* man/gshadow.5.xml: Updated documentation.

This commit is contained in:
nekral-guest 2009-05-21 13:53:56 +00:00
parent 39b17ee5d5
commit 12235612b5
2 changed files with 90 additions and 34 deletions

View File

@ -1,3 +1,7 @@
2009-05-21 Nicolas François <nicolas.francois@centraliens.net>
* man/gshadow.5.xml: Updated documentation.
2009-05-21 Nicolas François <nicolas.francois@centraliens.net>
* man/usermod.8.xml, man/userdel.8.xml, man/useradd.8.xml:

View File

@ -43,46 +43,98 @@
<title>DESCRIPTION</title>
<para>
<filename>/etc/gshadow</filename> contains the shadowed information
for group accounts. It contains lines with the following
colon-separated fields:
</para>
<itemizedlist mark='bullet'>
<listitem>
<para>group name</para>
</listitem>
<listitem>
<para>encrypted password</para>
</listitem>
<listitem>
<para>comma-separated list of group administrators</para>
</listitem>
<listitem>
<para>comma-separated list of group members</para>
</listitem>
</itemizedlist>
<para>
The group name and password fields must be filled. The encrypted
password consists of characters from the 64-character alphabet a thru
z, A thru Z, 0 thru 9, \. and /. Refer to <citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> for details on how this string is interpreted. If the
password field contains some string that is not valid result of
<citerefentry><refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, for instance ! or *, the user will not be able to use
a unix password to log in, subject to <citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
<para>
This information supersedes any password present in
<filename>/etc/group</filename>.
for group accounts.
</para>
<para>
This file must not be readable by regular users if password security
is to be maintained.
</para>
<para>
Each line of this file contains the following colon-separated
fields:
</para>
<variablelist>
<varlistentry>
<term><emphasis role="bold">group name</emphasis></term>
<listitem>
<para>
It must be a valid group name, which exist on the system.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">encrypted password</emphasis></term>
<listitem>
<para>
Refer to <citerefentry><refentrytitle>crypt</refentrytitle>
<manvolnum>3</manvolnum></citerefentry> for details on how
this string is interpreted.
</para>
<para>
If the password field contains some string that is not a valid
result of <citerefentry><refentrytitle>crypt</refentrytitle>
<manvolnum>3</manvolnum></citerefentry>, for instance ! or *,
users will not be able to use a unix password to access the
group (but group members do not need the password).
</para>
<para>
The password is used when an user who is not a member of the
group wants to gain the permissions of this group (see
<citerefentry><refentrytitle>newgrp</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>).
</para>
<para>
This field may be empty, in which case only the group members
can gain the group permissions.
</para>
<para>
A password field which starts with a exclamation mark means
that the password is locked. The remaining characters on the
line represent the password field before the password was
locked.
</para>
<para>
This password supersedes any password specified in
<filename>/etc/group</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">administrators</emphasis></term>
<listitem>
<para>
It must be a comma-separated list of user names.
</para>
<para>
Administrators can change the password or the members of the
group.
</para>
<para>
Administrators also have the same permissions as the members
(see below).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">members</emphasis></term>
<listitem>
<para>
It must be a comma-separated list of user names.
</para>
<para>
Members can access the group without being prompted for a
password.
</para>
<para>
You should use the same list of users as in
<filename>/etc/group</filename>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='files'>