From 97c26c1924b076ef23ebe4381558e8aa025712b2 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 16:54:37 +0200 Subject: Adding upstream version 1:4.13+dfsg1. Signed-off-by: Daniel Baumann --- man/login.defs.d/CHFN_AUTH.xml | 16 ++++++++++ man/login.defs.d/CHFN_RESTRICT.xml | 27 +++++++++++++++++ man/login.defs.d/CHSH_AUTH.xml | 16 ++++++++++ man/login.defs.d/CONSOLE.xml | 22 ++++++++++++++ man/login.defs.d/CONSOLE_GROUPS.xml | 20 +++++++++++++ man/login.defs.d/CREATE_HOME.xml | 17 +++++++++++ man/login.defs.d/DEFAULT_HOME.xml | 20 +++++++++++++ man/login.defs.d/ENCRYPT_METHOD.xml | 33 ++++++++++++++++++++ man/login.defs.d/ENVIRON_FILE.xml | 18 +++++++++++ man/login.defs.d/ENV_HZ.xml | 23 ++++++++++++++ man/login.defs.d/ENV_PATH.xml | 19 ++++++++++++ man/login.defs.d/ENV_SUPATH.xml | 20 +++++++++++++ man/login.defs.d/ENV_TZ.xml | 24 +++++++++++++++ man/login.defs.d/ERASECHAR.xml | 19 ++++++++++++ man/login.defs.d/FAILLOG_ENAB.xml | 15 ++++++++++ man/login.defs.d/FAIL_DELAY.xml | 15 ++++++++++ man/login.defs.d/FAKE_SHELL.xml | 15 ++++++++++ man/login.defs.d/FTMP_FILE.xml | 14 +++++++++ man/login.defs.d/GID_MAX.xml | 21 +++++++++++++ man/login.defs.d/HMAC_CRYPTO_ALGO.xml | 20 +++++++++++++ man/login.defs.d/HOME_MODE.xml | 19 ++++++++++++ man/login.defs.d/HUSHLOGIN_FILE.xml | 18 +++++++++++ man/login.defs.d/ISSUE_FILE.xml | 14 +++++++++ man/login.defs.d/KILLCHAR.xml | 18 +++++++++++ man/login.defs.d/LASTLOG_ENAB.xml | 14 +++++++++ man/login.defs.d/LASTLOG_UID_MAX.xml | 22 ++++++++++++++ man/login.defs.d/LOGIN_RETRIES.xml | 20 +++++++++++++ man/login.defs.d/LOGIN_STRING.xml | 20 +++++++++++++ man/login.defs.d/LOGIN_TIMEOUT.xml | 14 +++++++++ man/login.defs.d/LOG_OK_LOGINS.xml | 14 +++++++++ man/login.defs.d/LOG_UNKFAIL_ENAB.xml | 19 ++++++++++++ man/login.defs.d/MAIL_CHECK_ENAB.xml | 18 +++++++++++ man/login.defs.d/MAIL_DIR.xml | 38 +++++++++++++++++++++++ man/login.defs.d/MAX_MEMBERS_PER_GROUP.xml | 33 ++++++++++++++++++++ man/login.defs.d/MD5_CRYPT_ENAB.xml | 36 ++++++++++++++++++++++ man/login.defs.d/MOTD_FILE.xml | 15 ++++++++++ man/login.defs.d/NOLOGINS_FILE.xml | 16 ++++++++++ man/login.defs.d/NONEXISTENT.xml | 17 +++++++++++ man/login.defs.d/OBSCURE_CHECKS_ENAB.xml | 14 +++++++++ man/login.defs.d/PASS_ALWAYS_WARN.xml | 14 +++++++++ man/login.defs.d/PASS_CHANGE_TRIES.xml | 15 ++++++++++ man/login.defs.d/PASS_MAX_DAYS.xml | 16 ++++++++++ man/login.defs.d/PASS_MAX_LEN.xml | 19 ++++++++++++ man/login.defs.d/PASS_MIN_DAYS.xml | 16 ++++++++++ man/login.defs.d/PASS_WARN_AGE.xml | 17 +++++++++++ man/login.defs.d/PORTTIME_CHECKS_ENAB.xml | 15 ++++++++++ man/login.defs.d/QUOTAS_ENAB.xml | 16 ++++++++++ man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml | 45 ++++++++++++++++++++++++++++ man/login.defs.d/SUB_GID_COUNT.xml | 24 +++++++++++++++ man/login.defs.d/SUB_UID_COUNT.xml | 24 +++++++++++++++ man/login.defs.d/SULOG_FILE.xml | 14 +++++++++ man/login.defs.d/SU_NAME.xml | 17 +++++++++++ man/login.defs.d/SU_WHEEL_ONLY.xml | 20 +++++++++++++ man/login.defs.d/SYSLOG_SG_ENAB.xml | 14 +++++++++ man/login.defs.d/SYSLOG_SU_ENAB.xml | 15 ++++++++++ man/login.defs.d/SYS_GID_MAX.xml | 19 ++++++++++++ man/login.defs.d/SYS_UID_MAX.xml | 18 +++++++++++ man/login.defs.d/TCB_AUTH_GROUP.xml | 13 ++++++++ man/login.defs.d/TCB_SYMLINKS.xml | 29 ++++++++++++++++++ man/login.defs.d/TTYGROUP.xml | 32 ++++++++++++++++++++ man/login.defs.d/TTYTYPE_FILE.xml | 15 ++++++++++ man/login.defs.d/UID_MAX.xml | 20 +++++++++++++ man/login.defs.d/ULIMIT.xml | 14 +++++++++ man/login.defs.d/UMASK.xml | 32 ++++++++++++++++++++ man/login.defs.d/USERDEL_CMD.xml | 48 ++++++++++++++++++++++++++++++ man/login.defs.d/USERGROUPS_ENAB.xml | 22 ++++++++++++++ man/login.defs.d/USE_TCB.xml | 14 +++++++++ 67 files changed, 1350 insertions(+) create mode 100644 man/login.defs.d/CHFN_AUTH.xml create mode 100644 man/login.defs.d/CHFN_RESTRICT.xml create mode 100644 man/login.defs.d/CHSH_AUTH.xml create mode 100644 man/login.defs.d/CONSOLE.xml create mode 100644 man/login.defs.d/CONSOLE_GROUPS.xml create mode 100644 man/login.defs.d/CREATE_HOME.xml create mode 100644 man/login.defs.d/DEFAULT_HOME.xml create mode 100644 man/login.defs.d/ENCRYPT_METHOD.xml create mode 100644 man/login.defs.d/ENVIRON_FILE.xml create mode 100644 man/login.defs.d/ENV_HZ.xml create mode 100644 man/login.defs.d/ENV_PATH.xml create mode 100644 man/login.defs.d/ENV_SUPATH.xml create mode 100644 man/login.defs.d/ENV_TZ.xml create mode 100644 man/login.defs.d/ERASECHAR.xml create mode 100644 man/login.defs.d/FAILLOG_ENAB.xml create mode 100644 man/login.defs.d/FAIL_DELAY.xml create mode 100644 man/login.defs.d/FAKE_SHELL.xml create mode 100644 man/login.defs.d/FTMP_FILE.xml create mode 100644 man/login.defs.d/GID_MAX.xml create mode 100644 man/login.defs.d/HMAC_CRYPTO_ALGO.xml create mode 100644 