Bug#1005253: [Pkg-shadow-devel] Bug#1005253: shadow: Improved manual page useradd.8
Hi Serge "Serge E. Hallyn" schrieb am 22. Februar 2022 > > With the exception of the "inactivity onset" "begin of inactivity" > > "grace period" problem, I would be able to edit the xml-file. But I > > think it spares you not much work. I re-editied the useradd.8.xml, "grace period" has been introduced. The changes reflect our discussion. I hope this version will do it. Thanks Best regards Markus --- shadow-4.8.1/man/useradd.8.xml 2020-01-17 16:47:56.0 +0100 +++ shadow-4.8.1_mh/man/useradd.8.xml 2022-02-23 12:05:52.330846912 +0100 @@ -143,11 +143,11 @@ - The default base directory for the system if -dHOME_DIR is not specified. - BASE_DIR is - concatenated with the account name to define the home directory. - If the -m option is not used, - BASE_DIR must exist. + The default base directory for the system if + -dHOME_DIR + is not specified. BASE_DIR is + concatenated with the account name to define the home + directory. If this option is not specified, useradd @@ -165,7 +165,7 @@ Any text string. It is generally a short description of the - login, and is currently used as the field for the user's full + account, and is currently used as the field for the user's full name. @@ -177,12 +177,14 @@ The new user will be created using - HOME_DIR as the value for the user's - login directory. The default is to append the + HOME_DIR as the value for the + user's login directory. The default is to append the LOGIN name to - BASE_DIR and use that as the login - directory name. The directory HOME_DIR - does not have to exist but will not be created if it is missing. + BASE_DIR and use that as the + login directory name. If the directory + HOME_DIR does not exist, then + it will be created unless the -M option + is specified. @@ -219,16 +221,19 @@ - The number of days after a password expires until the account is - permanently disabled. A value of 0 disables the account as soon - as the password has expired, and a value of -1 disables the - feature. +defines the number of days after the password exceeded its maximum +age during which the user may still login by immediately replacing + the password. This grace period before the account becomes inactive +is stored in the shadow password file. An input of 0 will disable an +expired password with no delay. An input of -1 will blank the +respective field in the shadow password file. See + shadow5 + for more information. - If not specified, useradd will use the - default inactivity period specified by the - INACTIVE variable in - /etc/default/useradd, or -1 by default. +If not specified, useradd will use the +INACTIVE variable in +/etc/default/useradd, or, -1 by default. @@ -238,7 +243,7 @@ - The group name or number of the user's initial login group. The + The name or the number of the user's primary group. The group name must exist. A group number must refer to an already existing group. @@ -249,7 +254,7 @@ set to yes (or -U/--user-group is specified on the command line), a group will be created for the user, with the same - name as her loginname. If the variable is set to + name as the loginname. If the variable is set to no (or -N/--no-user-group is specified on the command line), useradd will set the primary group of the new @@ -315,14 +320,17 @@ (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others). - - Example: -KPASS_MAX_DAYS=-1 - can be used when creating system account to turn off password - aging, even though system account has no password at all. - Multiple -K options can be specified, e.g.: - -KUID_MIN=100 - -KUID_MAX=499 + + Example: + -KPASS_MAX_DAYS + =-1 can be used + when creating an account to turn off password aging. + Multiple -K options can be specified, + e.g.: + -KUID_MIN + =100-K + UID_MAX=499
Bug#1005253: [Pkg-shadow-devel] Bug#1005253: shadow: Improved manual page useradd.8
Hi Serge, "Serge E. Hallyn" schrieb am 11. Februar 2022 um 18:13 > Thanks. The diff is especially helpful. Although a few of these hunks > appear to be just changes to the line breaks. > > @@ -219,14 +221,17 @@ > > > > > > > > - The number of days after a password expires until the account is > > - permanently disabled. A value of 0 disables the account as soon > > - as the password has expired, and a value of -1 disables the > > - feature. > > +defines the number of days after the password exceeded its > > maximum > > +age where the user is expected to replace this password. The > > value > > How about 'number of days after the password exceeded its maximum > age during which the user may login by immediately replacing this > password. The value is stored in the shadow password file.' I also thought that there is something better then "where the user..." > > > > If not specified, useradd will use the > > - default inactivity period specified by the > > + default inactivity onset specified by the > > "onset" is weird here. I looked up in a dictionary: "onset is the first attack or beginning (of something bad)" . There are similar usages: "onset of winter", a "hard onset" in phonetics, in medicine they speak of the "onset" of a disease. What do you think of "begin of inactivity"? You know I also suggested "grace period". But, expressing it this way, the connection to inactivity gets lost. I really dislike "inactivity period" as the user does not define the duration of inactivity but the number of days he will be able to do something against a shift of his account into the inactive state. > > INACTIVE variable in > > /etc/default/useradd, or -1 by default. > > > > @@ -237,8 +242,9 @@ > > -g, > > --gidGROUP > > > > > > + > > This i assume is leftover marker to be dropped. Sure. > > @@ -398,10 +407,18 @@ > > -o, --non-unique > > > > > > - Allow the creation of a user account with a duplicate > > (non-unique) UID. > > + > > + allows the creation of an account with an already existing > > + UID. > > + > > > > This option is only valid in combination with the > > - -u option. > > + -u option. As a user identity > > + serves as > > + key to map between users on one hand and permissions, file > > + ownerships and other aspects that determine the system's > > + behavior