diff options
Diffstat (limited to '')
-rw-r--r-- | man/man1/chage.1 | 12 | ||||
-rw-r--r-- | man/man1/chfn.1 | 6 | ||||
-rw-r--r-- | man/man1/chsh.1 | 12 | ||||
-rw-r--r-- | man/man1/expiry.1 | 6 | ||||
-rw-r--r-- | man/man1/getsubids.1 | 6 | ||||
-rw-r--r-- | man/man1/gpasswd.1 | 8 | ||||
-rw-r--r-- | man/man1/groups.1 | 6 | ||||
-rw-r--r-- | man/man1/id.1 | 6 | ||||
-rw-r--r-- | man/man1/login.1 | 12 | ||||
-rw-r--r-- | man/man1/newgidmap.1 | 16 | ||||
-rw-r--r-- | man/man1/newgrp.1 | 6 | ||||
-rw-r--r-- | man/man1/newuidmap.1 | 16 | ||||
-rw-r--r-- | man/man1/passwd.1 | 63 | ||||
-rw-r--r-- | man/man1/sg.1 | 6 | ||||
-rw-r--r-- | man/man1/su.1 | 6 |
15 files changed, 100 insertions, 87 deletions
diff --git a/man/man1/chage.1 b/man/man1/chage.1 index 37f72d1..0998ae8 100644 --- a/man/man1/chage.1 +++ b/man/man1/chage.1 @@ -2,12 +2,12 @@ .\" Title: chage .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "CHAGE" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "CHAGE" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -136,6 +136,12 @@ directory and use the configuration files from the directory\&. Only absolute paths are supported\&. .RE .PP +\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR +.RS 4 +Apply changes to configuration files under the root filesystem found under the directory +\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&. +.RE +.PP \fB\-W\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR .RS 4 Set the number of days of warning before a password change is required\&. The diff --git a/man/man1/chfn.1 b/man/man1/chfn.1 index d73f7f1..315f32b 100644 --- a/man/man1/chfn.1 +++ b/man/man1/chfn.1 @@ -2,12 +2,12 @@ .\" Title: chfn .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "CHFN" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "CHFN" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/man/man1/chsh.1 b/man/man1/chsh.1 index 97458a4..597f3ff 100644 --- a/man/man1/chsh.1 +++ b/man/man1/chsh.1 @@ -2,12 +2,12 @@ .\" Title: chsh .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "CHSH" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "CHSH" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -77,6 +77,12 @@ The only restriction placed on the login shell is that the command name must be in /etc/shells is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&. +.PP +For this reason, placing +/bin/rsh +in +/etc/shells +is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell back to its original value\&. .SH "CONFIGURATION" .PP The following configuration variables in diff --git a/man/man1/expiry.1 b/man/man1/expiry.1 index 6f5a120..93dc97d 100644 --- a/man/man1/expiry.1 +++ b/man/man1/expiry.1 @@ -2,12 +2,12 @@ .\" Title: expiry .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "EXPIRY" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "EXPIRY" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/man/man1/getsubids.1 b/man/man1/getsubids.1 index 2d92334..fa026b0 100644 --- a/man/man1/getsubids.1 +++ b/man/man1/getsubids.1 @@ -2,12 +2,12 @@ .\" Title: getsubids .\" Author: Iker Pedrosa .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "GETSUBIDS" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "GETSUBIDS" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/man/man1/gpasswd.1 b/man/man1/gpasswd.1 index e11bcdf..68810fc 100644 --- a/man/man1/gpasswd.1 +++ b/man/man1/gpasswd.1 @@ -2,12 +2,12 @@ .\" Title: gpasswd .\" Author: Rafal Maszkowski .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "GPASSWD" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "GPASSWD" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -196,7 +196,7 @@ is set to or \fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&. .sp -With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&. +With a lot of rounds, it is more difficult to brute force the password\&. But note also that more CPU resources will be needed to authenticate users\&. .sp If not specified, the libc will choose the default number of rounds (5000), which is orders of magnitude too low for modern hardware\&. .sp diff --git a/man/man1/groups.1 b/man/man1/groups.1 index 7b9fbf2..473f1ee 100644 --- a/man/man1/groups.1 +++ b/man/man1/groups.1 @@ -2,12 +2,12 @@ .\" Title: groups .