Manpage improvements for usermod

Signed-off-by: Serge Hallyn <serge@hallyn.com>
This commit is contained in:
Markus Hiereth 2022-03-06 18:12:13 -06:00 committed by Serge Hallyn
parent 10b2e1e7c5
commit 2f30d235c2

View File

@ -62,7 +62,7 @@
<title>DESCRIPTION</title>
<para>
The <command>usermod</command> command modifies the system account
files to reflect the changes that are specified on the command line.
files.
</para>
</refsect1>
@ -100,8 +100,8 @@
</term>
<listitem>
<para>
The new value of the user's password file comment field. It is
normally modified using the <citerefentry>
update the comment field of the user in <filename>/etc/passwd
</filename>, which is normally modified using the <citerefentry>
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
</citerefentry> utility.
</para>
@ -130,12 +130,15 @@
</term>
<listitem>
<para>
The date on which the user account will be disabled. The date is
specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>.
The date on which the user account will be disabled. The
date is specified in the format
<emphasis remap=\"I\">YYYY-MM-DD</emphasis>. Integers as input are
interpreted as days after 1970-01-01.
</para>
<para>
An empty <replaceable>EXPIRE_DATE</replaceable> argument will
disable the expiration of the account.
An input of -1 or an empty string will blank the account
expiration field in the shadow password file. The account
will remain available with no date limit.
</para>
<para>
This option requires a <filename>/etc/shadow</filename> file.
@ -150,13 +153,14 @@
</term>
<listitem>
<para>
The number of days after a password expires until the account is
permanently disabled.
</para>
<para>
A value of 0 disables the account as soon
as the password has expired, and a value of -1 disables the
feature.
defines the number of days after the password exceeded its maximum
age during which the user may still login by immediately replacing
the password. This grace period before the account becomes inactive
is stored in the shadow password file. An input of 0 will disable an
expired password with no delay. An input of -1 will blank the
respective field in the shadow password file. See <citerefentry>
<refentrytitle>shadow</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> for more information.
</para>
<para>
This option requires a <filename>/etc/shadow</filename> file.
@ -171,7 +175,7 @@
</term>
<listitem>
<para>
The group name or number of the user's new initial login group.
The name or numerical ID of the user's new primary group.
The group must exist.
</para>
<para>
@ -198,9 +202,7 @@
<para>
A list of supplementary groups which the user is also a member
of. Each group is separated from the next by a comma, with no
intervening whitespace. The groups are subject to the same
restrictions as the group given with the <option>-g</option>
option.
intervening whitespace. The groups must exist.
</para>
<para>
If the user is currently a member of a group which is
@ -249,7 +251,7 @@
</term>
<listitem>
<para>
Move the content of the user's home directory to the new
moves the content of the user's home directory to the new
location. If the current home directory does not exist
the new home directory will not be created.
</para>
@ -270,9 +272,17 @@
</term>
<listitem>
<para>
When used with the <option>-u</option> option, this option
allows to change the user ID to a non-unique value.
</para>
<para>
This option is only valid in combination with the
<option>-u</option> option. As a user identity
serves as
key to map between users on one hand and permissions, file
ownerships and other aspects that determine the system's
behavior on the other hand, more than one login name
will access the account of the given UID.
</para>
</listitem>
</varlistentry>
<varlistentry>
@ -281,13 +291,13 @@
</term>
<listitem>
<para>
The encrypted password, as returned by <citerefentry>
<refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
defines a new password for the user. PASSWORD is expected to
be encrypted, as returned by <citerefentry><refentrytitle>crypt
</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
<para>
<emphasis role="bold">Note:</emphasis> This option is not
recommended because the password (or encrypted password) will
<emphasis role="bold">Note:</emphasis> Avoid this option on the
command line because the password (or encrypted password) will
be visible by users listing the processes.
</para>
<para condition="pam">
@ -331,14 +341,13 @@
</term>
<listitem>
<para>
Apply changes in the <replaceable>PREFIX_DIR</replaceable>
directory and use the configuration files from the
<replaceable>PREFIX_DIR</replaceable> directory.
This option does not chroot and is intended for preparing
a cross-compilation target.
Some limitations: NIS and LDAP users/groups are not verified.
PAM authentication is using the host files.
No SELINUX support.
