Shadow Password Suite (part 5 of 5)
John F Haugh II
jfh at rpp386.cactus.org
Thu Dec 13 05:49:35 AEST 1990
#! /bin/sh
# This is a shell archive, meaning:
# 1. Remove everything above the #! /bin/sh line.
# 2. Save the resulting text in a file.
# 3. Execute the file with /bin/sh (not csh) to create:
# chage.1
# chfn.1
# chsh.1
# login.1
# passwd.1
# su.1
# shadow.3
# faillog.4
# passwd.4
# porttime.4
# shadow.4
# faillog.8
# pwconv.8
# pwunconv.8
# sulogin.8
# This archive created: Wed Dec 12 12:37:26 1990
# By: John F Haugh II (River Parishes Programming, Austin TX)
export PATH; PATH=/bin:/usr/bin:$PATH
echo shar: "extracting 'chage.1'" '(1879 characters)'
if test -f 'chage.1'
then
echo shar: "will not over-write existing file 'chage.1'"
else
sed 's/^X//' << \SHAR_EOF > 'chage.1'
X.\" Copyright 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)chage.1 2.1.1.1 09:07:05 11/26/90
X.\"
X.TH CHAGE 1
X.SH NAME
Xchage \- change user password expirate information
X.SH SYNOPSIS
X\fBchage\fR [ \fB-m \fImindays\fR ] [ \fB-M \fImaxdays\fR ] [ \fB-d \fIlastday\fR ] \fIuser\fR
X.SH DESCRIPTION
X\fIchage\f changes the number of days between password changes and the
Xdate of the last password change.
XThis information is used by the system to determine when a user must
Xchange their password.
XThe \fIchage\f command is restricted to the root user.
X.PP
XThe value of \fImindays\f is the minimum number of days between
Xpassword changes.
XA value of zero for this field indicates that the user may change
Xher password at any time.
X.PP
XThe value of \fImaxdays\f is the maximum number of days during
Xwhich a password is valid.
XWhen \fImaxdays\f plus \fIlastday\f is less than the current day,
Xthe user will be required to change her password before being
Xable to use her account.
X.PP
XThe value of \fIlastday\f is the number of days since January 1st,
X1970 when the password was last changed.
X.PP
XAll of the above values are stored exactly as days when the shadow
Xpassword file is used, but are converted to and from weeks when the
Xstandard password file is used.
XBecause of this conversion, rounding errors may result.
X.PP
XIf none of the options are selected, \fIchage\f operates in an interactive
Xfashion, prompting the user with the current values for all of the fields.
XEnter the new value to change the field, or leave the line blank to use
Xthe current value.
XThe current value is displayed between a pair of \fB[ ]\f marks.
X.SH Files
X/etc/passwd \- user account information
X.br
X/etc/shadow \- shadow user account information
X.SH See Also
Xpasswd(4),
Xshadow(4)
SHAR_EOF
if test 1879 -ne "`wc -c < 'chage.1'`"
then
echo shar: "error transmitting 'chage.1'" '(should have been 1879 characters)'
fi
fi
echo shar: "extracting 'chfn.1'" '(1602 characters)'
if test -f 'chfn.1'
then
echo shar: "will not over-write existing file 'chfn.1'"
else
sed 's/^X//' << \SHAR_EOF > 'chfn.1'
X.\" Copyright 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)chfn.1 2.1.1.1 09:07:07 11/26/90
X.\"
X.TH CHFN 1
X.SH NAME
Xchfn \- change user name and information
X.SH SYNOPSIS
X\fBchfn\fR [ \fB-f \fIfull_name\fR ] [ \fB-r \fIroom_no\fR ]
X.br
X[ \fB-w \fIwork_ph\fR ] [ \fB-h \fIhome_ph\fR ] [ \fB-o \fIother\fR ]
X[ \fIuser\fR ]
X.SH DESCRIPTION
X\fIchfn\f changes user fullname, office number, office extension, and home
Xphone number information for a user's account.
XThis information is typically printed by \fIfinger(1)\f and similiar
Xprograms.
XA normal user may only change the fields for their own account,
Xthe super user may change the fields for any account.
XAlso, only the super user may use the \fB-o\f option to change the
Xundefined portions of the GCOS field.
X.PP
XThe only restrictions placed on the contents of the fields is that no
Xcontrol characters may be present, nor any of comma, colon, or equal sign.
XThe \fIother\f field does not have this restriction, and is used to
Xstore accounting information used by other applications.
X.PP
XIf none of the options are selected, \fIchfn\f operates in an interactive
Xfashion, prompting the user with the current values for all of the fields.
XEnter the new value to change the field, or leave the line blank to use
Xthe current value.
