[Pkg-shadow-commits] r3023 - in upstream/trunk: . man

Nicolas FRANÇOIS nekral-guest at alioth.debian.org
Sat Jun 20 13:02:34 UTC 2009 

Author: nekral-guest
Date: 2009-06-20 13:02:33 +0000 (Sat, 20 Jun 2009)
New Revision: 3023

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/man/grpck.8.xml
   upstream/trunk/man/pwck.8.xml
Log:
	* man/pwck.8.xml: The shadow file is optional.
	* man/pwck.8.xml: Updated description of the checks. Added
	description of the shadow checks.
	* man/pwck.8.xml: Updated description of the checks.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2009-06-14 12:47:41 UTC (rev 3022)
+++ upstream/trunk/ChangeLog	2009-06-20 13:02:33 UTC (rev 3023)
@@ -1,3 +1,10 @@
+2009-06-20  Nicolas François  <nicolas.francois at centraliens.net>
+
+	* man/pwck.8.xml: The shadow file is optional.
+	* man/pwck.8.xml: Updated description of the checks. Added
+	description of the shadow checks.
+	* man/pwck.8.xml: Updated description of the checks.
+
 2009-06-12  Nicolas François  <nicolas.francois at centraliens.net>
 
 	* man/po/fr.po: Fixed typo (forunis)

Modified: upstream/trunk/man/grpck.8.xml
===================================================================
--- upstream/trunk/man/grpck.8.xml	2009-06-14 12:47:41 UTC (rev 3022)
+++ upstream/trunk/man/grpck.8.xml	2009-06-20 13:02:33 UTC (rev 3023)
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
    Copyright (c) 1992 - 1993, Julianne Frances Haugh
-   Copyright (c) 2007 - 2008, Nicolas François
+   Copyright (c) 2007 - 2009, Nicolas François
    All rights reserved.
   
    Redistribution and use in source and binary forms, with or without
@@ -69,11 +69,11 @@
     <title>DESCRIPTION</title>
     <para>
       The <command>grpck</command> command verifies the integrity of the
-      system authentication information. All entries in
+      groups information. It checks that all entries in
       <filename>/etc/group</filename> <phrase condition="gshadow">and
       <filename>/etc/gshadow</filename></phrase>
-      are checked to see that the entry has the proper format and valid data
-      in each field. The user is prompted to delete entries that are
+      have the proper format and contain valid data.
+      The user is prompted to delete entries that are
       improperly formatted or which have other uncorrectable errors.
     </para>
 
@@ -84,16 +84,33 @@
 	<para>the correct number of fields</para>
       </listitem>
       <listitem>
-	<para>a unique group name</para>
+	<para>a unique and valid group name</para>
       </listitem>
       <listitem>
-	<para>a valid list of members and administrators</para>
+	<para>
+	  a valid group identifier
+	  <phrase condition="gshadow"> (<filename>/etc/group</filename>
+	  only)</phrase>
+	</para>
       </listitem>
+      <listitem>
+	<para>
+	  a valid list of members
+	  <phrase condition="gshadow"> and administrators</phrase>
+	</para>
+      </listitem>
+      <listitem condition="gshadow">
+	<para>
+	  a corresponding entry in the <filename>/etc/gshadow</filename>
+	  file (respectively <filename>/etc/group</filename> for the
+	  <filename>gshadow</filename> checks)
+	</para>
+      </listitem>
     </itemizedlist>
 
     <para>
       The checks for correct number of fields and unique group name are
-      fatal. If the entry has the wrong number of fields, the user will be
+      fatal. If an entry has the wrong number of fields, the user will be
       prompted to delete the entire line. If the user does not answer
       affirmatively, all further checks are bypassed. An entry with a
       duplicated group name is prompted for deletion, but the remaining
@@ -103,10 +120,12 @@
     </para>
 
     <para>
-      The commands which operate on the <filename>/etc/group</filename> file
+      The commands which operate on the <filename>/etc/group</filename>
+      <phrase condition="no_gshadow">file</phrase><phrase
+      condition="gshadow">and <filename>/etc/gshadow</filename> files</phrase>
       are not able to alter corrupted or duplicated entries. 
       <command>grpck</command> should be used in those circumstances to
-      remove the offending entry.
+      remove the offending entries.
     </para>
   </refsect1>
 

Modified: upstream/trunk/man/pwck.8.xml
===================================================================
--- upstream/trunk/man/pwck.8.xml	2009-06-14 12:47:41 UTC (rev 3022)
+++ upstream/trunk/man/pwck.8.xml	2009-06-20 13:02:33 UTC (rev 3023)
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
    Copyright (c) 1992       , Julianne Frances Haugh
-   Copyright (c) 2007 - 2008, Nicolas François
+   Copyright (c) 2007 - 2009, Nicolas François
    All rights reserved.
   
    Redistribution and use in source and binary forms, with or without
@@ -70,9 +70,11 @@
 	<arg choice='plain'>
 	  <replaceable>passwd</replaceable>
 	</arg>
+	<arg choice='opt'>
 	<arg choice='plain'>
 	  <replaceable>shadow</replaceable>
 	</arg>
+	</arg>
       </arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -81,10 +83,10 @@
     <title>DESCRIPTION</title>
     <para>
       The <command>pwck</command> command verifies the integrity of the
-      system authentication information. All entries in the
+      users and authentication information. It checks that all entries in
       <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
-      are checked to see that the entry has the proper format and valid data
-      in each field. The user is prompted to delete entries that are
+      have the proper format and contain valid data.
+      The user is prompted to delete entries that are
       improperly formatted or which have other uncorrectable errors.
     </para>
 
@@ -94,7 +96,7 @@
 	<para>the correct number of fields</para>
       </listitem>
       <listitem>
-	<para>a unique user name</para>
+	<para>a unique and valid user name</para>
       </listitem>
       <listitem>
 	<para>a valid user and group identifier</para>
@@ -111,6 +113,35 @@
     </itemizedlist>
 
     <para>
+      <filename>shadow</filename> checks are enabled when a second file
+      parameter is specified or when <filename>/etc/shadow</filename>
+      exists on the system.
+    </para>
+    <para>
+      These checks are the following:
+    </para>
+    <itemizedlist mark='bullet'>
+      <listitem>
+	<para>
+	  every passwd entry has a matching shadow entry, and every shadow
+	  entry has a matching passwd entry
+	</para>
+      </listitem>
+      <listitem>
+	<para>passwords are specified in the shadowed file</para>
+      </listitem>
+      <listitem>
+	<para>shadow entries have the correct number of fields</para>
+      </listitem>
+      <listitem>
+	<para>shadow entries are unique in shadow</para>
+      </listitem>
+      <listitem>
+	<para>the last password changes are not in the future</para>
+      </listitem>
+    </itemizedlist>
+
+    <para>
       The checks for correct number of fields and unique user name are
       fatal. If the entry has the wrong number of fields, the user will be
       prompted to delete the entire line. If the user does not answer

More information about the Pkg-shadow-commits mailing list