From 12235612b52fb2db0c51fee2967cf12f918c54ed Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Thu, 21 May 2009 13:53:56 +0000 Subject: [PATCH] * man/gshadow.5.xml: Updated documentation. --- ChangeLog | 4 ++ man/gshadow.5.xml | 120 +++++++++++++++++++++++++++++++++------------- 2 files changed, 90 insertions(+), 34 deletions(-) diff --git a/ChangeLog b/ChangeLog index 49c9360d..2b065f75 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2009-05-21 Nicolas François + + * man/gshadow.5.xml: Updated documentation. + 2009-05-21 Nicolas François * man/usermod.8.xml, man/userdel.8.xml, man/useradd.8.xml: diff --git a/man/gshadow.5.xml b/man/gshadow.5.xml index b15dd77d..47c59e85 100644 --- a/man/gshadow.5.xml +++ b/man/gshadow.5.xml @@ -43,46 +43,98 @@ DESCRIPTION /etc/gshadow contains the shadowed information - for group accounts. It contains lines with the following - colon-separated fields: - - - - group name - - - encrypted password - - - comma-separated list of group administrators - - - comma-separated list of group members - - - - - The group name and password fields must be filled. The encrypted - password consists of characters from the 64-character alphabet a thru - z, A thru Z, 0 thru 9, \. and /. Refer to - crypt3 - for details on how this string is interpreted. If the - password field contains some string that is not valid result of - crypt3 - , for instance ! or *, the user will not be able to use - a unix password to log in, subject to - pam7. - - - - This information supersedes any password present in - /etc/group. + for group accounts. This file must not be readable by regular users if password security is to be maintained. + + + Each line of this file contains the following colon-separated + fields: + + + + group name + + + It must be a valid group name, which exist on the system. + + + + + encrypted password + + + Refer to crypt + 3 for details on how + this string is interpreted. + + + If the password field contains some string that is not a valid + result of crypt + 3, for instance ! or *, + users will not be able to use a unix password to access the + group (but group members do not need the password). + + + The password is used when an user who is not a member of the + group wants to gain the permissions of this group (see + newgrp + 1). + + + This field may be empty, in which case only the group members + can gain the group permissions. + + + A password field which starts with a exclamation mark means + that the password is locked. The remaining characters on the + line represent the password field before the password was + locked. + + + This password supersedes any password specified in + /etc/group. + + + + + + administrators + + + It must be a comma-separated list of user names. + + + Administrators can change the password or the members of the + group. + + + Administrators also have the same permissions as the members + (see below). + + + + + members + + + It must be a comma-separated list of user names. + + + Members can access the group without being prompted for a + password. + + + You should use the same list of users as in + /etc/group. + + + +