mirror of
https://git.linuxfromscratch.org/lfs.git
synced 2025-01-18 04:57:38 +00:00
676 lines
25 KiB
XML
676 lines
25 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY % general-entities SYSTEM "../general.ent">
|
|
%general-entities;
|
|
]>
|
|
|
|
<sect1 id="ch-system-shadow" role="wrap">
|
|
<?dbhtml filename="shadow.html"?>
|
|
|
|
<sect1info condition="script">
|
|
<productname>shadow</productname>
|
|
<productnumber>&shadow-version;</productnumber>
|
|
<address>&shadow-url;</address>
|
|
</sect1info>
|
|
|
|
<title>Shadow-&shadow-version;</title>
|
|
|
|
<indexterm zone="ch-system-shadow">
|
|
<primary sortas="a-Shadow">Shadow</primary>
|
|
</indexterm>
|
|
|
|
<sect2 role="package">
|
|
<title/>
|
|
|
|
<para>The Shadow package contains programs for handling passwords in a secure
|
|
way.</para>
|
|
|
|
<segmentedlist>
|
|
<segtitle>&buildtime;</segtitle>
|
|
<segtitle>&diskspace;</segtitle>
|
|
|
|
<seglistitem>
|
|
<seg>&shadow-fin-sbu;</seg>
|
|
<seg>&shadow-fin-du;</seg>
|
|
</seglistitem>
|
|
</segmentedlist>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="installation">
|
|
<title>Installation of Shadow</title>
|
|
|
|
<important>
|
|
<para>
|
|
If you've installed Linux-PAM, you should follow
|
|
<ulink url='&blfs-book;postlfs/shadow.html'>the BLFS
|
|
instruction</ulink> instead of this page to build (or, rebuild or
|
|
upgrade) shadow.
|
|
</para>
|
|
</important>
|
|
|
|
<note>
|
|
<para>If you would like to enforce the use of strong passwords,
|
|
<ulink url='&blfs-book;postlfs/linux-pam.html'>install and configure
|
|
Linux-PAM</ulink> first. Then
|
|
<ulink url='&blfs-book;postlfs/shadow.html'>install and configure
|
|
shadow with the PAM support</ulink>. Finally
|
|
<ulink url='&blfs-book;postlfs/libpwquality.html'>install
|
|
libpwquality and configure PAM to use it</ulink>.</para>
|
|
</note>
|
|
|
|
<para>Disable the installation of the <command>groups</command> program
|
|
and its man pages, as Coreutils provides a better version. Also,
|
|
prevent the installation of manual pages that were already installed in
|
|
<xref linkend="ch-system-man-pages"/>:</para>
|
|
|
|
<screen><userinput remap="pre">sed -i 's/groups$(EXEEXT) //' src/Makefile.in
|
|
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
|
|
find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \;
|
|
find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \;</userinput></screen>
|
|
|
|
<para id="shadow-login_defs">Instead of using the default
|
|
<emphasis>crypt</emphasis> method, use the much more secure
|
|
<emphasis>YESCRYPT</emphasis> method of password encryption, which also
|
|
allows passwords longer than 8 characters.
|
|
It is also necessary to change
|
|
the obsolete <filename class="directory">/var/spool/mail</filename> location
|
|
for user mailboxes that Shadow uses by default to the <filename
|
|
class="directory">/var/mail</filename> location used currently. And,
|
|
remove <filename class="directory">/bin</filename> and
|
|
<filename class="directory">/sbin</filename> from the <envar>PATH</envar>,
|
|
since they are simply symlinks to their counterparts in
|
|
<filename class="directory">/usr</filename>.</para>
|
|
|
|
<warning>
|
|
<para>Including <filename class="directory">/bin</filename>
|
|
and/or <filename class="directory">/sbin</filename> in
|
|
the <envar>PATH</envar> variable may cause some BLFS packages fail to
|
|
build,<!-- known example: SPIRV-LLVM-Translator --> so don't do that
|
|
in the <filename>.bashrc</filename> file or anywhere else.</para>
|
|
</warning>
|
|
|
|
<screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD YESCRYPT:' \
|
|
-e 's:/var/spool/mail:/var/mail:' \
|
|
-e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \
|
|
-i etc/login.defs</userinput></screen>
|
|
|
|
<!--
|
|
<para>Make a minor change to make the first group number generated
|
|
by useradd 1000:</para>
|
|
|
|
<screen><userinput remap="pre">sed -i 's/1000/999/' etc/useradd</userinput></screen>
|
|
-->
|
|
<!--
|
|
<para>Fix a simple programming error by modifying a file with following command:</para>
|
|
|
|
<screen><userinput remap="pre">sed -e "224s/rounds/min_rounds/" -i libmisc/salt.c</userinput></screen>
|
|
-->
|
|
<para>Prepare Shadow for compilation:</para>
|
|
|
|
<screen><userinput remap="configure">touch /usr/bin/passwd
|
|
./configure --sysconfdir=/etc \
|
|
--disable-static \
|
|
--with-{b,yes}crypt \
|
|
--without-libbsd \
|
|
--with-group-name-max-length=32</userinput></screen>
|
|
|
|
<variablelist>
|
|
<title>The meaning of the new configuration options:</title>
|
|
|
|
<varlistentry>
|
|
<term><command>touch /usr/bin/passwd</command></term>
|
|
<listitem>
|
|
<para>The file <filename>/usr/bin/passwd</filename> needs
|
|
to exist because its location is hardcoded in some programs;
|
|
if it does not already exist, the installation script will
|
|
create it in the wrong place.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><parameter>--with-{b,yes}crypt</parameter></term>
|
|
<listitem>
|
|
<para>The shell expands this to two switches,
|
|
<parameter>--with-bcrypt</parameter> and
|
|
<parameter>--with-yescrypt</parameter>. They allow shadow to use
|
|
the Bcrypt and Yescrypt algorithms implemented by
|
|
<application>Libxcrypt</application> for hashing passwords.