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "GROUPS" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "GROUPS" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/man/man1/id.1 b/man/man1/id.1 index 010db36..34eb349 100644 --- a/man/man1/id.1 +++ b/man/man1/id.1 @@ -2,12 +2,12 @@ .\" Title: id .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "ID" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "ID" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/man/man1/login.1 b/man/man1/login.1 index eaa39db..36028e8 100644 --- a/man/man1/login.1 +++ b/man/man1/login.1 @@ -2,12 +2,12 @@ .\" Title: login .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "LOGIN" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "LOGIN" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -375,12 +375,12 @@ The terminal permissions: the login tty will be owned by the group, and the permissions will be set to \fBTTYPERM\fR\&. .sp -By default, the ownership of the terminal is set to the user\*(Aqs primary group and the permissions are set to -\fI0600\fR\&. -.sp \fBTTYGROUP\fR can be either the name of a group or a numeric group identifier\&. .sp +If TTYGROUP is not defined, then the group ownership of the terminal is set to the user\*(Aqs primary group\&. If TTYPERM is not defined, then the permissions are set to +\fI0600\fR\&. +.sp If you have a \fBwrite\fR program which is "setgid" to a special group which owns the terminals, define TTYGROUP to the group number and TTYPERM to 0620\&. Otherwise leave TTYGROUP commented out and assign TTYPERM to either 622 or 600\&. diff --git a/man/man1/newgidmap.1 b/man/man1/newgidmap.1 index c60cf7f..7328aef 100644 --- a/man/man1/newgidmap.1 +++ b/man/man1/newgidmap.1 @@ -2,12 +2,12 @@ .\" Title: newgidmap .\" Author: Eric Biederman .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "NEWGIDMAP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "NEWGIDMAP" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -74,6 +74,16 @@ before setting /proc/[pid]/gid_map\&. .PP Note that newgidmap may be used only once for a given process\&. +.PP +Instead of an integer process id, the first argument may be specified as +\fIfd:N\fR, where the integer N is the file descriptor number for the calling process\*(Aqs opened file descriptor for the directory +/proc/[pid]\&. In this case, +\fBnewgidmap\fR +will use +openat(2) +to open the +gid_map +file under that directory, avoiding a TOCTTOU in case the process exits and the pid is immediately reused\&. .SH "OPTIONS" .PP There currently are no options to the diff --git a/man/man1/newgrp.1 b/man/man1/newgrp.1 index 312e6ca..04cf7e7 100644 --- a/man/man1/newgrp.1 +++ b/man/man1/newgrp.1 @@ -2,12 +2,12 @@ .\" Title: newgrp .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "NEWGRP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "NEWGRP" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/man/man1/newuidmap.1 b/man/man1/newuidmap.1 index d4dda67..71b7226 100644 --- a/man/man1/newuidmap.1 +++ b/man/man1/newuidmap.1 @@ -2,12 +2,12 @@ .\" Title: newuidmap .\" Author: Eric Biederman .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "NEWUIDMAP" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "NEWUIDMAP" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -74,6 +74,16 @@ before setting /proc/[pid]/uid_map\&. .PP Note that newuidmap may be used only once for a given process\&. +.PP +Instead of an integer process id, the first argument may be specified as +\fIfd:N\fR, where the integer N is the file descriptor number for the calling process\*(Aqs opened file descriptor for the directory +/proc/[pid]\&. In this case, +\fBnewuidmap\fR +will use +openat(2) +to open the +uid_map +file under that directory, avoiding a TOCTTOU in case the process exits and the pid is immediately reused\&. .SH "OPTIONS" .PP There currently are no options to the diff --git a/man/man1/passwd.1 b/man/man1/passwd.1 index cc1a46e..04a48c2 100644 --- a/man/man1/passwd.1 +++ b/man/man1/passwd.1 @@ -2,12 +2,12 @@ .\" Title: passwd .