source: BOOK/final-system/common/shadow.xml@ cdc0f7c

clfs-3.0.0-systemd systemd
Last change on this file since cdc0f7c was 24b004c, checked in by Chris Staub <chris@…>, 12 years ago

Remove end-of-line spaces
  • Property mode set to 100644
File size: 17.5 KB
RevLine 
[3f8be484]1<?xml version="1.0" encoding="ISO-8859-1"?>
[aa18ac0]2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
[3f8be484]4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-system-shadow" role="wrap">
9 <?dbhtml filename="shadow.html"?>
10
11 <title>Shadow-&shadow-version;</title>
12
13 <indexterm zone="ch-system-shadow">
14 <primary sortas="a-Shadow">Shadow</primary>
15 </indexterm>
16
17 <sect2 role="package">
18 <title/>
19
20 <para>The Shadow package contains programs for handling passwords in a
21 secure way.</para>
22
23 </sect2>
24
25 <sect2 role="installation">
26 <title>Installation of Shadow</title>
27
28 <note os="a">
29 <para>If you would like to enforce the use of strong passwords,
[0d4607d]30 refer to <ulink url="&cblfs-root;index.php/Cracklib"/>
[3f8be484]31 for installing Cracklib prior to building Shadow. Then add
32 <parameter>--with-libcrack</parameter> to the <command>configure</command>
33 command below.</para>
34 </note>
35
[0a6ea84]36 <para os="b">Disable the installation of the <command>groups</command> and
37 <command>nologin</command> programs and their man pages, as better versions
38 of these programs are provided by Coreutils and Util-linux:</para>
[9d47629]39
[0a6ea84]40<screen os="c"><userinput>sed -i src/Makefile.in \
41 -e 's/groups$(EXEEXT) //' -e 's/= nologin$(EXEEXT)/= /'
42find man -name Makefile.in -exec sed -i \
43 -e 's/man1\/groups\.1 //' -e 's/man8\/nologin\.8 //' '{}' \;</userinput></screen>
[9d47629]44
45 <para os="d">Prepare Shadow for compilation:</para>
[7447a2c]46
[9d47629]47<screen os="e"><userinput>./configure --sysconfdir=/etc</userinput></screen>
[7447a2c]48
[9d47629]49<para os="f">The meaning of the configure options:</para>
50
51 <variablelist os="g">
[2ae76c7c]52 <varlistentry>
53 <term><parameter>--sysconfdir=/etc</parameter></term>
54 <listitem><para>Tells Shadow to install its configuration files into
[7bca962]55 <filename class="directory">/etc</filename>, rather than
56 <filename class="directory">/usr/etc</filename>.</para></listitem>
[2ae76c7c]57 </varlistentry>
[24b004c]58
[7447a2c]59 </variablelist>
60
61 <para os="h">Compile the package:</para>
[3f8be484]62
[7447a2c]63<screen os="i"><userinput>make</userinput></screen>
[3f8be484]64
[d1631d1]65 <para os="j">This package does not come with a test suite.</para>
[3f8be484]66
[d1631d1]67 <para os="k">Install the package:</para>
[3f8be484]68
[d1631d1]69<screen os="l"><userinput>make install</userinput></screen>
70
[898e550]71 <para os="m" id="shadow-login_defs">Instead of using the default
[3f8be484]72 <emphasis>crypt</emphasis> method, use the more secure
[51129d2]73 <emphasis>SHA512</emphasis> method of password encryption, which also allows
[3f8be484]74 passwords longer than 8 characters. It is also necessary to change the
75 obsolete <filename class="directory">/var/spool/mail</filename> location
76 for user mailboxes that Shadow uses by default to the <filename
[a1fb12f]77 class="directory">/var/mail</filename> location used currently. Use the
78 following sed command to make these changes to the appropriate
79 configuration file:</para>
[3f8be484]80
[898e550]81 <indexterm os="n" zone="shadow-login_defs">
[3f8be484]82 <primary sortas="e-/etc/login.defs">/etc/login.defs</primary>