|
|
These algorithms are more secure (in particular, much more
|
|
resistant to GPU-based attacks) than the traditional SHA
|
|
algorithms.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><parameter>--with-group-name-max-length=32</parameter></term>
|
|
<listitem>
|
|
<para>The longest permissible user name is 32 characters. Make the maximum
|
|
length of a group name the same.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><parameter>--without-libbsd</parameter></term>
|
|
<listitem>
|
|
<para>Do not use the readpassphrase function from libbsd which
|
|
is not in LFS. Use the internal copy instead.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
<para>Compile the package:</para>
|
|
|
|
<screen><userinput remap="make">make</userinput></screen>
|
|
|
|
<para>This package does not come with a test suite.</para>
|
|
|
|
<para>Install the package:</para>
|
|
|
|
<screen><userinput remap="install">make exec_prefix=/usr install
|
|
make -C man install-man</userinput></screen>
|
|
|
|
</sect2>
|
|
|
|
<sect2 id="conf-shadow" role="configuration">
|
|
<title>Configuring Shadow</title>
|
|
|
|
<indexterm zone="conf-shadow">
|
|
<primary sortas="a-Shadow">Shadow</primary>
|
|
<secondary>configuring</secondary>
|
|
</indexterm>
|
|
|
|
<para>This package contains utilities to add, modify, and delete users and
|
|
groups; set and change their passwords; and perform other administrative
|
|
tasks. For a full explanation of what <emphasis>password shadowing</emphasis>
|
|
means, see the <filename>doc/HOWTO</filename> file within the unpacked
|
|
source tree. If you use Shadow support, keep in mind that programs which need
|
|
to verify passwords (display managers, FTP programs, pop3 daemons, etc.)
|
|
must be Shadow-compliant. That is, they must be able to work with
|
|
shadowed passwords.</para>
|
|
|
|
<para>To enable shadowed passwords, run the following command:</para>
|
|
|
|
<screen><userinput>pwconv</userinput></screen>
|
|
|
|
<para>To enable shadowed group passwords, run:</para>
|
|
|
|
<screen><userinput>grpconv</userinput></screen>
|
|
|
|
<para>Shadow's default configuration for the <command>useradd</command>
|
|
utility needs some explanation. First, the default
|
|
action for the <command>useradd</command> utility is to create the user and
|
|
a group with the same name as the user. By default the user ID (UID) and
|
|
group ID (GID) numbers will begin at 1000. This means if you don't pass
|
|
extra parameters to <command>useradd</command>, each user will be a member of a
|
|
unique group on the system. If this behavior is undesirable, you'll need
|
|
to pass either the <parameter>-g</parameter> or <parameter>-N</parameter>
|
|
parameter to <command>useradd</command>, or else change the setting of
|
|
<parameter>USERGROUPS_ENAB</parameter> in
|
|
<filename>/etc/login.defs</filename>. See <ulink role='man'
|
|
url='&man;useradd.8'>useradd(8)</ulink> for more information.</para>
|
|
|
|
<para>Second, to change the default parameters, the file
|
|
<filename>/etc/default/useradd</filename> must be created and tailored
|
|
to suit your particular needs. Create it with:</para>
|
|
|
|
<screen><userinput>mkdir -p /etc/default
|
|
useradd -D --gid 999</userinput></screen>
|
|
|
|
<variablelist>
|
|
<title><filename>/etc/default/useradd</filename> parameter explanations</title>
|
|
|
|
<varlistentry>
|
|
<term><parameter>GROUP=999</parameter></term>
|
|
<listitem>
|
|
<para>This parameter sets the beginning of the group numbers used in
|
|
the <filename>/etc/group</filename> file. The particular value 999
|
|
comes from the <parameter>--gid</parameter> parameter above. You
|
|
may set it to any desired value.
