP +\fIDENY\fR +.RS 4 +su 的尝试在询问密码之前就被拒绝。 +.RE +.PP +\fINOPASS\fR +.RS 4 +su 尝试自动成功,而且不询问密码。 +.RE +.PP +\fIOWNPASS\fR +.RS 4 +为了成功执行 su,用户必须提供自己的密码。将会提示他们这样。 +.RE +.PP +注意,有三个用冒号分割的字段。冒号旁边不能有空格。也请注意,这个文件会被一行一行地依次检查,会使用第一个可用的规则,而不会继续检查文件。这可以让系统管理员使系统尽量符合其期望。 +.SH "示例" +.sp +.if n \{\ +.RS 4 +.\} +.nf + # sample /etc/suauth file + # + # A couple of privileged usernames may + # su to root with their own password\&. + # + root:chris,birddog:OWNPASS + # + # Anyone else may not su to root unless in + # group wheel\&. This is how BSD does things\&. + # + root:ALL EXCEPT GROUP wheel:DENY + # + # Perhaps terry and birddog are accounts + # owned by the same person\&. + # Access can be arranged between them + # with no password\&. + # + terry:birddog:NOPASS + birddog:terry:NOPASS + # + +.fi +.if n \{\ +.RE +.\} +.SH "文件" +.PP +/etc/suauth +.RS 4 +.RE +.SH "缺陷" +.PP +可能会有很多潜在问题。文件解析器尤其不能容忍语法错误,不能有无意义的空白符(除了行首和行尾),并且使用特定的标记分割不同的事情。 +.SH "DIAGNOSTICS" +.PP +An error parsing the file is reported using +\fBsyslogd\fR(8) +as level ERR on facility AUTH\&. +.SH "参见" +.PP +\fBsu\fR(1)\&. -- cgit v1.2.3