83 </indexterm>
84
[38fcb2c]85<screen os="s"><userinput>sed -i /etc/login.defs \
[51129d2]86 -e 's@#\(ENCRYPT_METHOD \).*@\1SHA512@' \
[38fcb2c]87 -e 's@/var/spool/mail@/var/mail@'</userinput></screen>
[81118fc]88
89 <note os="t">
[52704239]90 <para>If you built Shadow with Cracklib support, execute
91 this <command>sed</command> to correct the path to the Cracklib
92 dictionary:</para>
[3f8be484]93
[d67d6bd]94<screen role="nodump"><userinput>sed -i 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' /etc/login.defs</userinput></screen>
[3f8be484]95 </note>
96
[d1631d1]97 <para os="u">Move a misplaced program to its proper location:</para>
[3f8be484]98
[d1631d1]99<screen os="v"><userinput>mv -v /usr/bin/passwd /bin</userinput></screen>
[3f8be484]100
101 </sect2>
102
103 <sect2 id="conf-shadow" role="configuration">
104 <title>Configuring Shadow</title>
105
106 <indexterm zone="conf-shadow">
107 <primary sortas="a-Shadow">Shadow</primary>
108 <secondary>configuring</secondary>
109 </indexterm>
110
111 <para>This package contains utilities to add, modify, and delete users and
112 groups; set and change their passwords; and perform other administrative
113 tasks. For a full explanation of what <emphasis>password shadowing</emphasis>
114 means, see the <filename>doc/HOWTO</filename> file within the unpacked source
115 tree. If using Shadow support, keep in mind that programs which need to
116 verify passwords (display managers, FTP programs, pop3 daemons, etc.) must
117 be Shadow-compliant. That is, they need to be able to work with shadowed
118 passwords.</para>
119
120 <para>To enable shadowed passwords, run the following command:</para>
121
122<screen><userinput>pwconv</userinput></screen>
123
124 <para>To enable shadowed group passwords, run:</para>
125
[3a3e135]126<screen role="nodump"><userinput>grpconv</userinput></screen>
[3f8be484]127
[a1fb12f]128 <para>To view or change the default settings for new user accounts that
[d67d6bd]129 you create, you can edit <filename>/etc/default/useradd</filename>. See
[a1fb12f]130 <command>man useradd</command> or
[48770b9]131 <ulink url="&cblfs-root;index.php/Configuring_for_Adding_Users"/> for more
[a1fb12f]132 information.</para>
133
[3f8be484]134 </sect2>
135
136 <sect2 id="root-password" role="configuration">
137 <title>Setting the root password</title>
138
139 <para>Choose a password for user <systemitem
140 class="username">root</systemitem> and set it by running:</para>
141
[0f3854e]142<screen role="nodump"><userinput>passwd root</userinput></screen>
[3f8be484]143
144 </sect2>
145
146 <sect2 id="contents-shadow" role="content">
147 <title>Contents of Shadow</title>
148
149 <segmentedlist>
150 <segtitle>Installed programs</segtitle>
[61ad0b7f]151 <segtitle>Installed directory</segtitle>
[3f8be484]152
153 <seglistitem>
[d1f79ab]154 <seg>chage, chfn, chgpasswd, chpasswd, chsh, expiry, faillog, gpasswd,
[0a11182]155 groupadd, groupdel, groupmems, groupmod, grpck, grpconv, grpunconv,
[0a6ea84]156 lastlog, login, logoutd, newgrp, newusers, passwd, pwck,
[0a11182]157 pwconv, pwunconv, sg (link to newgrp), su, useradd, userdel, usermod,
[e29fb58]158 vigr (link to vipw), and vipw</seg>
[61ad0b7f]159 <seg>/etc/default</seg>
[3f8be484]160 </seglistitem>
161 </segmentedlist>
162
163 <variablelist>
164 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
165 <?dbfo list-presentation="list"?>
166 <?dbhtml list-presentation="table"?>
167
168 <varlistentry id="chage">