|
|
|
|
Note that <command>useradd</command> will never reuse a UID or GID.
|
|
If the number identified in this parameter is used, it will use the
|
|
next available number. Note also that if you don't have a group with
|
|
an ID equal to this number on your system, then the first time you use
|
|
<command>useradd</command> without the <parameter>-g</parameter>
|
|
parameter, an error message will be generated—<computeroutput>useradd:
|
|
unknown GID 999</computeroutput>,
|
|
even though the account has been created correctly. That is why we
|
|
created the group <systemitem class="groupname">users</systemitem>
|
|
with this group ID in
|
|
<xref linkend='ch-tools-createfiles' role='.'/></para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><parameter>CREATE_MAIL_SPOOL=yes</parameter></term>
|
|
<listitem>
|
|
<para>This parameter causes <command>useradd</command> to create a
|
|
mailbox file for each new user. <command>useradd</command>
|
|
will assign the group ownership of this file to the
|
|
<systemitem class="groupname">mail</systemitem> group with 0660
|
|
permissions. If you would rather not create these files,
|
|
issue the following command:</para>
|
|
|
|
<screen><userinput>sed -i '/MAIL/s/yes/no/' /etc/default/useradd</userinput></screen>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="configuration">
|
|
<title>Setting the Root Password</title>
|
|
|
|
<para>Choose a password for user <emphasis>root</emphasis> and set it
|
|
by running:</para>
|
|
|
|
<screen role="nodump"><userinput>passwd root</userinput></screen>
|
|
|
|
</sect2>
|
|
|
|
<sect2 id="contents-shadow" role="content">
|
|
<title>Contents of Shadow</title>
|
|
|
|
<segmentedlist>
|
|
<segtitle>Installed programs</segtitle>
|
|
<segtitle>Installed directories</segtitle>
|
|
<segtitle>Installed libraries</segtitle>
|
|
|
|
<seglistitem>
|
|
<seg>chage, chfn, chgpasswd, chpasswd, chsh, expiry, faillog,
|
|
getsubids, gpasswd, groupadd, groupdel, groupmems, groupmod, grpck,
|
|
grpconv, grpunconv, login, logoutd, newgidmap, newgrp,
|
|
newuidmap, newusers, nologin, passwd, pwck, pwconv, pwunconv,
|
|
sg (link to newgrp), su, useradd, userdel, usermod,
|
|
vigr (link to vipw), and vipw</seg>
|
|
<seg>/etc/default and /usr/include/shadow</seg>
|
|
<seg>libsubid.so</seg>
|
|
</seglistitem>
|
|
</segmentedlist>
|
|
|
|
<variablelist>
|
|
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
|
<?dbfo list-presentation="list"?>
|
|
<?dbhtml list-presentation="table"?>
|
|
|
|
<varlistentry id="chage">
|
|
<term><command>chage</command></term>
|
|
<listitem>
|
|
<para>Used to change the maximum number of days between obligatory
|
|
password changes</para>
|
|
<indexterm zone="ch-system-shadow chage">
|
|
<primary sortas="b-chage">chage</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="chfn">
|
|
<term><command>chfn</command></term>
|
|
<listitem>
|
|
<para>Used to change a user's full name and other information</para>
|
|
<indexterm zone="ch-system-shadow chfn">
|
|
<primary sortas="b-chfn">chfn</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="chgpasswd">
|
|
<term><command>chgpasswd</command></term>
|
|
<listitem>
|
|
<para>Used to update group passwords in batch mode</para>
|
|
<indexterm zone="ch-system-shadow chgpasswd">
|
|
<primary sortas="b-chgpasswd">chgpasswd</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="chpasswd">
|
|
<term><command>chpasswd</command></term>
|
|
<listitem>
|
|
<para>Used to update user passwords in batch mode</para>
|
|
<indexterm zone="ch-system-shadow chpasswd">
|
|
<primary sortas="b-chpasswd">chpasswd</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="chsh">
|
|
<term><command>chsh</command></term>
|
|
<listitem>
|
|
<para>Used to change a user's default login shell</para>
|
|
<indexterm zone="ch-system-shadow chsh">
|
|
<primary sortas="b-chsh">chsh</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="expiry">
|
|
<term><command>expiry</command></term>
|
|
<listitem>
|
|
<para>Checks and enforces the current password expiration policy</para>
|
|
<indexterm zone="ch-system-shadow expiry">
|
|
<primary sortas="b-expiry">expiry</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="faillog">
|
|
<term><command>faillog</command></term>
|
|
<listitem>
|
|
<para>Is used to examine the log of login failures, to set a maximum
|
|