Apply changes within the directory tree starting with
<replaceable>PREFIX_DIR</replaceable> and use as well the
configuration files located there. This option does not
chroot and is intended for preparing a cross-compilation
target. Some limitations: NIS and LDAP users/groups are
not verified. PAM authentication is using the host
files. No SELINUX support.
</para>
</listitem>
</varlistentry>
@ -348,8 +357,9 @@
</term>
<listitem>
<para>
The path of the user's new login shell. Setting this field to
blank causes the system to select the default login shell.
changes the user's login shell. An empty string for SHELL blanks the
field in <filename>/etc/passwd</filename> and logs the user into the
system's default shell.
</para>
</listitem>
</varlistentry>
@ -359,7 +369,7 @@
</term>
<listitem>
<para>
The new numerical value of the user's ID.
The new value of the user's ID.
</para>
<para>
This value must be unique,
@ -418,7 +428,7 @@
Add a range of subordinate uids to the user's account.
</para>
<para>
This option may be specified multiple times to add multiple ranges to a users account.
This option may be specified multiple times to add multiple ranges to a user's account.
</para>
<para>
No checks will be performed with regard to
@ -436,7 +446,7 @@
Remove a range of subordinate uids from the user's account.
</para>
<para>
This option may be specified multiple times to remove multiple ranges to a users account.
This option may be specified multiple times to remove multiple ranges to a user's account.
When both <option>--del-subuids</option> and <option>--add-subuids</option> are specified,
the removal of all subordinate uid ranges happens before any subordinate uid range is added.
</para>
@ -456,7 +466,7 @@
Add a range of subordinate gids to the user's account.
</para>
<para>
This option may be specified multiple times to add multiple ranges to a users account.
This option may be specified multiple times to add multiple ranges to a user's account.
</para>
<para>
No checks will be performed with regard to
@ -474,7 +484,7 @@
Remove a range of subordinate gids from the user's account.
</para>
<para>
This option may be specified multiple times to remove multiple ranges to a users account.
This option may be specified multiple times to remove multiple ranges to a user's account.
When both <option>--del-subgids</option> and <option>--add-subgids</option> are specified,
the removal of all subordinate gid ranges happens before any subordinate gid range is added.
</para>
@ -491,12 +501,11 @@
</term>
<listitem>
<para>
The new SELinux user for the user's login.
</para>
<para>
A blank <replaceable>SEUSER</replaceable> will remove the
SELinux user mapping for user <replaceable>LOGIN</replaceable>
(if any).
defines the SELinux user to be mapped with
<replaceable>LOGIN</replaceable>. An empty string ("")
will remove the respective entry (if any). Note that the
shadow system doesn't store the selinux-user, it uses
semanage(8) for that.
</para>
</listitem>
</varlistentry>
@ -510,7 +519,8 @@
not executing any processes when this command is being executed if the
user's numerical user ID, the user's name, or the user's home
directory is being changed. <command>usermod</command> checks this
on Linux. On other platforms it only uses utmp to check if the user is logged in.
on Linux. On other operating systems it only uses utmp to check if
the user is logged in.
</para>
<para>
You must change the owner of any <command>crontab</command> files or
@ -545,43 +555,43 @@
<varlistentry>
<term><filename>/etc/group</filename></term>
<listitem>
<para>Group account information.</para>
<para>Group account information</para>
</listitem>
</varlistentry>
<varlistentry condition="gshadow">
<term><filename>/etc/gshadow</filename></term>
<listitem>
<para>Secure group account information.</para>
<para>Secure group account informatio.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/login.defs</filename></term>
<listitem>
<para>Shadow password suite configuration.</para>
<para>Shadow password suite configuration</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/passwd</filename></term>
<listitem>
<para>User account information.</para>
<para>User account information</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/shadow</filename></term>
<listitem>
<para>Secure user account information.</para>
<para>Secure user account information</para>
</listitem>
</varlistentry>
<varlistentry condition="subids">
<term><filename>/etc/subgid</filename></term>
<listitem>
<para>Per user subordinate group IDs.</para>
<para>Per user subordinate group IDs</para>
</listitem>
</varlistentry>
<varlistentry condition="subids">
<term><filename>/etc/subuid</filename></term>
<listitem>
<para>Per user subordinate user IDs.</para>
<para>Per user subordinate user IDs</para>
</listitem>
</varlistentry>
</variablelist>