man/login.defs.d/HOME_MODE.xml create mode 100644 man/login.defs.d/HUSHLOGIN_FILE.xml create mode 100644 man/login.defs.d/ISSUE_FILE.xml create mode 100644 man/login.defs.d/KILLCHAR.xml create mode 100644 man/login.defs.d/LASTLOG_ENAB.xml create mode 100644 man/login.defs.d/LASTLOG_UID_MAX.xml create mode 100644 man/login.defs.d/LOGIN_RETRIES.xml create mode 100644 man/login.defs.d/LOGIN_STRING.xml create mode 100644 man/login.defs.d/LOGIN_TIMEOUT.xml create mode 100644 man/login.defs.d/LOG_OK_LOGINS.xml create mode 100644 man/login.defs.d/LOG_UNKFAIL_ENAB.xml create mode 100644 man/login.defs.d/MAIL_CHECK_ENAB.xml create mode 100644 man/login.defs.d/MAIL_DIR.xml create mode 100644 man/login.defs.d/MAX_MEMBERS_PER_GROUP.xml create mode 100644 man/login.defs.d/MD5_CRYPT_ENAB.xml create mode 100644 man/login.defs.d/MOTD_FILE.xml create mode 100644 man/login.defs.d/NOLOGINS_FILE.xml create mode 100644 man/login.defs.d/NONEXISTENT.xml create mode 100644 man/login.defs.d/OBSCURE_CHECKS_ENAB.xml create mode 100644 man/login.defs.d/PASS_ALWAYS_WARN.xml create mode 100644 man/login.defs.d/PASS_CHANGE_TRIES.xml create mode 100644 man/login.defs.d/PASS_MAX_DAYS.xml create mode 100644 man/login.defs.d/PASS_MAX_LEN.xml create mode 100644 man/login.defs.d/PASS_MIN_DAYS.xml create mode 100644 man/login.defs.d/PASS_WARN_AGE.xml create mode 100644 man/login.defs.d/PORTTIME_CHECKS_ENAB.xml create mode 100644 man/login.defs.d/QUOTAS_ENAB.xml create mode 100644 man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml create mode 100644 man/login.defs.d/SUB_GID_COUNT.xml create mode 100644 man/login.defs.d/SUB_UID_COUNT.xml create mode 100644 man/login.defs.d/SULOG_FILE.xml create mode 100644 man/login.defs.d/SU_NAME.xml create mode 100644 man/login.defs.d/SU_WHEEL_ONLY.xml create mode 100644 man/login.defs.d/SYSLOG_SG_ENAB.xml create mode 100644 man/login.defs.d/SYSLOG_SU_ENAB.xml create mode 100644 man/login.defs.d/SYS_GID_MAX.xml create mode 100644 man/login.defs.d/SYS_UID_MAX.xml create mode 100644 man/login.defs.d/TCB_AUTH_GROUP.xml create mode 100644 man/login.defs.d/TCB_SYMLINKS.xml create mode 100644 man/login.defs.d/TTYGROUP.xml create mode 100644 man/login.defs.d/TTYTYPE_FILE.xml create mode 100644 man/login.defs.d/UID_MAX.xml create mode 100644 man/login.defs.d/ULIMIT.xml create mode 100644 man/login.defs.d/UMASK.xml create mode 100644 man/login.defs.d/USERDEL_CMD.xml create mode 100644 man/login.defs.d/USERGROUPS_ENAB.xml create mode 100644 man/login.defs.d/USE_TCB.xml (limited to 'man/login.defs.d') diff --git a/man/login.defs.d/CHFN_AUTH.xml b/man/login.defs.d/CHFN_AUTH.xml new file mode 100644 index 0000000..771fb0b --- /dev/null +++ b/man/login.defs.d/CHFN_AUTH.xml @@ -0,0 +1,16 @@ + + + (boolean) + + + If yes, the chfn + program will require authentication before making any changes, + unless run by the superuser. + + + diff --git a/man/login.defs.d/CHFN_RESTRICT.xml b/man/login.defs.d/CHFN_RESTRICT.xml new file mode 100644 index 0000000..a00ab3c --- /dev/null +++ b/man/login.defs.d/CHFN_RESTRICT.xml @@ -0,0 +1,27 @@ + + + (string) + + + This parameter specifies which values in the gecos field of the + /etc/passwd file may be changed by regular + users using the chfn program. It can be any + combination of letters f, + r, w, + h, for Full name, Room number, Work + phone, and Home phone, respectively. For backward compatibility, + yes is equivalent to + rwh and no is + equivalent to frwh. If not specified, + only the superuser can make any changes. The most restrictive + setting is better achieved by not installing chfn + SUID. + + + diff --git a/man/login.defs.d/CHSH_AUTH.xml b/man/login.defs.d/CHSH_AUTH.xml new file mode 100644 index 0000000..c690d2d --- /dev/null +++ b/man/login.defs.d/CHSH_AUTH.xml @@ -0,0 +1,16 @@ + + + (boolean) + + + If yes, the chsh + program will require authentication before making any changes, + unless run by the superuser. + + + diff --git a/man/login.defs.d/CONSOLE.xml b/man/login.defs.d/CONSOLE.xml new file mode 100644 index 0000000..1d0fefc --- /dev/null +++ b/man/login.defs.d/CONSOLE.xml @@ -0,0 +1,22 @@ + + + (string) + + + If defined, either full pathname of a file containing device names + (one per line) or a ":" delimited list of device names. Root logins will be + allowed only upon these devices. + + + If not defined, root will be allowed on any device. + + + The device should be specified without the /dev/ prefix. + + + diff --git a/man/login.defs.d/CONSOLE_GROUPS.xml b/man/login.defs.d/CONSOLE_GROUPS.xml new file mode 100644 index 0000000..0fd874c --- /dev/null +++ b/man/login.defs.d/CONSOLE_GROUPS.xml @@ -0,0 +1,20 @@ + + + (string) + + + List of groups to add to the user's supplementary groups set when + logging in on the console (as determined by the CONSOLE setting). + Default is