XThe current value is displayed between a pair of \fB[ ]\f marks.
XWithout options, chfn prompts for the current user account.
X.SH Files
X/etc/passwd \- user account information
X.SH See Also
Xpasswd(4)
SHAR_EOF
if test 1602 -ne "`wc -c < 'chfn.1'`"
then
echo shar: "error transmitting 'chfn.1'" '(should have been 1602 characters)'
fi
fi
echo shar: "extracting 'chsh.1'" '(1479 characters)'
if test -f 'chsh.1'
then
echo shar: "will not over-write existing file 'chsh.1'"
else
sed 's/^X//' << \SHAR_EOF > 'chsh.1'
X.\" Copyright 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)chsh.1 1.1.1.1 09:07:08 11/26/90
X.\"
X.TH CHSH 1
X.SH NAME
Xchsh \- change login shell
X.SH SYNOPSIS
X\fBchsh\fR [ \fB-s \fIlogin_shell\fR ] [ \fIuser\fR ]
X.SH DESCRIPTION
X\fIchsh\f changes the user login shell.
XThis determines the name of the user's initial login command.
XA normal user may only change the login shell for their own account,
Xthe super user may change the login shell for any account.
X.PP
XThe only restrictions placed on the login shell is that the
Xcommand name must be listed in \fB/etc/shells\fR, unless the
Xinvoker is the super-user, and then any value may be added.
XAn account with a restricted login shell may not change
Xtheir login shell.
XFor this reason, placing \fB/bin/rsh\fR in \fB/etc/shells\fR
Xis discouraged since accidentally changing to a restricted
Xshell would prevent the user from every changing their login
Xshell back to its original value.
X.PP
XIf the \fB-s\fR option is not selected, \fIchsh\f operates in an interactive
Xfashion, prompting the user with the current login shell.
XEnter the new value to change the field, or leave the line blank to use
Xthe current value.
XThe current value is displayed between a pair of \fB[ ]\f marks.
X.SH Files
X/etc/passwd \- user account information
X.br
X/etc/shells \- list of valid login shells
X.SH See Also
Xchfn(1),
Xpasswd(4)
SHAR_EOF
if test 1479 -ne "`wc -c < 'chsh.1'`"
then
echo shar: "error transmitting 'chsh.1'" '(should have been 1479 characters)'
fi
fi
echo shar: "extracting 'login.1'" '(3348 characters)'
if test -f 'login.1'
then
echo shar: "will not over-write existing file 'login.1'"
else
sed 's/^X//' << \SHAR_EOF > 'login.1'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)login.1 2.1.1.1 09:07:10 11/26/90
X.\"
X.TH LOGIN 1
X.SH NAME
Xlogin \- Begin session on the system
X.SH SYNOPSIS
X.B login
X[ username [ environmental-variables ] ]
X.SH DESCRIPTION
X.I login
Xis used to establish a new session with the system.
XIt is normally invoked automatically by responding to the
X.B login:
Xprompt on the user\'s terminal.
X.I login
Xmay be special to the shell and may not be invoked as a sub-process.
XTypically,
X.I login
Xis treated by the shell as \fBexec login\fR which causes the user
Xto exit from the current shell.
XAttempting to execute \fIlogin\fR from any shell but the login shell
Xwill produce an error message.
X.PP
XWhen invoked from the \fBlogin:\fR prompt, the user may enter
Xenvironmental variables after the username.
XThese variables are entered in the form \fBNAME=VALUE\fR.
XNot all variables may be set in the fashion, notably \fBPATH\fR,
X\fBHOME\fR and \fBSHELL\fR.
XAdditionally, \fBIFS\fR may be inhibited if the user\'s login
Xshell is \fB/bin/sh\fR.
X.PP
XThe user is then prompted for a password, where appropriate.
XEchoing is disabled to prevent revealing the password.
XOnly a small number of password failures are permitted before
X\fIlogin\fR exits and the communications link is severed.
X.PP
XIf password aging has been enabled for your account, you may be
Xprompted for a new password before proceeding.
XYou will be forced to provide your old password and the new
Xpassword before continuing.
XPlease refer to \fIpasswd(1)\fR for more information.
X.PP
XAfter a successful login,
Xyou will be informed of any system messages and the presence
Xof mail.
XYou may turn off the printing of the system message file,
X\fI/etc/motd\fR, by creating a zero-length file \fI.hushlogin\fR
Xin your login directory.
XThe mail message will be one of "\fIYou have new mail.\fR",
X"\fIYou have mail.\fR", or "\fINo Mail.\fR" according to
Xthe condition of your mailbox.
X.PP
XYour user and group ID will be set according to their values in
Xthe \fI/etc/passwd\fR file.