number of failures before an account is blocked, and to reset the
|
|
failure count</para>
|
|
<indexterm zone="ch-system-shadow faillog">
|
|
<primary sortas="b-faillog">faillog</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="getsubids">
|
|
<term><command>getsubids</command></term>
|
|
<listitem>
|
|
<para>Is used to list the subordinate id ranges for a user</para>
|
|
<indexterm zone="ch-system-shadow getsubids">
|
|
<primary sortas="b-getsubids">getsubids</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="gpasswd">
|
|
<term><command>gpasswd</command></term>
|
|
<listitem>
|
|
<para>Is used to add and delete members and administrators to
|
|
groups</para>
|
|
<indexterm zone="ch-system-shadow gpasswd">
|
|
<primary sortas="b-gpasswd">gpasswd</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="groupadd">
|
|
<term><command>groupadd</command></term>
|
|
<listitem>
|
|
<para>Creates a group with the given name</para>
|
|
<indexterm zone="ch-system-shadow groupadd">
|
|
<primary sortas="b-groupadd">groupadd</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="groupdel">
|
|
<term><command>groupdel</command></term>
|
|
<listitem>
|
|
<para>Deletes the group with the given name</para>
|
|
<indexterm zone="ch-system-shadow groupdel">
|
|
<primary sortas="b-groupdel">groupdel</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="groupmems">
|
|
<term><command>groupmems</command></term>
|
|
<listitem>
|
|
<para>Allows a user to administer his/her own group membership list
|
|
without the requirement of super user privileges.</para>
|
|
<indexterm zone="ch-system-shadow groupmems">
|
|
<primary sortas="b-groupmems">groupmems</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="groupmod">
|
|
<term><command>groupmod</command></term>
|
|
<listitem>
|
|
<para>Is used to modify the given group's name or GID</para>
|
|
<indexterm zone="ch-system-shadow groupmod">
|
|
<primary sortas="b-groupmod">groupmod</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="grpck">
|
|
<term><command>grpck</command></term>
|
|
<listitem>
|
|
<para>Verifies the integrity of the group files
|
|
<filename>/etc/group</filename> and
|
|
<filename>/etc/gshadow</filename></para>
|
|
<indexterm zone="ch-system-shadow grpck">
|
|
<primary sortas="b-grpck">grpck</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="grpconv">
|
|
<term><command>grpconv</command></term>
|
|
<listitem>
|
|
<para>Creates or updates the shadow group file from the normal
|
|
group file</para>
|
|
<indexterm zone="ch-system-shadow grpconv">
|
|
<primary sortas="b-grpconv">grpconv</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="grpunconv">
|
|
<term><command>grpunconv</command></term>
|
|
<listitem>
|
|
<para>Updates <filename>/etc/group</filename> from
|
|
<filename>/etc/gshadow</filename> and then deletes the latter</para>
|
|
<indexterm zone="ch-system-shadow grpunconv">
|
|
<primary sortas="b-grpunconv">grpunconv</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="login">
|
|
<term><command>login</command></term>
|
|
<listitem>
|
|
<para>Is used by the system to let users sign on</para>
|
|
<indexterm zone="ch-system-shadow login">
|
|
<primary sortas="b-login">login</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="logoutd">
|
|
<term><command>logoutd</command></term>
|
|
<listitem>
|
|
<para>Is a daemon used to enforce restrictions on log-on time
|
|
and ports</para>
|
|
<indexterm zone="ch-system-shadow logoutd">
|
|
<primary sortas="b-logoutd">logoutd</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="newgidmap">
|
|
<term><command>newgidmap</command></term>
|
|
<listitem>
|
|
<para>Is used to set the gid mapping of a user namespace</para>
|
|
<indexterm zone="ch-system-shadow newgidmap">
|
|
<primary sortas="b-newgidmap">newgidmap</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="newgrp">
|
|
<term><command>newgrp</command></term>
|
|
<listitem>
|
|
<para>Is used to change the current GID during a login session</para>
|
|
<indexterm zone="ch-system-shadow newgrp">
|
|
<primary sortas="b-newgrp">newgrp</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="newuidmap">
|
|
<term><command>newuidmap</command></term>
|
|
<listitem>
|
|
<para>Is used to set the uid mapping of a user namespace</para>
|
|
<indexterm zone="ch-system-shadow newuidmap">
|
|
<primary sortas="b-newuidmap">newuidmap</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="newusers">