none. + + + Use with caution - it is possible for users to gain permanent access + to these groups, even when not logged in on the console. + + + diff --git a/man/login.defs.d/CREATE_HOME.xml b/man/login.defs.d/CREATE_HOME.xml new file mode 100644 index 0000000..769c968 --- /dev/null +++ b/man/login.defs.d/CREATE_HOME.xml @@ -0,0 +1,17 @@ + + + (boolean) + + + Indicate if a home directory should be created by default for new + users. + + + This setting does not apply to system users, and can be overridden on + the command line. + + + diff --git a/man/login.defs.d/DEFAULT_HOME.xml b/man/login.defs.d/DEFAULT_HOME.xml new file mode 100644 index 0000000..b5944c1 --- /dev/null +++ b/man/login.defs.d/DEFAULT_HOME.xml @@ -0,0 +1,20 @@ + + + (boolean) + + + Indicate if login is allowed if we can't cd to the home directory. + Default is no. + + + If set to yes, the user will login in + the root (/) directory if it is not possible to + cd to her home directory. + + + diff --git a/man/login.defs.d/ENCRYPT_METHOD.xml b/man/login.defs.d/ENCRYPT_METHOD.xml new file mode 100644 index 0000000..85dd79b --- /dev/null +++ b/man/login.defs.d/ENCRYPT_METHOD.xml @@ -0,0 +1,33 @@ + + + (string) + + + This defines the system default encryption algorithm for encrypting + passwords (if no algorithm are specified on the command line). + + + It can take one of these values: + DES (default), + MD5, + SHA256, + SHA512. + MD5 and DES should not be used for new hashes, see + crypt5 + for recommendations. + + + Note: this parameter overrides the + variable. + + + Note: This only affect the generation of group passwords. + The generation of user passwords is done by PAM and subject to the + PAM configuration. It is recommended to set this variable + consistently with the PAM configuration. + + + diff --git a/man/login.defs.d/ENVIRON_FILE.xml b/man/login.defs.d/ENVIRON_FILE.xml new file mode 100644 index 0000000..f27f538 --- /dev/null +++ b/man/login.defs.d/ENVIRON_FILE.xml @@ -0,0 +1,18 @@ + + + (string) + + + If this file exists and is readable, login environment will be + read from it. Every line should be in the form name=value. + + + Lines starting with a # are treated as comment lines and ignored. + + + diff --git a/man/login.defs.d/ENV_HZ.xml b/man/login.defs.d/ENV_HZ.xml new file mode 100644 index 0000000..daf1752 --- /dev/null +++ b/man/login.defs.d/ENV_HZ.xml @@ -0,0 +1,23 @@ + + + + (string) + + + If set, it will be used to define the HZ environment variable when + a user login. The value must be preceded by + HZ=. A common value on Linux is + HZ=100. + + + The HZ environment variable is only set when the user + (the superuser) logs in with sulogin. + + + + diff --git a/man/login.defs.d/ENV_PATH.xml b/man/login.defs.d/ENV_PATH.xml new file mode 100644 index 0000000..633ed81 --- /dev/null +++ b/man/login.defs.d/ENV_PATH.xml @@ -0,0 +1,19 @@ + + + (string) + + + If set, it will be used to define the PATH environment variable when + a regular user login. The value is a colon separated list of paths + (for example /bin:/usr/bin) and can be + preceded by PATH=. The default value is + PATH=/bin:/usr/bin. + + + + diff --git a/man/login.defs.d/ENV_SUPATH.xml b/man/login.defs.d/ENV_SUPATH.xml new file mode 100644 index 0000000..d34298b --- /dev/null +++ b/man/login.defs.d/ENV_SUPATH.xml @@ -0,0 +1,20 @@ + + + (string) + + + If set, it will be used to define the PATH environment variable when + the superuser login. The value is a colon separated list of paths + (for example + /sbin:/bin:/usr/sbin:/usr/bin) and can be + preceded by PATH=. The default value is + PATH=/sbin:/bin:/usr/sbin:/usr/bin. + + + + diff --git a/man/login.defs.d/ENV_TZ.xml b/man/login.defs.d/ENV_TZ.xml new file mode 100644 index 0000000..04d208e --- /dev/null +++ b/man/login.defs.d/ENV_TZ.xml @@ -0,0 +1,24 @@ + + + (string) + + + If set, it will be used to define the TZ environment variable when + a user login. The value can be the name of a timezone preceded by + TZ= (for example + TZ=CST6CDT), or the full path to the file + containing the timezone specification (for example + /etc/tzname). + + + + If a full path is specified but the file does not exist or cannot be + read, the default is to use TZ=CST6CDT. + + + diff --git a/man/login.defs.d/ERASECHAR.xml b/man/login.defs.d/ERASECHAR.xml new file mode 100644 index 0000000..42cbfcf --- /dev/null +++ b/man/login.defs.d/ERASECHAR.xml @@ -0,0 +1,19 @@ + + + (number) + + + Terminal ERASE character (010 = + backspace, 0177 = DEL). + + + The value can be prefixed "0" for an octal value, or "0x" for an + hexadecimal value. + + + diff --git a/man/login.defs.d/FAILLOG_ENAB.xml b/man/login.defs.d/FAILLOG_ENAB.xml new file mode 100644 index 0000000..e4bff21 --- /dev/null +++ b/man/login.defs.d/FAILLOG_ENAB.xml @@ -0,0 +1,15 @@ + + + (boolean) + + + Enable logging and display of /var/log/faillog + login failure info. + + + diff --git a/man/login.defs.d/FAIL_DELAY.xml b/man/login.defs.d/FAIL_DELAY.xml new file mode 100644 index 0000000..fea7862 --- /dev/null +++ b/man/login.defs.d/FAIL_DELAY.xml @@ -0,0 +1,15 @@ + + + (number) + + + Delay in seconds before being allowed another attempt after a login + failure. + + + diff --git a/man/login.defs.d/FAKE_SHELL.xml b/man/login.defs.d/FAKE_SHELL.xml new file mode 100644 index 0000000..4c596b3 --- /dev/null +++ b/man/login.defs.d/FAKE_SHELL.xml @@ -0,0 +1,15 @@ + + + (string) + + + If set, login will execute this shell instead of + the users' shell specified in /etc/passwd. + + + diff --git a/man/login.defs.d/FTMP_FILE.xml b/man/login.defs.d/FTMP_FILE.xml new file mode 100644 index 0000000..930f9a3 --- /dev/null +++ b/man/login.defs.d/FTMP_FILE.xml @@ -0,0 +1,14 @@ + + + (string) + + + If defined, login failures will be logged in this file in a utmp format. + + + diff --git a/man/login.defs.d/GID_MAX.xml b/man/login.defs.d/GID_MAX.xml new file mode 100644 index 0000000..b051e5f --- /dev/null +++ b/man/login.defs.d/GID_MAX.xml @@ -0,0 +1,21 @@ + + + (number) + (number) + + + Range of group IDs used for the creation of regular groups by + useradd, groupadd, or + newusers. + + + The default value for (resp. + ) is 1000 (resp. 60000). + + + diff --git a/man/login.defs.d/HMAC_CRYPTO_ALGO.xml b/man/login.defs.d/HMAC_CRYPTO_ALGO.xml new file mode 100644 index 0000000..3aa3370 --- /dev/null +++ b/man/login.defs.d/HMAC_CRYPTO_ALGO.xml @@ -0,0 +1,20 @@ + + + (string) + + + Used to select the HMAC cryptography algorithm that the pam_timestamp + module is going to use to calculate the keyed-hash message authentication + code. + + + Note: Check hmac3 + to see the possible algorithms that are available in your system. + + + diff --git a/man/login.defs.d/HOME_MODE.xml b/man/login.defs.d/HOME_MODE.xml new file mode 100644 index 0000000..1be69d9 --- /dev/null +++ b/man/login.defs.d/HOME_MODE.xml @@ -0,0 +1,19 @@ + + + (number) + + + The mode for new home directories. If not specified, + the is used to create the mode. + + + useradd and newusers use this + to set the mode of the home directory they create. + + + diff --git a/man/login.defs.d/HUSHLOGIN_FILE.xml b/man/login.defs.d/HUSHLOGIN_FILE.xml new file mode 100644 index 0000000..84c82fa --- /dev/null +++ b/man/login.defs.d/HUSHLOGIN_FILE.xml @@ -0,0 +1,18 @@ + + + (string) + + + If defined, this file can inhibit all the usual chatter during the + login sequence. If a full pathname is specified, then hushed mode + will be enabled if the user's name or shell are found in the file. + If not a full pathname, then hushed mode will be enabled if the file + exists in the user's home directory. + + + diff --git a/man/login.defs.d/ISSUE_FILE.xml b/man/login.defs.d/ISSUE_FILE.xml new file mode 100644 index 0000000..b1d2c3e --- /dev/null +++ b/man/login.defs.d/ISSUE_FILE.xml @@ -0,0 +1,14 @@ + + + (string) + + + If defined, this file will be displayed before each login prompt. + + + diff --git a/man/login.defs.d/KILLCHAR.xml b/man/login.defs.d/KILLCHAR.xml new file mode 100644 index 0000000..b73cc2d --- /dev/null +++ b/man/login.defs.d/KILLCHAR.xml @@ -0,0 +1,18 @@ + + + (number) + + + Terminal KILL character (025 = CTRL/U). + + + The value can be prefixed "0" for an octal value, or "0x" for an + hexadecimal value. + + + diff --git a/man/login.defs.d/LASTLOG_ENAB.xml b/man/login.defs.d/LASTLOG_ENAB.xml new file mode 100644 index 0000000..9603096 --- /dev/null +++ b/man/login.defs.d/LASTLOG_ENAB.xml @@ -0,0 +1,14 @@ + + + (boolean) + + + Enable logging and display of /var/log/lastlog login time info. + + + diff --git a/man/login.defs.d/LASTLOG_UID_MAX.xml b/man/login.defs.d/LASTLOG_UID_MAX.xml new file mode 100644 index 0000000..38ad310 --- /dev/null +++ b/man/login.defs.d/LASTLOG_UID_MAX.xml @@ -0,0 +1,22 @@ + + + (number) + + + Highest user ID number for which the lastlog entries should be + updated. As higher user IDs are usually tracked by remote user + identity and authentication services there is no need to create + a huge sparse lastlog file for them. + + + No option present in the configuration + means that there is no user ID limit for writing lastlog entries. + + + diff --git a/man/login.defs.d/LOGIN_RETRIES.xml b/man/login.defs.d/LOGIN_RETRIES.xml new file mode 100644 index 0000000..ba0b05a --- /dev/null +++ b/man/login.defs.d/LOGIN_RETRIES.xml @@ -0,0 +1,20 @@ + + + (number) + + + Maximum number of login retries in case of bad password. + + + This will most likely be overridden by PAM, since the default + pam_unix module has its own built in of 3 retries. However, this is + a safe fallback in case you are using an authentication module that + does not enforce PAM_MAXTRIES. + + + diff --git a/man/login.defs.d/LOGIN_STRING.xml b/man/login.defs.d/LOGIN_STRING.xml new file mode 100644 index 0000000..12183c8 --- /dev/null +++ b/man/login.defs.d/LOGIN_STRING.xml @@ -0,0 +1,20 @@ + + + (string) + + + The string used for prompting a password. The default is to use + "Password: ", or a translation of that string. If you set this + variable, the prompt will not be translated. + + + If the string contains %s, this will be + replaced by the user's name. + + + diff --git a/man/login.defs.d/LOGIN_TIMEOUT.xml b/man/login.defs.d/LOGIN_TIMEOUT.xml new file mode 100644 index 0000000..af20462 --- /dev/null +++ b/man/login.defs.d/LOGIN_TIMEOUT.xml @@ -0,0 +1,14 @@ + + + (number) + + + Max time in seconds for login. + + + diff --git a/man/login.defs.d/LOG_OK_LOGINS.xml b/man/login.defs.d/LOG_OK_LOGINS.xml new file mode 100644 index 0000000..35b13e9 --- /dev/null +++ b/man/login.defs.d/LOG_OK_LOGINS.xml @@ -0,0 +1,14 @@ + + + (boolean) + + + Enable logging of successful logins. + + + diff --git a/man/login.defs.d/LOG_UNKFAIL_ENAB.xml b/man/login.defs.d/LOG_UNKFAIL_ENAB.xml new file mode 100644 index 0000000..040382c --- /dev/null +++ b/man/login.defs.d/LOG_UNKFAIL_ENAB.xml @@ -0,0 +1,19 @@ + + + (boolean) + + + Enable display of unknown usernames when login failures are + recorded. + + + Note: logging unknown usernames may be a security issue if an user + enter her password instead of her login name. + + + diff --git a/man/login.defs.d/MAIL_CHECK_ENAB.xml b/man/login.defs.d/MAIL_CHECK_ENAB.xml new file mode 100644 index 0000000..584f328 --- /dev/null +++ b/man/login.defs.d/MAIL_CHECK_ENAB.xml @@ -0,0 +1,18 @@ + + + (boolean) + + + Enable checking and display of mailbox status upon login. + + + You should disable it if the shell startup files already check for + mail ("mailx -e" or equivalent). + + + diff --git a/man/login.defs.d/MAIL_DIR.xml b/man/login.defs.d/MAIL_DIR.xml new file mode 100644 index 0000000..328ebb8 --- /dev/null +++ b/man/login.defs.d/MAIL_DIR.xml @@ -0,0 +1,38 @@ + + + (string) + + + The mail spool directory. This is needed to manipulate the mailbox + when its corresponding user account is modified or deleted. If not + specified, a compile-time default is used. + The parameter CREATE_MAIL_SPOOL in /etc/default/useradd + determines whether the mail spool should be created. + + + + (string) + + + Defines the location of the users mail spool files relatively to + their home directory. + + + + + + The and variables + are used by useradd, usermod, and + userdel to create, move, or delete the user's mail + spool. + + + If is set to + yes, they are also used to define the + MAIL environment variable. + diff --git a/man/login.defs.d/MAX_MEMBERS_PER_GROUP.xml b/man/login.defs.d/MAX_MEMBERS_PER_GROUP.xml new file mode 100644 index 0000000..345cdb3 --- /dev/null +++ b/man/login.defs.d/MAX_MEMBERS_PER_GROUP.xml @@ -0,0 +1,33 @@ + + + (number) + + + Maximum members per group entry. When the maximum is reached, a new + group entry (line) is started in /etc/group + (with the same name, same password, and same GID). + + + The default value is 0, meaning that there are no limits in the + number of members in a group. + + + + This feature (split group) permits to limit the length of lines in + the group file. This is useful to make sure that lines for NIS + groups are not larger than 1024 characters. + + + If you need to enforce such limit, you can use 25. + + + Note: split groups may not be supported by all tools (even in the + Shadow toolsuite). You should not use this variable unless you really + need it. + + + diff --git a/man/login.defs.d/MD5_CRYPT_ENAB.xml b/man/login.defs.d/MD5_CRYPT_ENAB.xml new file mode 100644 index 0000000..94006a6 --- /dev/null +++ b/man/login.defs.d/MD5_CRYPT_ENAB.xml @@ -0,0 +1,36 @@ + + + (boolean) + + + Indicate if passwords must be encrypted using the MD5-based + algorithm. If set to yes, new passwords + will be encrypted using the MD5-based algorithm compatible with the + one used by recent releases of FreeBSD. It supports passwords of + unlimited length and longer salt strings. Set to + no if you need to copy encrypted + passwords to other systems which don't understand the new algorithm. + Default is no. + + + This variable is superseded by the + variable or by any command line option used to configure the + encryption algorithm. + + + This variable is deprecated. You should use + . + + + Note: This only affect the generation of group passwords. + The generation of user passwords is done by PAM and subject to the + PAM configuration. It is recommended to set this variable + consistently with the PAM configuration. + + + diff --git a/man/login.defs.d/MOTD_FILE.xml b/man/login.defs.d/MOTD_FILE.xml new file mode 100644 index 0000000..f7350e8 --- /dev/null +++ b/man/login.defs.d/MOTD_FILE.xml @@ -0,0 +1,15 @@ + + + (string) + + + If defined, ":" delimited list of "message of the day" files to be + displayed upon login. + + + diff --git a/man/login.defs.d/NOLOGINS_FILE.xml b/man/login.defs.d/NOLOGINS_FILE.xml new file mode 100644 index 0000000..41be5f8 --- /dev/null +++ b/man/login.defs.d/NOLOGINS_FILE.xml @@ -0,0 +1,16 @@ + + + (string) + + + If defined, name of file whose presence will inhibit non-root + logins. The contents of this file should be a message indicating + why logins are inhibited. + + + diff --git a/man/login.defs.d/NONEXISTENT.xml b/man/login.defs.d/NONEXISTENT.xml new file mode 100644 index 0000000..e6484ec --- /dev/null +++ b/man/login.defs.d/NONEXISTENT.xml @@ -0,0 +1,17 @@ + + + (string) + + + If a system account intentionally does not have a home directory + that exists, this string can be provided in the /etc/passwd + entry for the account to indicate this. The result is that pwck + will not emit a spurious warning for this account. + + + diff --git a/man/login.defs.d/OBSCURE_CHECKS_ENAB.xml b/man/login.defs.d/OBSCURE_CHECKS_ENAB.xml new file mode 100644 index 0000000..9215790 --- /dev/null +++ b/man/login.defs.d/OBSCURE_CHECKS_ENAB.xml @@ -0,0 +1,14 @@ + + + (boolean) + + + Enable additional checks upon password changes. + + + diff --git a/man/login.defs.d/PASS_ALWAYS_WARN.xml b/man/login.defs.d/PASS_ALWAYS_WARN.xml new file mode 100644 index 0000000..3eb224a --- /dev/null +++ b/man/login.defs.d/PASS_ALWAYS_WARN.xml @@ -0,0 +1,14 @@ + + + (boolean) + + + Warn about weak passwords (but still allow them) if you are root. + + + diff --git a/man/login.defs.d/PASS_CHANGE_TRIES.xml b/man/login.defs.d/PASS_CHANGE_TRIES.xml new file mode 100644 index 0000000..f3fa0ac --- /dev/null +++ b/man/login.defs.d/PASS_CHANGE_TRIES.xml @@ -0,0 +1,15 @@ + + + (number) + + + Maximum number of attempts to change password if rejected (too + easy). + + + diff --git a/man/login.defs.d/PASS_MAX_DAYS.xml b/man/login.defs.d/PASS_MAX_DAYS.xml new file mode 100644 index 0000000..7f7061b --- /dev/null +++ b/man/login.defs.d/PASS_MAX_DAYS.xml @@ -0,0 +1,16 @@ + + + (number) + + + The maximum number of days a password may be used. If the password + is older than this, a password change will be forced. If not + specified, -1 will be assumed (which disables the restriction). + + + diff --git a/man/login.defs.d/PASS_MAX_LEN.xml b/man/login.defs.d/PASS_MAX_LEN.xml new file mode 100644 index 0000000..2e14583 --- /dev/null +++ b/man/login.defs.d/PASS_MAX_LEN.xml @@ -0,0 +1,19 @@ + + + (number) + (number) + + + Number of significant characters in the password for crypt(). + is 8 by default. Don't change unless + your crypt() is better. This is ignored if + set to + yes. + + + diff --git a/man/login.defs.d/PASS_MIN_DAYS.xml b/man/login.defs.d/PASS_MIN_DAYS.xml new file mode 100644 index 0000000..c35cbb1 --- /dev/null +++ b/man/login.defs.d/PASS_MIN_DAYS.xml @@ -0,0 +1,16 @@ + + + (number) + + + The minimum number of days allowed between password changes. Any + password changes attempted sooner than this will be rejected. If not + specified, 0 will be assumed (which disables the restriction). + + + diff --git a/man/login.defs.d/PASS_WARN_AGE.xml b/man/login.defs.d/PASS_WARN_AGE.xml new file mode 100644 index 0000000..0feeb7e --- /dev/null +++ b/man/login.defs.d/PASS_WARN_AGE.xml @@ -0,0 +1,17 @@ + + + (number) + + + The number of days warning given before a password expires. A zero + means warning is given only upon the day of expiration, a negative + value means no warning is given. If not specified, no warning will + be provided. + + + diff --git a/man/login.defs.d/PORTTIME_CHECKS_ENAB.xml b/man/login.defs.d/PORTTIME_CHECKS_ENAB.xml new file mode 100644 index 0000000..78d683b --- /dev/null +++ b/man/login.defs.d/PORTTIME_CHECKS_ENAB.xml @@ -0,0 +1,15 @@ + + + (boolean) + + + Enable checking of time restrictions specified in + /etc/porttime. + + + diff --git a/man/login.defs.d/QUOTAS_ENAB.xml b/man/login.defs.d/QUOTAS_ENAB.xml new file mode 100644 index 0000000..f85d7d0 --- /dev/null +++ b/man/login.defs.d/QUOTAS_ENAB.xml @@ -0,0 +1,16 @@ + + + (boolean) + + + Enable setting of resource limits from + /etc/limits and ulimit, umask, and niceness + from the user's passwd gecos field. + + + diff --git a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml new file mode 100644 index 0000000..43972d7 --- /dev/null +++ b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml @@ -0,0 +1,45 @@ + + + (number) + (number) + + + When is set to + SHA256 or + SHA512, this defines the number of SHA + rounds used by the encryption algorithm by default (when the number + of rounds is not specified on the command line). + + + With a lot of rounds, it is more difficult to brute forcing the + password. But note also that more CPU