XThe value for \fB$HOME\fR, \fB$SHELL\fR, \fB$PATH\fR, \fB$LOGNAME\fR,
Xand \fB$MAIL\fR are set according to the appropriate fields in the
Xpassword entry.
XUlimit, umask and nice values may also be set according to
Xentries in the GECOS field.
X.PP
XOn some installations, the environmental variable \fB$TERM\fR will be
Xinitialize to the terminal type on your tty line, as specified in
X\fI/etc/ttytype\fR.
X.PP
XAn initialization script for your command interpreter may also be
Xexecuted.
XPlease see the appropriate manual section for more information on
Xthis function.
X.SH CAVEATS
X.PP
XThis version of \fIlogin\fR has many compilation options, only some of which
Xmay be in use at any particular site.
X.SH Files
X/etc/utmp \- list of current login sessions
X.br
X/etc/wtmp \- list of previous login sessions
X.br
X/etc/passwd \- user account information
X.br
X/etc/shadow \- encrypted passwords and age information
X.br
X/etc/motd \- system message file
X.br
X/etc/ttytype \- list of terminal types
X.br
X$HOME/.profile \- initialization script for default shell
X.br
X$HOME/.hushlogin \- suppress printing of system messages
X.br
X.SH See Also
X.PP
Xgetty(1M),
Xmail(1),
Xpasswd(1),
Xsh(1),
Xsu(1),
Xd_passwd(4),
Xpasswd(4)
SHAR_EOF
if test 3348 -ne "`wc -c < 'login.1'`"
then
echo shar: "error transmitting 'login.1'" '(should have been 3348 characters)'
fi
fi
echo shar: "extracting 'passwd.1'" '(4120 characters)'
if test -f 'passwd.1'
then
echo shar: "will not over-write existing file 'passwd.1'"
else
sed 's/^X//' << \SHAR_EOF > 'passwd.1'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)passwd.1 2.2.1.1 09:07:11 11/26/90
X.\"
X.TH PASSWD 1
X.SH NAME
Xpasswd \- change user password
X.SH SYNOPSIS
X\fBpasswd\fR [ \fB-f\fR ] [ \fIname\fR ]
X.br
X\fBpasswd\fR [ \fB-g\fR ] [ \fB-r\fR ] \fIgroup\fR
X.SH DESCRIPTION
X\fIpasswd\f changes passwords for user accounts.
XA normal user may only change the password for their own account,
Xthe super user may change the password for any account.
X.PP
XThe user is first prompted for their old password,
Xif one is present.
XThis password is then encrypted and compared against the
Xstored password.
XThe user has only one chance to enter the correct password.
XThe super user is permitted to bypass this step so that forgotten
Xpasswords may be changed.
X.PP
XAfter the password has been entered password aging information
Xis checked to see if the user is permitted to change their password
Xat this time.
XIf not, \fIpasswd\fR refuses to change the password and exits.
X.PP
XThe user is then prompted for a replacement password.
XThis password is tested for complexity.
XAs a general guideline,
Xpasswords should consist of 6 to 8 characters including
Xone or more from each of following sets:
X.IP "" .5i
XLower case alphabetics
X.IP "" .5i
XUpper case alphabetics
X.IP "" .5i
XDigits 0 thru 9
X.IP "" .5i
XPunctuation marks
X.PP
XCare must be taken not to include the system default erase
Xor kill characters.
X\fIpasswd\fR will reject any password which is not suitably
Xcomplex.
X.PP
XIf the password is accepted,
X\fIpasswd\fR will prompt again and compare the second entry
Xagainst the first.
XBoth entries are require to match in order for the password
Xto be changed.
X.PP
XWhen the \fB-g\f option is used, the password for the named
Xgroup is changed.
XThe user must either be the super user, or the first group
Xmember listed for the named group.
XThe current group password is not prompted for.
XThe \fB-r\f option is used with the \fB-g\f option to remove
Xthe current password from the named group.
X.SH Hints for user passwords
XThe security of a password depends upon the strength of the
Xencryption algorithm and the size of the key space.
XThe \fB\s-2UNIX\s+2\fR System encryption method is based on
Xthe NBS DES algorithm and is very secure.
XThe size of the key space depends upon the randomness of the
Xpassword which is selected.
X.PP
XCompromises in password security normally result from careless
Xpassword selection or handling.
XFor this reason, you should select a password which does not
Xappear in a dictionary or which must be written down.
XThe password should also not be a proper name, your license
Xnumber, birth date, or street address.
XAny of these may be used as guesses to violate system security.
X.PP
XYour password must easily remembered so that you will not
Xbe forced to write it on a piece of paper.
XThis can be accomplished by appending two small words together
Xand separating each with a special character or digit.
