diff options
Diffstat (limited to 'man/pwck.8.xml')
-rw-r--r-- | man/pwck.8.xml | 352 |
1 files changed, 352 insertions, 0 deletions
diff --git a/man/pwck.8.xml b/man/pwck.8.xml new file mode 100644 index 0000000..4eb820d --- /dev/null +++ b/man/pwck.8.xml @@ -0,0 +1,352 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + SPDX-FileCopyrightText: 1992 , Julianne Frances Haugh + SPDX-FileCopyrightText: 2007 - 2011, Nicolas François + SPDX-License-Identifier: BSD-3-Clause +--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml"> +<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml"> +<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml"> +<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml"> +<!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml"> +<!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml"> +<!ENTITY USE_TCB SYSTEM "login.defs.d/USE_TCB.xml"> +<!-- SHADOW-CONFIG-HERE --> +]> +<refentry id='pwck.8'> + <!-- $Id$ --> + <refentryinfo> + <author> + <firstname>Julianne Frances</firstname> + <surname>Haugh</surname> + <contrib>Creation, 1992</contrib> + </author> + <author> + <firstname>Thomas</firstname> + <surname>Kłoczko</surname> + <email>kloczek@pld.org.pl</email> + <contrib>shadow-utils maintainer, 2000 - 2007</contrib> + </author> + <author> + <firstname>Nicolas</firstname> + <surname>François</surname> + <email>nicolas.francois@centraliens.net</email> + <contrib>shadow-utils maintainer, 2007 - now</contrib> + </author> + </refentryinfo> + <refmeta> + <refentrytitle>pwck</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo> + <refmiscinfo class="source">shadow-utils</refmiscinfo> + <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo> + </refmeta> + <refnamediv id='name'> + <refname>pwck</refname> + <refpurpose>verify the integrity of password files</refpurpose> + </refnamediv> + <!-- body begins here --> + <refsynopsisdiv id='synopsis'> + <cmdsynopsis> + <command>pwck</command> + <arg choice='opt'>options</arg> + <arg choice='opt'> + <arg choice='plain'> + <replaceable>PASSWORDFILE</replaceable> + </arg> + <arg choice='opt'> + <arg choice='plain'> + <replaceable>SHADOWFILE</replaceable> + </arg> + </arg> + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1 id='description'> + <title>DESCRIPTION</title> + <para> + The <command>pwck</command> command verifies the integrity of the + users and authentication information. It checks that all entries in + <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename> + <phrase condition="tcb">(or the files in + <filename>/etc/tcb</filename>, when <option>USE_TCB</option> is + enabled)</phrase> + have the proper format and contain valid data. + The user is prompted to delete entries that are + improperly formatted or which have other uncorrectable errors. + </para> + + <para>Checks are made to verify that each entry has:</para> + <itemizedlist mark='bullet'> + <listitem> + <para>the correct number of fields</para> + </listitem> + <listitem> + <para>a unique and valid user name</para> + </listitem> + <listitem> + <para>a valid user and group identifier</para> + </listitem> + <listitem> + <para>a valid primary group</para> + </listitem> + <listitem> + <para> a valid home directory</para> + </listitem> + <listitem> + <para>a valid login shell</para> + </listitem> + </itemizedlist> + + <para> + Checks for shadowed password information are enabled when the second + file parameter <replaceable>SHADOWFILE</replaceable> is specified or + when <filename>/etc/shadow</filename> exists on the system. + </para> + <para> + These checks are the following: + </para> + <itemizedlist mark='bullet'> + <listitem> + <para> + every passwd entry has a matching shadow entry, and every shadow + entry has a matching passwd entry + </para> + </listitem> + <listitem> + <para>passwords are specified in the shadowed file</para> + </listitem> + <listitem> + <para>shadow entries have the correct number of fields</para> + </listitem> + <listitem> + <para>shadow entries are unique in shadow</para> + </listitem> + <listitem> + <para>the last password changes are not in the future</para> + </listitem> + </itemizedlist> + + <para> + The checks for correct number of fields and unique user name are + fatal. If the entry has the wrong number of fields, the user will be + prompted to delete the entire line. If the user does not answer + affirmatively, all further checks are bypassed. An entry with a + duplicated user name is prompted for deletion, but the remaining + checks will still be made. All other errors are warnings and the user + is encouraged to run the <command>usermod</command> command to correct + the error. + </para> + + <para> + The commands which operate on the <filename>/etc/passwd</filename> + file are not able to alter corrupted or duplicated entries. + <command>pwck</command> should be used in those circumstances to + remove the offending entry. + </para> + </refsect1> + + <refsect1 id='options'> + <title>OPTIONS</title> + <para> + The <option>-r</option> and <option>-s</option> options cannot be + combined. + </para> + <para> + The options which apply to the <command>pwck</command> command are: + </para> + <variablelist remap='IP'> + <varlistentry> + <term> + <option>--badname</option> + </term> + <listitem> + <para> + Allow names that do not conform to standards. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>-h</option>, <option>--help</option></term> + <listitem> + <para>Display help message and exit.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>-q</option>, <option>--quiet</option></term> + <listitem> + <para> + Report errors only. The warnings which do not require any + action from the user won't be displayed. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>-r</option>, <option>--read-only</option></term> + <listitem> + <para> + Execute the <command>pwck</command> command in read-only mode. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>-R</option>, <option>--root</option> <replaceable>CHROOT_DIR</replaceable> + </term> + <listitem> + <para> + Apply changes in the <replaceable>CHROOT_DIR</replaceable> + directory and use the configuration files from the + <replaceable>CHROOT_DIR</replaceable> directory. + Only absolute paths are supported. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>-s</option>, <option>--sort</option></term> + <listitem> + <para> + Sort entries in <filename>/etc/passwd</filename> and + <filename>/etc/shadow</filename> by UID. + </para> + <para condition="tcb"> + This option has no effect when <option>USE_TCB</option> is enabled. + </para> + </listitem> + </varlistentry> + </variablelist> + + <para> + By default, <command>pwck</command> operates on the files + <filename>/etc/passwd</filename> and + <filename>/etc/shadow</filename><phrase condition="tcb"> (or the + files in <filename>/etc/tcb</filename>)</phrase>. + The user may select alternate files with the + <replaceable>passwd</replaceable> and + <replaceable>shadow</replaceable> parameters. + </para> + <para condition="tcb"> + Note that when <option>USE_TCB</option> is enabled, you cannot + specify an alternative <replaceable>shadow</replaceable> file. In + future releases, this parameter could be replaced by an alternate + TCB directory. + </para> + </refsect1> + + <refsect1 id='configuration'> + <title>CONFIGURATION</title> + <para> + The following configuration variables in + <filename>/etc/login.defs</filename> change the behavior of this + tool: + </para> + <variablelist> + &NONEXISTENT; + &PASS_MAX_DAYS; + &PASS_MIN_DAYS; + &PASS_WARN_AGE; + &TCB_AUTH_GROUP; + &TCB_SYMLINKS; + &USE_TCB; + </variablelist> + </refsect1> + + <refsect1 id='files'> + <title>FILES</title> + <variablelist> + <varlistentry> + <term><filename>/etc/group</filename></term> + <listitem> + <para>Group account information.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><filename>/etc/passwd</filename></term> + <listitem> + <para>User account information.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><filename>/etc/shadow</filename></term> + <listitem> + <para>Secure user account information.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='exit_values'> + <title>EXIT VALUES</title> + <para> + The <command>pwck</command> command exits with the following values: + <variablelist> + <varlistentry> + <term><replaceable>0</replaceable></term> + <listitem> + <para>success</para> + </listitem> + </varlistentry> + <varlistentry> + <term><replaceable>1</replaceable></term> + <listitem> + <para>invalid command syntax</para> + </listitem> + </varlistentry> + <varlistentry> + <term><replaceable>2</replaceable></term> + <listitem> + <para>one or more bad password entries</para> + </listitem> + </varlistentry> + <varlistentry> + <term><replaceable>3</replaceable></term> + <listitem> + <para>can't open password files</para> + </listitem> + </varlistentry> + <varlistentry> + <term><replaceable>4</replaceable></term> + <listitem> + <para>can't lock password files</para> + </listitem> + </varlistentry> + <varlistentry> + <term><replaceable>5</replaceable></term> + <listitem> + <para>can't update password files</para> + </listitem> + </varlistentry> + <varlistentry> + <term><replaceable>6</replaceable></term> + <listitem> + <para>can't sort password files</para> + </listitem> + </varlistentry> + </variablelist> + </para> + </refsect1> + + <refsect1 id='see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>group</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>. + </para> + </refsect1> +</refentry> |