resources will be needed to + authenticate users. + + + If not specified, the libc will choose the default number of rounds + (5000), which is orders of magnitude too low for modern hardware. + + + The values must be inside the 1000-999,999,999 range. + + + If only one of the or + values is set, then this value + will be used. + + + If > + , the highest value will be + used. + + + Note: This only affect the generation of group passwords. + The generation of user passwords is done by PAM and subject to the + PAM configuration. It is recommended to set this variable + consistently with the PAM configuration. + + + diff --git a/man/login.defs.d/SUB_GID_COUNT.xml b/man/login.defs.d/SUB_GID_COUNT.xml new file mode 100644 index 0000000..4eb5078 --- /dev/null +++ b/man/login.defs.d/SUB_GID_COUNT.xml @@ -0,0 +1,24 @@ + + + (number) + (number) + (number) + + + If /etc/subuid exists, the commands + useradd and newusers (unless + the user already have subordinate group IDs) allocate + unused group IDs from the range + to for each + new user. + + + The default values for , + , + are respectively 100000, 600100000 and 65536. + + + diff --git a/man/login.defs.d/SUB_UID_COUNT.xml b/man/login.defs.d/SUB_UID_COUNT.xml new file mode 100644 index 0000000..90bead5 --- /dev/null +++ b/man/login.defs.d/SUB_UID_COUNT.xml @@ -0,0 +1,24 @@ + + + (number) + (number) + (number) + + + If /etc/subuid exists, the commands + useradd and newusers (unless + the user already have subordinate user IDs) allocate + unused user IDs from the range + to for each + new user. + + + The default values for , + , + are respectively 100000, 600100000 and 65536. + + + diff --git a/man/login.defs.d/SULOG_FILE.xml b/man/login.defs.d/SULOG_FILE.xml new file mode 100644 index 0000000..4fab8aa --- /dev/null +++ b/man/login.defs.d/SULOG_FILE.xml @@ -0,0 +1,14 @@ + + + (string) + + + If defined, all su activity is logged to this file. + + + diff --git a/man/login.defs.d/SU_NAME.xml b/man/login.defs.d/SU_NAME.xml new file mode 100644 index 0000000..d71d1aa --- /dev/null +++ b/man/login.defs.d/SU_NAME.xml @@ -0,0 +1,17 @@ + + + (string) + + + If defined, the command name to display when running "su -". For + example, if this is defined as "su" then a "ps" will display the + command is "-su". If not defined, then "ps" would display the name + of the shell actually being run, e.g. something like "-sh". + + + diff --git a/man/login.defs.d/SU_WHEEL_ONLY.xml b/man/login.defs.d/SU_WHEEL_ONLY.xml new file mode 100644 index 0000000..2a0b39a --- /dev/null +++ b/man/login.defs.d/SU_WHEEL_ONLY.xml @@ -0,0 +1,20 @@ + + + + (boolean) + + + If yes, the user must be listed as a + member of the first gid 0 group in /etc/group + (called root on most Linux systems) to be + able to su to uid 0 accounts. If the group + doesn't exist or is empty, no one will be able to + su to uid 0. + + + diff --git a/man/login.defs.d/SYSLOG_SG_ENAB.xml b/man/login.defs.d/SYSLOG_SG_ENAB.xml new file mode 100644 index 0000000..8e2f23a --- /dev/null +++ b/man/login.defs.d/SYSLOG_SG_ENAB.xml @@ -0,0 +1,14 @@ + + + (boolean) + + + Enable "syslog" logging of sg activity. + + + diff --git a/man/login.defs.d/SYSLOG_SU_ENAB.xml b/man/login.defs.d/SYSLOG_SU_ENAB.xml new file mode 100644 index 0000000..155e3c5 --- /dev/null +++ b/man/login.defs.d/SYSLOG_SU_ENAB.xml @@ -0,0 +1,15 @@ + + + (boolean) + + + Enable "syslog" logging of su activity - in + addition to sulog file logging. + + + diff --git a/man/login.defs.d/SYS_GID_MAX.xml b/man/login.defs.d/SYS_GID_MAX.xml new file mode 100644 index 0000000..f39ddfd --- /dev/null +++ b/man/login.defs.d/SYS_GID_MAX.xml @@ -0,0 +1,19 @@ + + + (number) + (number) + + + Range of group IDs used for the creation of system groups by + useradd, groupadd, or + newusers. + + + The default value for (resp. + ) is 101 (resp. -1). + + + diff --git a/man/login.defs.d/SYS_UID_MAX.xml b/man/login.defs.d/SYS_UID_MAX.xml new file mode 100644 index 0000000..5b0a1de --- /dev/null +++ b/man/login.defs.d/SYS_UID_MAX.xml @@ -0,0 +1,18 @@ + + + (number) + (number) + + + Range of user IDs used for the creation of system users by + useradd or newusers. + + + The default value for (resp. + ) is 101 (resp. -1). + + + diff --git a/man/login.defs.d/TCB_AUTH_GROUP.xml b/man/login.defs.d/TCB_AUTH_GROUP.xml new file mode 100644 index 0000000..fabcb03 --- /dev/null +++ b/man/login.defs.d/TCB_AUTH_GROUP.xml @@ -0,0 +1,13 @@ + + + (boolean) + + + If yes, newly created tcb shadow files + will be group owned by the auth group. + + + diff --git a/man/login.defs.d/TCB_SYMLINKS.xml b/man/login.defs.d/TCB_SYMLINKS.xml new file mode 100644 index 0000000..7e52c34 --- /dev/null +++ b/man/login.defs.d/TCB_SYMLINKS.xml @@ -0,0 +1,29 @@ + + + (boolean) + + + If yes, the location of the user tcb + directory to be created will not