169 <term><command>chage</command></term>
170 <listitem>
171 <para>Used to change the maximum number of days between obligatory
172 password changes</para>
173 <indexterm zone="ch-system-shadow chage">
174 <primary sortas="b-chage">chage</primary>
175 </indexterm>
176 </listitem>
177 </varlistentry>
178
179 <varlistentry id="chfn">
180 <term><command>chfn</command></term>
181 <listitem>
182 <para>Used to change a user's full name and other information</para>
183 <indexterm zone="ch-system-shadow chfn">
184 <primary sortas="b-chfn">chfn</primary>
185 </indexterm>
186 </listitem>
187 </varlistentry>
188
[a68b59e]189 <varlistentry id="chgpasswd">
190 <term><command>chgpasswd</command></term>
191 <listitem>
192 <para>Used to update group passwords in batch mode</para>
193 <indexterm zone="ch-system-shadow chgpasswd">
194 <primary sortas="b-chgpasswd">chgpasswd</primary>
195 </indexterm>
196 </listitem>
197 </varlistentry>
198
[3f8be484]199 <varlistentry id="chpasswd">
200 <term><command>chpasswd</command></term>
201 <listitem>
202 <para>Used to update the passwords of an entire series of user
203 accounts</para>
204 <indexterm zone="ch-system-shadow chpasswd">
205 <primary sortas="b-chpasswd">chpasswd</primary>
206 </indexterm>
207 </listitem>
208 </varlistentry>
209
210 <varlistentry id="chsh">
211 <term><command>chsh</command></term>
212 <listitem>
213 <para>Used to change a user's default login shell</para>
214 <indexterm zone="ch-system-shadow chsh">
215 <primary sortas="b-chsh">chsh</primary>
216 </indexterm>
217 </listitem>
218 </varlistentry>
219
220 <varlistentry id="expiry">
221 <term><command>expiry</command></term>
222 <listitem>
223 <para>Checks and enforces the current password expiration policy</para>
224 <indexterm zone="ch-system-shadow expiry">
225 <primary sortas="b-expiry">expiry</primary>
226 </indexterm>
227 </listitem>
228 </varlistentry>
229
230 <varlistentry id="faillog">
231 <term><command>faillog</command></term>
232 <listitem>
233 <para>Is used to examine the log of login failures, to set a maximum
234 number of failures before an account is blocked, or to reset the
235 failure count</para>
236 <indexterm zone="ch-system-shadow faillog">
237 <primary sortas="b-faillog">faillog</primary>
238 </indexterm>
239 </listitem>
240 </varlistentry>
241
242 <varlistentry id="gpasswd">
243 <term><command>gpasswd</command></term>
244 <listitem>
245 <para>Is used to add and delete members and administrators to
246 groups</para>
247 <indexterm zone="ch-system-shadow gpasswd">
248 <primary sortas="b-gpasswd">gpasswd</primary>
249 </indexterm>
250 </listitem>
251 </varlistentry>
252
253 <varlistentry id="groupadd">
254 <term><command>groupadd</command></term>
255 <listitem>
256 <para>Creates a group with the given name</para>
257 <indexterm zone="ch-system-shadow groupadd">
258 <primary sortas="b-groupadd">groupadd</primary>
259 </indexterm>
260 </listitem>
261 </varlistentry>
262
263 <varlistentry id="groupdel">
264 <term><command>groupdel</command></term>
265 <listitem>
266 <para>Deletes the group with the given name</para>
267 <indexterm zone="ch-system-shadow groupdel">
268 <primary sortas="b-groupdel">groupdel</primary>
269 </indexterm>
270 </listitem>
271 </varlistentry>
272
[0a11182]273 <varlistentry id="groupmems">
274 <term><command>groupmems</command></term>
275 <listitem>
276 <para>Allows a user to administer his/her own group membership list
277 without the requirement of superuser privileges</para>