XFor example, Pass%word.
X.PP
XOther methods of construction involve selecting an easily
Xremembered phrase from literature and selecting the first
Xor last letter from each.
XAn example of this is
X.IP "" .5i
XAsk not for whom the bell tolls.
X.PP
Xwhich produces
X.IP "" .5i
XAn4wtbt.
X.PP
XYou may be reasonably sure few crackers will have
Xincluded this in their dictionary.
X.SH Notes about group passwords
XGroup passwords are an inherent security problem since more
Xthan one person is permitted to know the password.
XHowever, groups are a useful tool for permitting co-operation
Xbetween different users.
X.SH CAVEATS
XNot all options may be supported.
XPassword complexity checking may vary from site to site.
XThe user is urged to select as complex a password as they
Xfeel comfortable with.
XA \fB-f\fR option exists to permit the superuser to override
Xany password complexity testing;
Xnormal users must create passwords which pass the complexity
Xtest.
X.SH Files
X/etc/passwd \- user account information
X.br
X/etc/shadow \- encrypted user passwords
X.SH See Also
Xpasswd(3),
Xshadow(3),
Xgroup(4),
Xpasswd(4)
SHAR_EOF
if test 4120 -ne "`wc -c < 'passwd.1'`"
then
echo shar: "error transmitting 'passwd.1'" '(should have been 4120 characters)'
fi
fi
echo shar: "extracting 'su.1'" '(1701 characters)'
if test -f 'su.1'
then
echo shar: "will not over-write existing file 'su.1'"
else
sed 's/^X//' << \SHAR_EOF > 'su.1'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)su.1 2.1.1.1 09:07:13 11/26/90
X.\"
X.TH SU 1
X.SH NAME
Xsu \- Change user ID or become super-user
X.SH SYNOPSIS
X.B su
X[ - ] [ username [ args ] ]
X.SH DESCRIPTION
X.I su
Xis used to become another user during a login session.
XInvoked without a username, \fIsu\fR defaults to becoming
Xthe super user.
XThe optional argument \fB\-\fR may be used to provide an
Xenvironment similiar to what the user would expect had
Xthe user logged in directly.
X.PP
XAdditional arguments may be provided after the username,
Xin which case they are supplied to the user\'s login shell.
XIn particular, an argument of \fB-c\fR will cause the
Xnext argument to be treated as a command by most command
Xinterpreters.
XThe command will be executed under the shell specified by
X\fB$SHELL\fR, or if undefined, by the one specified in
X\fI/etc/passwd\fR.
X.PP
XThe user will be prompted for a password, if appropriate.
XInvalid passwords will produce an error message.
XAll attempts, both valid and invalid, are logged to detect
Xabuses of the system.
X.PP
XThe current environment is passed to the new shell.
XThe value of \fB$PATH\fR is reset to \fB/bin:/usr/bin\fR
Xfor normal users, or \fB/bin:/usr/bin:/etc\fR for the super user.
X.SH CAVEATS
X.PP
XThis version of \fIsu\fR has many compilation options, only some of which
Xmay be in use at any particular site.
X.SH Files
X/etc/passwd \- user account information
X.br
X/etc/shadow \- encrypted passwords and age information
X.br
X$HOME/.profile \- initialization script for default shell
X.SH See Also
Xlogin(1),
Xsh(1)
SHAR_EOF
if test 1701 -ne "`wc -c < 'su.1'`"
then
echo shar: "error transmitting 'su.1'" '(should have been 1701 characters)'
fi
fi
echo shar: "extracting 'shadow.3'" '(2117 characters)'
if test -f 'shadow.3'
then
echo shar: "will not over-write existing file 'shadow.3'"
else
sed 's/^X//' << \SHAR_EOF > 'shadow.3'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)shadow.3 2.1.1.1 09:07:15 11/26/90
X.\"
X.TH SHADOW 3
X.SH NAME
Xshadow \- encrypted password file routines
X.SH Syntax
X.IP "" .5i
X#include <shadow.h>
X.IP "" .5i
Xstruct spwd *getspent();
X.br
Xstruct spwd *getspnam(char * name);
X.br
Xvoid setspent();
X.br
Xvoid endspent();
X.br
Xstruct spwd *fgetspent(FILE *fp);
X.br
Xint putspent(struct spwd *p,FILE *fp);
X.SH DESCRIPTION
X.I shadow
Xmanipulates the contents of the shadow password file,
X\fB/etc/shadow\fR.