|
|
<term><command>newusers</command></term>
|
|
<listitem>
|
|
<para>Is used to create or update an entire series of user
|
|
accounts</para>
|
|
<indexterm zone="ch-system-shadow newusers">
|
|
<primary sortas="b-newusers">newusers</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="nologin">
|
|
<term><command>nologin</command></term>
|
|
<listitem>
|
|
<para>Displays a message saying an account is not available; it is designed
|
|
to be used as the default shell for disabled accounts</para>
|
|
<indexterm zone="ch-system-shadow nologin">
|
|
<primary sortas="b-nologin">nologin</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="passwd">
|
|
<term><command>passwd</command></term>
|
|
<listitem>
|
|
<para>Is used to change the password for a user or group account</para>
|
|
<indexterm zone="ch-system-shadow passwd">
|
|
<primary sortas="b-passwd">passwd</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="pwck">
|
|
<term><command>pwck</command></term>
|
|
<listitem>
|
|
<para>Verifies the integrity of the password files
|
|
<filename>/etc/passwd</filename> and
|
|
<filename>/etc/shadow</filename></para>
|
|
<indexterm zone="ch-system-shadow pwck">
|
|
<primary sortas="b-pwck">pwck</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="pwconv">
|
|
<term><command>pwconv</command></term>
|
|
<listitem>
|
|
<para>Creates or updates the shadow password file from the normal
|
|
password file</para>
|
|
<indexterm zone="ch-system-shadow pwconv">
|
|
<primary sortas="b-pwconv">pwconv</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="pwunconv">
|
|
<term><command>pwunconv</command></term>
|
|
<listitem>
|
|
<para>Updates <filename>/etc/passwd</filename> from
|
|
<filename>/etc/shadow</filename> and then deletes the latter</para>
|
|
<indexterm zone="ch-system-shadow pwunconv">
|
|
<primary sortas="b-pwunconv">pwunconv</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="sg">
|
|
<term><command>sg</command></term>
|
|
<listitem>
|
|
<para>Executes a given command while the user's GID
|
|
is set to that of the given group</para>
|
|
<indexterm zone="ch-system-shadow sg">
|
|
<primary sortas="b-sg">sg</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="su">
|
|
<term><command>su</command></term>
|
|
<listitem>
|
|
<para>Runs a shell with substitute user and group IDs</para>
|
|
<indexterm zone="ch-system-shadow su">
|
|
<primary sortas="b-su">su</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="useradd">
|
|
<term><command>useradd</command></term>
|
|
<listitem>
|
|
<para>Creates a new user with the given name, or updates the default
|
|
new-user information</para>
|
|
<indexterm zone="ch-system-shadow useradd">
|
|
<primary sortas="b-useradd">useradd</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="userdel">
|
|
<term><command>userdel</command></term>
|
|
<listitem>
|
|
<para>Deletes the specified user account</para>
|
|
<indexterm zone="ch-system-shadow userdel">
|
|
<primary sortas="b-userdel">userdel</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="usermod">
|
|
<term><command>usermod</command></term>
|
|
<listitem>
|
|
<para>Is used to modify the given user's login name, user
|
|
identification (UID), shell, initial group, home directory, etc.</para>
|
|
<indexterm zone="ch-system-shadow usermod">
|
|
<primary sortas="b-usermod">usermod</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="vigr">
|
|
<term><command>vigr</command></term>
|
|
<listitem>
|
|
<para>Edits the <filename>/etc/group</filename> or
|
|
<filename>/etc/gshadow</filename> files</para>
|
|
<indexterm zone="ch-system-shadow vigr">
|
|
<primary sortas="b-vigr">vigr</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="vipw">
|
|
<term><command>vipw</command></term>
|
|
<listitem>
|
|
<para>Edits the <filename>/etc/passwd</filename> or
|
|
<filename>/etc/shadow</filename> files</para>
|
|
<indexterm zone="ch-system-shadow vipw">
|
|
<primary sortas="b-vipw">vipw</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="libsubid">
|
|
<term><filename class='libraryfile'>libsubid</filename></term>
|
|
<listitem>
|
|
<para>library to handle subordinate id ranges for users and groups</para>
|
|
<indexterm zone="ch-system-shadow libsubid">
|
|
<primary sortas="c-libsubid">libsubid</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</sect2>
|
|
|
|
</sect1>
|