278 <indexterm zone="ch-system-shadow groupmems">
279 <primary sortas="b-groupmems">groupmems</primary>
280 </indexterm>
281 </listitem>
282 </varlistentry>
283
[3f8be484]284 <varlistentry id="groupmod">
285 <term><command>groupmod</command></term>
286 <listitem>
287 <para>Is used to modify the given group's name or GID</para>
288 <indexterm zone="ch-system-shadow groupmod">
289 <primary sortas="b-groupmod">groupmod</primary>
290 </indexterm>
291 </listitem>
292 </varlistentry>
293
294 <varlistentry id="grpck">
295 <term><command>grpck</command></term>
296 <listitem>
297 <para>Verifies the integrity of the group files
298 <filename>/etc/group</filename> and
299 <filename>/etc/gshadow</filename></para>
300 <indexterm zone="ch-system-shadow grpck">
301 <primary sortas="b-grpck">grpck</primary>
302 </indexterm>
303 </listitem>
304 </varlistentry>
305
306 <varlistentry id="grpconv">
307 <term><command>grpconv</command></term>
308 <listitem>
309 <para>Creates or updates the shadow group file from the normal
310 group file</para>
311 <indexterm zone="ch-system-shadow grpconv">
312 <primary sortas="b-grpconv">grpconv</primary>
313 </indexterm>
314 </listitem>
315 </varlistentry>
316
317 <varlistentry id="grpunconv">
318 <term><command>grpunconv</command></term>
319 <listitem>
320 <para>Updates <filename>/etc/group</filename> from
321 <filename>/etc/gshadow</filename> and then deletes the latter</para>
322 <indexterm zone="ch-system-shadow grpunconv">
323 <primary sortas="b-grpunconv">grpunconv</primary>
324 </indexterm>
325 </listitem>
326 </varlistentry>
327
328 <varlistentry id="lastlog">
329 <term><command>lastlog</command></term>
330 <listitem>
331 <para>Reports the most recent login of all users or of a
332 given user</para>
333 <indexterm zone="ch-system-shadow lastlog">
334 <primary sortas="b-lastlog">lastlog</primary>
335 </indexterm>
336 </listitem>
337 </varlistentry>
338
339 <varlistentry id="login">
340 <term><command>login</command></term>
341 <listitem>
342 <para>Is used by the system to let users sign on</para>
343 <indexterm zone="ch-system-shadow login">
344 <primary sortas="b-login">login</primary>
345 </indexterm>
346 </listitem>
347 </varlistentry>
348
349 <varlistentry id="logoutd">
350 <term><command>logoutd</command></term>
351 <listitem>
352 <para>Is a daemon used to enforce restrictions on log-on time
353 and ports</para>
354 <indexterm zone="ch-system-shadow logoutd">
355 <primary sortas="b-logoutd">logoutd</primary>
356 </indexterm>
357 </listitem>
358 </varlistentry>
359
360 <varlistentry id="newgrp">
361 <term><command>newgrp</command></term>
362 <listitem>
363 <para>Is used to change the current GID during a login session</para>
364 <indexterm zone="ch-system-shadow newgrp">
365 <primary sortas="b-newgrp">newgrp</primary>
366 </indexterm>
367 </listitem>
368 </varlistentry>
369
370 <varlistentry id="newusers">
371 <term><command>newusers</command></term>
372 <listitem>
373 <para>Is used to create or update an entire series of user
374 accounts</para>
375 <indexterm zone="ch-system-shadow newusers">
376 <primary sortas="b-newusers">newusers</primary>
377 </indexterm>
378 </listitem>
379 </varlistentry>
380
381 <varlistentry id="passwd">
382 <term><command>passwd</command></term>
383 <listitem>
384 <para>Is used to change the password for a user or group account</para>
385 <indexterm zone="ch-system-shadow passwd">
386 <primary sortas="b-passwd">passwd</primary>
387 </indexterm>
388 </listitem>
389 </varlistentry>
390