XThe structure in the \fI#include\fR file is
X.IP "" .5i
Xstruct spwd {
X.br
X char *sp_namp; /* user login name */
X.br
X char *sp_pwdp; /* encrypted password */
X.br
X long sp_lstchg; /* last password change */
X.br
X int sp_max; /* days before change required */
X.br
X int sp_min; /* days until change allowed. */
X.br
X}
X.PP
XThe meanings of each field are
X.IP "" .5i
Xsp_namp \- pointer to null-terminated user name.
X.IP "" .5i
Xsp_pwdp \- pointer to null-terminated password.
X.IP "" .5i
Xsp_lstchg \- days since Jan 1, 1970 password was last changed.
X.IP "" .5i
Xsp_max \- days after which password must be changed
X.IP "" .5i
Xsp_min \- days before which password may not be changed.
X.SH Description
X\fIgetspent\fR, \fIgetspname\fR, and \fIfgetspent\fR each return
Xa pointer to a \fBstruct spent\fR.
X\fIgetspent\fR returns the
Xnext entry from the file, and \fIfgetspent\fR returns the next
Xentry from the given stream, which is assumed to be a file of
Xthe proper format.
X\fIgetspnam\fR searches from the current position in the file for
Xan entry matching \fIname\fR.
X.PP
X\fIsetspent\fR and \fIendspent\fR may be used to begin and end,
Xrespectively, access to the shadow password file.
X.SH Diagnostics
XRoutines return NULL if no more entries are available or if an
Xerror occurs during processing.
X.SH Caveats
XThese routines may only be used by the super user as access to
Xthe shadow password file is restricted.
X.SH Files
X/etc/shadow \- encrypted user passwords
X.SH See Also
Xgetpwent(3),
Xshadow(4)
SHAR_EOF
if test 2117 -ne "`wc -c < 'shadow.3'`"
then
echo shar: "error transmitting 'shadow.3'" '(should have been 2117 characters)'
fi
fi
echo shar: "extracting 'faillog.4'" '(973 characters)'
if test -f 'faillog.4'
then
echo shar: "will not over-write existing file 'faillog.4'"
else
sed 's/^X//' << \SHAR_EOF > 'faillog.4'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)faillog.4 2.1.1.1 09:07:16 11/26/90
X.\"
X.TH FAILLOG 4
X.SH NAME
Xfaillog \- Login failure logging file
X.SH DESCRIPTION
X.I faillog
Xmaintains a count of login failures and the limits for each account.
XThe file is fixed length record, indexed by numerical UID.
XEach record contains the count of login failures since the last
Xsuccessful login;
Xthe maximum number of failures before the account is disabled;
Xthe line the last login failure occured on;
Xand the date the last login failure occured.
X.PP
XThe structure of the file is
X.DS
X
X struct faillog {
X short fail_cnt;
X short fail_max;
X char fail_line[12];
X time_t fail_time;
X };
X
X.DE
X.SH Files
X/usr/adm/faillog \- login failure log
X.SH See Also
Xfaillog(8)
SHAR_EOF
if test 973 -ne "`wc -c < 'faillog.4'`"
then
echo shar: "error transmitting 'faillog.4'" '(should have been 973 characters)'
fi
fi
echo shar: "extracting 'passwd.4'" '(2524 characters)'
if test -f 'passwd.4'
then
echo shar: "will not over-write existing file 'passwd.4'"
else
sed 's/^X//' << \SHAR_EOF > 'passwd.4'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)passwd.4 2.1.1.1 09:07:17 11/26/90
X.\"
X.TH PASSWD 4
X.SH NAME
Xpasswd \- The password file
X.SH DESCRIPTION
X.I passwd
Xcontains various pieces of information for each user account.
XIncluded is
X.IP "" .5i
XLogin name
X.IP "" .5i
XOptional encrypted password
X.IP "" .5i
XNumerical user ID
X.IP "" .5i
XNumerical group ID
X.IP "" .5i
XUser name or comment field
X.IP "" .5i
XUser home directory
X.IP "" .5i
XUser command interpreter
X.PP
XThe password field may not be filled if shadow passwords
Xhave been enabled.
XIf shadow passwords are being used, the encrypted password will
Xbe found in \fB/etc/shadow\fR.
XThe encryped password consists of 13 characters from the
X64 character alphabet
Xa thru z, A thru Z, 0 thru 9, \. and /.
XRefer to \fIcrypt(3)\fR for details on how this string is
Xinterpreted.
X.PP
XAn optional password age string may follow the encrypted
Xpassword, separated by a comma, from the same alphabet
Xas the password itself.
XThe first character gives the number of weeks during which the
Xpassword is valid.
XThe second character gives the number of weeks which must pass
Xbefore the user is permitted to change the password.
XThe last two characters give the week since Jan 1970 when the
Xpassword was last changed.
XWhen the number of weeks during which the password is valid
Xhave passed, the user will be required to provide a new
Xpassword.
