summaryrefslogtreecommitdiffstats
path: root/man/man1
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--man/man1/chage.112
-rw-r--r--man/man1/chfn.16
-rw-r--r--man/man1/chsh.112
-rw-r--r--man/man1/expiry.16
-rw-r--r--man/man1/getsubids.16
-rw-r--r--man/man1/gpasswd.18
-rw-r--r--man/man1/groups.16
-rw-r--r--man/man1/id.16
-rw-r--r--man/man1/login.112
-rw-r--r--man/man1/newgidmap.116
-rw-r--r--man/man1/newgrp.16
-rw-r--r--man/man1/newuidmap.116
-rw-r--r--man/man1/passwd.163
-rw-r--r--man/man1/sg.16
-rw-r--r--man/man1/su.16
15 files changed, 100 insertions, 87 deletions
diff --git a/man/man1/chage.1 b/man/man1/chage.1
index 37f72d1..0998ae8 100644
--- a/man/man1/chage.1
+++ b/man/man1/chage.1
@@ -2,12 +2,12 @@
.\" Title: chage
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "CHAGE" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "CHAGE" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -136,6 +136,12 @@ directory and use the configuration files from the
directory\&. Only absolute paths are supported\&.
.RE
.PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
\fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR
.RS 4
Set the number of days of warning before a password change is required\&. The
diff --git a/man/man1/chfn.1 b/man/man1/chfn.1
index d73f7f1..315f32b 100644
--- a/man/man1/chfn.1
+++ b/man/man1/chfn.1
@@ -2,12 +2,12 @@
.\" Title: chfn
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "CHFN" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "CHFN" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/man/man1/chsh.1 b/man/man1/chsh.1
index 97458a4..597f3ff 100644
--- a/man/man1/chsh.1
+++ b/man/man1/chsh.1
@@ -2,12 +2,12 @@
.\" Title: chsh
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "CHSH" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "CHSH" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -77,6 +77,12 @@ The only restriction placed on the login shell is that the command name must be
in
/etc/shells
is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
+.PP
+For this reason, placing
+/bin/rsh
+in
+/etc/shells
+is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&.
.SH "CONFIGURATION"
.PP
The following configuration variables in
diff --git a/man/man1/expiry.1 b/man/man1/expiry.1
index 6f5a120..93dc97d 100644
--- a/man/man1/expiry.1
+++ b/man/man1/expiry.1
@@ -2,12 +2,12 @@
.\" Title: expiry
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "EXPIRY" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "EXPIRY" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/man/man1/getsubids.1 b/man/man1/getsubids.1
index 2d92334..fa026b0 100644
--- a/man/man1/getsubids.1
+++ b/man/man1/getsubids.1
@@ -2,12 +2,12 @@
.\" Title: getsubids
.\" Author: Iker Pedrosa
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "GETSUBIDS" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "GETSUBIDS" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/man/man1/gpasswd.1 b/man/man1/gpasswd.1
index e11bcdf..68810fc 100644
--- a/man/man1/gpasswd.1
+++ b/man/man1/gpasswd.1
@@ -2,12 +2,12 @@
.\" Title: gpasswd
.\" Author: Rafal Maszkowski
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "GPASSWD" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "GPASSWD" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -196,7 +196,7 @@ is set to
or
\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
.sp
-With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+With a lot of rounds, it is more difficult to brute force the password\&. But note also that more CPU resources will be needed to authenticate users\&.
.sp
If not specified, the libc will choose the default number of rounds (5000), which is orders of magnitude too low for modern hardware\&.
.sp
diff --git a/man/man1/groups.1 b/man/man1/groups.1
index 7b9fbf2..473f1ee 100644
--- a/man/man1/groups.1
+++ b/man/man1/groups.1
@@ -2,12 +2,12 @@
.\" Title: groups
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "GROUPS" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "GROUPS" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/man/man1/id.1 b/man/man1/id.1
index 010db36..34eb349 100644
--- a/man/man1/id.1
+++ b/man/man1/id.1
@@ -2,12 +2,12 @@
.\" Title: id
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "ID" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "ID" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/man/man1/login.1 b/man/man1/login.1
index eaa39db..36028e8 100644
--- a/man/man1/login.1
+++ b/man/man1/login.1
@@ -2,12 +2,12 @@
.\" Title: login
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "LOGIN" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "LOGIN" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -375,12 +375,12 @@ The terminal permissions: the login tty will be owned by the
group, and the permissions will be set to
\fBTTYPERM\fR\&.
.sp
-By default, the ownership of the terminal is set to the user\*(Aqs primary group and the permissions are set to
-\fI0600\fR\&.
-.sp
\fBTTYGROUP\fR
can be either the name of a group or a numeric group identifier\&.
.sp
+If TTYGROUP is not defined, then the group ownership of the terminal is set to the user\*(Aqs primary group\&. If TTYPERM is not defined, then the permissions are set to
+\fI0600\fR\&.
+.sp
If you have a
\fBwrite\fR
program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620\&. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600\&.
diff --git a/man/man1/newgidmap.1 b/man/man1/newgidmap.1
index c60cf7f..7328aef 100644
--- a/man/man1/newgidmap.1
+++ b/man/man1/newgidmap.1
@@ -2,12 +2,12 @@
.\" Title: newgidmap
.\" Author: Eric Biederman
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "NEWGIDMAP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "NEWGIDMAP" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -74,6 +74,16 @@ before setting
/proc/[pid]/gid_map\&.
.PP
Note that newgidmap may be used only once for a given process\&.