391 <varlistentry id="pwck">
392 <term><command>pwck</command></term>
393 <listitem>
394 <para>Verifies the integrity of the password files
395 <filename>/etc/passwd</filename> and
396 <filename>/etc/shadow</filename></para>
397 <indexterm zone="ch-system-shadow pwck">
398 <primary sortas="b-pwck">pwck</primary>
399 </indexterm>
400 </listitem>
401 </varlistentry>
402
403 <varlistentry id="pwconv">
404 <term><command>pwconv</command></term>
405 <listitem>
406 <para>Creates or updates the shadow password file from the normal
407 password file</para>
408 <indexterm zone="ch-system-shadow pwconv">
409 <primary sortas="b-pwconv">pwconv</primary>
410 </indexterm>
411 </listitem>
412 </varlistentry>
413
414 <varlistentry id="pwunconv">
415 <term><command>pwunconv</command></term>
416 <listitem>
417 <para>Updates <filename>/etc/passwd</filename> from
418 <filename>/etc/shadow</filename> and then deletes the latter</para>
419 <indexterm zone="ch-system-shadow pwunconv">
420 <primary sortas="b-pwunconv">pwunconv</primary>
421 </indexterm>
422 </listitem>
423 </varlistentry>
424
425 <varlistentry id="sg">
426 <term><command>sg</command></term>
427 <listitem>
428 <para>Executes a given command while the user's GID
429 is set to that of the given group</para>
430 <indexterm zone="ch-system-shadow sg">
431 <primary sortas="b-sg">sg</primary>
432 </indexterm>
433 </listitem>
434 </varlistentry>
435
436 <varlistentry id="su">
437 <term><command>su</command></term>
438 <listitem>
439 <para>Runs a shell with substitute user and group IDs</para>
440 <indexterm zone="ch-system-shadow su">
441 <primary sortas="b-su">su</primary>
442 </indexterm>
443 </listitem>
444 </varlistentry>
445
446 <varlistentry id="useradd">
447 <term><command>useradd</command></term>
448 <listitem>
449 <para>Creates a new user with the given name, or updates the default
450 new-user information</para>
451 <indexterm zone="ch-system-shadow useradd">
452 <primary sortas="b-useradd">useradd</primary>
453 </indexterm>
454 </listitem>
455 </varlistentry>
456
457 <varlistentry id="userdel">
458 <term><command>userdel</command></term>
459 <listitem>
460 <para>Deletes the given user account</para>
461 <indexterm zone="ch-system-shadow userdel">
462 <primary sortas="b-userdel">userdel</primary>
463 </indexterm>
464 </listitem>
465 </varlistentry>
466
467 <varlistentry id="usermod">
468 <term><command>usermod</command></term>
469 <listitem>
470 <para>Is used to modify the given user's login name, User
471 Identification (UID), shell, initial group, home directory, etc.</para>
472 <indexterm zone="ch-system-shadow usermod">
473 <primary sortas="b-usermod">usermod</primary>
474 </indexterm>
475 </listitem>
476 </varlistentry>
477
478 <varlistentry id="vigr">
479 <term><command>vigr</command></term>
480 <listitem>
481 <para>Edits the <filename>/etc/group</filename> or
482 <filename>/etc/gshadow</filename> files</para>
483 <indexterm zone="ch-system-shadow vigr">
484 <primary sortas="b-vigr">vigr</primary>
485 </indexterm>
486 </listitem>
487 </varlistentry>
488
489 <varlistentry id="vipw">
490 <term><command>vipw</command></term>
491 <listitem>
492 <para>Edits the <filename>/etc/passwd</filename> or
493 <filename>/etc/shadow</filename> files</para>
494 <indexterm zone="ch-system-shadow vipw">
495 <primary sortas="b-vipw">vipw</primary>
496 </indexterm>
497 </listitem>
498 </varlistentry>
499
500 </variablelist>
501
502 </sect2>
503
504</sect1>
Note: See TracBrowser for help on using the repository browser.