X.PP
XThe comment field is used by various system utilities, such as
X\fIfinger(1)\fR.
XThree additional values may be present in the comment field.
XThey are
X.IP "" .5i
Xpri= \- set initial value of nice
X.IP "" .5i
Xumask= \- set initial value of umask
X.IP "" .5i
Xulimit= \- set initial value of ulimit
X.PP
XThese fields are separated from each other and from any other
Xcomment field by a comma.
X.PP
XThe home directory field provides the name of the initial
Xworking directory.
X\fILogin\fR uses this information to set the value of
Xthe \fBHOME\fR environmental variable.
X.PP
XThe command interpreter field provides the name of the user's
Xcommand language interpreter, or the name of the initial program
Xto execute.
X\fILogin\fR uses this information to set the value of the
X\fBSHELL\fR environmental variable.
XIf this field is empty, it defaults to the value \fB/bin/sh\fR.
X.SH Files
X/etc/passwd \- user account information
X.SH See Also
Xlogin(1),
Xpasswd(1),
Xsu(1),
Xsulogin(1M),
Xshadow(4),
Xpwconv(8),
Xpwunconv(8)
SHAR_EOF
if test 2524 -ne "`wc -c < 'passwd.4'`"
then
echo shar: "error transmitting 'passwd.4'" '(should have been 2524 characters)'
fi
fi
echo shar: "extracting 'porttime.4'" '(1867 characters)'
if test -f 'porttime.4'
then
echo shar: "will not over-write existing file 'porttime.4'"
else
sed 's/^X//' << \SHAR_EOF > 'porttime.4'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)porttime.4 2.1.1.1 09:07:19 11/26/90
X.\"
X.TH PORTTIME 4
X.SH NAME
Xporttime \- port access time file
X.SH DESCRIPTION
X.I porttime
Xcontains a list of tty device, user name, and permitted login times.
X.PP
XEach entry consists of three colon separated fields.
XThe first field is the name of the tty device, or an asterisk to
Xindicate that all tty devices are matched by this entry.
XThe second field is a comma separated list of user names, or an
Xasterisk to indicated that all user names are matched by this entry.
XThe third field is a comma separated list of permitted access times.
X.PP
XEach access time entry consists of zero or more days of the week,
Xabbreviated \fBSu\fR, \fBMo\fR, \fBTu\fR, \fBWe\fR, \fBTh\fR,
X\fBFr\fR, and \fBSa\fR, followed by a pair of times separated by
Xa hyphen.
XThe abbreviation \fBWk\fR may be used to represent Monday thru Friday,
Xand \fBAl\fR may be used to indicate every day.
XIf no days are given, \fBAl\fR is assumed.
X.SH Examples
XThe following entry allows access to user \fBjfh\fR on every port
Xduring weekdays from 9am to 5pm.
X.br
X.sp 1
X*:jfh:Wk0900-1700
X.br
X.sp 1
XThe following entries allow access only to the users \fBroot\fR and
X\fBoper\fR on /dev/console at any time. This illustrates how the
X\fB/etc/porttime\fR file is an ordered list of access times. Any
Xother user would match the second entry which does not permit
Xaccess at any time.
X.br
X.sp 1
Xconsole:root,oper:Al0000-2400
X.br
Xconsole:*:
X.br
X.sp 1
XThe following entry allows access for the user \fBgames\fR on any
Xport during non-working hours.
X.br
X.sp 1
X*:games:Wk1700-0900,SaSu0000-2400
X.br
X.sp 1
X.SH Files
X/etc/porttime \- file containing port access times
X.SH See Also
Xlogin(1)
SHAR_EOF
if test 1867 -ne "`wc -c < 'porttime.4'`"
then
echo shar: "error transmitting 'porttime.4'" '(should have been 1867 characters)'
fi
fi
echo shar: "extracting 'shadow.4'" '(1594 characters)'
if test -f 'shadow.4'
then
echo shar: "will not over-write existing file 'shadow.4'"
else
sed 's/^X//' << \SHAR_EOF > 'shadow.4'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)shadow.4 2.1.1.1 09:07:21 11/26/90
X.\"
X.TH SHADOW 4
X.SH NAME
Xshadow \- encrypted password file
X.SH DESCRIPTION
X.I shadow
Xcontains the encrypted password information for user's accounts
Xand optional the password aging information.
XIncluded is
X.IP "" .5i
XLogin name
X.IP "" .5i
XEncrypted password
X.IP "" .5i
XDate password last changed
X.IP "" .5i
XDays before password may be changed
X.IP "" .5i
XDays after which password must be changed
X.PP
XThe password field must be filled.
