diff options
Diffstat (limited to 'man/man8/pwck.8')
-rw-r--r-- | man/man8/pwck.8 | 334 |
1 files changed, 334 insertions, 0 deletions
diff --git a/man/man8/pwck.8 b/man/man8/pwck.8 new file mode 100644 index 0000000..834cc83 --- /dev/null +++ b/man/man8/pwck.8 @@ -0,0 +1,334 @@ +'\" t +.\" Title: pwck +.\" Author: Julianne Frances Haugh +.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> +.\" Date: 11/08/2022 +.\" Manual: System Management Commands +.\" Source: shadow-utils 4.13 +.\" Language: English +.\" +.TH "PWCK" "8" "11/08/2022" "shadow\-utils 4\&.13" "System Management Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pwck \- verify the integrity of password files +.SH "SYNOPSIS" +.HP \w'\fBpwck\fR\ 'u +\fBpwck\fR [options] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]] +.SH "DESCRIPTION" +.PP +The +\fBpwck\fR +command verifies the integrity of the users and authentication information\&. It checks that all entries in +/etc/passwd +and +/etc/shadow +have the proper format and contain valid data\&. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors\&. +.PP +Checks are made to verify that each entry has: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +the correct number of fields +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +a unique and valid user name +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +a valid user and group identifier +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +a valid primary group +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +a valid home directory +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +a valid login shell +.RE +.PP +Checks for shadowed password information are enabled when the second file parameter +\fISHADOWFILE\fR +is specified or when +/etc/shadow +exists on the system\&. +.PP +These checks are the following: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +every passwd entry has a matching shadow entry, and every shadow entry has a matching passwd entry +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +passwords are specified in the shadowed file +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +shadow entries have the correct number of fields +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +shadow entries are unique in shadow +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +the last password changes are not in the future +.RE +.PP +The checks for correct number of fields and unique user name are fatal\&. If the entry has the wrong number of fields, the user will be prompted to delete the entire line\&. If the user does not answer affirmatively, all further checks are bypassed\&. An entry with a duplicated user name is prompted for deletion, but the remaining checks will still be made\&. All other errors are warnings and the user is encouraged to run the +\fBusermod\fR +command to correct the error\&. +.PP +The commands which operate on the +/etc/passwd +file are not able to alter corrupted or duplicated entries\&. +\fBpwck\fR +should be used in those circumstances to remove the offending entry\&. +.SH "OPTIONS" +.PP +The +\fB\-r\fR +and +\fB\-s\fR +options cannot be combined\&. +.PP +The options which apply to the +\fBpwck\fR +command are: +.PP +\fB\-\-badname\fR\ \& +.RS 4 +Allow names that do not conform to standards\&. +.RE +.PP +\fB\-h\fR, \fB\-\-help\fR +.RS 4 +Display help message and exit\&. +.RE +.PP +\fB\-q\fR, \fB\-\-quiet\fR +.RS 4 +Report errors only\&. The warnings which do not require any action from the user won\*(Aqt be displayed\&. +.RE +.PP +\fB\-r\fR, \fB\-\-read\-only\fR +.RS 4 +Execute the +\fBpwck\fR +command in read\-only mode\&. +.RE +.PP +\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR +.RS 4 +Apply changes in the +\fICHROOT_DIR\fR +directory and use the configuration files from the +\fICHROOT_DIR\fR +directory\&. Only absolute paths are supported\&. +.RE +.PP +\fB\-s\fR, \fB\-\-sort\fR +.RS 4 +Sort entries in +/etc/passwd +and +/etc/shadow +by UID\&. +.RE +.PP +By default, +\fBpwck\fR +operates on the files +/etc/passwd +and +/etc/shadow\&. The user may select alternate files with the +\fIpasswd\fR +and +\fIshadow\fR +parameters\&. +.SH "CONFIGURATION" +.PP +The following configuration variables in +/etc/login\&.defs +change the behavior of this tool: +.PP +\fBNONEXISTENT\fR (string) +.RS 4 +If a system account intentionally does not have a home directory that exists, this string can be provided in the /etc/passwd entry for the account to indicate this\&. The result is that pwck will not emit a spurious warning for this account\&. +.RE +.PP +\fBPASS_MAX_DAYS\fR (number) +.RS 4 +The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&. +.RE +.PP +\fBPASS_MIN_DAYS\fR (number) +.RS 4 +The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, 0 will be assumed (which disables the restriction)\&. +.RE +.PP +\fBPASS_WARN_AGE\fR (number) +.RS 4 +The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&. +.RE +.SH "FILES" +.PP +/etc/group +.RS 4 +Group account information\&. +.RE +.PP +/etc/passwd +.RS 4 +User account information\&. +.RE +.PP +/etc/shadow +.RS 4 +Secure user account information\&. +.RE +.SH "EXIT VALUES" +.PP +The +\fBpwck\fR +command exits with the following values: +.PP +\fI0\fR +.RS 4 +success +.RE +.PP +\fI1\fR +.RS 4 +invalid command syntax +.RE +.PP +\fI2\fR +.RS 4 +one or more bad password entries +.RE +.PP +\fI3\fR +.RS 4 +can\*(Aqt open password files +.RE +.PP +\fI4\fR +.RS 4 +can\*(Aqt lock password files +.RE +.PP +\fI5\fR +.RS 4 +can\*(Aqt update password files +.RE +.PP +\fI6\fR +.RS 4 +can\*(Aqt sort password files +.RE +.SH "SEE ALSO" +.PP +\fBgroup\fR(5), +\fBgrpck\fR(8), +\fBpasswd\fR(5), +\fBshadow\fR(5), +\fBusermod\fR(8)\&. |