+.PP
+Instead of an integer process id, the first argument may be specified as
+\fIfd:N\fR, where the integer N is the file descriptor number for the calling process\*(Aqs opened file descriptor for the directory
+/proc/[pid]\&. In this case,
+\fBnewgidmap\fR
+will use
+openat(2)
+to open the
+gid_map
+file under that directory, avoiding a TOCTTOU in case the process exits and the pid is immediately reused\&.
.SH "OPTIONS"
.PP
There currently are no options to the
diff --git a/man/man1/newgrp.1 b/man/man1/newgrp.1
index 312e6ca..04cf7e7 100644
--- a/man/man1/newgrp.1
+++ b/man/man1/newgrp.1
@@ -2,12 +2,12 @@
.\" Title: newgrp
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "NEWGRP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "NEWGRP" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/man/man1/newuidmap.1 b/man/man1/newuidmap.1
index d4dda67..71b7226 100644
--- a/man/man1/newuidmap.1
+++ b/man/man1/newuidmap.1
@@ -2,12 +2,12 @@
.\" Title: newuidmap
.\" Author: Eric Biederman
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "NEWUIDMAP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "NEWUIDMAP" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -74,6 +74,16 @@ before setting
/proc/[pid]/uid_map\&.
.PP
Note that newuidmap may be used only once for a given process\&.
+.PP
+Instead of an integer process id, the first argument may be specified as
+\fIfd:N\fR, where the integer N is the file descriptor number for the calling process\*(Aqs opened file descriptor for the directory
+/proc/[pid]\&. In this case,
+\fBnewuidmap\fR
+will use
+openat(2)
+to open the
+uid_map
+file under that directory, avoiding a TOCTTOU in case the process exits and the pid is immediately reused\&.
.SH "OPTIONS"
.PP
There currently are no options to the
diff --git a/man/man1/passwd.1 b/man/man1/passwd.1
index cc1a46e..04a48c2 100644
--- a/man/man1/passwd.1
+++ b/man/man1/passwd.1
@@ -2,12 +2,12 @@
.\" Title: passwd
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "PASSWD" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "PASSWD" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -49,44 +49,9 @@ refuses to change the password and exits\&.
.PP
The user is then prompted twice for a replacement password\&. The second entry is compared against the first and both are required to match in order for the password to be changed\&.
.PP
-Then, the password is tested for complexity\&. As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-lower case alphabetics
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-digits 0 thru 9
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-punctuation marks
-.RE
-.PP
-Care must be taken not to include the system default erase or kill characters\&.
+Then, the password is tested for complexity\&.
\fBpasswd\fR
-will reject any password which is not suitably complex\&.
+will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&.
.SS "Hints for user passwords"
.PP
The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy
@@ -96,6 +61,8 @@ System encryption method is based on the NBS DES algorithm\&. More recent method
.PP
Compromises in password security normally result from careless password selection or handling\&. For this reason, you should not select a password which appears in a dictionary or which must be written down\&. The password should also not be a proper name, your license number, birth date, or street address\&. Any of these may be used as guesses to violate system security\&.
.PP
+As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&.
+.PP
You can find advice on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength
.SH "OPTIONS"
.PP
@@ -175,6 +142,12 @@ directory and use the configuration files from the
directory\&. Only absolute paths are supported\&.
.RE
.PP
+\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
+.RS 4
+Apply changes to configuration files under the root filesystem found under the directory
+\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
+.RE
+.PP
\fB\-S\fR, \fB\-\-status\fR
.RS 4
Display account status information\&. The status information consists of 7 fields\&. The first field is the user\*(Aqs login name\&. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P)\&. The third field gives the date of the last password change\&. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password\&. These ages are expressed in days\&.
@@ -205,6 +178,11 @@ as
\fIMAX_DAYS\fR
will remove checking a password\*(Aqs validity\&.
.RE
+.PP
+\fB\-s\fR, \fB\-\-stdin\fR
+.RS 4
+This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&.
+.RE
.SH "CAVEATS"
.PP
Password complexity checking may vary from site to site\&. The user is urged to select a password as complex as he or she feels comfortable with\&.
@@ -282,7 +260,7 @@ is set to
or
\fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&.
.sp
-With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&.
+With a lot of rounds, it is more difficult to brute force the password\&. But note also that more CPU resources will be needed to authenticate users\&.
.sp
If not specified, the libc will choose the default number of rounds (5000), which is orders of magnitude too low for modern hardware\&.
.sp
@@ -361,7 +339,10 @@ invalid argument to option
.SH "SEE ALSO"
.PP
\fBchpasswd\fR(8),
+\fBmakepasswd\fR(1),
\fBpasswd\fR(5),
\fBshadow\fR(5),
\fBlogin.defs\fR(5),
\fBusermod\fR(8)\&.
+.PP
+The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/"
diff --git a/man/man1/sg.1 b/man/man1/sg.1
index 860c58e..1e104ab 100644
--- a/man/man1/sg.1
+++ b/man/man1/sg.1
@@ -2,12 +2,12 @@
.\" Title: sg
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "SG" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "SG" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/man/man1/su.1 b/man/man1/su.1
index a7c5cb3..ebd2629 100644
--- a/man/man1/su.1
+++ b/man/man1/su.1
@@ -2,12 +2,12 @@
.\" Title: su
.\" Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 11/08/2022
+.\" Date: 06/21/2024
.\" Manual: User Commands
-.\" Source: shadow-utils 4.13
+.\" Source: shadow-utils 4.15.2
.\" Language: English
.\"
-.TH "SU" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands"
+.TH "SU" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------