XThe encryped password consists of 13 characters from the
X64 character alphabet
Xa thru z, A thru Z, 0 thru 9, \. and /.
XRefer to \fIcrypt(3)\fR for details on how this string is
Xinterpreted.
X.PP
XThe date of the last password change is given as the number
Xof days since Jan 1, 1970.
XThe password may not be changed again until the proper number
Xof days have passed, and must be changed after the maximum
Xnumber of days.
XIf the minimum number of days required is greater than the
Xmaximum number of day allowed, this password may not be
Xchanged by the user.
X.PP
XThis information supercedes any password or password age
Xinformation present in \fB/etc/passwd\fR.
X.PP
XThis file must not be readable by regular users if password
Xsecurity is to be maintained.
X.SH Files
X/etc/passwd \- user account information
X.br
X/etc/shadow \- encrypted user passwords
X.SH See Also
Xlogin(1),
Xpasswd(1),
Xsu(1),
Xsulogin(1M),
Xpasswd(4),
Xpwconv(8),
Xpwunconv(8)
SHAR_EOF
if test 1594 -ne "`wc -c < 'shadow.4'`"
then
echo shar: "error transmitting 'shadow.4'" '(should have been 1594 characters)'
fi
fi
echo shar: "extracting 'faillog.8'" '(2034 characters)'
if test -f 'faillog.8'
then
echo shar: "will not over-write existing file 'faillog.8'"
else
sed 's/^X//' << \SHAR_EOF > 'faillog.8'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)faillog.8 2.1.1.1 09:07:22 11/26/90
X.\"
X.TH FAILLOG 8
X.SH NAME
Xfaillog \- examine faillog and set login failure limits
X.SH SYNOPSIS
X/etc/faillog [ -u uid ] [ -t days ] [ -m max ] [ -pr ]
X.SH DESCRIPTION
X\fIPlastlog\fR formats the contents of the failure log,
X\fI/usr/adm/faillog\fR, and maintains failure counts and
Xlimits.
XThe order of the arguments to \fIfaillog\fR is significant.
XEach argument is processed immediately in the order given.
X.PP
XThe \fB-p\fR flag causes failure entries to be printed in UID
Xorder.
XEntering \fB-u login-name\fR flag will
Xcause the failure record for \fBlogin-name\fR only to be printed.
XEntering \fB-t days\fR will cause only the
Xfailures more recent than \fBdays\fR to be printed.
XThe \fB-t\fR flag overrides the use of \fB-u\fR.
X.PP
XThe \fB-r\fR flag is used to reset the count of login failures.
XWrite access to \fI/usr/adm/faillog\fR is required for
Xthis option.
XEntering \fB-u login-name\fR will cause only the failure count
Xfor \fBlogin-name\fR to be reset.
X.PP
XThe \fB-m\fR flag is used to set the maximum number of login
Xfailures before the account is disabled.
XWrite access to \fB/usr/adm/faillog\fR is required for this
Xoption.
XEntering \fB-m max\fR will cause all accounts to be disabled
Xafter \fBmax\fR failed logins occur.
XThis may be modified with \fB-u login-name\fR to limit this
Xfunction to \fBlogin-name\fR only.
XSelecting a \fBmax\fR value of 0 has the effect of not placing
Xa limit on the number of failed logins.
XThe maximum failure count
Xshould always be 0 for \fBroot\fR to prevent
Xa denial of services attack against the system.
X.PP
XOptions may be combined in virtually any fashion.
XEach \fB-p\fR, \fB-r\fR, and \fB-m\fR option will cause
Ximmediate execution using any \fB-u\fR or \fB-t\fR modifier.
X.SH Files
X/usr/adm/faillog \- failure logging file
X.SH See Also
Xlogin(1),
Xfaillog(4)
SHAR_EOF
if test 2034 -ne "`wc -c < 'faillog.8'`"
then
echo shar: "error transmitting 'faillog.8'" '(should have been 2034 characters)'
fi
fi
echo shar: "extracting 'pwconv.8'" '(1202 characters)'
if test -f 'pwconv.8'
then
echo shar: "will not over-write existing file 'pwconv.8'"
else
sed 's/^X//' << \SHAR_EOF > 'pwconv.8'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)pwconv.8 2.1.1.1 09:07:23 11/26/90
X.\"
X.TH PWCONV 8
X.SH NAME
Xpwconv \- convert and update shadow password files
X.SH SYNOPSIS
X/etc/pwconv
X.SH DESCRIPTION
X\fIPwconv\fR copies the old password file information to a new shadow
Xpassword file,
Xmerging entries from an optional existing shadow file.
XThe new password file is left in \fBnpasswd\fR,
Xthe new shadow file is left in \fBnshadow\fR.