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "PASSWD" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "PASSWD" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -49,44 +49,9 @@ refuses to change the password and exits\&. .PP The user is then prompted twice for a replacement password\&. The second entry is compared against the first and both are required to match in order for the password to be changed\&. .PP -Then, the password is tested for complexity\&. As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets: -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -lower case alphabetics -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -digits 0 thru 9 -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -punctuation marks -.RE -.PP -Care must be taken not to include the system default erase or kill characters\&. +Then, the password is tested for complexity\&. \fBpasswd\fR -will reject any password which is not suitably complex\&. +will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&. .SS "Hints for user passwords" .PP The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy @@ -96,6 +61,8 @@ System encryption method is based on the NBS DES algorithm\&. More recent method .PP Compromises in password security normally result from careless password selection or handling\&. For this reason, you should not select a password which appears in a dictionary or which must be written down\&. The password should also not be a proper name, your license number, birth date, or street address\&. Any of these may be used as guesses to violate system security\&. .PP +As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&. +.PP You can find advice on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength .SH "OPTIONS" .PP @@ -175,6 +142,12 @@ directory and use the configuration files from the directory\&. Only absolute paths are supported\&. .RE .PP +\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR +.RS 4 +Apply changes to configuration files under the root filesystem found under the directory +\fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&. +.RE +.PP \fB\-S\fR, \fB\-\-status\fR .RS 4 Display account status information\&. The status information consists of 7 fields\&. The first field is the user\*(Aqs login name\&. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P)\&. The third field gives the date of the last password change\&. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password\&. These ages are expressed in days\&. @@ -205,6 +178,11 @@ as \fIMAX_DAYS\fR will remove checking a password\*(Aqs validity\&. .RE +.PP +\fB\-s\fR, \fB\-\-stdin\fR +.RS 4 +This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&. +.RE .SH "CAVEATS" .PP Password complexity checking may vary from site to site\&. The user is urged to select a password as complex as he or she feels comfortable with\&. @@ -282,7 +260,7 @@ is set to or \fISHA512\fR, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line)\&. .sp -With a lot of rounds, it is more difficult to brute forcing the password\&. But note also that more CPU resources will be needed to authenticate users\&. +With a lot of rounds, it is more difficult to brute force the password\&. But note also that more CPU resources will be needed to authenticate users\&. .sp If not specified, the libc will choose the default number of rounds (5000), which is orders of magnitude too low for modern hardware\&. .sp @@ -361,7 +339,10 @@ invalid argument to option .SH "SEE ALSO" .PP \fBchpasswd\fR(8), +\fBmakepasswd\fR(1), \fBpasswd\fR(5), \fBshadow\fR(5), \fBlogin.defs\fR(5), \fBusermod\fR(8)\&. +.PP +The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/" diff --git a/man/man1/sg.1 b/man/man1/sg.1 index 860c58e..1e104ab 100644 --- a/man/man1/sg.1 +++ b/man/man1/sg.1 @@ -2,12 +2,12 @@ .\" Title: sg .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "SG" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "SG" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/man/man1/su.1 b/man/man1/su.1 index a7c5cb3..ebd2629 100644 --- a/man/man1/su.1 +++ b/man/man1/su.1 @@ -2,12 +2,12 @@ .\" Title: su .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 11/08/2022 +.\" Date: 06/21/2024 .\" Manual: User Commands -.\" Source: shadow-utils 4.13 +.\" Source: shadow-utils 4.15.2 .\" Language: English .\" -.TH "SU" "1" "11/08/2022" "shadow\-utils 4\&.13" "User Commands" +.TH "SU" "1" "06/21/2024" "shadow\-utils 4\&.15\&.2" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- |