on the other hand, more than one login name > > + will access the account of the given UID. > > > > > > > > @@ -410,14 +427,25 @@ > > -p, > > --passwordPASSWORD > > > > > > + > Drop this? yes > > @@ -488,11 +516,11 @@ > > > > > > > > - The name of the user's login shell. The default is to leave this > > - field blank, which causes the system to select the default login > > - shell specified by the SHELL variable in > > - /etc/default/useradd, or an empty string > > - by default. > > +sets the path to the user's login shell. Without this option, > > +the system will use the SHELL variable > > specified > > + in /etc/default/useradd, or, if that is as > > + well not set, the field for the login shell in /etc/passwd > > + remains empty. > > > > > > > > @@ -533,13 +561,16 @@ > > > > > > > > - -Z, > > --selinux-userSEUSER > > + -Z, --selinux > > + -userSEUSER > Is the line break here accidental? Yes. I did not care for line breaks. This is a case where it would be better avoided or done in another way, without separation of --selinux-user. > > > > > > > > - The SELinux user for the user's login. The default is to leave this > > - field blank, which causes the system to select the default SELinux > > - user. > > + defines the SELinux user for the new account. Without this > > + option, a SELinux uses the default user. Note that the > > s/a SELinux/SELinux/ Yes. > > + shadow system doesn't store the selinux-user, it uses > > + semanage > > + 8 for that. > > > > > > > > @@ -561,7 +592,7 @@ > > > > > > > > - The path prefix for a new user's home directory. The > > + The path prefix for new users' home directory. The > > the 'a' is more natural in English. No problen, use the singular > > @@ -578,7 +609,8 @@ > > -e, > > --expiredateEXPIRE_DATE > > > > > > - The date on which the user account is disabled. > > + All of these can be be erased > > + The date on which newly created user accounts are > > disabled. > > > > This option sets the EXPIRE variable in > > /etc/default/useradd. > > @@ -590,9 +622,12 @@
Bug#1005253: [Pkg-shadow-devel] Bug#1005253: shadow: Improved manual page useradd.8
On Wed, Feb 09, 2022 at 11:18:04PM +0100, Markus Hiereth wrote: > Source: shadow > Version: 4.8.1 > Severity: normal > > Dear Serge, > > attached to this bugreport the improved file useradd.8.xml and a diff. > A last check is certainly reasonable. Thanks. The diff is especially helpful. Although a few of these hunks appear to be just changes to the line breaks. ... > --- shadow-4.8.1/man/useradd.8.xml2020-01-17 16:47:56.0 +0100 > +++ shadow-4.8.1_mh/man/useradd.8.xml 2022-02-09 23:09:13.241687932 +0100 > @@ -143,11 +143,11 @@ > > > > - The default base directory for the system if > -dHOME_DIR is not specified. > - BASE_DIR is > - concatenated with the account name to define the home directory. > - If the -m option is not used, > - BASE_DIR must exist. > + The default base directory for the system if > + -dHOME_DIR > + is not specified. BASE_DIR is > + concatenated with the account name to define the home > + directory. > > > If this option is not specified, useradd > @@ -165,7 +165,7 @@ > > > Any text string. It is generally a short description of the > - login, and is currently used as the field for the user's full > + account, and is currently used as the field for the user's full > name. > > > @@ -177,12 +177,14 @@ > > > The new user will be created using > - HOME_DIR as the value for the user's > - login directory. The default is to append the > + HOME_DIR as the value for the > + user's login directory. The default is to append the > LOGIN name to > - BASE_DIR and use that as the login > - directory name. The directory HOME_DIR > - does not have to exist but will not be created if it is missing. > + BASE_DIR and use that as the > + login directory name. If the directory > + HOME_DIR does not exist, then > + it will be created unless the -M option > + is specified. > > > > @@ -219,14 +221,17 @@ > > > > - The number of days after a password expires until the account is > - permanently disabled. A value of 0 disables the account as soon > - as the password has expired, and a value of -1 disables the > - feature. > +defines the number of days after the password exceeded its > maximum > +age where the user is expected to replace this password. The > value How about 'number of days after the password exceeded its maximum age during which the user may login by immediately replacing this password. The value is stored in the shadow password file.' > +is stored in the shadow password file. An input of 0 will > disable an > +expired password with no delay. An input of -1 will blank the > +respective field in the shadow password file. See > + shadow5 > +for more information. > > > If not specified, useradd will use the > - default inactivity period specified by the > + default inactivity onset specified by the "onset" is weird here. > INACTIVE variable in > /etc/default/useradd, or -1 by default. > > @@ -237,8 +242,9 @@ > -g, > --gidGROUP > > > + This i assume is leftover marker to be dropped. > > - The group name or number of the user's initial login group. The > + The name or the number of the user's primary group. The > group name must exist. A group number must refer to an already > existing group. > > @@ -249,7 +255,7 @@ > set to yes (or > -U/--user-group is specified on the command > line), a group will be created for the user, with the same > - name as her loginname. If the variable is set to > + name as the loginname. If the variable is set to > no (or > -N/--no-user-group is specified on the > command line), useradd will set the primary group of the new > @@ -315,14 +321,17 @@ > (UID_MIN, UID_MAX, > UMASK, PASS_MAX_DAYS > and others). > - > > - Example: > -KPASS_MAX_DAYS=-1 > - can be used when creating system account to turn off password > - aging, even though system account has no password at all. > - Multiple -K options can be specified, e.g.: > - > -KUID_MIN=100 > - > -KUID_MAX=499 > + > + Example: > + -KPASS_MAX_DAYS > + =-1 can be used > + when creating an account to turn off password aging. > + Multiple -K options can be specified, > + e.g.: > + -KUID_MIN > + =100-K > + UID_MAX=499