XBoth of these are files are created with modes which only permit
Xread access to the owner.
XExisting shadow entries are copied as is.
XNew entries are created with passwords which expire in 10000 days,
Xwith a last changed date of today,
Xunless password aging information was already present.
XEntries with blank passwords are not copied to the shadow file at all.
X.SH Files
X/etc/passwd \- old encrypted passwords and password aging
X.br
X/etc/shadow \- previously converted shadow password file
X.br
X./npasswd \- new password file
X.br
X./nshadow \- new shadow password file
X.SH See Also
Xpasswd(1),
Xpasswd(4),
Xshadow(4),
Xpwunconv(8)
SHAR_EOF
if test 1202 -ne "`wc -c < 'pwconv.8'`"
then
echo shar: "error transmitting 'pwconv.8'" '(should have been 1202 characters)'
fi
fi
echo shar: "extracting 'pwunconv.8'" '(930 characters)'
if test -f 'pwunconv.8'
then
echo shar: "will not over-write existing file 'pwunconv.8'"
else
sed 's/^X//' << \SHAR_EOF > 'pwunconv.8'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)pwunconv.8 2.1.1.1 09:07:25 11/26/90
X.\"
X.TH PWUNCONV 8
X.SH NAME
Xpwunconv \- restore old password file from shadow password file
X.SH SYNOPSIS
X/etc/pwunconv
X.SH DESCRIPTION
X\fIPwunconv\fR copies the password file information from the shadow
Xpassword file,
Xmerging entries from an optional existing shadow file.
XThe new password file is left in \fBnpasswd\fR.
XThis file is created with modes which allow read access for
Xthe owner only.
XThere is no new shadow file.
XPassword aging information is translated where possible.
X.SH Files
X/etc/passwd \- old encrypted passwords and password aging
X.br
X/etc/shadow \- previously converted shadow password file
X.br
X./npasswd \- new password file
X.SH See Also
Xpasswd(1),
Xpasswd(4),
Xshadow(4),
Xpwconv(8)
SHAR_EOF
if test 930 -ne "`wc -c < 'pwunconv.8'`"
then
echo shar: "error transmitting 'pwunconv.8'" '(should have been 930 characters)'
fi
fi
echo shar: "extracting 'sulogin.8'" '(1615 characters)'
if test -f 'sulogin.8'
then
echo shar: "will not over-write existing file 'sulogin.8'"
else
sed 's/^X//' << \SHAR_EOF > 'sulogin.8'
X.\" Copyright 1989, 1990, John F. Haugh II
X.\" All rights reserved.
X.\"
X.\" Use, duplication, and disclosure prohibited without
X.\" the express written permission of the author.
X.\"
X.\" @(#)sulogin.8 2.1.1.1 09:07:26 11/26/90
X.\"
X.TH SULOGIN 8
X.SH NAME
Xsulogin \- Single-user login
X.SH DESCRIPTION
X.I sulogin
Xis invoked by \fB/etc/init\fR prior to allowing the user
Xaccess to the system when in single user mode.
XThis feature may only be available on certain systems where
X\fIinit\fR has been modified accordingly, or where the
X\fB/etc/inittab\fR has an entry for a single user login.
X.PP
XThe user is prompted
X.IP "" .5i
XType control-d for normal startup,
X.br
X(or give root password for system maintenance):
X.PP
XIf the user enters the correct root password, a login session
Xis initiated.
XWhen \fBEOF\fR is pressed instead, the system enters multi-user
Xmode.
X.PP
XAfter the user exits the single-user shell, or presses \fBEOF\fR,
Xthe system begins the initialization process required to enter
Xmulti-user mode.
X.SH CAVEATS
X.PP
XThis command can only be used if \fIinit\fR has been modified to call
X\fB/etc/sulogin\fR instead of \fB/bin/sh\fR,
Xor if the user has set the \fIinittab\fR to support a single user
Xlogin.
X.PP
XAs complete an environment as possible is created.
XHowever, various devices may be unmounted or uninitialized and many
Xof the user commands may be unavailable or nonfunctional as a result.
X.SH Files
X/etc/passwd \- user account information
X.br
X/etc/shadow \- encrypted passwords and age information
X.br
X/.profile \- initialization script for single user shell
X.SH See Also
Xlogin(1),
Xinit(1M),
Xsh(1)
SHAR_EOF
if test 1615 -ne "`wc -c < 'sulogin.8'`"
then
echo shar: "error transmitting 'sulogin.8'" '(should have been 1615 characters)'
fi
fi
exit 0
# End of shell archive
--
John F. Haugh II UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832 Domain: jfh at rpp386.cactus.org
More information about the Alt.sources
mailing list