be automatically set to /etc/tcb/user, + but will be computed depending on the UID of the user, according to + the following algorithm: + +if ( UID is less than 1000) { + use /etc/tcb/user +} else if ( UID is less than 1000000) { + kilos = UID / 1000 + use /etc/tcb/:kilos/user + make symlink /etc/tcb/user to the above directory +} else { + megas = UID / 1000000 + kilos = ( UID / megas * 1000000 ) / 1000 + use /etc/tcb/:megas/:kilos/user + make symlink /etc/tcb/user to the above directory +} + + + + diff --git a/man/login.defs.d/TTYGROUP.xml b/man/login.defs.d/TTYGROUP.xml new file mode 100644 index 0000000..e7cb53d --- /dev/null +++ b/man/login.defs.d/TTYGROUP.xml @@ -0,0 +1,32 @@ + + + (string) + (string) + + + The terminal permissions: the login tty will be owned by the + group, and the permissions will be set to + . + + + By default, the ownership of the terminal is set to the user's + primary group and the permissions are set to + 0600. + + + can be either the name of a group or a + numeric group identifier. + + + If you have a write program which is "setgid" to + a special group which owns the terminals, define TTYGROUP to the + group number and TTYPERM to 0620. Otherwise leave TTYGROUP + commented out and assign TTYPERM to either 622 or 600. + + + diff --git a/man/login.defs.d/TTYTYPE_FILE.xml b/man/login.defs.d/TTYTYPE_FILE.xml new file mode 100644 index 0000000..491bb0b --- /dev/null +++ b/man/login.defs.d/TTYTYPE_FILE.xml @@ -0,0 +1,15 @@ + + + (string) + + + If defined, file which maps tty line to TERM environment parameter. + Each line of the file is in a format something like "vt100 tty01". + + + diff --git a/man/login.defs.d/UID_MAX.xml b/man/login.defs.d/UID_MAX.xml new file mode 100644 index 0000000..df365d0 --- /dev/null +++ b/man/login.defs.d/UID_MAX.xml @@ -0,0 +1,20 @@ + + + (number) + (number) + + + Range of user IDs used for the creation of regular users by + useradd or newusers. + + + The default value for (resp. + ) is 1000 (resp. 60000). + + + diff --git a/man/login.defs.d/ULIMIT.xml b/man/login.defs.d/ULIMIT.xml new file mode 100644 index 0000000..2ff3733 --- /dev/null +++ b/man/login.defs.d/ULIMIT.xml @@ -0,0 +1,14 @@ + + + (number) + + + Default ulimit value. + + + diff --git a/man/login.defs.d/UMASK.xml b/man/login.defs.d/UMASK.xml new file mode 100644 index 0000000..1090e05 --- /dev/null +++ b/man/login.defs.d/UMASK.xml @@ -0,0 +1,32 @@ + + + (number) + + + The file mode creation mask is initialized to this value. If not + specified, the mask will be initialized to 022. + + + useradd and newusers use this + mask to set the mode of the home directory they create if + is not set. + + + It is also used by login to define users' initial + umask. Note that this mask can be overridden by the user's GECOS + line (if is set) or by the + specification of a limit with the K identifier + in limits + 5. + + + It is also used by pam_umask as the default umask + value. + + + diff --git a/man/login.defs.d/USERDEL_CMD.xml b/man/login.defs.d/USERDEL_CMD.xml new file mode 100644 index 0000000..56c0933 --- /dev/null +++ b/man/login.defs.d/USERDEL_CMD.xml @@ -0,0 +1,48 @@ + + + (string) + + + If defined, this command is run when removing a user. It should + remove any at/cron/print jobs etc. owned by the user to be removed + (passed as the first argument). + + + The return code of the script is not taken into account. + + + Here is an example script, which removes the user's + cron, at and print jobs: + +#! /bin/sh + +# Check for the required argument. +if [ $# != 1 ]; then + echo "Usage: $0 username" + exit 1 +fi + +# Remove cron jobs. +crontab -r -u $1 + +# Remove at jobs. +# Note that it will remove any jobs owned by the same UID, +# even if it was shared by a different username. +AT_SPOOL_DIR=/var/spool/cron/atjobs +find $AT_SPOOL_DIR -name "[^.]*" -type f -user $1 -delete \; + +# Remove print jobs. +lprm $1 + +# All done. +exit 0 + + + + diff --git a/man/login.defs.d/USERGROUPS_ENAB.xml b/man/login.defs.d/USERGROUPS_ENAB.xml new file mode 100644 index 0000000..6338fc9 --- /dev/null +++ b/man/login.defs.d/USERGROUPS_ENAB.xml @@ -0,0 +1,22 @@ + + + (boolean) + + + Enable setting of the umask group bits to be the same as owner bits + (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is + the same as gid, and username is the same as the primary group name. + + + If set to yes, userdel + will remove the user's group if it contains no more members, and + useradd will create by default a group with the + name of the user. + + + diff --git a/man/login.defs.d/USE_TCB.xml b/man/login.defs.d/USE_TCB.xml new file mode 100644 index 0000000..a89bf23 --- /dev/null +++ b/man/login.defs.d/USE_TCB.xml @@ -0,0 +1,14 @@ + + + (boolean) + + + If yes, the + tcb5 + password shadowing scheme will be used. + + + -- cgit v1.2.3