diff -up shadow-4.3.1/man/groupmems.8.xml.manfix shadow-4.3.1/man/groupmems.8.xml --- shadow-4.3.1/man/groupmems.8.xml.manfix 2016-08-15 06:00:59.000000000 +0200 +++ shadow-4.3.1/man/groupmems.8.xml 2016-08-22 17:08:48.486332066 +0200 @@ -179,20 +179,10 @@ SETUP - The groupmems executable should be in mode - 2770 as user root and in group - groups. The system administrator can add users to - group groups to allow or disallow them using the - groupmems utility to manage their own group - membership list. + In this operating system the groupmems executable + is not setuid and regular users cannot use it to manipulate + the membership of their own group. - - - $ groupadd -r groups - $ chmod 2770 groupmems - $ chown root.groups groupmems - $ groupmems -g groups -a gk4 - diff -up shadow-4.3.1/man/chage.1.xml.manfix shadow-4.3.1/man/chage.1.xml --- shadow-4.3.1/man/chage.1.xml.manfix 2016-08-15 06:00:59.000000000 +0200 +++ shadow-4.3.1/man/chage.1.xml 2016-08-22 17:08:48.486332066 +0200 @@ -102,6 +102,9 @@ Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). + If the LAST_DAY is set to + 0 the user is forced to change his password + on the next log on. @@ -119,6 +122,13 @@ system again. + For example the following can be used to set an account to expire + in 180 days: + + + chage -E $(date -d +180days +%Y-%m-%d) + + Passing the number -1 as the EXPIRE_DATE will remove an account expiration date. diff -up shadow-4.3.1/man/ja/man5/login.defs.5.manfix shadow-4.3.1/man/ja/man5/login.defs.5 --- shadow-4.3.1/man/ja/man5/login.defs.5.manfix 2016-08-15 06:00:59.000000000 +0200 +++ shadow-4.3.1/man/ja/man5/login.defs.5 2016-08-22 17:08:48.486332066 +0200 @@ -147,10 +147,6 @@ 以下の参照表は、 shadow パスワード機能のどのプログラムが どのパラメータを使用するかを示したものである。 .na -.IP chfn 12 -CHFN_AUTH CHFN_RESTRICT -.IP chsh 12 -CHFN_AUTH .IP groupadd 12 GID_MAX GID_MIN .IP newusers 12 diff -up shadow-4.3.1/man/login.defs.5.xml.manfix shadow-4.3.1/man/login.defs.5.xml --- shadow-4.3.1/man/login.defs.5.xml.manfix 2016-08-15 06:00:59.000000000 +0200 +++ shadow-4.3.1/man/login.defs.5.xml 2016-08-22 17:08:48.487332069 +0200 @@ -162,6 +162,17 @@ long numeric parameters is machine-dependent. + + Please note that the parameters in this configuration file control the + behavior of the tools from the shadow-utils component. None of these + tools uses the PAM mechanism, and the utilities that use PAM (such as the + passwd command) should be configured elsewhere. The only values that + affect PAM modules are ENCRYPT_METHOD and SHA_CRYPT_MAX_ROUNDS + for pam_unix module, FAIL_DELAY for pam_faildelay module, + and UMASK for pam_umask module. Refer to + pam(8) for more information. + + The following configuration items are provided: @@ -252,16 +263,6 @@ - chfn - - - CHFN_AUTH - CHFN_RESTRICT - LOGIN_STRING - - - - chgpasswd @@ -282,14 +283,6 @@ - - chsh - - - CHSH_AUTH LOGIN_STRING - - - @@ -350,34 +343,6 @@ - - login - - - CONSOLE - CONSOLE_GROUPS DEFAULT_HOME - ENV_HZ ENV_PATH ENV_SUPATH - ENV_TZ ENVIRON_FILE - ERASECHAR FAIL_DELAY - FAILLOG_ENAB - FAKE_SHELL - FTMP_FILE - HUSHLOGIN_FILE - ISSUE_FILE - KILLCHAR - LASTLOG_ENAB - LOGIN_RETRIES - LOGIN_STRING - LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB - MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE - MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB - QUOTAS_ENAB - TTYGROUP TTYPERM TTYTYPE_FILE - ULIMIT UMASK - USERGROUPS_ENAB - - - newgrp / sg @@ -405,17 +370,6 @@ - - passwd - - - ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB - PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN - SHA_CRYPT_MAX_ROUNDS - SHA_CRYPT_MIN_ROUNDS - - - pwck @@ -442,32 +396,6 @@ - - su - - - CONSOLE - CONSOLE_GROUPS DEFAULT_HOME - ENV_HZ ENVIRON_FILE - ENV_PATH ENV_SUPATH - ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB - MAIL_DIR MAIL_FILE QUOTAS_ENAB - SULOG_FILE SU_NAME - SU_WHEEL_ONLY - SYSLOG_SU_ENAB - USERGROUPS_ENAB - - - - - sulogin - - - ENV_HZ - ENV_TZ - - - useradd diff -up shadow-4.3.1/man/shadow.5.xml.manfix shadow-4.3.1/man/shadow.5.xml --- shadow-4.3.1/man/shadow.5.xml.manfix 2016-08-15 06:00:59.000000000 +0200 +++ shadow-4.3.1/man/shadow.5.xml 2016-08-22 17:08:48.487332069 +0200 @@ -208,8 +208,8 @@ After expiration of the password and this expiration period is - elapsed, no login is possible using the current user's - password. The user should contact her administrator. + elapsed, no login is possible for the user. + The user should contact her administrator. An empty field means that there are no enforcement of an diff -up shadow-4.3.1/man/useradd.8.xml.manfix shadow-4.3.1/man/useradd.8.xml --- shadow-4.3.1/man/useradd.8.xml.manfix 2016-08-22 17:08:48.446331961 +0200 +++ shadow-4.3.1/man/useradd.8.xml 2016-08-22 17:08:48.487332069 +0200 @@ -347,6 +347,11 @@ is not enabled, no home directories are created. + + The directory where the user's home directory is created must + exist and have proper SELinux context and permissions. Otherwise + the user's home directory cannot be created or accessed. + diff -up shadow-4.3.1/man/usermod.8.xml.manfix shadow-4.3.1/man/usermod.8.xml --- shadow-4.3.1/man/usermod.8.xml.manfix 2016-08-15 06:00:59.000000000 +0200 +++ shadow-4.3.1/man/usermod.8.xml 2016-08-22 17:08:48.487332069 +0200 @@ -132,7 +132,8 @@ If the option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does - not already exist. + not already exist. If the current home directory does not exist + the new home directory will not be created. @@ -256,7 +257,8 @@ Move the content of the user's home directory to the new - location. + location. If the current home directory does not exist + the new home directory will not be created. This option is only valid in combination with the